HTMD-CM0️⃣8️⃣Install WSUS for ConfigMgr Software Update Point Role🎇SCCM Patch Management🎇WSUSSync

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay that's six o'clock 1:30 my time okay so let's let's get started thank you all for joining in today today is our season two episode number eight for a cesium and this is free associate training provided by how to manage devices community as you can see on the slide this week we have two a cesium sessions today and tomorrow same time same place right don't ask for the meeting invite it's the same meeting in wait for every week right and if you log into the team's channel probably you would get the meeting in might as well right okay so these are the two sessions available for season two and these are the probably last two sessions of season two and then we will start the season three after a small break probably a couple of weeks break and then we will start the season three right so these are these are the 2-way episodes or sessions of season season two okay and let me talk about how to manage how to manage devices community now okay so this is our small community like core members of the community and I'm here to add a couple of other members into this the pictures are not there right so if you want to know more about us you can go to any of these websites over here on the right hand side right and you can check out right so we have like more more than I don't know more than nine no I think nine SS iam wat subgroups and the Mun telegram group and we have Facebook group and we are everywhere right almost everywhere right we are there in Instagram as well so if you like to follow us please follow us so that we will be you will get updated about the next season and when it is is when it is starting and what I what are the agenda etc right so that's that's a it's kind of all about the community now for now okay and this is all about our forum right we started the forum I think couple of months back now this is HD md forum dot-com if you have any questions related to SSE I mean to please feel free to ask over here right so that would be kind of useful for the global community right rather than use it asking it in telegram or somewhere else write a tutor or Facebook probably searching in Twitter Facebook as bit of difficult even even in what's up or telegram groups so that is why we kind of start at this forum for it would be easy to others to understand your problems and help right okay so this is the URL for the forum HTM D for m.com okay and we are running something called superheroes right of every week so there I I think I pulled this list a couple of days back and this is our top contributors of the forum right if you want to be part of this please log in to register with the forum and log in log in and try to contribute if you have if you know the answers right so we have special badges and point system is also there right so at the moment this is the this is the overall stats of the forum right we have nine nine nines for users reg is already registered okay so you can see a lot of users coming in in coming weeks probably right okay so that's all about the forum and you know about the community now we call we call ourself as how to manage devices community right and next is this training season one rights in season one where we started is basically sorry in season two right in season two we started building an SCM infrastructure in a zoo right so that is where we started I think I don't remember exactly when we started it was three or three or four B weeks back okay so this is what we did we did as your subscription we take we took an Esso subscription and started the trial version came and you will get month a credit of thirteen thousand Indian rupees okay and this is the lab setup actually we build we build something like resource groups in a zoo if you don't know why does this the resource groups in a zoo a virtual networks in a jewel probably you would I have already shared the link of the link of all recordings in the chat window right so you can go to that YouTube recordings and you can see what does this virtual network how how we created it right all these are created live right so so you can see the live experience of that this these videos are not a detail at all right okay so this is a structure or architecture of the lab which we build right so we are using as your portal to connect to something called as your Bastion and as your Bastion is helping us to connect to all the old ace SEM servers which we build in as your SCCM servers domain server and client right so we don't we don't use our DP ports to connect to a CCM service directly from here right we use as your Bastion and we connect from there okay so so that is what we come in first few weeks now let me share the let me share the total website not the website the lab itself give me a sec if I can find out okay so hopefully you are able to see the screen SSM console or configuration manager console okay and this is the lab which we set up and during the last couple of weeks what we did is we basically completed lot of stuff in in the SEM count from a SEM configuration perspective right so after setting up the lab what we did is we installed sequel we installed a cesium and we install all the components like a management point distribution point and we try to distribute some packages it failed first it's all life right it failed first and we did we tried it it worked right and then we created boundaries we created we did I think ad extension right we did ad extension and we did publishing of the act of publishing a cesium information into Active Directory right all those configurations we have already completed we enable the discovery also right last week we enabled the discovery system discovery if I remember correctly and we know last - last week it was I think last week we tried client push and we installed clients right so if you I have configured an active directory discovery and boundaries are configured right boundaries are configured boundary groups are configured right everything is intact at the moment right and if you go to assets and assets and complaints if you go to devices you would be able to see two devices live right these are the devices which we installed a client yesterday right so we have two devices - SEM server itself other one is Windows 10 device okay our Windows 10 Klein okay so that is what we did last week it was client push installation we discussed about what are the methods of installing Klein right so basically first thing is what we did we installed a cesium sequel then a cesium then configured all the components like MP and DP which are which are mandatory right - to deploy cleaned and all right so we did that then what we did is we connected a cesium with Active Directory and then we publish in associate information to Active Directory okay after extending the schema then we discovered devices from Active Directory okay now all the devices in Active Directory is available in SEM now discovery won't do anything with the management for the management we need to install SEM client that is what we did last last weekend right so we need a cesium client on each device which we manage otherwise we won't be able to manage right so that is why this is server client in frustrate service server client application associate server and client application right so most of the applications are like that okay okay fine so in this week as I mentioned in the notification this this what we did is basically when you win when we configured the CM server we left su P we didn't configure software update point so software update point is basically the component which helps us to install or which helps us to deploy patches okay so monthly patches all those patches right which which can be deployed with the help of soft to our update component so in a layman's team what we can say is it is the connection between W shoes and s SEM software update point right so it does not accurate right it is not accurate but if you want to imagine something simple you can you can imagine something like that what is w su I'm sorry W su p software update point right so we need to install that component we have not installed it as you can see over here right if you if you have seen the previous recordings or if you were part of the previous sessions probably you might be aware we have already installed that up users on this particular server but we have not configured it we have not connected it as you can see over here right W source is already there and all the prerequisites are already there okay we are connecting to the sequel database itself right this is a sequel database see if I can launch that I'm launching its sequel database I I don't think issues su else I think su s underscore DB that database is not created yet so that is it will create only when there we complete the post deployment a post de post deployment configuration right so this is what we have to do it now so I think that we left this like this I think the second week of this season right okay so let's let's configure this one let's click on that post this is w source configuration okay so I clicked on that one probably it will pop up post installation okay configuration failed for Windows Server Update Services at ok launch post installation tasks ok that failed right so this is all live right I never tried this before let's try it now what happens I mean I mean I never tried this before in this particular lab okay so let me see in blue shoes okay it's still getting launched I don't know what happened to my server is it okay yeah it's it's okay 55 percentage of CPU that's interesting it is not able to find the server name itself Wow let me find out the server name this is the live session so school this is the server name okay let me try to connect I don't know why this is coming up now right it should automatically take the server name okay and it says yeah there's update available okay I'll I like it thank you for letting me know so database we don't have double uses or double uses database okay fine thought of things are happening okay let me let me minimize this if I get the connection back okay now what happened to this then give me a sec let me relaunch this server manager and it got launched and let me click on this and it says post installation tasks let me launch no it's not happening it says failed what is the reason so who was created okay logo was created that's fine okay god FAIL Blog was created when where is log stem folder right so let me check the temp folder fight em em em [Music] folder and in the temp folder let me go to TMP local temp and TMP D to D P B to D be okay this is the one let me open this up I don't know what are the options available for me know what bad this configuration value not found usually caused by installing WCW okay then think okay that's fine I think you may sec let me try to there's no specific errors so we are fine let me try to what I'm going to do now is let me try to remove this role or we can do one thing okay so for R and D what we can do is basically we can try to install one role right so let's try to install a Supino okay and see what is going to happen okay so select the side server we don't have side service right we only have one okay so let me sell a try to try to make it easy right ahead from here rather than doing from there same thing both the same thing so so what we are going to do is we are going to install our SUV now okay and trying to see like whether that is trying to get automatic WS was automatically configured right otherwise would be a back-up plan if that is not going to work right okay so let's add one side okay it automatically selected the site server sites site system server or site server in this case normally if we if you are installing it on a remote server su P is installing it on a remote server then it is site system server but if it's a primary server then it is sites over I have explained about this in the previous videos what is the difference between sites over N side system server okay so I'm going to keep it simple default once if you have some untrusted forest kind of scenario right for example if you want to install su p on an untrusted forest probably you might need to use this okay and you need to you need to provide an installation account etc etcetera and you need to enable this also okay then that will that will ensure that that system will communicate to the required the site site server to initiate the connection to the site system so it's other way around right it is always primary server contacting the the remote SUV if you have in that kind of a situation so in our scenario we are going with that default a su P installation that is we are installing SUV on the primary server itself okay so you know the difference if you are installing it on a remote site system with an untrusted forest scenario right I have seen many of those untrusted forest scenarios in my corporate experience right so that is why in that case you need to enable both these two okay and you need to provider account and all right so so that is more understood remote SUV scenario but for us it's fine Active Directory forest it is fine right and proxy if you want probably su P is the candidate for proxy because we need internet connection to download updates from Microsoft updates or Windows updates right in this case if you are if you are in a corporate environment most of the connections are going through proxy should go through proxy because of security concerns right so so in that case you need to enable the proxy option over here and you need to enter the proxy server name and you need to enter the proxy server IP normally it would be 8080 or some custom IP right and in some scenarios you might need to probate the account name as well right so it depends on your proxy setup if you are whitelisting your server itself I CCM server itself then you don't need this otherwise there should be some service account needed to authenticate with proxy okay so in the scenario our server has a direct connectivity to internet so we don't need this okay but in a corporate world view also you always of you enabled as if you are connecting through a proxy server okay otherwise it will directly hit your firewall and probably that will block a firewall might might not allow that communication right so that is why we need to use the proxy okay so let's this so I'm not talking about the firewall on the system right the the firewall on the network side I'm talking about okay so that is that is about the proxy now we need to select the side system so side system of a role over here we are going to select su P right software update point this is the one software update point so when you click on a casu P you can see load of options came up here and so that is that would be interesting right so you can see like why does su beam right so su p integrates with double users to provide software update to configuration manager so that is the actual microsoft definition so I mentioned before why does su p it's a bridge between sse mmm double users that is my my way of understanding things right so so my I I can I can easily remember it right so I don't know maybe you can try it in your next interview probably they will say like anyways okay fine next is software update point be selected software update point and the default default is 84 4 4 4 3 hey 80 is for HTTP so we behalf configuring is su P as HTTP not HTTP right HTTP requires all the PKI p ki certificates and all the things right so that is that is what 443 is if you if you are using HTTP then your port will be for port 3 that is the default configuration coming up in over here right but we are going to select a different port that is the best practice as per my understanding so I always select this one because what a te has been used by some some so many other stuffs in a cesium right configuration manager management point uses for port 80 and I think it's this DP uses port 80 right so I think I think this is the best option a bit better to use the port the other option which is still available in the configuration itself right that is eight five three zero and eight five three one is for the HTTPS that is the P key I won okay and I'm going to leave everything as default right require require SSL communication no I don't require SSL because that is again PKI right we are not going to cover this I love config configuration manager cloud management gateway traffic ok I'm not going to use that also right that is that is not needed for this setup okay so that is one thing we have we have configured that is the configure basic configuration of double users okay and the second thing client connection type it so that is allow intranet only client connections right so I love in Internet only client connections I love in Internet and inter intranet right so this is mainly for I don't know maybe CMG configurations right if you can't figure out the CMG I don't know the scenarios probably only for the third party update so it wants to come here otherwise all the all the updates right are available from the so the content is available from directly from Microsoft updates but for the probably you know I don't exactly remember what does it used in terms of SUV why do we need SUV in that scenario okay but I think a client will be trying to contact the SUV while deploying the patches if they if there is no SUV connection probably it might fail in a CMG scenario right even though the content is coming from the Windows Update okay so that is my assumption okay we will see in the future episodes when when we configure or future seasons when we configure cloud management gateway and configure this kind of setup right okay bye for now we are going with the default scenario so let's let's clear out our basics first right then we will go into the complex scenarios like CMG and all okay so let's look on next now again it is asking for the software update point proxy servers okay and W Sue's connection account right so this is something some sometimes required if you have some untrusted forest or some other kind of scenarios like that right you need to probate the EMP connection account as well as W su server connection account right so this is this is required in that particular scenario not not in this scenario if your servers are in a same domain it can contact the W server through the if you have provided proper access right it can contact through the Kerberos authentication right system system to system authentication with the system account I mean to say ok so that is that is about the server connection account so this is also we are keeping it as default but if you are if you are using M remote SUV which server which is in an untrusted forest or something then probably it is it is kind of required right in in many scenarios okay so so that is the details about the that configuration okay so next synchronization so this is this is interesting configuration right first is default to end all this all the updates and metadata right this is Meta Knight of integration so all the metadata which you see in console right all these are coming from Microsoft Update so initially everything it will only download the meta data it won't download the content of the patches right so the only numbers you would be able to see in in number node numbers right the description of each patch will be available in the console then you right-click and down say download or deploy then only the download process will start right so we will see what is that if you don't understand don't worry about that now right so I'm going to select software a synchronization from Microsoft Update okay there are many scenarios I have seen people use this one okay so probably because of some security reason if you are not able to scan mean security to have internet phasing through proxy even though it's through proxy internet fake an activity to this server then then you need to use some server in a DM C DM zone right and and your W server will be sitting there and you will be synchronizing the metadata from that particular server that's over W so server might have direct connectivity to Microsoft Update right so that is a typical scenario I have seen mini scene I many cases like that okay so that is another another scenario right so another whiners do not synchronize from Microsoft Update or a upstream if upstream server select this option if you manually synchronize updates on this software of a point typically you use manual synchronization when you when the software update point is disconnected from Microsoft updates or upstream server right I don't know that there could be many scenarios like this also I don't know maybe if if your primary server is in a ship right and you don't have a I have seen the stories like that or I I have heard stories like that right some organization might have like probably 10 or 15 or more than that primary server is right and their casts will be some in in corporate office and their three or four primary service will be in a ship right and they might not have any connectivity between cache and primary server during some point of time probably I don't know what is the exact business case for this option but yeah there is option I never tried this to be honest with you ok so our our scenario we are going to synchronize from directly from Microsoft Update so for that we need a proxy or Microsoft Connect Internet connectivity from this server ACM server itself right so that is why I have internet connectivity and what happened I can open internet right from here and I can browse the sides right etc etc right so let me open up yeah this is what we actually completed last time it W sauce installation if you want to know more about how to install double users you can proof watch previous videos or go through this blog right ok so let me let me minimize this and click on next and double users reporting reporting is normal I don't create don't do not create double users reporting events if you are particular about reporting events you can you can do that right it's it's a swell your requirement I have never I did any changes in this I'm probably I am NOT heavily involved in the operation and operations at the moment but there could be many scenarios which is in use right recently I have seen something like events should be created when ADR fails right automatic deployment rule fails so that was a requirement on our one of our forums right how to manage devices forum okay there was a question that was pretty interesting for me then I kind of looked around it and created a couple of blogs about it okay so so the yeah WSO's reporting events you know that's that's a good stuff if you have a requirement you can report those right if the sync is failed or something probably if you need reporting on that if you want an alert probably you can do that okay so that configuration is here and if I click Next the synchronization settings right enable synchronization settings even though this is disabled by default I have not seen any companies they say or organizations keeping it disabled right it's always enabled right every seven days it is it is a default settings and I would keep it as it is right and if you want you can create a custom schedule as you you have already seen in this is the same model which you can see in all the other schedules like discovery schedule we have seen as your active sorry active directory discovery schedule you can see the only interesting thing is you can do something tricky over here right the second Tuesday okay if you want to if you want to sing only second Tuesday of every month yeah you don't need to specify particular date every month it is changing right we don't know like it will come in second second week of month or it will into I don't know maybe there are a lot of complexity around that right to solve that like so productive introduced something like this in within configuration many your or a CCM that is pretty interesting right second Tuesday I I don't know whether this is useful for you in this scenario but obviously this is useful in a in a kind of body column now in an ADR scenario right automatic deployment rules so that scenario second fuse there's a very very much welcome right I have seen many discussions about that and people I think a lot of people are a lot of organizations are using it okay so in this case it's not very relevant so I'm going to go with the simple schedule or schedule schedule right I get always confused between schedule and schedule right okay so again alert when synchronization fails this is also good if you want to enable this you can enable this that will give us an alert in the in the console and you probably you can subscribe to that alert and that if you can configure SMTP then you will get a mail alert for this right so those are all those options integration options are there right so that is about the schedule of synchronization so this schedule if you don't understand why does this radio this is why exactly is basically our W Zeus or so right su p basically W Sue's right is going back to Microsoft and checking with Microsoft Update to confirm whether there is any update for me or not right and it will sync if there is any update the metadata will get downloaded and then the new patches will appear in your SCM console right so this is that you'll sink right okay so this is what that synchronization right so this is not nothing else this is that the synchronization between Microsoft updates and your W sues okay so let's let's click Next the other of this option is very interesting okay I don't know how many of you use it in your organization this is superseded ins rules right this is very much useful in many scenarios like if you are using an old if you have an old infrastructure like for example in in many organizations I have seen they have installed 2012 configuration manager 2012 and they keep on adding patches and they are not experienced they are not there there is no cleanup wsus cleaner and then there could be lot of issues like sync timeout on the client end right because there would be lot of metadata it should go through the client should go through and after a point of time it will it will get tired not literally a time just for example I am saying right and it will feel on that right so that is why the cleaner and these settings are very much important right normally in lab ID I I used this one immediately expire the superseded superseded software updates so both both of them that option right immediate super Siddons behavior for feature updates so feature you know I assume you know what is the difference between the normal software updates the monthly patching and so feature updates feature update is basically Windows 10 updates like 1903 to 1909 of or 1909 to 2004 update right so that is feature updates this is the normal monthly patches right okay so if you want you can configure that this way months months to wait before superseded ends etc extra right speaking can you please go on mute and I'm breaking my voice is breaking is it only for you or others as well it's fine right now it's working no issue oh no I see you I myself from you told or somebody muted me I don't remember exactly I'm getting old I think okay thank you some it's nice system right my microphone is saying like you are muted you are muted and muted and muted unmuted okay anyways it was good okay so where were we superseded ends okay superseded ins yeah as I mentioned you can say okay before three months right this is months maybe after three months you can experiments you can explain it so that is what normally you should do as per your requirement in your organization so my my recommendation would be to analyze this in your organization check how it is there how many superseded ins packages are sorry updates are there right and depending on that probably you can select a number over here right so three is the best recommended number by default Microsoft provided probably they have already looked into the telemetry data of configuration manager and in most of the scenarios eight three months is the best best number right so I think if I am if I want to configure something right then my recommendation would be three months right because Microsoft states that in the configuration wizard itself right so all these if here is all these configuration default configuration values are not just Microsoft randomly put something no it's not like that right Microsoft do lot of analysis on all these configurations they do lot of rnps right about what is the default configuration which should be available in the console and what should be the default numbers right so there there is a lot of thought process going on behind these numbers also right so if if I'm if I want to configure something the months then I would my first recommendation would be to go with three months right and if you find something wrong with that in particular in your environment right then probably you can come back and change it okay so for the lab I always keep this immediately expire right and immediately expire this also software feature updates okay just click Next okay double useless maintenance this is what I already mentioned this is a new stuff right I don't know new Bennett when I say new I think it released a couple of versions back I don't remember exactly but yeah so this is decline X pair up dates in W shoes sorry in W suits according to supersede ins data right so depending upon that the previous schedule probably you can decline the experiment eclaim expired updates right and add no one clustered indexes to double uses database this is a pretty good right and remove obsolete updates from W sirs so don't enable all these in your production environment they're actually I'm doing it because I'm confident and this is not going to break anything in my lab and in my in my software update patching process because there is no process in my lab right I don't care right but if you ha if you are having a process in place for patching and you have an SLA or if you have a agreement with your client like oh I will keep my the updates for I don't know several months or maybe nine months and then you need to be careful about all those agreements with Klein and all right before enabling all these configurations right so but the best practice is if you can enable this and better to enable it right okay but test this in pre prod or staging environment before enabling it on protection when I say test I think you need to spend at least one or two months checking this out right how it is behaving after a monthly patching in pre prod environment or staging environment right okay so that is it I'm going to enable all this in my lab okay and yeah maximum run time this is always kind of useful to go with the default one if you find any issues right basically this is what specify the default maximum amount of time software update installation has to has to complete you can override the default setting so so this is the normal thing right maximum run time for windows are Windows Update so when Windows Update sorry windows feature updates so that is basically your Windows 10 upgrades right 1903 to 1909 or 1903 to 2004 etc etc right and this is for office 365 updates I think we Mel has some blogs about this if you find some issues with timeout and maybe most of the scenarios it should complete within two hours if it is not completing within two hours then there would be some problem with your update mechanism or with the with the client not with the settings right most in most of the scenarios I have seen updating or increasing this time won't solve your issues okay so you need to be very careful about these am i recommending if you ask my recommendation would be to keep as it is right these are not just numbers random numbers Microsoft put in right so there as I mentioned before there are a lot of calculation going beyond this all these numbers right okay so I'm going to keep this as it is click Next update files download full update files for all approved updates yeah both full updates and approve Express okay I'm going to keep this one for now so select of the following option when downloading the update files download both files for all approved updates and Express installation files for Windows 10 this is also pretty useful I don't know how many of you are using Express updates and all right probably that is useful I have not done any extensive testing on this part so if you would like to do that probably that this is the option which you try to do which you try to test in pre prod right or staging environment before enabling it on a prediction but I'm going to do this now ok and next comes the classifications right so classification is always important right so you need to remember which classifications you want to enable right security updates or something else you want to do all the feature updates or something else you want right so if you if you click on this one right probably not here right okay so this one right so you would see a pop up message over here this is basically not applicable for us because we are running Windows when were winburn 2019 right we are running latest Windows Server and our wsus version is also latest in that scenario you don't need to install these KB articles or KB's into your double uses if you are running older versions of double users probably you need to run this I think I have covered this in the blog post as well right so this is not needed so in this scenario I'm not going to enable that okay because that I am not planning to use Windows 10 updates in this lab at the moment right at least in this season - so I'm going to go with only soft security updates ok so I'm going to show you something which I have done previously I don't think I have opened it up over here how to manage how to manage devices I don't know how many of you have seen this this serve log and if I check with w soos what was that classifications or products or classifications classifications it ok so do not set up as you P with default a double uses product selection right so I have seen I don't know people many many organization right people don't look into the configurations in details right so just just enable the default one and default one has lot of products automatically selected over here Windows 7 Internet Explorer Server 2008 right office 2003 all these are default by default is selected right in the products so I that is why I kind of created this blog post probably it might help someone ok while configuring the setup ok so in this scenario that is coming out on the next page so this security updates I am going to select security updates only for now and let's see what is going to happen because I wanted to reduce the same time also right when we do a sync now in this lab probably it is going to take another 30 minutes to complete the sync right so let's first of all if the WCS configuration is going to be hokey after this wizard right okay so it is I don't think it is going to work anyways so security updates so we are going to see security updates and we are going to select products now in products if you see this like this probably everything is kind of not selected none of this is not selected probably something got changed right recently Microsoft changed something let me check this now okay let me go back to the post and see which is the default which are the default ones office XP okay this office XP okay let me see your physics office yeah okay this is good right this is good now the default selection is not there right that is that is good okay cool then let me confirm everything is okay so this was when let me check the date of the blog post so this is March 20 okay that was not long back so okay latest version is coming up with this one hmm cool so Microsoft is doing great work right getting into your feedback and checking the feedback and removing all the selections default selections because that is if if that these products are automatically selected then it is going to create lot of problems in your double users if it is like we are sinking unwanted data like we don't have any Windows XP Windows 7 devices anymore right unless and until we a specific requirement and we are running Windows 7 devices so now none of none of the products are selected default it is empty okay that is cool kudos to Microsoft right so even office 365 is not there that is we need to enable that is the key Silverlight is out of support that should not be there 2008 numbers are there but it is not there selected ok cool so 2007 HCM 2007 is there I virtual PZ that's very old technology Windows 10 is there we want to select that we will select in a minute and this is great work ok I was not aware of this game they updated the selection cool ok so see I learned something today ok so click Next so I'm going to select only Windows 10 now right from this list I am going to select only Windows 10 to make our life easy ok so the only update only product I want update is for Windows 10 okay I don't care about any other product probably if you need you can come back and enable it later right so that is what we are going to do now so if you are if you are trying to install su p always make sure you don't select unwanted products right as I mentioned in the blog post as well right and the lucky that in the latest version probably they have already removed the default selection okay so Windows 10 click Next classification we have selected early security updates and then the products we have selected early Windows 10 so we will really get security updates of Windows 10 okay click Next now this is also interesting right only English is selected by default this is pretty nice right and you don't want if you don't want other languages updates then that is fine right so I'm going to go with English at the moment right and click Next now it is going to start the process now let me open my where is it log files log file and oh this is client log okay so CCM SMS CCM right so that is client now let me open my server log file over here since this is Program Files configuration manager log files logs su P set up right so here we go let me open this in the trace cm trace most probably failed to register installation was successful okay that's interesting will be registered but installation was successful okay let me find out some more details command line okay registration fee related to installing the bases checking supported version okay that's fine I think we already mentioned about that this is not required for the version see it is checking the version right and so always like I I get feedback that my you Armand not mentioning about remote is U P when you install remote su P there is a requirement that we need to install is w so spline sorry W sous console on the primary server right otherwise it is not going to work so I want to make it clear and if you are installing a remote su p on a remote server then you need to install WSU's console on the primary server then only it is going to work okay so don't say I didn't say that okay so let me try to do something over here and now let's go to the monitoring monitoring node over here monitoring and you will see something let me find out software ok software update now software update synchronization it says ok synchronization status nothing is there yet right it says let me pour did see me change that lobe nothing is there so nothing has happened actually it should not happen nothing should I have launched it twice Oh what okay oh that is why it didn't come up with the server name initially okay so that was my mistake I am going to end it close this so let me try to refresh no nothing has happened because our double uses is not there anyways it is not going to happen nothing is going to happen here so even though is UB is successful xup installation is successful it is not going to work it came because our WCS is not working right see nothing is there now let me see confirm this by going into sync control right w succeeds so this is another and the file which is kind of used sewed up su p right su PE set up is the file which you want to log file which you want to check when you have a installation related issue okay now if you have an issue with connectivity or double sink is not working so these are the two these are the 3 Phi 3 files log files which you need to look now first one is w CM right and then W W source control see this one right control and the sync log file is this one w sync MGR so these are the log files which you want to kind of note down somewhere when there is any problem with W source or su beam connectivity then you need to look into all these these guys right okay let me open it up and see lot of errors probably as expected for not for not phone okay obviously because in a yes if I launch is all these are coming through is right if I try to log into is information okay so there won't be any websites created for W source over here in in in in DP and MP installation we have seen these these create these things God created right so in this our double uses is fail honors which was not that was not unexpected situation I was not expecting this to happen but it now it happened now we need to kind of do something about it right so it is expected our SUV installation didn't go well or the connectivity is not there as it says the please this is Yolo del W system exception and you can see Microsoft server W s-- is connected to the place was put in to do and you can see over here remote configuration on the server is failed okay that is that is expected as I mentioned right so let me do one thing right let me let me go over here and manage and let me see how to remove this remove doubly sirs right now let's select the server which you want to remove the double users this is the same server and let me remove the double users over here right so this is the the blue sirs I want to remove this I want to remove okay when I remove that both the connectivity and also got remove right now why did I normally do to clean up okay my recommendation always right when you when you try to remove double users you need to be very careful right probably you might if you if you if you are not very careful probably you might end up losing your double useless database as well it won't directly delete but that is one of the scenario so you need to be very careful about that right when you remove the W Susak cetera right no don't don't try to remove the double usage database that might create problems right okay so in normal scenario what we need to do is we need to uninstall su P now that is the best practice right before uninstalling W shoes always in an insole SUV right but in this scenario I'm going to take risk right not installing it or I'm bit confused probably I will go with the uninstallation right let me don't take a risk okay so that is that is what an installation is doing so uninstallation this is su pee now se we should uninstall in the minute or so I hope I removed su purely not the other components okay okay so let me see again this is time 120 okay okay the installation was successful okay so we have removed su pee now okay now let me go back to note is the server manager and removal right I already kind of removed this check mark so I launched this from manage right over here and removed trying to remove w soos and keeping everything as it is I don't know XPS viewer a sequel connectivity w su services okay fine probably it might ask for the restart then that's another trouble right okay so it is it is trying to restart the W Sue's no sorry hey we and install the w sis now it might take some time so if you want to check something over here right what is a problem and if you are not seeing anything in the in the configuration manager logs or even in SEM logs then you your best friend as event you right so even you were if you if you try to launch Event Viewer you go to applications probably you would be able to see some events errors related to w sues and all right see the bleachers failed a lot of errors are there because of double users right so you might get lot of information about about double users and related configurations also so this is this is why I kind of ask people to try to go to event logs also when you have a CCM related problem so probably you might know something is failing some other dependent components are failing okay so this is this is another tip which you want to kind of remember right when you have a problem probably you need to kind of look into event logs and I try to find out root cause or root cause of the issue probably that is not because of the cesium application components that could be because of Windows core components right w ee MI or w zeus or etc exit right IAS or something big those things are external to a cesium right okay so removal succeeded on it didn't ask me to restart that is a good sign probably I'm happy to do that without restart right so feature removal removal succeeded remove roles on okay that's fine let's remove this alert first okay anyways now W Zeus is removed here from here normally my recommendation would be to restart the server right this is my normal recommendation if you are in your production environment you don't want to take your chance okay so to restart the server after cleanup came and now let's go to roles and add and next click next and same server now again go to wsus over here right this is WCS Windows Server Update Services so I'm going to click OK and I'm going to click can all the add all the dependent services click Next right and I'm going to leave this as it is features I don't want a name now it will say W ID I explained about a W ID in the previous previous videos right why does that internal database windows internal database it is right if you don't have a sequel server installed on a remote SUV then most of the scenarios we are going to use this right that is windows internal database so there is a database by default available in in in in Windows right windows servers and probably you can use that right if you don't have sequel ok so I'm not going to use that I'm going to use sequel and click Next and I think I already created one previously I don't remember now let me go back here F Drive is my data drive and if I can see double uses ok so this is the this is the folder which I created and I already explained all these things in the previous video I'm going not going to explain it and check the connectivity I'm going to check the connectivity and it disconnect trying to connect to sequel server actually if you if you are if you are in a remote scenario probably this might give a lot of issues I explained about that in the previous video probably you can refer to that ok if this is local server so in this case I think that is fine right there's no complexity between connectivity of connecting to a remote sequel okay so installing the component now W Zeus again and fingers crossed now this this installation will go well and it won't fail on us right or at least on me okay mmm let me go to the console and see what is there in the monitoring now so we removed and the monitoring thing got removed as well right we removed su P and in the monitoring software update point synchronization status that is also removed there's nothing over there so this is another checkpoint which you can do apart from the log file over here this is the log file which we checked for the su p installation and an installation okay so that is done now probably we might have done with the installation okay configuration completed successfully sorry configuration installation completed successfully configuration required for W source so all these components got installed now sequel connectivity or caching now let's let's click on this one and fingers crossed failed again okay launch I don't know why it is failing it is interesting I should have restarted the server then okay let me go to events and find what something is there or not event logs this is time is 126 not related this is 134 that is not related that is not related let me go to systems right sorry set up set set up nothing there no have any anyone anyone seen this error before if you if you have seen it can you please comment on the chat or you can speak up okay so let's let's see nothing there in the network setup entered stop okay fine network setup installation media I think it's nothing there related to double uses at least okay by default a cesium W service will be disabled mode please restart that post installation okay let me try that I have not seen that before good thing we are learning services at MSE W Sue's windows 2 2 2 2 2 where is it Windows Update we know the Bates India the bluest Windows abcdefgh no I can't see the am I missing something over here services W service okay so this is disabled okay so W service is a service I don't know why it is disabled I never seen this before thank you for letting me know what is interesting the server is disabled by default Wow Wow great okay the reason for that thank you very much let me let me try something now launch Appaloosa service now let me try to let me try to connect DB instance I don't know the mean since the same the default one right okay so what I'm trying to do is basically let me try to cancel this right and let me try to cancel this and let me try to disable this again right let me try to disable this and see what is there not is that right let I disabled it okay now this is no now let me try to launch double users okay I have disabled okay now I'm launching the Blazers and I'm saying this is my sequel dB okay and I can see they run fine okay post installation tasks is in progress please don't close the window okay that's fine so let me go to services again and try to refresh it it is doing something over here or not refresh it's still disabled still disabled okay disabled so it should be failing right this should fail soon then I don't know let's let's wait and see okay the R & B is going on Saturday rnd okay okay event logs other thing which we can look into is event logs rough few new events are available let's refresh and see is service entered into a running state huh okay that's fine admin services entered in your running state okay so it is creating a year so what let me refresh this so over here there's nothing much here at the moment let me refresh is and probably we can see double uses okay see double uses came up now okay that's interesting even with if disabled service interesting now it automatically got enabled and running okay so yeah so ideally it was my mistake I should not have in enabled it okay so that doesn't probably that is why I never did that before okay and and second thing is I should have done this before also right right-click and launch this one right rather than rather than doing of believing this hey okay so let me check this what has happened over here okay so complete post installation says sorry complete double uses installation post installation successfully completed click on close button so we are fine now right double uses configured and in interesting point over here is we don't have to configure this this is the su piece task su P will configure it when you can't when we configure HUP right this will get automatically configured these are the things we configure in SU P I think I think I have mentioned it somewhere here right this is the blog for double uses configuration so I think I have mentioned it over here so if I can go down yeah this is the thing which we completed and there it is successful after success so I never had the service issue right before and it need never failed so this is canceled we need to cancel this that is what we are going to do it now okay so so we are going to cancel this now you can see the console is connected to the database etc that is a good sign now the SU P and sing should work basically I'm going to close this I don't know what does this why it is coming right I have seen this for the first time I never seen this before right so that is why confused me so always the learning which I had today is always right click and launch this and that might help you and you don't need to necessary enable the service might disable is fine that the the post installation configuration will automatically enable enable the service okay so good and we learned that the is the website for with with different port that's came up right during the post installation now one thing we will see over here is it will it should have automatically created a database over here once you refresh right now you can't see s su s database over here now once you refresh it see su s DB that database got created how you would be able to see all the database entries for double users over here right so this is before configuring su p su P is only for configuring the double users right but double users just doing all the database and all the other work right so double users database is configured the produces is scientist created on a different port we used eight I think 8530 right okay that is for su P right we have not done that and we have deleted that configuration now we need to go to it's SEM console configuration manager console and do it again okay so now su Pete asked su pyrrole is I'm going to install the su pyrrole and this time I'm going to be very cook I'm not going to explain everything this is repeated telecast so a eight five three zero that is the default one I think I selected that everything else same credentials I don't need connectivity synchronization from Microsoft that's fine seven days by default ok as you can see there is a difference right once you configure one something in is in the configuration that will that the default configuration will change right so the previous experience was different right in B in terms of default configuration right now it is different right because it is storing our default configuration server somewhere in the database or somewhere in a CCM right that is why it's ok i I like kotsky synchronization is to enable B what's that reports for this thank you I go to the synchronization source one above synchrony yeah yeah I don't want that okay previously I didn't do that that's fine that was the default one right so okay anyways thank you thank you that big for that okay so yeah thank you so that's a good noon not right so if you want to have the synchronization reports then you need to enable this in this lab I don't I don't care much so in in your production environment as Karthik mentioned probably if you want it is better to enable it right okay so let's let's okay this is seven days by default and now with this coming by default previously it was not enabled right and this was immediately this was also this is also my previous configuration so it is it is taking my previous configuration so even though I uninstalled the su pyrrole okay so to reclaim yeah all the previous configurations are taking automatically right so that is that is good stuff right so intelligent basis iam is intelligent enough to understand my configuration okay download full yeah that's fine and classification I only selected software security updates that so that got automatically selected that's cool right and Windows 10 it should be there I don't want anything else window us if I go to Windows Windows 10 is automatically selected right by default that is good and I don't want anything else i I just want to confirm this otherwise it's sync is going to take long time come on I don't want that exchange today today today today I hope this is fine so I'm going to go ahead with that Windows 10 and English as I mentioned click Next and now we see P log file it should take a minute or so to come up over here probably it will come up and it came back right our monitoring no overview and if you go to Windows I'm sorry software updates point update point synchronization status it is coming up now now su p might have already installed came it got installed and this is the same error failed to register if that's fine I think if everything is working I'm not going to worry about that error so this is another point right so this is the folder which we which we configured in W shoes right so it has it created a folder structure update service packages so if I go inside nothing is there W Swiss content anonymous check-in file right so that is only one available if you want to check what is it it is a blank file 0kb okay so so these are the things it is there in the files now and now I'm going to look at the sources know Program Files configuration I am going to look into the log files now log files now I want to check the wcm first right there is the museum right wcm first right I mentioned about three files wcm W Singh W Sue's ctrl + W sync manager right so ok cool so I think it is fine now as you can see over here and as I always mentioned right you need to remember the keyword keyword for each log files right if you if you want to not down somewhere probably you can check some of this these things right this is one of the interesting one of the interesting entry which you want to note successfully configured W so W server settings and upstream server to Microsoft updates right so that is that is there and there would be a connectivity thing right supported version found that is good successfully connected to local W server so this is also a valid entry which you want to look into so for example if you want to search it you have a long very long or a very very huge WCM log file then if you want to check then this is the keyboard right connectivity and and other stuffs like where is it activity and I mentioned something else also right categories version number version number is also important right let me minimize this version number is also important right so let me go back to the console I didn't close that wizard let me close that wizard first okay let me go to the sorry let me go to the this one and let me try to check again the latest synchronization update is not there yet okay let me we have not synchronized that's the point okay so this is also interesting right and subscription subscription update catalog version catalog version to catalog ID this is important you need to check this and you need to not it's down somewhere right I'm going to copy this let me see whether that is going to help me in some time know what let me open a notepad with me for a minute note that came okay fine so successfully inserted double uses under ways to do two configuration objects okay fine configuration sexually fine fine everything is okay I think so over here we kind of seen the issue last time right successfully it was not able to connect to the W server now it got connected successfully I'm going to close this and I'm going to open control right so controlled double uses control log and if I if I connect successfully check the database connection on W server and looks good okay that's cool right successfully connected this is another keyword you which you want to look into failures reported during the periodic health check this was then now we need to look into the time 34 134 now to two o'clock it's over here right actually three o'clock okay but this is GMB and we are in BST now okay no teef 134 okay that does that is can that can be ignored because that was a previous one so w soos okay now sync right sync is the another log file which you want to check and confirm ok now sync sync is not start third we have not initiated it this is again 1:26 that is fine now let's let's do one thing right let's check what is happening in the actual software library if you go to if you go to to to to software updates software updates and updates something is there no nothing is there right okay so let me try to sync all right so hopefully sync file is open over here and you can see you can see this is going to go crazy now sync probably right and if you look at after the first thing if you look at the components right the components you would be able to see a lot of new categories will appear over there right so something like 1903 and later or later kind of updates so sync category is syncing sing the blues of synchronization so now it is syncing the categories right so it this is the file log file which you want to look into when you kind of sync every every month you normally sync right at least every every week you normally sync right so this is the that particular file no file which you want to look into and normally this is going to take a long time I don't know how much time it is going to take first thing probably might finish soon it depends sometimes right it might not sync I should not have enabled that Windows 10 also I think now because Windows 10 will come up all the previous updates also I should have enabled only 1906 thing okay let me let me go back and check the now if you for example if you to kind of change the products right products if you want to change the products you need to go to sides and you need to go to configure site components and then select abuse I'm sorry a Windows Update point right over here you would be able to see all the configurations which we did through that wizard right installation wizard of HUP most of the configurations right you can see languages you can see supersede ins rules you can see sync right and alerts if you want right you can see that products if you want you can see that right products I have the please understand I'm I'm thinking to disable this now let me let I don't know whether it is going to work or not I just removed that Windows tends a product right and let me see whether it is still syncing categories okay so might have it might have already started then it might not take effect anyway so so yeah my point was you can change all those things over here like maximum run time double uses maintenance third-party application is another beast and I think you might have already heard that probably we will cover that in later seasons right if you want I already have like three or four blog posts about step by step installation and log file reviews about third-party updates ok so let me go back over here and see what is happening it is still kind of stuck there hmm okay so now what we can do by the time I'm thinking what we can do monitor let me go to monitor and see the icon has changed now that is another important thing and it says sinking I think synchronizing W server last synchronization error code last synchronization attempt right so even though you don't have access to the log files probably you might be able to check over here right the scat log version also will come up and everything everything will get populated once the sync is done and our friend W Sue's right I don't know whether I have opened it or not no I have not opened but you can see the things in the Blues console itself right if you if you have any trouble in connecting double users probably you need to launch the WS console from server manager and you can check that also let me I'm getting impatient over here okay so it is kind of stuck there and probably it is going to take some time let me check the other logs also right this is w is all sleeping right so let me let me go back to one of my other server so this is this is other server at the lab right this is not related to anything related to the previous lab this is already kind of setup lab so I thought like we can kind of kill some time by explaining things over from this lab that would be more clear so if I go to software update point over here you would be you would be able to see this one after the sink right after the thing it should show a green icon and the catalog version right catalog version it shows eight okay so at La atom okay this is last attempt to sync and synchronization error right last catalog update catalog updates are always very important in troubleshooting right you can check whether the client is getting the latest catalog or not exit exit round inside if you have some client so after the sink right if I can go back to software library you remember this is a different a server and the different lab so let me go back to sites first sites and let me go back to configuration components and su P it software update point where we can change the products and let me see what I what I what are the products I selected in this right this list is very huge right at the moment after the first thing it should get this much huge so you can see Windows 10 right and there is somewhere yeah these are the two ones right I want to enable only these these two at least at least this one right Windows 10 version 1903 or later because I don't have any previous version so I don't want to enable this but that is that is for my lab right I have not done enough rnd to disabled space in production environment so don't don't do this in your production environment don't remove this but I did that in the other lab right which we just build okay but I want to enable only this but just wanted to show the classifications also right classification in the classification you can see I have enabled update roll up and upgrade so it upgrades because I already have Windows 10 servicing enabled on this and I have servicing packages over here right so for example servicing Windows 10 servicing right over here if I go over here there's a good red one interesting usage Windows 10 some updates ok probably the you can see yeah mm 2004 2004 updates over here right so that is how we get the 2004 updates and Windows 10 updates or upgrades I would say right to be precise feature of upgrades or upgrades feature updates it is so confusing okay so that is how that is why I have this one right if you have not enabled that then from the classifications then you might not see this it updates only the monthly patches will be available here so as you can see this is a monthly patches which is available in my lab so different lab enrollment let me go back to the previous lab and that lets see what is what is happening it is still stuck in the in the synchronization stage I don't know why it is taking so much of time normally it is to 0 for 15k to 0 for 15 it's almost 10 minutes now okay now let me let me go back here and try to do something over here it's same so we might need to wait furthermore so let me go back to the other lab we where I have some updates no once the synchronization is done it once the synchronization is done the process of software updates that is what we are going to see here right processing updates right now we need to we need to we have we can create a ADR if you want right and ADR there are different scenarios right for example if you want to understand the process as I mentioned in the client push method installation if you want to learn how it works from the basics always do it manually right so select an update for example if you want if you want to understand it properly then probably I am going to select 2004 I don't know whether whether I have any updates okay and say it's required one night so one of my system requires these updates right so I'm going to select these these three updates right service tag and I don't flash player update and a 64-bit updates right if you want for example if I want to update this right what we need to do is create a basic thing right create a software update through rather than downloading it directly right so this is what normally I do create a software update group and name it something like useful right Windows Windows monthly update Windows 10 monthly update if you want write monthly update probably assume let's assume I will create software up a proof for every month right so July July 1 D don't be okay I'm going to select this particular three updates required updates and create ok a software update blue now we have a group of those patches so we can avoid all those others other things right so basically we have created one this one right and you can see okay you have already this and now you can see what is there in this inside this this this is only this is kind of a group right and you have proved three patches for your Windows 10 a device that is to 2004 version of Windows 10 device okay as per the requirement column over here astray so requirements is coming from scanning right when when when a scan is run on a client side it can collect the requirement which are the patches missing and it can collect the requirement right scan is run based on the the the update sirs or catalog basically right the wsus catalog version which we mentioned a couple of times before right based on that know now what we can do is basically you can click on this and deploy like now once you have software update group let's let's deploy right so deploy is basically creating package and downloading content and deploying it so that is the entire process of deploy right so creating a package will come me over here and create the downloading content of software updates so these this is only metadata it as you can see over here oh it's already downloaded probably this is already downloaded because I'm having ADR right normally if I if I go back here I want to select anything for example right which is not downloaded right so probably I'm going to select anything like for example this one right let's select creator software update group with name test test so this is just for testing purpose we are creating that is why I provided the test Don do this in production because I have seen like even even I have created lot of test deployments in previous scenarios and I myself get confused like when I look into the same test groups again after one month or two months probably I might not a kind of remember but white why did why we why did I create that s group right so now now you can see it is not download right now you you have two options here right you have download option you have a ploy option so if you click on download what will happen is it will it will ask you to create the package software of eight package right so if you click on this is one way of doing it if you want to understand why this package etc etc we can do that right so let's let's clue do like that right for example right so this is the actual way when we started is cesium 22 all right we always ask people to do in this way go to software update group and then create software update group then go to packages and create new package what sorry then go to software update group and select that and create new packages for that particular patch right and then go to deploy and deploy deploy it right so so that that probably we can follow the same thing over here right so I'm going to create a new package that is my recommended way of doing it monthly pack patches because if you cumulate lot of packages into same thing right for example if you are creating Windows 10 package for entire entire year then you you might end up deploying some 4 gigabytes or five gigabytes or more than that of the package right so that is going to create a lot of problems for your environment if you have like hundreds of remote distribution points even though the Delta discovery you're sorry no Delta discovery by ninja binary the differential replication is enabled for example if you want to kind of install a new DP alright in a remote office were you don't have a proper internet connection or you don't have a proper band connection then you are dead right because you 4g gigabytes of a software update package pain might be reply you need to deploy that to that at that particular DP so that is not ideal from my perspective but it depends entirely on your organization right if how you want to manage and what is the best solution for you okay but my recommendation if you ask me my recommendation it would be kind of installing or now what you call installing order what I was trying to say okay creating my packages every packet new packages for monthly updates okay but you need to remember that you it is it is always recommended to delete the previous or old packages which has superseded ins updates and etc etcetera right so you need to have a process in place for that also right then only the SCM or configuration manager performance will be best right okay so I'm going to create a package I don't want to create a test package now I don't know I want to put a good name so let's see stmd software update package for demo okay so I'm going to use that as a description also now this is UNC path right you you cannot use any other path like direct browse and you cannot go to C Drive and provide any path over there right so this should be a UNC path okay so I need to find out my UNC path now for this you need to remember this is a different server all together right this is not my previous server which I kind of used so I have a source folder so this is another recommended way and probably you would be able to see some updates folder over here Windows 10 if I go we sing so this is the servicing probably I will create monthly patches folder over here right monthly patches this is also a very important right to have a proper folder structure for your monthly patches right otherwise you will be searching right where should I copy every package where should I create San you can you can specific an be specific over here like security updates or something like that so I'm going to see him this is probably I don't know this is this was I don't know 15 the old one right so probably I will same this is old package package normally what I do is if I want to deploy a package and now monthly software update then I I will say like dude this month right probably July you'll a 2020 right so this is a normal way I normally do if I if you ask me how what is the best best practice but in this scenario I am going to use old brake package because I want to delete this package after the demo right so and UNC path provided right if I say see over here right see dollar sorry see : then it might say you know it's not allowed only the UNC path is only UNC path is recommended right so UNC path next and DP add your DP which DP you want to distribute right click ok and click Next this is this is the another configuration I normally select automatically download the content when packages us into distribution point right and I don't know why this is the default option came so I I don't change normally this one distribute distribution priority you have option to make it low priority or high priority right okay so next download location I am downloading it directly from Internet right that is option you the default option and I normally do that way if you have a proxy connectivity from your SCCM server right that is the best way to do and the next option is download software update from local look local network right so if you have already download keep the file somewhere and you can you want to use that rather than using directly internet to download because of some security reason you can use that right okay now let's click Next and select the language yeah obviously I want only the English and if you want to change you can do that from here right edit click on edit and change select okay and next you confirm whether everything is correct you you mentioned everything ok so obviously we are deploying 1507 that is that is a way way out of support right you should not do that so but for this demo we are kind of doing it now we started the processing so now what is happening is if you look at the package you would be able to see the package content is getting downloaded now right so if you see that the content will get downloaded and if you want to quickly see the log files right so if I can go to temp temp folder of this particular user right you would be able to see patch patch downloader this is 7 4 to 24 7 ok this is the latest one let me open this patch downloader and it will tell you what is going on now ok so it is download it is contacting the double users download internet internet and it is saying okay 70 percentage completed it says download to do return 90 percentage completed and it's almost completed I think it should be shown somewhere in the folder now mmm there is a folder let me check that it does not moved to the folder yet I think verifying verifying area it is still verifying so it is in the temp folder once a verification is completed it should move automatically to the folder this particular folder right let me go back and see there is lot of background noise can you explain the download process basically it is it is downloading in from double users right sorry it is downloading it from Internet Microsoft updates okay so that is what we you can see over here see so this is where it is downloading the content so this is the URL it used to download the content right so it says content source right so if you look at the log file right you can see it is it is trying to kind of contact that WMI and trying to connect to the WMI and then its data setting the download location right download location is our server location right so now content source right content sources from where you are downloading right so content source is this location so from we have not conjugate anything this is all automatically happened right this is the intelligence of double users the abusers know how to which is the URL for Windows updates right from where you need to you can get the cap files okay so it is configuring that it's already configured right and it is contacting that particular location right so it is 20 1707 right and this particular KB so they have a proper structured URL there so it is contacting that it is querying something I don't know what does this I need to find out curry to run it is currying against the blue shoes I think Microsoft updates ok and downloading the content and it's it's it's collecting the content ID and the file name would be this one right and this is the download process so we are kind of instructing double users to do the work for us so double uses is doing the work for us it is not a cesium actually downloading the content right so double uses is contacting the the the the Microsoft up AIDS and Microsoft Update is providing us the content and then after after downloading it is verifying the hash values whether somebody processed this content during the download some somebody put some extra files into it or not right it is taking all these all those security checks after the download so that is what happening here see hash file verifying the hash file everything right and then once that is done it will move the file to our location now you would be able to see the file over here right in this folder so our location so calf file is ready now okay now we have we have the cap file now the download process is completed and our wizard I'll say it is completed right and it will we can close this okay so if you have any problem with the download this is the file which you want to look into if this would be in your temp location User Profile right in your user profile from where you're probably console is running probably right okay so that is it let me go back to our previous Kuechly previous lab this is a previous lab just to remind you since you succeeded this is when we started this okay give me a sec whenever we left ok we left somewhere here I think synchronization database I think this is where we left and we started thing wait a minute no note that please this is the first lab right this is sorry this is the lab which we had problems before this is yeah 126 we had a problem and in box synchronization local okay found one su P this is one thing this is interesting right you need to remember this found one su P so sorry for switching in between the labs so I don't want to waste time actually so that is why I must showing over there X Q me you say let me okay so so synchronization synchronizing categories and synchronizing catalogs now it says hundred person is synchronized right and let me let me see content source version other thing is here it shows up code also we configured 885 32 contact the client so basically the port which we configured is for the client so into SUV communication right this is nothing to do with is w suits and microsoft communication Microsoft Update communication okay so that is another important point which I missed previously so as you can see categories processed three sixty three sixty three categories process now right and that means additional 365 366 sorry C three sixty three categories and it probably you would be able to see that now if I go back to here done indexing okay indexing is a good thing and resetting successfully completed right so this I'm trying to find that successfully completed Singh started a change in G and synchronizing okay so this is the this is the end of the keyword which you want to look into my done synchronizing success with W su server okay and let me think okay now let's go back to the console and see whether we have some updates over here or not right okay so now you can see catalog version is zero okay fine the updates everything is populated this is the new lab which we set up now let me go back to software updates right software updates and see there's nothing okay yeah this is expected right nothing nothing kind of issue here right so if you go back to administration and what I want to show is probably there would be Lord of other categories right probably a lot of other categories came up if I go by products basically you know it so classification classification is same we are not going to change that products probably you are able to see lot of stuff now right what of shop windows 10 1903 version later was not air before I think now it is it should be there right this is the one 1903 later C 1903 later this is the one now available so lot of updates happened right nothing is selected so I'm going to select that and I'm going to click OK now what you can see if you notice probably you would be able to see in the log file right in in I forgot where it is exactly right right in wcm or yeah so in WCM it can con it can see some something is changed right in the configuration setting new configuration state before okay that is latest right so we each selected one category right sorry product right so that is the one change which we want to check and it would be available in the resource Inc also so now what we need to do to sync that updates and to get some updates over here in our portal right sorry console and over here we need to update it again sorry sync it again right so this is going to take another I don't know probably 20 minutes or more than that right so we will see that okay now the sync is started we will see that what is going to happen right and it is starting the synchronization start W so synchronizing the categories all right so categories are getting synchronized and probably the updates will appear over there after the synchronization w s-- is synchronizing the updates okay now if I check this keyword right for the air above hey there is no nothing right because it never synchronized the updates so this is the first time it is synchronizing the updates after synchronizing the update it will show up here if it found me if it is going to find something right if it is finding something probably it will show up here no so that is why this is also an important keyword right W so synchronizing updates category is a different one probably category is a different kind of kind of confusing sometimes right categories if you go to sides over here and if you see software updates point up eight-point classification products these are the things over there right there's no categories right basically it from W so I'm assuming right I have not seen any documentation about it but I am assuming that the products is basically categories right in the in the log files you see category side that is probably product so that is it I think I think I have clicked ok I don't remember whether I clicked okay or not okay it's is selected this one is selected right clicked up play a play but I didn't click okay I think I don't know how this is going to work out now it's okay it says five percentage completed eta is 17 minutes right it is going to take another 17 minutes to sync everything right so until that time probably we can quickly see what has happened over there right now let me go back to monitoring right monitoring and see again sync started and the icon change so this is another interesting tip if you are interested to know right so when sync is running this I we'll get changed hey okay one sink is completed successfully it will turn green otherwise it will turn red right okay so now now let's go bye sorry this is w CM w cm is not the one which we want to look into now it says 15 and 10 minutes okay now let's go back to our the previous lab right okay now we have we made sure make sure the cap file is downloaded and updated over here right it is over here now you can see the cap file in the old package okay now let's let's see check this one no you can you still can't see the download right probably that is going to take a refresh right if I go back here and go come back it says now yes okay so it is not automatically refresh so you need to kind of go back to some other node and see okay so it is it says download now we have completed to two steps right - down - download sorry threes yeah two steps we have completed - creating software of eight group we have created software update group that is the first step if you want to learn don't directly go into creating a DRS right ADR will do it for you automatically but you don't you might not understand the concept behind it so basically we are creating a software update group and software update group is a grouping grouping of eights right as you can see test this is the group which we created for this demo right I'm not liking somehow not liking the the name right probably stmd I will say HTM be monthly updates I'm sorry demo okay so yeah don't worry about that so that's me okay so let me let me close this and create one folder No okay anyways and so that is software update loop software update loop is that after that what we did is we created package software update package and now you can see the deployment package in that particular package inside deployment update so as you can see this is the demo package which we created right and that is created by clicking on download download package right sorry download option from software update group right now you can deploy this you can deploys a film software update group so if you if you go back to software update proof and if I select the demo software update pack yes sorry grew then if I select deploy it will come up with a deployment page right wizard basically stmd demo okay so let me copy this and put it in the description and and a bit proof it's already selected if you have a template you can create different templates if you want you can use that and if you have you can use that but if you are doing it for the first time probably it's not it's not recommended to use it let's understand the concept first right and then create a template later okay so now it's time to collect selection I'm sorry select collection okay now by default it's coming into device collection so it is recommended way right it is not going to use a collect and it is not available at all right so select the collection so I'm going to select my custom collection right and always recommended to use some pilot collection if you are using it for the first time right if you are deploying it for the first thing okay type of deployment if you can see required always patches required I always go with the default option right success find error always the detail level keep it as default right this is this is basic things right if you have a configured application deployment you might have already seen this local always select the default because I as I mentioned also this is all very I don't know this is not just created like that as default right this is the best practice from Microsoft site right so client local time select that right so it will automatically take the local time of the client after 5:00 5:00 p.m. or after 9 p.m. after OFI servers etc etcetera right as soon as possible this is available right so this will be available as soon as possible this is not going to install right this setting means doesn't mean it will install automatically at this as soon as possible like this is making the update available for the mission right in the machine right so you don't need to worry much about this option if you are configuring it properly right the other option is installed deadline installation deadline this is option which you need to be very careful right that is why available as as soon as possible by default right and in deadline and they have mentioned at timeframe more timeline right today is 7 days what 7 right so it is it is far it is kind of a I don't know jul 11 'we kick you music laverna's next Saturday oh that does intelligent enough right so next it is selecting automatically next Saturday so it is it is for not causing any accidental shading issues right so if you are if you are ok with this schedule next Saturday that is fine then the this make make this settings right software software available time that will make the patch is available on the mission on as soon as possible right as soon as the update is created like this deployment is created and the client is synced with management point or a cesium right once the client gets a new policy it this updates will be available this patch will be available on the system but it will start the installation only during this timeframe if the maintenance window everything falls under then only it will kind of install otherwise it won't install right even though you specify this right so this is the deadline and you can see there what is the description over here and this is clearly mentioned over there right delay enforcement of this deployment according to user preferences up to grey spirits are up to the grace period defined inclined sitting so yeah obviously grace period if you have to find grace periods like for example if you have given user two days of time after the deadline to install and restart the PC then it will give that time frame for the users right and so that is that is something you can configure in the client settings right okay so this is the deadlines you should be very careful about that if you are not assess especially if you are not using maintenance window or something on the client side then you should be very careful about this otherwise that can cause lot of accidental deployments and kind of restarts unexpected restarts at the user site that might create lot of issues okay so we are over running so I'm sorry for that probably I will finish off this with this okay and click Next this is this is user experience right display in software center and show all notification it is up to you and your organization this plane Software Center you should not display or you should display sometimes it is useful for users and there are some users may they might go and install it probably IT uses right but no others and display in Software Center and only I love sorry only show notification for computer restart this is very useful right only computer note if he restarts then only the notification should be there so this is useful option right hide in software sender and all the notification so this won't show not like no notification shown in this scenario right so I normally go with default one as I mentioned but if you have a specific scenario if you want to show Lee the computer restart notification to the users then you can select that okay it it's entirely up to your organization and you are agreement with your client right ok so that is the that is the behavior user experience notification behavior right okay deadline behavior when the installation deadline is reached I love the following activities to be performed outside the maintenance window so if you are outside the maintenance window then software installation should not proceed right then there's no point of so maintenance window at all and that is why by default this is not selected right so system restart outside maintenance we know if that is okay with you mean outside maintenance window if you want to kind of restart or soft install software updates then you you can enable this I'm not going to do that and I don't recommend to do that right that fails the purpose of maintenance window in my in my opinion okay but there could be some special scenarios in this I I know I don't I'm not able to recollect those scenarios but that might be helpful right okay advise restart behavior this is also maintenance window probably write some software update required system restarts complete the installation process you can suppress the restart on servers and workstations suppress the system restart on the following devices servers and workstations okay so yeah this is kind of hard reboot or something after the patch installation if you don't want your servers if you are for example patching servers you don't mind this to be this to happen the force restart probably you are comfortable doing manual restart by an admin so that they can kind of verify whether everything is working after the restart right if it's the business critical service or something like that okay so right filtering handling devices okay that's fine I don't worry much about this actually software update deployment evaluation behavior upon the restart yeah sometimes this is this is kind of helpful to to have proper reporting of your patches right so probably after three after the after the patching proper reporting and if you if you are kind of stuck with SSU updates stack updates right then this this sometimes it is kind of useful but by default it is not selected so probably in your XP if you have seen some of the issues with with this and if you find a solution after updating sorry after sorry what is that software update deployment revaluation after evaluating from the client-side then probably this is kind of something helpful for your environment okay so next and alerts alright this is this is alert and you can see this is sometimes very useful in some of the organization's but I am not seen many organizations using it probably some of the better management organizations are using it okay so but this is again creating alert based on the person gage and bases on the percentage of success and it will alert you and if you have a kind of subscription option and SMTP configured you will get an email alert also right okay so that is the alert one I'm not going to do that for here right probably we can do that later stage right now click Next this is kind of download right so boundary group then I had an interesting discussion in Facebook group regarding this I want to keep it as it is do not install software updates so people will get confused what does this do not install software update me huh deploying software update and you are configuring do not install configure software update yes basically it says if your local DP is not available if the update is not available in your local DP do you want to fall back to a network about like neighbor neighboring boundary group and probably that neighboring boundary group is associated with a DP on a different location or at the end of another van connection right so that might create Lord bandwidth issues in your net organization if you are worried about that if you are pretty much comfortable you don't worry about bandwidth at all within your organization within all edp's probably you can select this one right you don't have any issues with that okay so that should not be a problem at all so so that is the option for this but I always go with this one I the DP issue first then I will get the updates installed right that is my way of doing things I don't know whether you agree with that it it's your team's decision right okay but this recommended way I would say this to avoid network bandwidth issues etc except a client will go to another DP and download etc etcetera right over the van so when software updates are not available on any distribution point in the current neighboring current or neighbor boundary group client can download and install updates from software update software sorry deploy a DP in s site default boundary this is very dangerous hey I I don't do that right I normally select this right default if you want to select this one yeah probably you can do that but again you need to remember that this might go into van connection and all right okay so that remembered something and I think an ADR blog I didn't change this that is interesting I need to change this okay okay client can download okay that's fine software updates not available distribution okay this is interesting thank you if your internet connection is better than your van connection in on a remote DP to reach the remote DP from client-side especially in COBIT situation right probably this is useful all right this this will directly go to Microsoft updates and download the content okay and I love Klein's a meter okay metered connection so if you are using some metered connection like mobile Wi-Fi or something probably too from a client Windows 10 device then it might you can I love this otherwise it won't go to that right okay so that is the download setting summary summary is same you need to kind of look into it carefully in if you are doing it in a protection and important thing right here you can create a template save template right here you can select all my deployment options the best practices which I mentioned as per my experience right and you can browse and probably you can create a create a template right at the moment I don't have any template available so I'm I'm going to create a new template HTM de demo template right so now every time when you create patches and you don't need sorry deployments you don't need to create you don't need to configure all these things right that is safety for safety probably that would be good right you don't if you don't we can avoid the human errors right okay so now click Next we have created templates you know how to create templates now right now you can see the deployment is going to my devices right so this deployment will go to devices and it will it will check at the compliancy of the devices it will scan and check whether the this particular KB is required or not in this case it's not required my system is 20 OS or 2004 system and we deployed 1507 update I think right so let's let's go back to our previous thing and it's a still five minutes sorry five minutes ETA so we will continue this tomorrow right and we will continue from the point where we left so it will be completed by then and probably it will show up something over here in the in the software update also of care updates so today we have learned so many things we almost reached I've been speaking for continuously for two and half hours now my wish I don't know my sound is almost gone ok so if you have any questions please feel free to ask let me drink some water while you are getting ready for the questions you can only hear the boys do if you are speaking okay one at a time please okay go ahead yeah yeah Microsoft cloud services which is it you connect like the bridges are an SUV reach agent for downloading the content or downloading the metadata metadata cloud metadata metadata both okay fine let me let me answer that okay so this is this is the metadata right this is metadata right this is only the only the details of the badges right if you go to the properties you would be able to see let me minimize this if you go to the properties you would be able to see this minimum runtime this is the metadata right and this is double users connecting to Microsoft updates and downloading it and bringing back to assess iam console so everything is double uses a SSE M is just a friend tent I would say so a server said so in server-side Windows Update way isn't his purpose like you connect the client that's a client side right so for example right if you have a client a Windows 10 client or Windows Windows 10 serve I'm sorry Windows 2016 server for example okay and you are deploying patches to those servers or those Windows 10 devices then what you are doing is that is a client-side process right so a cesium is deploying patches to that particular client the once the batch is deployed and reached the Windows 10 Klein then SCCM policy policy will get received and a cesium client will analyze the policy and a cesium client will find with the location of the pad updates basically the KB files and all the required patch files okay then the SEM agent will hand over the task to dub w ue w u a agent so that is Windows Update agent right from there w ua agent will take over and try to install the packages no sorry updates so that is a client-side process so today we have seen the server-side process okay so server side W suspend contacting Microsoft updates and downloading the patches and also downloading the metadata but the the client-side process is different as I mentioned it will it will try to get associate mind will get the policies from a cesium server because a cesium is deploying the patches right so a cesium client will get the patches and a cesium client will process those policies afford the patch installation and it will try to find out the the DP location su P look su P and from su P it will get the catalog details right which are the files deployed sorry this which are the updates it it got deployed to the Windows 10 device or Server 2016 in my example right and then it will hand over to Windows Update agent and then Windows Update agent will take over the installation and Windows Update agent will install the patches on the device and once the installation is completed successfully Windows Update agent will report back to a cesium client stating ok my work is done okay now you take over and you take the reporting back to your SCCM server so that is the process is that clear so far yeah clear so for example Windows Update agent is corrupted yeah then that case then we need to repair that right there is no other option okay thank you thank you I know Hey yeah so I have one query regarding of the download the updates let us example there is a one side server this is one primary side and I have the jump service so I connect my system console to the jump server and through the jump server I create the su G and try to download these security patches to the repository server so when I trigger a download so on on that time what happened when I trigger the download so my download going to be stuck so I just wanted to know while while going to be download these security patches on that time the internet going to be utilized or going to be connect the Microsoft side so they're going to be connect from the my main primary side to a CCM side or they trying to trigger from the they try to utilize from the jump server internet so so that I I'm not sure about that I think it is it is from it is from the ACM server itself where where you have opened them the ports and alright so I think I need to look into the log files then only I will remember it I don't want to give any wrong answers over here but I don't remember my my assumption is it should be from from your jump server probably you can look into the patch download or log and you will come to know what is happening over there right I don't I don't know exactly I don't know whether anybody anybody else in the call is aware of that if they can confirm it ok so I I tested in my production government what happened when I can go and download the patches from the my primary side so not going to be download it's saying something blocked and even I do these jumps away I'm getting the same error message but when I have the one one taste machine taste physical devices where there is no firewall rule applied and I connect that device to my mobile host hotspot or the open Internet and when it when I connect the console and trying to download it it going to be download from my public Internet and they using the Internet and then there is no issue in the downloading so I just confused like even though my console or my primary site is tall on the the main primary server so for that they are not using the Internet bandwidth to connect the Microsoft getting download it just using my either where I'm getting connect the console so that is why that makes sense right that that makes sense because the the even the patch downloaded lured log right it is it is sitting in your local profile user profile right so I think everything is kind of initiated from your local profile because it's initiated from the your console right so that is basic design I feel right so I don't know is there any way to change that I don't think so but III never used any other way to load this I normally what I normally do is I create a ADR right so ADR run automatically on the server side so you don't need to worry about that so basically your server should have internet access right the primary server should have internet access and if you are using an enterprise proxy you should have a white listing of the primary server over there right if you have not opened ports through the through the so first thing is you need to have a connectivity between your primary server and proxy server right that firewall port should be opened right for example if you are your proxy is using 8080 you should be able to do it and tell it from your primary server right or jump server right to the proxy right well proxy and if that is retaining fine then connectivity is there in the next part is authentication right proxy should use some proxy normally use some authentication right so if that is based on a user ID then probably you might need to provide your user ID user ID and password right that way that will be going through that authentication the otherwise if it's if it's kind of based on the white listing then you need to provide the your server hostname to the proxy team then proxy team will whitelist that server then all the communication related to Microsoft updates if we provide those details to them they will like this that that is all your issue that is what my recommendation would be yes I got it yeah thank you Anoop one question on the client-side configuration is the best practice to disable this Windows Update because earlier I used to do to avoid conflict with group policy or something I don't recollect because this is a curve those those policies where I'm not I'm not kind of very expert in Group Policy settings I normally always share the blog post from Jason Sandy's right there is a great block was from him he provides the best best option to disable the group policies for if you are using SCM patching scenarios right so I will add that group sorry that post into the description of the video so probably you can refer to that right I don't want to give any wrong information and one more question on the delivery optimization I think group colic this batching also can the benefit from that Oh cow where are the settings I didn't didn't I think I would see that but I don't know where whether it is available for wsus patching or not but obviously it is available for Windows Update for business in tuned scenarios it is obviously there I kind of done that but in W so scenario probably I don't know I'm not sure probably it's - it's something to do with peer-to-peer caching and all the other stuff right which you need to look into probably not directly a delivery optimization or peer-to-peer caching along with delivery optimization which you need to look into I'm not so sure about that okay any other questions last one or two questions yeah no apology but this is a scenario question actually I am facing in my customer environment actually which was from client side how the plaintiff scans the patches promises himself actually I am facing one scenario here for 2016 service patching if the previous milk patches was in pending restart we are putting patches for the next month it was directly going to complain how validating it's going in compliance and I'm not sure about the evaluation of it is it is basically a bit bit complex right so the first thing is basically based on the version right as you can see on the screen version of the catalog right so you need to be you need to make sure the catalog version is up to date okay on your promote su pees and all right so that you can find out over here and sorry in monitoring I'm sorry software updates right over here you would be able to see the catalog version right so you would you you would do a human need to have the latest catalog version available on the client side also the other interesting fact over there innocence in that kind of a scenario I have seen this many times before right in that scenario is if you go into properties of a particular patch you would be able to see some options over here content information some some options are here but it is basically difficult to understand like why it is kind of not showing and if you kind of do some MBS see I don't know what is the tool scanning scam some scanning tool if you if you use some canny scanning tool it will show us okay it is required but a cesium will seem okay it is not required right it is no no it's already complained or something like that I UNITA Green WMA also the only see was scanned by the machine after that the department said this was going companies without installing it yeah that is actually the properties of this patch right properties of the particular patch is doing some doing something and it is not able to recognize that so I I normally what I normally do is basically I raise a ticket with Microsoft in that kind of a scenario if you are facing it for many issue many servers right for example 10 servers if you are facing it right so it is not any kind of issue one one of issue with one particular client right so in that scenario and servers we we cannot do a lot of our NGS right whipped up TMI and all we can do a lot of workarounds with the WMI and we can we can - lot of R&D and we can try to fix it but my recommendation if you are not aware what you are exactly doing you don't you should not do it at least on the server side so my recommendation would be to Razer arduously case or something with Microsoft and let's let's get an expert opinion at taking the remote control of that your server or something right or client or something so that is the best approach because there is no this is very complex kind of a scenario I have seen this is very useful when you have skub servers right I don't know you you know about scuf servers right we in in scup servers right you have for the third-party patches you have lot of options if you go to the properties right you will get lot of options well you will have conditions also right in conditions you will say oh if this condition is true your patches your pads results will be complained or something like that so that is the property settings but in the in them in the W scenario no one scrub scenario for the default Microsoft updates those are kind of disabled those are not shown in the tabs over here those conditions and all right so I think there are load this is very old kind of an issue I've been I've been seeing this issue since like like like I would say 12 years last few years or so so there's no improvement in that actually so unfortunately I don't have any direct answer to that okay last question if you have any other ways will speak to you tomorrow will you continue and let's let's do this tomorrow and that lat that will be the last session for this season and we will start the season b of weekend learning soon after probably one or two weeks break so thank you all for joining in today and I'll speak to you tomorrow same time same place please don't ask me for the meeting in rates it's already with you okay thank you Cheers bye-bye

Info

Channel: Anoop C Nair

Views: 968

Rating: undefined out of 5

Keywords: Install WSUS for ConfigMgr Software Update Point Role, Launch Server Manager, Select Destination Server, Post Installation of WSUS Failed – WSUS service is disabled ?, WSUS Reinstallation steps explained, WSUS post installation completed without any issues, Install ConfigMgr Software Update Point (SUP), Add Site Systems Roles, Do Not Setup SUP with Default WSUS Product Selection ConfigMgr SCCM, Log files to troubleshoot SUPSetup.log, WsyncMgr.log, WCM.log, and WSUSCtrl.log, Cleanup

Id: k85I87FP3-8

Channel Id: undefined

Length: 170min 22sec (10222 seconds)

Published: Sat Jul 04 2020