Hi @all,
we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.
Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..
Can anyone give us some help?
greetings
Uenal
Is this a standalone WSUS environment?
Quote from: Uenal on February 21, 2020, 01:01:32 PM
Hi @all,
we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.
Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..
Can anyone give us some help?
greetings
Uenal
yes it's an Standalone WSUS Environment...
Is the child WSUS servers using a WID or full SQL DB?
Quote from: Uenal on February 21, 2020, 03:14:59 PM
yes it's an Standalone WSUS Environment...
Both WSUS Servers (Upstream & Downstream) uses their own internal WID Databases...
Hi Uenal, does the downstream server trust the certificate used by the upstream server to sign the packages published by PMP?
yes David, i have imported the SiningCertificate that Issued from our Internal PKI on the Downstream Server in LocalMachine\TrustedPublishers..
Is the downstream server a replica of the upstream server?
Quote from: David Courtel - Admin on February 22, 2020, 09:53:49 AM
Is the downstream server a replica of the upstream server?
yes it's configured as DownstreamServer in Replica Mode for UpstreamServer where PMP is up and running..
Hi Guys,
is it generally supported Environment for PatchmyPC to use Standalone WSUS Server with one or more Downstream Servers (in Replica Mode).
The WSUS Server and Downstream Servers has no SCCM Integration and all Servers has their own WID Databases..
We are currently in fulltrial mode and are about to buy.
But we would make sure that it is a supported environment...
greetings
Uenal
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?
Quote from: Justin Chalfant on February 24, 2020, 09:48:15 AM
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?
Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..
After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..
if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..
is this way correctly to do..??
greetings
Uenal
The issue is actually related to the way WSUS sync the downstream server. The way our publishing service works in standalone mode, we will configure an update after it's publishing to have a value in the database to IsLocallyPublished = 0. This essentially makes the update appear as a non-third-party update meaning it will show in the WSUS console. The issue is during the sync process to the downstream server, it appears this value does not get replicated therefore, the update is not visible on the downstream server.
Do you actually approve the updates on the downstream server differently than the top-level WSUS server?
Quote from: Uenal on February 24, 2020, 01:36:28 PM
Quote from: Justin Chalfant on February 24, 2020, 09:48:15 AM
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?
Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..
After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..
if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..
is this way correctly to do..??
greetings
Uenal
I don't want to open a new topic but I'm not sure if my problem is precisely the same.
I have a subnet with restricted access to the Internet. The WSUS is configured as Downstream Autonomous Server and the problem is the third-party updates are not appearing in. (of course they are on the Upstream server and the Microsoft updates are synchronising without any problem)
All certs were populated. The PatchMyPC was validated with the license but now is showing the state "Invalid License ID" because there is no Internet access.
The PatchMyPC is installed on both the Upstream and Downstream servers.
Are there any settings in PatchMyPC that should be configured to allow the third party for synchronisation?