• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

ThirdParty Updates from PatchmyPC doesn't appear on WSUS Downstream Server

Started by Uenal, February 21, 2020, 01:01:32 PM

Previous topic - Next topic

Uenal

Hi @all,

we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.

Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..

Can anyone give us some help?

greetings

Uenal

Justin Chalfant (Patch My PC)

Is this a standalone WSUS environment?

Quote from: Uenal on February 21, 2020, 01:01:32 PM
Hi @all,

we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.

Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..

Can anyone give us some help?

greetings

Uenal


Justin Chalfant (Patch My PC)


Uenal

Both WSUS Servers (Upstream & Downstream) uses their own internal WID Databases...

David Courtel (Patch My PC)

Hi Uenal, does the downstream server trust the certificate used by the upstream server to sign the packages published by PMP?

Uenal

yes David, i have imported the SiningCertificate that Issued from our Internal PKI on the Downstream Server in LocalMachine\TrustedPublishers..

David Courtel (Patch My PC)


Uenal

Quote from: David Courtel - Admin on February 22, 2020, 09:53:49 AM
Is the downstream server a replica of the upstream server?
yes it's configured as DownstreamServer in Replica Mode for UpstreamServer where PMP is up and running..

Uenal

Hi Guys,

is it generally supported Environment for PatchmyPC to use Standalone WSUS Server with one or more Downstream Servers (in Replica Mode).

The WSUS Server and Downstream Servers has no SCCM Integration and all Servers has their own WID Databases..

We are currently in fulltrial mode and are about to buy.
But we would make sure that it is a supported environment...

greetings

Uenal


Justin Chalfant (Patch My PC)

Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Uenal

Quote from: Justin Chalfant on February 24, 2020, 09:48:15 AM
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..

After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..

if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..

is this way correctly to do..??

greetings

Uenal

Justin Chalfant (Patch My PC)

The issue is actually related to the way WSUS sync the downstream server. The way our publishing service works in standalone mode, we will configure an update after it's publishing to have a value in the database to IsLocallyPublished = 0. This essentially makes the update appear as a non-third-party update meaning it will show in the WSUS console. The issue is during the sync process to the downstream server, it appears this value does not get replicated therefore, the update is not visible on the downstream server.

Do you actually approve the updates on the downstream server differently than the top-level WSUS server?

Quote from: Uenal on February 24, 2020, 01:36:28 PM
Quote from: Justin Chalfant on February 24, 2020, 09:48:15 AM
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..

After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..

if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..

is this way correctly to do..??

greetings

Uenal

Pawel

I don't want to open a new topic but I'm not sure if my problem is precisely the same.
I have a subnet with restricted access to the Internet. The WSUS is configured as Downstream Autonomous Server and the problem is the third-party updates are not appearing in. (of course they are on the Upstream server and the Microsoft updates are synchronising without any problem)
All certs were populated. The PatchMyPC was validated with the license but now is showing the state "Invalid License ID" because there is no Internet access.
The PatchMyPC is installed on both the Upstream and Downstream servers.
Are there any settings in PatchMyPC that should be configured to allow the third party for synchronisation?