Author Topic: ThirdParty Updates from PatchmyPC doesn't appear on WSUS Downstream Server  (Read 2770 times)

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
Hi @all,

we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.

Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..

Can anyone give us some help?

greetings

Uenal

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2152
    • View Profile
    • Patch My PC Support
Is this a standalone WSUS environment?

Hi @all,

we have a seperate WSUS Server installed on Network an out PatchmyPC on that..
after that i do add an additional WSUS Server as Downstream Server in same LAN.

Wen we Select an Update in PatchmyPC an Approve metadata only it appears on WSUS Server where PatchmyPC installed on..
but it doesn't replicate to Downstream Server..

Can anyone give us some help?

greetings

Uenal

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
yes it's an Standalone WSUS Environment...

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2152
    • View Profile
    • Patch My PC Support
Is the child WSUS servers using a WID or full SQL DB?

yes it's an Standalone WSUS Environment...

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
Both WSUS Servers (Upstream & Downstream) uses their own internal WID Databases...
« Last Edit: February 21, 2020, 07:08:42 PM by Uenal »

Offline David Courtel - Admin

  • Sr. Software Engineer
  • Administrator
  • Newbie
  • *****
  • Posts: 48
    • View Profile
Hi Uenal, does the downstream server trust the certificate used by the upstream server to sign the packages published by PMP?

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
yes David, i have imported the SiningCertificate that Issued from our Internal PKI on the Downstream Server in LocalMachine\TrustedPublishers..

Offline David Courtel - Admin

  • Sr. Software Engineer
  • Administrator
  • Newbie
  • *****
  • Posts: 48
    • View Profile
Is the downstream server a replica of the upstream server?

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
Is the downstream server a replica of the upstream server?
yes it's configured as DownstreamServer in Replica Mode for UpstreamServer where PMP is up and running..

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
Hi Guys,

is it generally supported Environment for PatchmyPC to use Standalone WSUS Server with one or more Downstream Servers (in Replica Mode).

The WSUS Server and Downstream Servers has no SCCM Integration and all Servers has their own WID Databases..

We are currently in fulltrial mode and are about to buy.
But we would make sure that it is a supported environment...

greetings

Uenal

 

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2152
    • View Profile
    • Patch My PC Support
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Offline Uenal

  • Newbie
  • *
  • Posts: 7
    • View Profile
Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..

After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..

if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..

is this way correctly to do..??

greetings

Uenal

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2152
    • View Profile
    • Patch My PC Support
The issue is actually related to the way WSUS sync the downstream server. The way our publishing service works in standalone mode, we will configure an update after it's publishing to have a value in the database to IsLocallyPublished = 0. This essentially makes the update appear as a non-third-party update meaning it will show in the WSUS console. The issue is during the sync process to the downstream server, it appears this value does not get replicated therefore, the update is not visible on the downstream server.

Do you actually approve the updates on the downstream server differently than the top-level WSUS server?

Would you be able to install the publishing service on the downstream server and launch the modify published updates wizard, and let us know if there are third-party updates listed?

Hi Justin, yes we are be able to Install the publishing service on DownstreamServer..

After we installed the PublishingService on DownstreamServer and configure it up with Licence and Certificate.. as we do it on UpstremServer..
and launch "modify updates wizard" the Third-Party Updates listed that we Published on UpstreamServer.. but not listed in the WSUS Console..

if we select one or all listed Updates and press "Show in WSUS" button.. the updates are visible in the WSUS Console on DownstreamServer..

is this way correctly to do..??

greetings

Uenal