Setting Up and Running Synchronizations

Applies To: Windows Server Update Services

During synchronization, your server running Windows Server Update Services (WSUS) downloads updates (update metadata and files) from an update source. When your WSUS server synchronizes for the first time, it will download all of the updates you specified when you configured synchronization options. After the first synchronization, your WSUS server determines if any new updates have been made available since the last time it made contact with the update source, and then downloads only new updates.

The Synchronization Options page is the central access point in the WSUS console for customizing how your WSUS server synchronizes updates. On this page, you can specify which updates are synchronized automatically, where your server gets updates, connection settings, and the synchronization schedule.

After you synchronize updates to your WSUS server, you must then approve them before the WSUS server can perform any action for them. The exceptions to this are updates classified as Critical Updates and Security Updates, which are automatically approved for detection. For more information, see "Approving updates for detection in Approving Updates.

Synchronizing Updates by Product and Classification

Your WSUS server downloads updates based on the products or product families (for example, Windows, or Windows Server 2003, Datacenter Edition) and classifications (for example, Critical Updates or Security Updates) that you specify. At the first synchronization, your WSUS server downloads all of the updates available in the categories you have specified. At subsequent synchronizations, your WSUS server downloads only the newest updates (or changes to the updates already available on your WSUS server) in the categories you specified.

You specify update products and classifications on the Synchronization Options page under Products and Classifications. Products are grouped in a hierarchy, by product family. For example, if you select Windows, you automatically select every product that falls under that product hierarchy. By selecting the parent check box you not only select all items under it, but all future releases too. Selecting the child check boxes will not select the parent check boxes. The default setting for Products is All Windows Products, and for Update classifications, the default setting is Critical Updates and Security Updates. You must specify update classifications individually.

If your WSUS server is running in replica mode, you will not be able to perform this task. For more information about replica mode, see Running in Replica Mode.

To specify update products and classifications for synchronization

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Products and Classifications, under Products, click Change.

3. In the Add/Remove Products dialog box, under Products, select the products or product families for the updates you want your WSUS server to synchronize, and then click OK.

4. Under Products and Classifications, under Update classifications, click Change.

5. In the Add/Remove Classifications dialog box, in Classifications, select the update classifications for the updates you want your WSUS server to synchronize, and then click OK.

6. Under Tasks, click Save settings, and then click OK.

Configuring Proxy-server Settings

You can configure your WSUS server to use a proxy server during synchronization with an upstream server or Microsoft Update. In addition, you can specify a port number and whether you want your server to connect to the proxy server by using specific user credentials.

You specify proxy-server settings on the Synchronization Options page under Proxy server. This setting will apply only when your WSUS server runs synchronizations. By default this option is not enabled, and your WSUS server will connect directly to the upstream server or Microsoft Update. By default, the proxy-server option is not selected, which means that your WSUS server will attempt to connect directly to another WSUS server or Microsoft Update during synchronization.

Because WSUS initiates all of its network traffic, you do not need to configure Windows Firewall on a WSUS server connected directly to Microsoft Update.

To specify a proxy server for synchronization

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Proxy server, select the Use a proxy server when synchronizing check box, and then type the server name and port number (port 80 is the default) of the proxy server.

   • If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server check box, and then enter the user name, domain, and password of the user in the corresponding boxes.

   • If you want to enable basic authentication for the user connecting to the proxy server, select the Allow basic authentication (password in clear text) check box.

3. Under Tasks, click Save settings, and then click OK.

Configuring the Update Source

The update source is the location from which your WSUS server gets its updates and update information (metadata). You can specify that the update source be either Microsoft Update or another WSUS server (in this scenario, the WSUS server that acts as the update source is the upstream server, and your server is the downstream server).

Options for customizing how your WSUS server synchronizes with the update source include the following:

• You can specify a custom port for synchronization. For general information about configuring ports, see Deploying Microsoft Windows Server Update Services.

• You can use SSL to secure synchronization of update information between WSUS servers. For more information about using SSL, see Securing Windows Server Update Services.

To specify the update source for your WSUS server

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Update Source, do one of the following:

   • If you want your WSUS server to synchronize directly from Microsoft Update, click Synchronize from Microsoft Update. If your server is running in replica mode, this option will is disabled. For more information, see Running in Replica Mode.

   • If you want to synchronize from another WSUS server in your network, click Synchronize from an upstream Windows Server Update Services server, and then type the server name and port number in the corresponding boxes.

   • If you want to use Secure Socket Layers (SSL) when synchronizing update information (metadata) synchronization, type the port number that the upstream server uses for SSL connections, and then select the Use SSL when synchronizing update information check box. For more information about using SSL during synchronization, see Securing Windows Server Update Services.

   • If your WSUS server is running in replica mode, you just need to type the server name in the Server name box. The upstream server does not have to be the administration server (for example, it can be another replica mode server). For more information about replica mode, see Running in Replica Mode.

3. Under Tasks, click Save settings, and then click OK.

Specifying Where to Store Updates

For more information, see Specifying Where to Store Updates.

Synchronizing Manually or Automatically

You can either synchronize your WSUS server manually or specify a time for it to synchronize automatically on a daily basis.

To synchronize your server manually

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Schedule, click Synchronize manually.

3. Under Tasks, click Save settings, and then click OK.

To synchronize your WSUS server immediately

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Tasks, click Synchronize now.

To set up an automatic synchronization schedule

1. On the WSUS console toolbar, click Options, and then click Synchronization Options.

2. Under Schedule, click Synchronize daily at, and then in the list select the time you want synchronization to start each day.

3. Under Tasks, click Save settings, and then click OK.