Migrating the distribution server component

Applies To: Forefront Client Security

Checklist

The following is a checklist of the high-level tasks required for you to successfully migrate the Client Security distribution server component. This checklist is included to help you perform the migration procedures. Detailed steps follow the checklist.

The Client Security distribution server component is primarily a WSUS 3.0 or WSUS 2.0 server, with the addition of Client Security components. To migrate the distribution server component from one server to another, you migrate the WSUS settings and database from one WSUS server to another.

Client Security supports both WSUS 3.0 and WSUS 2.0. Procedures for the migration of the distribution component differ slightly between the two versions.

Preparing the target computer

To prepare the target computer, perform the following steps:

To prepare the target computer

• Install the same version of WSUS that is installed on the source computer.

  For more information about installing WSUS, see either Install the WSUS 3.0 Server (https://go.microsoft.com/fwlink/?LinkId=91482) or, for WSUS 2.0, Install the WSUS Server (https://go.microsoft.com/fwlink/?LinkId=91483).

Once the installation is completed, you must configure the settings of the target distribution server to be the same as the setting on the source distribution server.

To ensure the settings on the source distribution server match the target distribution server for WSUS 3.0

1. On the source distribution server, in the WSUS Administration console, click the Options node in the left pane, and then click Update Files and Languages.

2. On the Update Files tab, check the setting for Download express installation files.

3. In the Update Languages tab, note the settings for the update languages (for use in step 5).

4. On the target distribution server, in the WSUS Administration console, click the Options node in the left pane, and then click Update Files and Languages.

5. Make sure the settings for Download express installation files and Languages options match the selections on the source server.

To ensure settings on the source distribution server match settings on the target distribution server for WSUS 2.0

1. On the source distribution server, in the WSUS console, click the Options tab, and then in the Update Files and Languages section, click Advanced.

2. In the Advanced Synchronization Settings dialog box, note the status of the settings for Download express installation files and Languages options (for use in step 4).

3. On the target distribution server, in the WSUS console, click the Options tab, and then in the Update Files and Languages section, click Advanced.

4. In the Advanced Synchronization Settings dialog box, make sure the settings for Download express installation files and Languages options match the selections on the source distribution server.

After synchronizing the settings on the target distribution server, you must transfer the downloaded updates from the file system of the source distribution server to the target distribution server.

To transfer downloaded updates from the source distribution server to the target distribution server

• On the source distribution server, copy the contents of the following location to the same location on the target distribution server:

  WSUSInstallationDrive \WSUS\WSUSContent\

  Where WSUSInstallationDrive is the drive on which WSUS is installed.

Additionally, you must copy the WSUS database metadata from the source distribution server to the target distribution server. A utility provided with both WSUS 3.0 and WSUS 2.0, WSUSutil.exe, is used for this.

To export metadata from the database of the source distribution server

1. On the source distribution server, open a command prompt and navigate to the folder that contains WSUSutil.exe. The default path is Program Files\Update Services\Tools.

2. Type the following:

wsusutil.exe  export packagename  logfile

For example:

**wsusutil.exe  export  export.cab  export.log**

The package (.cab file) and log file name must be unique. WSUSutil.exe creates these two files as it exports metadata from the WSUS database.

3. Move the export package you just created to the target distribution server.

To import metadata to the database of the target distribution server

1. On the target distribution server, open a command prompt and navigate to the folder that contains WSUSutil.exe. The default path is Program Files\Update Services\Tools.

2. Type the following:

wsusutil.exe  import packagename  logfile

For example:

**wsusutil.exe  import  export.cab  import.log**

WSUSutil.exe imports the metadata from the source distribution server and creates a log file of the operation.

**Note**   It can take 3–4 hours for the database to validate content that has just been imported.

Transferring the configuration data

The configuration data on the source distribution server contains information about subscriptions, auto-approval settings, targets, groups, and approved updates. This information must be extracted and transferred to the target distribution server.

To extract and transfer the configuration data, you must download and install the Windows Server Update Services API Samples and Tools for your version of WSUS. The WSUS API Samples and Tools must be installed on both your source and target distribution servers.

• For WSUS 3.0, download the Windows Server Update Services 3.0 API Samples and Tools (https://go.microsoft.com/fwlink/?LinkId=94784).

• For WSUS 2.0, download the Windows Server Update Services API Samples and Tools (https://go.microsoft.com/fwlink/?LinkID=90951).

To transfer the configuration data

1. On the source distribution server, open a command prompt and change to the following directory:

   Program Files\Update Services API Samples and Tools\WsusMigrate\WsusMigrationExport

2. Type the following command and press Enter:

WsusMigrationExport.exe outputfilename

Where *outputfilename* is the full path and name of the output file. This file should be placed in a location accessible to the target distribution server.

3. On the target distribution server, open a command prompt and change to the following directory:

   Program Files\Update Services API Samples and Tools\WsusMigrate\WsusMigrationImport

4. Type the following command and press Enter:

WsusMigrationImport.exe outputfilename  All  MoveComputers

Where *outputfilename* is the full path to and name of the output file created on the source distribution server.

Configuring the target distribution server

You must install the Client Security distribution server component on the target distribution server.

To install Client Security on the target distribution server

1. Using an account that has local administrator privileges on all of the Client Security servers, log on to the target distribution server, insert the Client Security CD, and run the Setup wizard.

2. On the Component Installation page, select the Distribution server check box, clear all the other check boxes, and then click Next.

3. On the Install Location page, enter the location where you want the Setup wizard to install Client Security files.

4. On the Verifying Settings and Requirements page, verify your system requirements, and then click Next.

5. On the Completing Setup page, verify that you have successfully installed Client Security, and then click Close.

Configuring the managed computers

The managed computers must be configured to use the new distribution server for updates.

To configure managed computers

• See Configuring automatic updates.

Verifying functionality

To verify the new distribution server is functioning correctly, you must test two things:

• The ability of the managed computers to download updates from the distribution server.

• The distribution server can connect to an upstream WSUS server or to Microsoft Update and synchronize updates.

To verify managed computer communication with the distribution server

1. On a Client Security managed computer, start a command prompt and change to the following directory:

   ClientSecurityInstallPath\Client Security\Client\Antimalware

2. Type the following command and press Enter:

   MpCmdRun.exe  -SignatureUpdate

3. In the Run dialog box, type the following command, and then click OK:

   Notepad  c:\windows\windowsupdate.log

   This opens the windowsupdate.log file in Notepad.

4. Place the cursor at the bottom of the file by scrolling to the bottom and clicking in the last line.

5. Click Edit, and then click Find.

6. In the Find what text box, type Server URL = https://

7. Ensure that under Direction, the Up button is selected, and then click Find Next.

8. The first string found should contain the name of the new distribution server. Ensure that the string is https://newdistributionservername

To verify distribution server communication with upstream servers or Microsoft Update for WSUS 3.0

1. In Administrative Tools, click Update Services.

2. In the tree pane, expand the server name, and then click Synchronizations.

3. In the Actions pane, click Synchronize Now.

   The synchronization result can be viewed in the Synchronizations pane.

To verify distribution server communication with upstream servers or Microsoft Update for WSUS 2.0

1. In Administrative Tools, click Microsoft Windows Server Update Services.

2. On the Synchronization Options page, click Synchronize Now.

   The synchronization result can be viewed on the Welcome to Windows Server Update Services page, under Synchronization Status.

If any of the verifying communication steps fail, verify that you have performed all previous steps. If communications continue to fail, contact Microsoft product support.

The final step in the migration of the Client Security distribution server component is to uninstall the distribution server component from the source server. This should be done only after successful verification of communication.

To uninstall the distribution server component

• Follow the instructions for uninstalling the distribution server component in Removing an existing installation of Client Security.