Using the WSUS 3.0 Configuration Wizard

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server Update Services

The WSUS 3.0 configuration wizard will be run immediately after installation or at a later time. If you want to change the configuration later, you run WSUS Server Configuration Wizard from the Options page of the WSUS 3.0 Administration console. Before configuring the WSUS server, make sure you know the answers to the following questions:

  1. Is the server's firewall configured to allow clients to access the server? See the Configure the Network section earlier in this document for more details.

  2. Can this machine connect to the upstream server (Microsoft Update or an upstream WSUS server)?

  3. If this machine is the root WSUS server (the one that connects to Microsoft Update), will it use a proxy server?

  4. If a proxy server will be used, doe it support both HTTP and SSL protocols?

  5. Do you have the name of the proxy server and the user credentials for the proxy server?

  6. Do you know the port number on which this machine will connect to the upstream server? (Although the connection between Microsoft Update and WSUS requires ports 80 and 443 to be open, you can configure a downstream WSUS server to use a custom port.)

The Configuration Wizard allows you to configure the following areas:

  • Choose the upstream server

  • Specify the proxy server

  • Connect to the upstream server

  • Choose update languages

  • Choose update products

  • Choose update classifications

  • Configure the synchronization schedule

Note

You will need to configure the upstream server and proxy server before configuring the updates.

Choose the upstream server

Choose the upstream server

  1. On the Choose Upstream Server page, select the source from which this server will get its updates (Microsoft Update or another WSUS server).

  2. If you choose to synchronize from Microsoft Update, you are finished with this page. Click Next, or select Specify Proxy Server from the left pane.

  3. If you choose to synchronize from another WSUS server, specify the server name and the port on which this server will communicate with the upstream server.

  4. To use SSL, check the Use SSL when synchronizing update information check box. In that case the servers will use port 443 for synchronization. (You should make sure that both this server and the upstream server support SSL.)

  5. If this is a replica server, check the This is a replica of the upstream server check box. (For more information about replica versus autonomous downstream servers, see the Choose a WSUS Management Style section earlier in this document.)

  6. At this point you are finished with upstream server configuration. Click Next, or select Specify proxy server from the left pane.

Specify the proxy server

Specify the proxy server

  1. If you are setting up the root WSUS server that connects to Microsoft Update, you may wish to configure it to use a proxy server. On the Specify Proxy Server page of the configuration wizard, select the Use a proxy server when synchronizing check box, and then type the proxy server name and port number (port 80 by default) in the corresponding boxes.

  2. If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server check box, and then type the user name, domain, and password of the user in the corresponding boxes. If you want to enable basic authentication for the user connecting to the proxy server, select the Allow basic authentication (password is sent in cleartext) check box.

  3. At this point you are finished with proxy server configuration. Click Next to go to the Connect to Upstream Server page.

Important

The proxy server should be configured to accept both HTTP and HTTPS resources.

Connect to the upstream server

Connect to the upstream server

  1. Click the Start Connecting button, which will save and upload your settings and then download information about available updates, products, and classifications. This initial connection will take only a few minutes.

  2. While the connection is taking place, the Stop Connecting button will be available. If there are problems with the connection, stop the connection, fix the problems, and restart the connection.

  3. After the connection has completed successfully, click Next. If you have chosen to store updates locally, you will go to the Choose Languages page, or you can select a different page from the left pane.

Note

If the connection to your upstream WSUS server (either Microsoft Update or an intranet WSUS server) fails, you will see a message at the bottom of the screen. Typically it will say something like "An HTTP error occurred." For more information, click the Details link.

Choose update languages

The Choose Languages page allows you to get updates from all languages or from a subset of languages. Selecting a subset of languages will save disk space, but it is important to choose all of the languages that will be needed by all of the downstream servers and clients of this WSUS server.

Choosing languages for an upstream server is not quite the same as choosing languages for a downstream server. The two procedures below explain the differences.

Choose update languages for a server synchronizing from Microsoft Update

  1. If you want to get updates in all languages, select Download updates in all languages, including new languages.

  2. If you choose not to get updates for all languages, select Download updates only in these languages, and select the languages for which you want updates.

If you are configuring a downstream server, use the following procedure.

Choose update languages for a server synchronizing from an upstream server

  1. If the upstream server has been set up to download update files in a subset of languages, you should select Download updates only in these languages (only languages marked with an asterisk are supported by the upstream server), and select the languages for which you want updates. You should do this even though you want the downstream server to download exactly the same languages as the upstream server.

  2. If the upstream server will download update files in all languages, and you want the downstream server to do the same, select Download updates in all languages supported by the upstream server. This setting will cause the upstream server to download updates in all languages, including languages that were not originally set up for the upstream server.

Important

Selecting the Download updates in all languages option on a download server will modify the upstream server's behavior to download update files in all languages, no matter how the upstream server was originally configured.

Choose update products

Choose update products

  1. The Choose Products page allows you to specify the products for which you want updates.

  2. You may check product categories, such as Windows, or specific products, such as Windows Server 2003. Selecting a product category will cause all of the products under it to be selected. Click Next to proceed to the Choose Classifications page, or select a different page from the left pane.

Choose update classifications

There are nine update classifications that you can use to filter the updates you get from Microsoft Updates:

  • Critical Updates: Broadly released fixes for specific problems addressing critical, non-security related bugs.

  • Definition Updates: Updates to virus or other definition files.

  • Drivers: Software components designed to support new hardware.

  • Feature Packs: New feature releases, usually rolled into products at the next release.

  • Security Updates: Broadly released fixes for specific products, addressing security issues.

  • Service Packs: Cumulative sets of all hotfixes, security updates, critical updates, and updates created since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.

  • Tools: Utilities or features that aid in accomplishing a task or set of tasks.

  • Update Rollups: Cumulative sets of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a specific component, such as Internet Information Services (IIS).

  • Updates: Broadly released fixes for specific problems addressing non-critical, non-security related bugs.

Choose update classifications

  1. The Choose Classifications page allows you to choose the update classifications you wish to obtain. You can choose all of the classifications or a subset of them.

  2. Click Next to proceed to the Configure Sync Schedule page, or select a different page from the left pane.

Configure the synchronization schedule

Configure the synchronization schedule

  1. You will see the Set Sync Schedule page, which allows you to choose whether to perform update metadata synchronization manually or automatically.

  2. If you choose to synchronize manually on this server, you will have to initiate the synchronization process from the WSUS Administration console.

  3. If you choose to synchronize automatically, the WSUS server will synchronize at specified intervals. Set the time of the first synchronization and specify the number of synchronizations per day you wish this server to perform. For example, you can specify that synchronizations will start at 3:00 A.M. and that there will be four synchronizations a day. In that case, synchronizations will run every day at 3:00 A.M., 9:00 A.M., 3:00 P.M., and 9:00 P.M.

After you have completed all of the above configuration steps, click Finished in the configuration wizard. If you have not already launched the WSUS Administration console, you can do so by leaving the Launch the Windows Server Update Services Administration Snap-in check box selected, and you can start the first synchronization by leaving the Begin initial synchronization check box selected.

Configuring WSUS from the administration console

It is also possible to carry out the same configuration steps outside the Configuration Wizard from the Options node of the WSUS Administration console. To configure or change the upstream server and proxy server settings, select Update Source and Proxy Server. To configure or change the product and classifications for which you want updates, select Products and Classifications. To update the languages for which you want updates, select Update Files and Languages.