Set Up a Disconnected Network (Import and Export Updates)

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server Update Services

Managing WSUS on a disconnected network involves exporting updates and metadata from a WSUS server on a connected network and then importing all that information into the WSUS server on the disconnected network. There is a conceptual discussion of why this might be useful in the "Networks Disconnected from the Internet" section in Choose a Type of Deployment earlier in this guide.

Note

You cannot import updates to a server that is being centrally managed. WSUS servers on disconnected networks are always autonomously managed.

There are three steps to accomplishing an import and export. First, make sure advanced synchronization options for the express installation files feature and languages on the export server match the settings on the import server. This ensures that you collect the type of updates you intend to distribute. For example, if you did not select the option for express installation files on the export server, but did have the express installation file option selected on the import server, you would not be able to distribute updates by using express installation files, because none were initially collected on the export server. A mismatch of language settings can have a similar effect. You do not have to concern yourself with matching settings for schedule, products and classifications, source, or proxy server, since the import operation itself overcomes the need for these settings. The setting for deferred download of updates has no effect on the import server. If you are using the option for deferred downloads on the export server, you must approve the updates so they can be downloaded prior to taking the next step, which is migrating updates to the import server.

Second, copy updates from the file system of the export server to the file system of the import server. By default, updates are stored in the following folder:

WSUSInstallationDrive:\WSUS\WSUSContent\

You can use the Windows Backup Utility or whatever backup software your organization is familiar with to copy the files. When you copy files to the import server, you must maintain the folder structure for all folders under \WSUSContent. Make sure that the updates appear in the folder on the import server that has been designated to store updates; this designation is typically made during the setup process. You should also consider using an incremental backup system to limit the amount of data you need to move each time you refresh the server on the disconnected network.

Third, export update metadata from the database on the export server, and import it into the database on the import server. You accomplish the metadata import and export by using the command-line utility WSUSutil.exe mentioned in Migration Command-line Tool. You can find WSUSutil.exe in the tools subfolder where you installed WSUS. You must be a member of the local Administrators group on the WSUS server to export or import metadata; both operations can only be run from the WSUS server itself. You can only run WSUSutil.exe on a 32-bit platform.

You should copy updates to the file system of the import server before you import metadata. If WSUS finds metadata for an update that is not in the file system, the WSUS console shows that the update failed to be downloaded. This type of problem can be fixed by copying the update onto the file system of the import server and then again attempting to deploy the update.

Although you can use incremental backups to move update files onto the import server, you cannot move update metadata piecemeal. WSUSutil.exe exports all the metadata in the WSUS database during the export operation.

In this guide