Configuring System Center Updates Publisher 2011

Applies To: System Center 2012 Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2, System Center Essentials 2010

To configure System Center Updates Publisher 2011, you can specify the settings in the following options:

Update Server Options

Configuration Manager Server Options

Trusted Publisher Options

Proxy Settings Options

Advanced Options

Update Server Options

These options specify whether Updates Publisher 2011 can publish software updates to an update server, whether the update server is local or remote, and specify the certificate that Updates Publisher 2011 uses to publish software updates. All software updates must be digitally signed when they are published.

To set the Update Server options

  1. Click Options icon in the upper left corner, and then click Options.

  2. In the System Center Updates Publisher Options dialog box, click Update Server.

  3. Select the Enable publishing to an update server check box to allow Updates Publisher 2011 to publish software updates. You can still author software updates if this check box is not selected.

    Important

    Always publish to the top-level Windows Server Update Services (WSUS) server in your Configuration Manager environment. This is important so that all child sites have access to the Updates Publisher 2011 updates that you publish.

  4. Specify whether the software update server is local or remote:

    • Click Connect to a local update server if the software update server and the Updates Publisher 2011 console are installed on the same computer.

      Important

      When a custom WSUS website is used for a local update server, and the website is configured to use an HTTP port other than HTTP port 80 or HTTP port 8530, you must select Connect to a remote update server, or the connection to the local update server fails.

    • Click Connect to a remote update server if the update server and the Updates Publisher 2011 console are not on the same computer. Specify the following settings:

      • Select the check box Use SSL when communicating with the update server to specify that Secure Sockets Layer (SSL) is used when connecting to the update server. Use this setting only when the update server is configured to use SSL.

      • In the Name box, specify the NetBIOS name of the updates server.

      • In the Port box, specify the port that you want to use when connecting to the update server. Use the HTTPS port number if you selected the check box Use SSL when communicating with the update server. The default HTTPS port is 443. Use the HTTP port number if SSL is not used. The default HTTP port is 80. Check the update server configuration to verify which port you should use.

  5. Click Test Connection to validate that the update server name and port settings are valid. A message appears indicating whether the connection succeeded or failed. If the connection failed, verify the server name, port settings, and that the update server is accessible, and then test the connection again.

  6. If a digital certificate is not detected for the update server, specify a certificate by using one the following buttons:

    • Browse: Opens a Browse dialog box that allows you to select the certificate file. This option is available only when Updates Publisher is local to the update server or when SSL is used to connect to a remote update server. Select the certificate, and then click Create to add the certificate to the WSUS certificate store on the update server.

    • Create: Creates a new certificate, or uses the certificate that you specified by using Browse, and adds the certificate to the WSUS certificate store on the update server. Enter the .pfx file password for certificates that you selected by using Browse.

    • Remove: Removes the certificate from the WSUS certificate store on the update server. This option is available only when Updates Publisher 2011 is local to the update server or when you used SSL to connect to a remote update server.

    Updates Publisher 2011 uses the certificate that is specified here to sign the software updates that are published to the update server. Publishing to the update server fails if the digital certificate specified is not copied to the appropriate certificate stores on the update server, and on the computer running Updates Publisher 2011 if it is remote from the update server. For more information about adding the certificate to the certificate store on the update server, see Managing Security for System Center Updates Publisher 2011.

  7. Click OK to save your settings or click one of the following options to set another group of settings:

Signing Certificate Requirements

When you generate your own signing certificate for Updates Publisher 2011, you must do the following:

  • Enable the Allow private key to be exported option.

  • Set Key Usage to digital signature.

  • Set Minimum key size to a value equal to or greater than 2048 bit.

Configuration Manager Server Options

These options specify how Updates Publisher 2011 works with Configuration Manager to publish software updates.

To set Configuration Manager server options

  1. Click Options icon in the upper left corner, and then click Options.

    Important

    Always publish to the top-level WSUS server in your Configuration Manager environment so that all child sites have access to the Updates Publisher 2011 updates that you publish.

  2. In the System Center Updates Publisher Options dialog box, click ConfigMgr Server.

  3. Select the Enable Configuration Manager integration check box to allow Updates Publisher 2011 to communicate with Configuration Manager.

  4. Specify whether the Configuration Manager server is local or remote.

    Click Connect to a local Configuration Manager server if the Updates Publisher 2011 console and the Configuration Manager server are installed on the same computer.

    Click Connect to a remote Configuration Manager server if the Updates Publisher 2011 console and the Configuration Manager server are installed on the different computers. Then specify the name of the Configuration Manager server in the Name box and click Test Connection to validate that the Configuration Manager server name is correct. If the connection fails, verify the server name, and then test the connection again.

  5. If you are publishing software updates in automatic mode, specify the following values:

    • In the Requested client count threshold box, enter the number of clients that must request the software update before Updates Publisher 2011 publishes software updates with full content. For example, if you specify a value of 100 and only 72 clients request the software update, only the metadata of the software update is published. If 100 clients requested the software update, it will be published as full content.

    • In the Package source size threshold (MB) box, enter the size of the software update package that Updates Publisher 2011 uses to determine what package source size to publish with full content. For example, if you specify 10 MB and the software update is 9 MB then it will be published as full content. If the software update is 11 MB then it will be published as metadata only.

  6. Click OK to save your settings or click one of the following options to set another group of settings:

    • Update Server: For more information, see Update Server Options.

    • Trusted Publisher: For more information, see Trusted Publisher Options.

    • Proxy Settings: For more information, see Proxy Settings Options.

    • Advanced: For more information, see Advanced Options.

Trusted Publisher Options

These options allow you to see the publishers that are trusted by Updates Publisher 2011, view the certificate of the trusted publishers, and provide you with a way to remove a publisher from the list. Publishers are added to the trusted publishers list when a catalog is imported into Updates Publisher 2011 and when publishing a software update.

Important

Content from publishers that are not trusted can potentially harm client computers when scanning for updates. You should accept content only from publishers that you trust.

To view the Trusted Publisher list

  1. Click Options icon in the upper left corner, and then click Options.

  2. In the System Center Updates Publisher Options dialog box, click Trusted Publishers.

  3. To view the certificate of a publisher, select the publisher in the Trusted Publishers list, and then click View Certificate.

  4. To remove a publisher, select the publisher in the Trusted Publishers list, and then click Remove. Updates Publisher 2011 will no longer publish software updates that are signed by the certificate of the publisher that was removed.

  5. Click OK to save your settings or click one of the following options to set another group of settings:

    • Update Server: For more information, see Update Server Options.

    • ConfigMgr Server: For more information, see Configuration Manager Server Options.

    • Proxy Settings: For more information, see Proxy Settings Options.

    • Advanced: For more information, see Advanced Options.

Proxy Settings Options

These options allow you to specify proxy settings that you can use when you import software update catalogs from the Internet or publish software updates to the Internet.

To set Proxy Setting options

  1. Click Options icon in the upper left corner, and then click Options.

  2. In the System Center Updates Publisher Options dialog box, click Proxy Settings.

  3. To enable Updates Publisher 2011 to use a proxy server, select the Enable proxy settings check box, and then specify the following settings.

    • Proxy Server Name: Specifies the name of the proxy server to use for Internet access. Specify a fully qualified domain name (FQDN), a short name, or an IP address. If you are using an IP address, both IPv4 and IPv6 formats are supported. For example, webproxy.contoso.com, webproxy, 123.456.123.456, and [1234:b44:3013:301:203:ffff:fec2:db89].

    • Port number: Specify the port to use to connect to the proxy server for Internet access, with a number between 1 and 65535.

    • User Name: Specify the Windows user name for authentication if the proxy server is configured to authenticate users for Internet access. Specifying the user name in the format of a universal principle name (UPN) is not supported.

    • Password: Specify the password associated with the specified user name.

  4. Click OK to save your settings or click one of the following options to set another group of settings:

    • Update Server: For more information, see Update Server Options.

    • ConfigMgr Server: For more information, see Configuration Manager Server Options.

    • Trusted Publisher: For more information, see Trusted Publisher Options.

    • Advanced: For more information, see Advanced Options.

Advanced Options

These options allow you to view the location of the Updates Publisher 2011 repository, enable general settings such as adding timestamps, enable certificate revocation, set the location for local source publishing, and run the Software Updates Cleanup Wizard.

To set Advanced options

  1. Click Options icon in the upper left corner, and then click Options.

  2. In the System Center Updates Publisher Options dialog box, click Advanced.

  3. Select the checkbox Add timestamp when signing updates (requires Internet connectivity) to allow software updates to remain usable after their signing certificate expires. The updates will remain valid as long as they were signed and time stamped when the signing certificate is valid. By default, software updates cannot be deployed after their signing certificate expires.

  4. Select the Check for new catalog alerts on startup check box to receive alerts when a new catalog is updated. These alerts are posted when you open the Updates Publisher 2011 console.

  5. To enable certificate revocation checking, select the Enable certificate revocation checking for digitally signed catalogs check box.

  6. To set options for local source publishing, select the following check boxes:

    • Always check the local source publishing folder for content before publishing:

    • Use a custom local source path: Specify an alternate location to search for local source content. By default, local source publishing always searches the MyDocuments\LocalSourcePublishing folder for update content.

  7. To expire software updates that exist on the update server but not in the Updates Publisher 2011 repository, click Start in the Software Update Cleanup Wizard group box. For information about the Software Update Cleanup Wizard, see How to Expire Unreferenced Software Updates.

  8. Click OK to save your settings or click one of the following options to set another group of settings:

    • Update Server: For more information, see Update Server Options.

    • ConfigMgr Server: For more information, see Configuration Manager Server Options.

    • Trusted Publisher: For more information, see Trusted Publisher Options.

    • Proxy Settings: For more information, see Proxy Settings Options.

See Also

Other Resources

Updates Publisher 2011