Setting Up Synchronizations

During synchronization, your WSUS server downloads updates (update metadata and files) from an update source. It also downloads new product classifications and categories, if any. When your WSUS server synchronizes for the first time, it will download all of the updates you specified when you configured synchronization options. After the first synchronization, your WSUS server downloads only updates from the update source, as well as revisions in metadata for existing updates and expirations to updates.

Note

The first time a WSUS server downloads updates may take a long time. If you are setting up multiple WSUS servers, you can speed up the process to a certain extent by downloading all the updates on one WSUS server and then copying the updates to the content directories of the other WSUS servers. Update metadata must be downloaded separately to each server during synchronization.

The Options page is the central access point in the WSUS Administration Console for customizing how your WSUS server synchronizes updates. You can specify which updates are synchronized automatically, where your server gets updates, connection settings, and the synchronization schedule. You can also use the Configuration Wizard from the Options page to configure or reconfigure your WSUS server at any time.

Synchronizing Updates by Product and Classification

Your WSUS server downloads updates based on the products or product families (for example, Windows, or Windows Server 2003, Datacenter Edition) and classifications (for example, critical updates or security updates) that you specify. At the first synchronization, your WSUS server downloads all of the updates available in the categories you have specified. In later synchronizations your WSUS server downloads only the newest updates (or changes to the updates already available on your WSUS server) for the categories you specified.

You specify update products and classifications on the Options page under Products and Classifications. Products are listed in a hierarchy, grouped by product family. If you select Windows, you automatically select every product that falls under that product hierarchy. By selecting the parent check box you select all items under it, as well as all future versions. Selecting the child check boxes will not select the parent check boxes. The default setting for products is Windows and Office, and the default settings for classifications are Critical Updates, Security Updates and Definition Updates.

If your WSUS server is running in replica mode, you will not be able to perform this task. For more information about replica mode, see Running WSUS 3.0 SP2 in Replica Mode.

To specify update products and classifications for synchronization

  1. In the WSUS Administration Console, click the Options node.

  2. Click Products and Classifications, and then click the Products tab.

  3. Select the check boxes of the products or product families you want to update with WSUS, and then click OK.

  4. In the Classifications tab, select the check boxes of the update classifications you want your WSUS server to synchronize, and then click OK.

Note

You can remove products or classifications in the same way. Your WSUS server will stop synchronizing new updates for the products you have cleared. However, updates that were synchronized for those products before you cleared them will remain on your WSUS server and will be listed as available. For more information about removing unused updates, see Issues with Update Storage.

Synchronizing Updates by Language

Your WSUS server downloads updates based on the languages that you specify. You can synchronize updates in all of the languages in which they are available, or you can specify a subset of languages. If you have a hierarchy of WSUS servers, and you need to download updates in different languages, make sure that you have specified all the necessary languages on the upstream server. On a downstream server you can specify a subset of the languages you specified on the upstream server.

Configuring Proxy Server Settings

You can configure your WSUS server to use a proxy server during synchronization with an upstream server or Microsoft Update. This setting will apply only when your WSUS server runs synchronizations. By default your WSUS server will try to connect directly to the upstream server or Microsoft Update.

To specify a proxy server for synchronization

  1. In the WSUS Administration Console, click Options, and then click Update Source and Proxy Server.

  2. On the Proxy Server tab, select the Use a proxy server when synchronizing check box, and then type the server name and port number (port 80 is the default) of the proxy server.

    • If you want to connect to the proxy server with specific user credentials, select the Use user credentials to connect to the proxy server check box, and then enter the user name, domain, and password of the user in the corresponding boxes.

    • If you want to enable basic authentication for the user connecting to the proxy server, select the Allow basic authentication (password is sent in cleartext) check box.

  3. Click OK.

Note

Because WSUS initiates all of its network traffic, there is no need to configure Windows Firewall on a WSUS server connected directly to Microsoft update.

Configuring the Update Source

The update source is the location from which your WSUS server gets its updates and update metadata. You can specify that the update source should be either Microsoft Update or another WSUS server (the WSUS server that acts as the update source is the upstream server, and your server is the downstream server).

Options for customizing how your WSUS server synchronizes with the update source include the following:

To specify the update source for your WSUS server

  1. In the WSUS Administration Console, click Options, and then click Update Source and Proxy Server.

  2. On the Update Source tab, do one of the following:

    • If you want your WSUS server to synchronize directly from Microsoft Update, click Synchronize from Microsoft Update. If your server is running in replica mode, this option is disabled. For more information, see Running WSUS 3.0 SP2 in Replica Mode.

    • If you want to synchronize from another WSUS server in your network, click Synchronize from an upstream Windows Server Update Services server, and then type the server name and port number in the corresponding boxes.

    • If you want to use SSL when synchronizing, type the port number that the upstream server uses for SSL connections, and then select the Use SSL when synchronizing update information check box. For more information about using SSL during synchronization, see Securing Windows Server Update Services 3.0 SP2.

    • If your WSUS server is running in replica mode, type the server name and port number in the Server name box. The upstream server does not have to be the administration server (for example, it can be another replica mode server). For more information about replica mode, see Running WSUS 3.0 SP2 in Replica Mode.

  3. Click OK.

Configuring Update Storage

For more information, see Specifying Where to Store the Updates.

Synchronizing Manually or Automatically

You can either synchronize your WSUS server manually or specify a time for it to synchronize automatically.

To synchronize your server manually

  1. In the WSUS Administration Console, click Options, and then click Synchronization Schedule.

  2. Click Synchronize manually, and then click OK.

To set up an automatic synchronization schedule

  1. In the WSUS Administration Console, click Options, then Synchronization Schedule.

  2. Click Synchronize automatically.

  3. For First synchronization, select the time you want synchronization to start each day.

  4. For Synchronizations per day, select the number of synchronizations you want to do each day. For example, if you want four synchronizations a day starting at 3:00 A.M., then synchronizations will occur at 3:00 A.M., 9:00 A.M., 3:00 P.M., and 9:00 P.M. each day. (A random time offset will be added to the scheduled synchronization time in order to space out the server connections to Microsoft Update.)

  5. Click OK.

To synchronize your WSUS server immediately

  1. On the WSUS Administration Console, select the top server node.

  2. In the Overview pane, under Synchronization Status, click Synchronize now.