WSUS migration

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello,

I am looking into migrating our current WSUS server to another server. Current we have WSUS 2.0 and I think that we currently want to stay with 2.0 and would like to migrate it to a windows 2003 server.

Our current setup is windows 2000 server with the database residing on the server it self. The wsus updates are located on a different partition and sql database is located on the C: driver of the server.

Now I pretty much have an idea as to what's the best approach for a migration but I am not really sure as to how to migrate the sql portion of the wsus. So far all I found were articles on how to port over the wsus updates but nothing really about sql. Also from doing the research I know people made and used scripts to automate certain processes.

If anyone done this in the past your help will be greatly appreciated. Ask you can probably see this is my first time ever migrating a wsus server and I would like to get right the first time .

Thanks!!!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Why don't you want to move to a WSUS 3.0 server? You won't regret it if you do.

You could set up a new WSUS 3.0 server and then configure the 2.0 server you have to be a downstream server.

 

Thanks nugget, you know I had a discussion with one of the colleagues and we're going to migrate to 3.0. I guess I'll try to do some more research.

If anyone else has any suggestions feel free to post.


Thank you.

 

Agreed. More reliable than 2.0, more wide-reaching and less of a pain to maintain than 2.0 was.

Re: the GPO - I'll post the GPO for my home WSUS clients later if anyone's interested - it doesn't exactly mirror what i use at work, but its pretty close - tiered for critical servers clients in one, non-critical stuff & workstations in the other.

I will add - make sure you get all your clients reporting back in once you migrate - you may need to reset the authorisation on some of them - especially if you neded up having to do this in v2.0 due to imaged systems not reporting in properly. I'll try and get some screengrabs up later - along with a quick guide on moving the DB to another server

 

That would be really cool zeb. Looking forward to it.

 

That would be ace, Zeb.

 

Righto - here's my workstations WSUS GPO:


Ignore the fact that it currently says 'Monday' as the install day - that's usually set to 'Wednesday' - I was screwing around with the GPO yesterday trying something out and haven't put it back yet.

The Server GPO is the same, except the install day is scheduled as Saturday. I schedule installs for Wednesday so that I get three full days to see if a patch Tuesday update breaks something in between then and downloading for install to critical systems the following Saturday.

Pretty simple stuff - ensure you set up client side targeting and populate your groups correctly by applying the GPO to the right OU. If you're one of those shops that sticks everything in the same GPO, I'd recommend that you knock up a separate one for this to start with - just because you don't want to be p***ing around with a settings for tool you don't yet fully understand from within your live GPO.

As for migrating, well I don't know about you, but I wouldn't want to go through the hassle of downloading thousands of updates again, so I'd migrate by installing a downstream replica of the current WUS 2.0 server, letting it work its magic replication-wise, then upgrading the new box in situ to WSUS 3.0. Once you've done that its a simple case of making sure your sync policy is set properly on the server, removing the old replica and changing your client GPO to reflect the new server address. I remember reading an old post a year or so ago on the WSUS wiki, but can't for the life of my find it now - if you search through that site (which is excellent, BTW - it is to WSUS what 'You Had Me At Ehlo' is to Exchange) you;re bound to find it.

Like I said earlier, watch for the possible need to reset the authorisation on clients when you change servers over - I found this to be a problem migrating from 2.0 to 3.0 a while back because all the workstations on one of my sites were built from an image - WSUS doesn't (or, at least back then didn't) deal with imaged hosts very well - even though they were sysprepped and a new SID applied. I guess it was because the bloke who built the original reference box for the image temporarily stuck it in an OU which pushed the Windows Update GPO to update the box prior to pulling it out of the domain and sealing it for imaging - pillock.

 

Zeb thanks for the input, as always greatly appreciated. All my the computers (400+) are imaged so knowing things like this helps a lot.

 

I setup a new box with wsus 2.0 as a replica server. As we speak it's synchronizing the updates. I know that at it's current state I wont be able to change from downstream to upstream mode. If I upgrade the current replica server to wsus 3.0 will that give me the option of obtaining updates from the internet? is it even doable to change from a replica to an upstream server in wsus 3.0?

 

Why don't you just put WSUS 3.0 straight on to the new box instead of faffing around with upgrades and migrations. You'll have a lot less problems just doing a new install and configuration. Then configure the gpo to point to the new 3.0 server instead of the old 2.0 server.

 

It's because I want to keep all the updates and not have to download them again, also I need the settings of the current wsus server to be migrated over to 3.0. Also from what I heard is that you can't sync wsus 2 with wsus 3.