Scribd
Upload
248 views30 pages

Complete Guide To Install SCCM Software Update Point Role

This document provides steps to install and configure the Software Update Point (SUP) role in System Center Configuration Manager (SCCM). It discusses the requirements for SUP, including having Windows Server Update Services (WSUS) already installed. It then outlines the 11 steps to complete the SUP installation through the SCCM console, including specifying settings, accounts, synchronization sources, and more. The goal is to integrate SCCM with WSUS to provide software updates to managed clients.

Uploaded by

khan khadar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
248 views30 pages

Complete Guide To Install SCCM Software Update Point Role

This document provides steps to install and configure the Software Update Point (SUP) role in System Center Configuration Manager (SCCM). It discusses the requirements for SUP, including having Windows Server Update Services (WSUS) already installed. It then outlines the 11 steps to complete the SUP installation through the SCCM console, including specifying settings, accounts, synchronization sources, and more. The goal is to integrate SCCM with WSUS to provide software updates to managed clients.

Uploaded by

khan khadar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Menu

Complete Guide to Install SCCM Software Update


Point Role
Last Updated : March 23, 2020

This post covers the steps to install SCCM Software Update Point (SUP) role. My goal here is to

cover the detailed steps to install and configure software update point role in SCCM.

A software update point (SUP) integrates with Windows Server Update Services (WSUS) to

provide software updates to Configuration Manager clients.

If you decide to deploy software updates to your clients using SCCM, you must ensure the

software update point role is installed and configured correctly. You can follow this guide to

accomplish the task.

Table of Contents
1. What is Software Update Point in Configuration Manager

2. Software Update Point Requirements

3. Install SCCM Software Update Point Role

3.1. Specify Software Update Point Settings

3.2. Software Update Point proxy server settings

3.3. WSUS Server Connection Account

3.4. SUP Synchronization Source Settings

3.5. WSUS Reporting Events

3.6. SUP Synchronization Settings

3.7. Supersedence Rules

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 1/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

3.8. WSUS Maintenance Options

3.9. Configure Max Run time for Software Update Installation

3.10. Software Update Content Configuration

3.11. Software Update Point Classifications

3.12. SUP Products Selection

4. Verify Software Update Point Role Installation

5. Perform Initial SUP Synchronization

6. Enable SUP Classifications and Products

7. What’s Next

What is Software Update Point in Configuration Manager

A software update point is a WSUS server controlled by Configuration Manager. We know that

WSUS is a standalone solution that enables the administrators to deploy the latest Microsoft

product updates.

Unlike WSUS the clients do not download or install updates directly from a software update

point. Instead the only data downloaded by the client from a software update point is the

update metadata.

In order to deploy updates to client computers, the software update point role is required on

the central administration site and on the primary sites. While the SUP role install is optional on

secondary sites.

So if you have got a SCCM hierarchy consisting of CAS, Primary site and Secondary sites, you

install the role on CAS first, then primary site and secondary sites.

Most organizations don’t have CAS and prefer to have a stand-alone primary site. When you

have a stand-alone primary site, you must install and configure the software update point on

the primary site first, and then optionally on secondary sites.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 2/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Most of all the software update point site system role must be installed on a server that has

WSUS role installed. I have covered the WSUS role installation in most of my current branch

baseline install guides.

For stand-alone WSUS install, check the following post WSUS installation on Windows Server

2019.

The software update point interacts with the WSUS services to configure the software update

settings and to request synchronization of software updates metadata. I would recommend

reading the “Plan for Software Updates” article by Microsoft.

Software Update Point Requirements

Before you install the SCCM SUP role on a Windows Server, ensure you read the below listed

prerequisites.

Always refer this article before you install site system servers and roles on Windows
Servers. This is important because the role that you intend to install must be on a
supported Windows Server OS.
Ensure you enable .NET Framework 3.5 under Windows Server roles and features. In
addition, install a supported version of the .NET Framework version 4.5 or later. Starting
in version 1906, Configuration Manager supports .NET Framework 4.8.
Install the Windows Server Update Services on a computer before installing a software
update point. This is a very important prerequisite.
If you plan to install both WSUS and SUP role on a distribution point server, it is
supported.
When you install a new site, ConfigMgr automatically installs SQL Server Native Client.
However the Configuration Manager doesn’t upgrade SQL Server Native Client. Make
sure this component is up to date.

Tip – When you install WSUS role on Windows Server 2019, the WSUS version is 10.0.17763.1.

And it’s version 10.0.14393 when you install WSUS role on Windows Server 2016.

Install SCCM Software Update Point Role

Using the below steps, install Software Update Point role in SCCM.
https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 3/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Launch the SCCM console.


Navigate to Administration > Overview > Site Configuration > Servers and Site
System Roles.
Right-click the server on which you wish to install Software Update Point role and click
Add Site System Roles.

Install Software Update Point Role in Configuration Manager

On the General page, click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 4/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

On the Proxy page, you can specify proxy server details if you have it in your setup. Otherwise

click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 5/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Finally we are on the System Role Selection step. From the list of available roles, select

Software Update Point. Click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 6/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Specify Software Update Point Settings

On the Specify software update point settings page, under WSUS configuration you find two

options.

WSUS configured to use ports 80 and 443 for client communications.


WSUS configured to use ports 8530 and 8531 for client communications.

The WSUS upstream and downstream servers will synchronize on the port configured by the

WSUS Administrator. Select the second option here because it’s a default setting for WSUS

installed on Windows Server 2012 and above. The firewall on the WSUS server must be

configured to allow inbound traffic on these ports.

We also see two other options :-

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 7/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Require SSL communication to WSUS Server – With this options checked or enabled,
you can use the SSL protocol to help secure the WSUS that runs on the software update
point. WSUS uses SSL to authenticate client computers and downstream WSUS servers to
the WSUS server.
Allow Configuration Manager cloud management gateway traffic – Enable this
option for the software update point site system to accept CMG traffic.

Click Next.

Software Update Point proxy server settings

If you have a proxy server configured in your setup, specify the proxy server settings for SUP.

The options are greyed out because you must configure the site system role to use a proxy

server first.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 8/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

WSUS Server Connection Account

You can configure an account to be used by the site server when it connects to WSUS that runs

on the software update point. When you don’t configure this account, the Configuration

Manager uses the computer account for the site server to connect to WSUS.

Click Next.

SUP Proxy Account Settings

SUP Synchronization Source Settings

In this step you select a synchronization source for the software update point. In other words

you define the source from where updates download.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 9/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Synchronize from Microsoft Update – Use this setting to synchronize software updates
metadata from Microsoft Update. In case you have an upstream software update point
configure, this option is unavailable. Note that this setting is available only when you
configure the software update point on the top-level site.
Synchronize from an upstream data source location – Use this option to synchronize
software updates metadata from the upstream synchronization source. If you select this
option, specify a URL, such as https://WSUSServer:8531, where 8531 is the port that is
used to connect to the WSUS server.
Do not synchronize from Microsoft Update or upstream data source – Use this
option to manually synchronize software updates when the software update point at the
top-level site is disconnected from the Internet.

WSUS Reporting Events

You can create WSUS reporting events on the Synchronization Source page of the wizard or on

the Sync Settings tab in Software Update Point Component Properties.

Do not create WSUS reporting events


Create only WSUS status reporting events
Create all WSUS reporting events

Since the Configuration Manager doesn’t use these events, you can leave the default option

enabled – Do not create WSUS reporting events. Click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 10/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Specify Synchronization Source settings and WSUS reporting events

SUP Synchronization Settings

You can define a synchronization schedule and configure the software updates to sync

automatically. Click Enable synchronization on a schedule box and configure the sync schedule.

You can either select Simple Schedule (also known as recurring schedule) or go with a custom

schedule. By default the synchronization occurs every 7 days. You can change it if required.

You can also let Configuration Manager create an alert when the synchronization fails on the

site. I prefer to enable this option because I get to see an SUP sync failed alert in the

Configuration Manager console.

Click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 11/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

SUP Synchronization Schedule

Supersedence Rules

On this page you can configure the software update to expire as soon as it is superseded by a

recent update. You can also set a software update to expire after specific period of time.

Starting in Configuration Manager version 1810, you can specify the supersedence rules

behavior for feature updates separately from non-feature updates. This is a nice addition.

Under Supersedence behavior for updates and feature updates, you find the below options.

Immediately expire a superseded software update


Do not expire a superseded software update until the software update is superseded for
specific period. When you select this option, you must specify the months to wait before
a superseded software update expires. By default it is set to 3 months.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 12/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

At this point, I will go with the default settings and click Next.

Supersedence Rules

WSUS Maintenance Options

To automate the cleanup procedures after each synchronization, Microsoft has added some

cool WSUS Maintenance options. If you are using Configuration Manager version 1906 or

newer, you will find these options.

I will explain each of these options in a separate post. For now I will only list the options.

Decline expired updates in WSUS according to supersedence rules


Add non-clustered indexes to the WSUS database
Remove obsolete updates from the WSUS database

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 13/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Since we are installing the SUP for the first time, you can leave these options unchecked. We

can later revisit and enable them.

Click Next.

Configure WSUS Maintenance Options

Configure Max Run time for Software Update Installation

Specify the maximum amount of time for a software update installation to complete. I am going

to leave the values to default because they look fine to me. However you can change the values

if required.

Maximum run time for Windows feature updates – 120 minutes


Maximum run time for Office 365 updates and non-feature updates for Windows – 60
minutes.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 14/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Click Next.

Configure Maximum Run Time

Software Update Content Configuration

On this page you have to select whether you want to deploy full files for approved updates or

deploy both full files and express installation files.

Express installation files download quickly because of lesser size and install quickly.

I am going to select Download full files for all approved updates and click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 15/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

software update content configuration

Software Update Point Classifications

When you say you deploy a software update, it is actually very broad term. This is because every

software update is defined with an update classification. This helps to organize the different

types of updates.

When you setup SUP, during the synchronization process, the site synchronizes the metadata

for the specified classifications. To know about these software update classifications, refer this

article.

Once you know what classifications you require, you can enable them under All Classifications.

Wait a minute, let me cover something very important here. When you first install the software

update point on the top-level site, you must clear all of the software updates classifications.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 16/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

I don’t know if this is a recommended method but believe me I do this every time I install

software update point in Configuration Manager. After the initial software updates

synchronization, configure the classifications from an updated list, and then re-initiate

synchronization.

Click Next.

SUP classifications

SUP Products Selection

As we didn’t select anything from All Classifications, we won’t select any of these products for

now. Moreover you may not see all the products listed because we haven’t performed the initial

SUP synchronization.

We will select the products once we complete the initial SUP synchronization. Click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 17/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

SUP products

For every language, you can select the software update files and summary info to download. In

this example, I will select only English language. Click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 18/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Specify language settings

On the Summary page, click Next.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 19/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Click Close on Add Site System Roles wizard Completion box. This completes the installation of

Software Update point role in SCCM.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 20/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Verify Software Update Point Role Installation

The SCCM log files are the best way to find out the SUP role installation status. In my other blog

I have listed the software updates related log files which you can refer during software updates

troubleshooting.

In most cases the installation goes well however if it fails you must know which log file to check.

The SUP log files are located under <Drive:>\Program Files\Microsoft Configuration

Manager\Logs

So the first log file you must open is SUPSetup.log. Look for the line Installation was

successful. With this we ensure the software update point role installation is successful in

SCCM.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 21/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

SUPSetup.log

======== Installing Pre Reqs for Role SMSWSUS ========

Found 1 Pre Reqs for Role SMSWSUS

Pre Req SqlNativeClient found.

SqlNativeClient is already installed (Product Code: {9D93D367-A2CC-4378-BD63-79EF3

Pre Req SqlNativeClient is already installed. Skipping it.

======== Completed Installation of Pre Reqs for Role SMSWSUS ========

Installing the SMSWSUS

Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB273460

Checking runtime v4.0.30319...

Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file


Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file versio
Supported WSUS version found

Supported WSUS Server version (6.2.17763.678) is installed.

CTool::RegisterManagedBinary: run command line: "C:\Windows\Microsoft.NET\Framew

CTool::RegisterManagedBinary: Failed to register C:\Program Files\Microsoft Configurat


CTool::RegisterManagedBinary: run command line: "C:\Windows\Microsoft.NET\Framew

CTool::RegisterManagedBinary: Registered C:\Program Files\Microsoft Configuration M

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 22/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Registered DLL C:\Program Files\Microsoft Configuration Manager\bin\x64\wsusmsp.dl


Installation was successful.

~RoleSetup().

Perform Initial SUP Synchronization

Here is how you perform the initial software update synchronization after you install SUP role in

SCCM.

First of all launch the SCCM console.


Go to Software Library > Overview > Software Updates > All Software Updates.
On the top ribbon, click Synchronize Software Updates.

Perform Initial SUP Synchronization

On the confirmation box, click Yes.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 23/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Perform Initial SUP Synchronization

When you run the initial SUP sync, it tries to sync categories but notice what happens. If you

open wsyncmgr.log file, it tells you that Request filter does not contain any known

categories or classifications. Hence sync will do nothing.

At this point, let the sync complete. If you see the line “Done synchronizing SMS with WSUS

Server” it means the SUP sync is complete.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 24/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

wsyncmgr.log file

sync: SMS synchronizing categories SMS_WSUS_SYNC_MANAGER

sync: SMS synchronizing categories, processed 0 out of 355 items (0%)

sync: SMS synchronizing categories, processed 355 out of 355 items (100%)

sync: SMS synchronizing categories, processed 355 out of 355 items (100%)

WARNING: Request filter does not contain any known classifications. Sync will do nothi

WARNING: Request filter does not contain any known categories. Sync will do nothing.
Done synchronizing SMS with WSUS Server

Enable SUP Classifications and Products

After the initial WSUS Sync is complete, let’s enable the classifications and products under

software update point role.

In the Configuration Manager console, navigate to Administration > Overview > Site

Configuration > Sites. Select the site, right click and click Configure Site Components >

Software Update Point.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 25/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Software Update Point Properties

On the Software Update Point component properties box, select Classifications tab. Enable the

ones that you require. In this example, I am selecting Critical Updates and Security Updates.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 26/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Enable SUP Classifications

Next, click Products tab and select the products. In this example I am selecting Windows 10

product. Once you are done with selections, click Apply and OK.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 27/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Enable SUP Products

After you select Classifications and Products, you must run the software update point

synchronization again. Only then you will see the updates for selected products appearing in

the console.

Open the wsyncmgr.log file and you will notice the updates synchronization begins. Based on

the products and classifications that you select, it takes time for the process to complete.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 28/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

SCCM SUP Synchronization

During the sync process, you may not find any updates listed under All Software Updates.

Once the SUP synchronization is complete, notice the updates listed under Software Updates.

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 29/32
8/25/2021 Complete Guide To Install SCCM Software Update Point Role

Windows 10 Updates

What’s Next

Let me list some useful posts that can refer after you setup SCCM software update point role.

How to deploy Software Updates using SCCM


Deploy Office 365 updates using ConfigMgr
SCCM Catalogs for Third-Party Software Updates

Did this post help? Buy me a coffee!

Need Assistance?

https://www.prajwaldesai.com/install-sccm-software-update-point-role/ 30/32

You might also like