Setting up Windows Server Update Services (WSUS) Downstream Replica in Server 2022

Posted on 17th June 2023

Introduction

Windows Server Update Services (WSUS) is a free patch management tool from Microsoft. WSUS can be used to manage the deployment of the latest Microsoft security updates and hotfixes to computers that are running Microsoft Windows Server.

In a WSUS deployment, there are typically two types of servers:

  • An upstream server that connects to Microsoft Update to download updates and then makes those updates available to downstream servers and clients.
  • One or more downstream servers that receive updates from the upstream server and then make those updates available to their clients.

In some deployments, there is a need to have more than one downstream server. This can be for geographical reasons (to reduce network latency), or to provide fault tolerance in case one of the downstream servers goes offline.

In this article, we will show you how to set up a downstream replica of a WSUS server on Windows Server 2022.

Prerequisites

Before you begin, you will need the following:

  • An existing WSUS server that is running on Windows Server 2022.
  • A second server that is running Windows Server 2022 and that will be used as the downstream replica server.

Setting up the Downstream Replica Server

To set up the downstream replica server, you will need to perform the following steps:

  1. Install the WSUS role on the replica server.
  2. Configure the replica server to connect to the upstream server.
  3. Synchronize the replica server with the upstream server.

Installing the WSUS Role on the Replica Server

To install the WSUS role on the replica server, follow these steps:

  1. Open the Server Manager console and click on Add Roles and Features.
  2. On the Before you begin page, click Next.
  3. On the Select installation type page, select the Role-based or feature-based installation option and click Next.
  4. On the Select destination server page, select the server that will be used as the replica server and click Next.
  5. On the Select server roles page, select the Windows Server Update Services role and click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Installation progress page, wait for the installation to complete and click Close.

Configuring the Replica Server to Connect to the Upstream Server

To configure the replica server to connect to the upstream server, follow these steps:

  1. Open the Update Services console.
  2. In the left pane, expand the Servers node and click on the replica server.
  3. In the replica server’s details pane, click on the Update Source and Proxy Server link.
  4. On the Update Source tab, select the Specify an alternate source path option and enter the URL of the upstream server in the Alternate source path field. Click OK.
  5. On the Proxy Server tab, select the Use a proxy server when updating this server option and enter the URL of the proxy server in the Proxy server URL field. Click OK.

Synchronizing the Replica Server with the Upstream Server

To synchronize the replica server with the upstream server, follow these steps:

  1. In the Update Services console, in the left pane, expand the Servers node and click on the replica server.
  2. In the replica server’s details pane, click on the Update Services link.
  3. On the Update Services page, in the Actions pane, click on the Synchronize Now link.
  4. On the Synchronize Now page, select the Start option and click OK.
  5. On the Synchronization Progress page, wait for the synchronization to complete and click Close.

Conclusion

In this article, we have shown you how to set up a downstream replica of a WSUS server on Windows Server 2022. By having a downstream replica server, you can reduce network latency and provide fault tolerance for your WSUS deployment.

WSUS Downstream Replica in Server 2022

In this article we will show you how to set up a WSUS Downstream Replica in Server 2022.

Downstream Replica is a feature of WSUS that allows you to replicate updates from a primary WSUS server to one or more secondary WSUS servers. This can be useful if you have a large network and want to reduce the bandwidth used by clients when downloading updates from the WSUS server.

To set up a Downstream Replica, you will need to install the WSUS Role on the secondary server and then configure it to connect to the primary WSUS server. You can do this using the WSUS console or by editing the registry.

Once the Downstream Replica is configured, you will need to add the clients that you want to receive updates from the secondary WSUS server to a new group in the WSUS console.

You can then deploy the updates to the clients in the group using the standard methods.

Installing WSUS on the Secondary Server

To install WSUS on the secondary server, open the Server Manager and click on “Add Roles and Features”.

On the “Before you begin” page, click “Next”.

On the “Select installation type” page, select “Role-based or feature-based installation” and click “Next”.

On the “Select destination server” page, select the server on which you want to install WSUS and click “Next”.

On the “Select server roles” page, select “Windows Server Update Services” and click “Next”.

On the “Select features” page, click “Next”.

On the “Windows Server Update Services” page, click “Next”.

On the “Content location selection” page, select “Download updates from Microsoft Update” and click “Next”.

On the “Confirm installation selections” page, click “Install”.

On the “Installation progress” page, you will see the installation progress. Once the installation is complete, click “Close”.

Configuring the Downstream Replica

Once WSUS is installed on the secondary server, you will need to configure it to connect to the primary WSUS server.

You can do this using the WSUS console or by editing the registry.

To configure the Downstream Replica using the WSUS console, open the WSUS console and click on “Options”.

In the “Options” window, click on “Downstream servers”.

In the “Downstream servers” window, click “Add”.

In the “Add downstream server” window, enter the name of the primary WSUS server and click “OK”.

In the “Downstream servers” window, you will see the primary WSUS server listed.

Click “OK” to close the “Downstream servers” window.

To configure the Downstream Replica using the registry, open the Registry Editor and go to the following key:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows

Under the “Windows” key, create a new key called “WUServer”.

Under the “WUServer” key, create a new DWORD value called “WUStatusServer”.

Set the “WUStatusServer” value to the primary WSUS server.

Adding Clients to the Downstream Replica

Once the Downstream Replica is configured, you will need to add the clients that you want to receive updates from the secondary WSUS server to a new group in the WSUS console.

To do this, open the WSUS console and click on “Groups”.

In the “Groups” window, click “Create Group”.

In the “Create Group” window, enter a name for the group and click “Add”.

In the “Add computers to group” window, select the computers that you want to add to the group and click “Add”.

Click “OK” to close the “Add computers to group” window.

In the “Create Group” window, click “OK”.

In the “Groups” window, you will see the new group listed.

Deploying Updates to the Downstream Replica

You can deploy updates to the clients in the group using the standard methods.

To do this, open the WSUS console and click on “Updates”.

In the “Updates” window, select the updates that you want to deploy and click “Deploy”.

In the “Deployment Wizard” window, select the group that you want to deploy the updates to and click “Next”.

On the “Deployment options” page, select the options that you want to use and click “Next”.

On the “Deployment schedule” page, select the schedule that you want to use and click “Next”.

On the “Deployment package” page, click “Create”.

In the “Create Deployment Package” window, enter a name for the package and click “Browse”.

Select a location for the package and click “Save”.

Click “OK” to close the “Create Deployment Package” window.

On the “Deployment package” page, click “Next”.

On the “Summary” page, review the settings and click “Finish”.

On the “Deployment progress” page, you will see the deployment progress. Once the deployment is complete, click “Close”.