Setting up Windows Server Update Services (WSUS) Replica in Server 2022

Posted on 20th June 2023

Introduction

Windows Server Update Services (WSUS) is a server role included in Windows Server that enables you to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS can be deployed either as a stand-alone server with its own database, or as a replica of an existing WSUS server in the environment.

In this article, we will walk through the process of setting up a WSUS replica in a server running Windows Server 2022. We will assume that there is already an existing WSUS server in the environment, and that the replica will be configured to connect to it.

Prerequisites

Before you begin, there are a few things you will need:

• A server running Windows Server 2022
• Access to an existing WSUS server
• The IP address of the existing WSUS server
• A domain account with permissions to access the WSUS server

Install the WSUS Role

First, we need to install the WSUS server role on the server. This can be done using the Server Manager console, or by using PowerShell.

Using the Server Manager Console

Open the Server Manager console and click on Add roles and features.

On the Before you begin page, click Next.

On the Select installation type page, select Role-based or feature-based installation and click Next.

On the Select destination server page, select the server on which you want to install WSUS and click Next.

On the Select server roles page, select Windows Server Update Services and click Next.

On the Select features page, click Next.

On the Confirm installation selections page, click Install.

On the Installation progress page, wait for the installation to complete and click Close.

Using PowerShell

Open a PowerShell window and run the following command:

Install-WindowsFeature -Name UpdateServices

Configure WSUS

Once the WSUS role has been installed, we need to configure it. This can be done using the WSUS Configuration Wizard, or by manually configuring the settings.

Using the WSUS Configuration Wizard

Open the WSUS console and click on Configure Server Settings.

On the Before You Begin page, click Next.

On the Choose Update Source page, select Synchronize from another WSUS server and click Next.

On the Specify Proxy Settings page, select the Do not use a proxy server option and click Next.

On the Specify Synchronization Settings page, select the Synchronize automatically option and click Next.

On the Choose Products and Classifications page, select the products and classifications that you want to synchronize and click Next.

On the Choose Languages page, select the languages that you want to synchronize and click Next.

On the Confirm Selections page, click Next.

On the Completion page, click Finish.

Manually Configuring WSUS Settings

Open the WSUS console and click on Options.

In the Update Source and Proxy Server section, select the Synchronize from another WSUS server option and enter the IP address of the existing WSUS server.

In the Specify Proxy Server section, select the Do not use a proxy server option and click OK.

In the Update Files and Languages section, select the Download update files to this server only option and click OK.

In the Synchronization Schedule section, select the Synchronize automatically option and click OK.

In the Product and Classification section, select the products and classifications that you want to synchronize and click OK.

In the Language section, select the languages that you want to synchronize and click OK.

Create WSUS Replica Group

Open the WSUS console and click on Options.

In the Update Source and Proxy Server section, select the Specify a replica server option and enter the IP address of the existing WSUS server.

In the Replica Server Settings section, select the Create a new replica group option and enter a name for the replica group.

Click OK.

Conclusion

In this article, we have walked through the process of setting up a WSUS replica in a server running Windows Server 2022. We have installed the WSUS server role, configured the WSUS settings, and created a WSUS replica group.

If you have more than one replica server, you can configure WSUS to use a central server as its upstream server. This has the advantage of reducing network traffic and improving performance. To do this, you need to edit the WSUS replica server’s registry entries.

On the replica server, open the Registry Editor. Navigate to the following key:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

In the right pane, double-click the “WUServer” entry and change its value to the URL of the central server. For example, if the central server’s URL is “http://server1”, you would change the value to “http://server1”.

Next, double-click the “WUStatusServer” entry and change its value to the URL of the central server. For example, if the central server’s URL is “http://server1”, you would change the value to “http://server1”.

Close the Registry Editor and restart the WSUS service.

Setting up Windows Server Update Services (WSUS) Replica in Server 2022

Overview

Windows Server Update Services (WSUS) is a server role included in Windows Server that enables downloading and installing updates for Windows client and server operating systems, as well as third-party software. Starting with Windows 10, version 1809, and Windows Server 2019, WSUS is included in the Server Core App Compatibility Feature on Demand (FOD).

Prerequisites

Before you install WSUS on your server, you need to perform the following tasks:

• Install the Server Core App Compatibility Feature on Demand.
• Install Windows PowerShell 5.1 or later.
• Install .NET Framework 4.8 or later.
• Install Microsoft Management Console (MMC) 3.0 or later.

Install WSUS

To install WSUS on your server, follow these steps:

1. Open PowerShell and run the following command:

   Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-WidDB,UpdateServices-API,UpdateServices-RSAT

2. When the installation is complete, run the following command to start the WSUS service:

   Start-Service WSUSService

Configure WSUS

After WSUS is installed, you need to configure it before you can use it. To configure WSUS, follow these steps:

1. Open the WSUS administration console by running the following command:

   wsusutil configuressl <port>

2. Replace <port> with the port number you want to use for SSL.
3. In the WSUS administration console, click Options, and then click Products and Classifications.
4. In the Products pane, select the products you want to download updates for, and then click OK.
5. In the Classifications pane, select the classifications you want to download updates for, and then click OK.
6. In the WSUS administration console, click Options, and then click Synchronization Options.
7. In the Synchronization Options pane, select the Synchronize from Microsoft Update check box, and then click OK.
8. In the WSUS administration console, click Options, and then click Synchronize Now.

Create a WSUS replica

To create a WSUS replica, follow these steps:

1. Open the WSUS administration console, and then click Options.
2. In the Options pane, click Replica Creation Wizard.
3. On the Welcome to the Replica Creation Wizard page, click Next.
4. On the Specify Replica Settings page, type the name of the replica server, and then click Next.
5. On the Specify Proxy Settings page, type the proxy server settings if you want to use a proxy server, and then click Next.
6. On the Specify Sync Schedule page, select the synchronization schedule you want to use, and then click Next.
7. On the Ready to Create Replica page, click Create Replica.
8. On the Completing the Replica Creation Wizard page, click Finish.