WSUS clients must download from Internet but send statistics to myWSUS server. But it's not working.

Discussion in 'Update Services' started by Michael, Jan 6, 2006.

  1. Michael

    Michael Guest


    The headquarter is located here in Denmark, and all machines here are
    using a WSUS server here.

    We have a remote office network in US with VPN connection to
    headquarter, but it's with lower bandwidth.

    I would like the machines in the office in US to download the updates
    directly from Microsoft instead of from the WSUS in the Danish office.
    The statistical information should be sent to WSUS server in Denmark.

    The group policies has been made, but the machines in US can't connect
    to the update server I have defined in the policy:

    Can I use this URL, or is it another URL at, when I'm
    using WSUS ?

    Thanks in advance


    Michael, Jan 6, 2006
    1. Advertisements

  2. Not an option with the base configuration, Michael.

    You have two options for configuration:

    (1) You -can- configure the server to download updates directly from
    Microsoft. You can configure it as an autonomous server, in which case it
    will get everything directly from However, this will require
    you to administer the server across the VPN.

    Alternately, you can configure it as a slave to a replica master in your
    Denmark office, where the replica master controls where the
    approvals/content are obtained from. If the replica master is configured to
    have a local content store, then the replica slave server will transfer
    metadata -and- content across the VPN. This is probably not a desirable, nor
    functional, solution. The other option here is to configure the replica
    master to -not- have a local content store. In this case, the replica slave
    will also not have a content store, but will still obtain metadata and
    approval status from the replica master in Denmark (across the VPN).
    Unfortunately, this will cause the =clients= to download content directly
    from (ala the pre-(W)SUS Automatic Updates client). If the
    Internet pipe in the US is sufficient, and the number of clients per site
    reasonable, this might be a viable solution for you. However, if you have a
    large number of clients for the Internet bandwidth available, this might not
    be a viable solution.

    However, those are the options available for remote server management.

    As for statistical reporting, the client will always report to the server it
    obtains approvals from. Thus, your remote clients will report to the remote
    server(s), and there is no way, at present, to configure them to report to
    the Denmark central server.

    However, there is a "Reporting Rollup Tool" sample available in the Samples
    and Tools API kit, which contains a rudimentary (and enhanceable) utility
    for consolidating data from remote WSUS databases into a central database,
    to facilitiate 'centralized reporting'.
    You -cannot- configure a URL in your Group Policy for use with
    WSUS. The URL needs to point to the name of the local WSUS server that will
    hold the approval data. The client will obtain the content either from (automatically, when no content store exists), or from the
    local WSUS server, which will get its content either from the replica master
    server, or from (if it is configured as an autonomous WSUS
    Lawrence Garvin \(MVP\), Jan 6, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.