Understanding How ConfigMgr Interacts with WSUS
This deep dive covers how Configuration Manager interacts with WSUS to set up a software update point and synchronize data between WSUS and ConfigMgr.
Video Guide
Tip: To get the most from this guide, we recommend watching the video guide and then using this doc as a reference throughout the video.
Scenario 1: Installing a New Software Update Point
When you install a new software update point, the following will take place!
The Install Flow of new Software Update Point (SUP)
Once the software update point installation is completed, a list of products/categories won't happen until the first successful SUP sync.
You can right-click All Software Updates and click Synchronize Software Updates to start the first sync.
The first synchronization can take a while to complete!
The table below lists the flow to verify the first synchronization and population of the WSUS catalog/categories.
Note: The log lines below are with debug and verbose logging enabled. You log lines may not contain this level of data.
First SUP Synchronization Flow
Tip: During the first sync, the longest part will be WSUS pulling the catalog for Microsoft Update.
Scenario 2: How ConfigMgr Database Sync from WSUS Database
The ConfigMgr database pulls the update catalog from the WSUS database. Below, you can find more details about how this happens.
Sync Flow for ConfigMgr Sync from WSUS
In our example below, we manually triggered a sync using the step above.
Here's an example of us querying an update in the ConfigMgr database that was synchronized:
Scenario 3: WSUS Cleanup in ConfigMgr
Below are some key points mentioned in the video related to the cleanup.
Key Point for WSUS Maintenance in ConfigMgr
The setting in the Supersedence Rules tab determines how long an update needs to be superseded before it will be expired.
This setting in the WSUS Maintenance tab will determine if expired updates should be declined (improves WSUS performance and health)
Log Files for ConfigMgr Cleanup Task for WSUS
Scenario 4: View Update Views in the Database in Relationships
Determining Compliance
Quick dive into getting compliance data. The below query is an example of how you can retrieve the compliance status of updates for all machines in SQL. This view pulls from a few different points of interest.
The other side of the coin when you get ALL the data.
Note the query below can return a massive data set when run in production.
Software Update Group Relationships
Software update groups are typically what we filter against as we typically have a group that we are targetting for a specific month. Get Software Update Group Names, and their CI's.
Mapping the relationship of all updates in a software update group.
Stringing it all together.
Last updated