Saturday , August 18 2018

WSUS 3.2 win2008 R2 to 6.3 win2012 R2 Step by step

Had to do a migration Windows Server Update Services (WSUS) Migration from 2008 R2 to 2012 R2

WSUS 3.2 Windows Server 2008 R2 to WSUS 6.3 Windows Server 2012 R2

Criteria’s has to be Met in my case.

  • Retain Same Name.
  • Retain Same IP.
  • Retain Same Port – WSUS currently Running on Port 80.
  • Downstream servers will be migrated later.

Use can use the Same methods to bring a new Server and do the same process. it shouldn’t be a issue.

Tasks –

  • Take SQL Backup
  • Copy WSUSContent Binaries.
  • Install Test Windows Server , Test Domain , Install WSUS Role to verify it imports the database ok on 2012R2 . (Optional)
  • Collected Local Administrators to manually Apply it Again on New server.
  • Build New Server
  • Restore SQL Database , WSUS Binaries on New Server.
  • Verify Downstream servers.
  • Verify Client Machines.

Step 1 –

Take SQL Backup .bak file of WSUS internal Database.

Login to Windows 2008 R2

Download SQL Server management Studio and install it .

Connect it to the Windows internal Database and take a backup of it.

image

Login as WSUS administrator. Run SQL Management Studio as Administrator

Server Instance

\\.\pipe\mssql$microsoft##ssee\sql\query

Windows Authentication

image

image

Choose Copy-Only Backup

image

Step 2 –

Copy WSUSContent Binaries.

Copy WSUSContent Folder to Safe Location for avoiding downloading the binaries again.

image

Step 3 –

Collected Local Administrators to manually Apply it Again on New server.

Step 4 –  (Optional if you don’t want to retain Same Name,IP)

  • Turned off Old WSUS server.
  • Renamed the VM
  • Removed Active Directory Account
  • Built the WSUS Server with Same Name, Same IP
  • Installed WSUS Role . Next Next Leave everything default (Specified Store Updates D:\WSUS in my case).

image

Enter the Path to store Upates

image

Step 5 –

Restore SQL Database on New Server.

Login as WSUS administrator. Run SQL Management Studio as Administrator

Server Instance

\\.\pipe\Microsoft##WID\tsql\query

Windows Authentication

Take a Backup of the Default Database.

image

Run the Query  to Drop the Default Database –


USE master

GO

ALTER DATABASE SUSDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE

GO

DROP DATABASE SUSDB

GO

Placed the Backup as below location on the new server – C:\WsusBackup\SUSDB.bak’

Run the Query  to Restore the Database –


RESTORE DATABASE [SUSDB] FROM DISK = N'C:\WsusBackup\SUSDB.bak' WITH FILE = 1, MOVE N'SUSDB' TO N'c:\Windows\WID\Data\susdb.mdf', MOVE N'SUSDB_log' TO N'c:\Windows\WID\Data\SUSDB_log.ldf', NOUNLOAD, STATS = 10

Copy the WSUSContent Binaries Folder – Merge it on the New server – Same location .

Then Run below

Cd “C:\Program Files\Update Services\Tools”
.\WsusUtil.exe postinstall CONTENT_DIR=D:\WSUS

image

Open Powershell ISE Run as Administrator

Make WSUS as Active.

image


$updateServer = get-wsusserver

$config = $updateServer.GetConfiguration()

$config.ServerId = [System.Guid]::NewGuid()

$config.Save()

Do Post Install for Completion

.\WsusUtil.exe postinstall

image

if you don’t want to use the default Port.  and use Port 80 for Updates (Optional)

Run below

.\WsusUtil.exe usecustomwebsite false

image

Step 6 –

Verify Downstream servers.

Now if you have downstream servers. Run Sync it should sync to verify things are fine.

image

if it  doesn’t work

Try Unchecking Replica and put it back . Run Sync again.

If you used a different name, Update the same.

Default Ports WSUS _ Reference

  • On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS.
  • On WSUS 6.2 and later , port 8530 for HTTP and 8531 for HTTPS

image

Step 7 –

Verify Client Machines.

Login to a client Machine Windows 7.

Run

wuaclt.exe /detectnow
wuaclt.exe /reportnow

image

C:\Windows\WindowsUpdate.log

To verify If it connects ok .

Try to Approve some patches and download.

Known Issues 1 – WSUS 2012 R2 

After Windows Updates . Databases didn’t Start up.

Log Name: Application
Source: MSSQL$MICROSOFT##WID
Event ID: 18456
Task Category: Logon
Level: Information
Keywords: Classic,Audit Failure
User: NETWORK SERVICE
Description:
Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’. Reason: Failed to open the explicitly specified database ‘SUSDB’. [CLIENT: <named pipe>]

Get-Hotfix -ID KB3159706

Found its installed.

Ran below steps;

  • Open an elevated Command Prompt and run “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
  • Enable HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features Wizard
  • Restart the WSUS service

Known Issues 2 – Windows 10 Update Error 0x80070643 Client Side.

Resolution-

Resetting Windows Client Update Components (For Client Side Only)-

Please follow the below steps to reset the Windows Updates Components:

  1. Press Windows Key + X on the keyboard and then select “Command Prompt (Admin)” from the menu.
  2. Stop the BITS, Cryptographic, MSI Installer and the Windows Update Services. To do this, type the following commands at a command prompt. Press the “ENTER” key after you type each command.                     
    net stop wuauserv
    net stop cryptSvc
    net stop bits
    net stop msiserver

3. Now rename the SoftwareDistribution and Catroot2 folder. You can do this by typing the following commands in the Command Prompt. Press the “ENTER” key after you type each command.                        

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old

4. Now, let’s restart the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt for this. Press the ENTER key after you type each command. 

net start wuauserv
net start cryptSvc
net start bits
net start msiserver

             
5. Type Exit in the Command Prompt to close it.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Exchange Server MVP , Publisher of CareExchange.in
Supporting/Deploying/Designing Microsoft Exchange for some years.
Extensive experience on Microsoft Technologies.

Check Also

Troubleshooting Authentication prompts in Outlook

Authentication prompts in Outlook is one of the worst to troubleshoot in a Messaging Environment. ...

5 comments

  1. Excellent post

  2. Danner Galvarro

    Msg 3605, Level 16, State 1, Line 1
    Schema verification failed for database ‘SUSDB’.
    Msg 3013, Level 16, State 1, Line 1
    RESTORE DATABASE is terminating abnormally.

    Error restore Database

  3. Danner Galvarro

    wuauclt.exe /detectnow is true
    wuaclt.exe /detectnow is worse

  4. Great goods from you, man. I’ve understand your stuff previous to and you are just extremely great. I actually like what you have acquired here, certainly like what you are stating and the way in which you say it. You make it enjoyable and you still take care of to keep it smart. I can’t wait to read much more from you. This is really a terrific web site.

Leave a Reply

Your email address will not be published.