It is recommended to set the automatic sync between the primary WSUS and WSUS Replica as frequently as possible (24 syncs a day), because in scenarios where a remediation plan was activated on endpoints that communicate with WSUS Replica (Downstream WSUS) the “execute patch installation for single computer” task will only work after the Primary and Replica WSUS sync successfully.
If the sync has yet to occur, you will see either an exit code 341 or 342 for the “execute patch installation for single computer” task.
In order to change the sync schedule to be as frequently as possible, do the following on the WSUS replica.
- Go to Options
- Open Synchronization Schedule
- Make sure Synchronize automatically is enabled and set to 24 synchronizations per day.
Once set to 24 a day, it can take up 90 mins: 1 hour for the hourly sync + 30 mins maximum script runtime. Note: You can always log into the replica server and manually run the sync after setting the approval status on the primary.
Regarding group assignment, changes in the replica can take at least 24 hours to reflect in the primary server. Thus, it may take over 24 hours to reflect in JetPatch.
Note: If you are managing many replicas, you may see an initial spike in bandwidth if you set all of them to once an hour at the same time, but that will quickly go back down to normal levels and overall not affect anything long-term.