Articles in this section

See more

Endpoint and JetPatch Configuration for WSUS

Todd Kirkland
  • Updated
Follow

Endpoint Configuration for WSUS

Note - The following instructions are describing the manual steps to configure the endpoint and the Windows Update Agent installed. Steps can be done using GPO as well.

Prerequisites

  • Verify that the ports 8530/8531 are open on the WSUS server for the endpoints to register.
  • Verify that IPV6 is disabled on all Windows endpoints and the WSUS server.
  • Verify that no Windows endpoints have duplicative SusClientId.

Configuration

  • Register the endpoints to the WSUS server:
    • Open the group policy of the endpoint (start->run->gpedit.msc)
    • Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
      • Configure Automatic Updates -> Enable the policy and of the following options for "Configure automatic updating" in the "Options" section:
      • Specify intranet Microsoft update service location -> Enabled and set both URL’s to http://wsusserverip:8530 (if using SSL use https and 8531)
    • Enable PowerShell execution policy to run scripts
    • Optional: for non-Microsoft 3rd Party Software Updates
      • Open the group policy of the endpoint (start->run->gpedit.msc)
      • Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
        • Allow signed updates from an intranet Microsoft update service location -> Enable the policy.

Post-Steps

Open Command Prompt and run the following commands to use the new policy and to register it on WSUS

  • Update GPO settings:
    gpupdate /force
  • Initiate first connection to WSUS:
    • If Windows version is less then 10/2019 
      wuauclt /resetauthorization /detectnow /reportnow
    • Windows version is 10/2019 or later 
      USOClient.exe RefreshSettings
      USOClient.exe StartScan

Note: If the endpoint is still not reporting to WSUS, please see this article.

JetPatch Configuration for WSUS

Recommendation: Have all endpoints registered and reporting to the WSUS server (as per the above steps). It is also suggested to have the endpoints in WSUS groups before using JetPatch.

Do the following in order (note: the connector must be deployed on the WSUS server before it can be added as a discovery source)

  1. Add the WSUS server to JetPatch
  2. Add and assign an administrative account to the WSUS server
  3. Deploy the JetPatch connector on the WSUS server
  4. Add the WSUS discovery source

Note: You can only add one WSUS server as discovery source to JetPatch. For more WSUS servers use a primary-replica or primary-autonomous setup.

wsus2.green.local

Source Type: WSUS Server

 

Post-Steps

Within 20 minutes, all machines reporting to WSUS should be reporting to JetPatch.  From there, you can do the following

  1. Add and assign an administrative account to the Windows endpoints
  2. Deploy the JetPatch connector on the Windows endpoints

Optional: WSUS Certificate

When your environment has WSUS certificate and you want to deploy the JetPatch Agent using Connector MSI Installation you need to put the WSUS certificate in JetPatch server in the following location - 

/usr/share/intigua/wsus-certs

Related Articles 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.