Prerequisites

• Verify that the ports 8530/8531 are open on the WSUS server for the endpoints to register.
• Verify that no Windows endpoints have duplicative SusClientId.
• Verify the WSUS endpoint was added to JetPatch and it is connected, before adding it as a discovery source 

Configuration

Note - In managed environments, we recommend applying the following configuration changes using the GPO capabilities.

There are four ways to apply the Windows Update Agent configuration for WSUS:

1. Local Endpoint Configuration 
2. GPO (preferred for domain-joined endpoints)
3. Built-in JetPatch Script after Connector deployment (preferred for POCs and non-domain joined endpoints)
4. Connector MSI Installation

Option 1: Local Endpoint Configuration 

Register the endpoints to the WSUS server:

• Open the group policy of the endpoint (start->run->gpedit.msc)
• Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
  • Configure Automatic Updates -> Enable the policy and of the following options for "Configure automatic updating" in the "Options" section:
    • notify for download and notify for install
    • auto download and notify for install (recommended)
  • Enable and set both the intranet update for detecting updates and the intranet statistics server URLs -> Enabled and set both URL’s to http://wsusserverip:8530 (if using SSL use https and 8531)
• Enable PowerShell execution policy to run scripts

Note: In order to install non-Microsoft 3rd Party Software Updates

• Open the group policy of the endpoint (start->run->gpedit.msc)
• Configure Updates by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Updates ->
  • Allow signed updates from an intranet Microsoft update service location -> Enable the policy

Post-Steps 

Open Command Prompt and run the following commands to use the new policy and to register it on WSUS

• Update GPO settings:
  

  gpupdate /force

• Initiate first connection to WSUS: 
  • If Windows version is less than 10/2019

    wuauclt /resetauthorization /detectnow /reportnow

  • Windows version is 10/2019 or later

    USOClient.exe RefreshSettings
    USOClient.exe StartScan

If the endpoint still not reporting to WSUS, run the following Powershell command:

$updateSession = new-object -com "Microsoft.Update.Session";$updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates

Note: If after all the steps above the endpoint is still not reporting to WSUS, please see this article.

Option 2: GPO 

Apply the same configuration as described above in your GPO settings.

Option 3: Built-in JetPatch Script

To configure the endpoint to communicate with WSUS you can use JetPatch capability of running a task on the endpoint. First, you need to create a task with the right values from the built-in script by following the instructions below:

1. Create a Task
   1. Go to "System -> Tasks" and click on "+ CREATE TASK" button
   2. Fill the "Task Name" and Description as you want
   3. On the right of the page, go to the "Execution" tab -
      1. Task Source = Both
      2. Script = "Register Windows Endpoint to WSUS"
      3. Execution Type = "Windows batch file"
      4. Execution Command = "@file @WSUSAddress @AutomaticDownload"
         
   4. Switch to the "Parameters" tab - 
      1. AutomaticDownload = fill "2" to "notify for download and install" or "3" to "auto download and notify for install".
      2. WSUSAddress = the full WSUS URL with the port (example - "http://30.30.55.249:8530")
         
   5. Click on "SAVE TASK".

After the task was saved, you can select the required endpoints in "Endpoints" -> "Management" and run the task on them.

Option 4: Connector MSI installation

See article