Learn to Upgrade the SCCM 2007 SUP to WSUS 3.0 SP2

Upgrade to WSUS 3.0 SP2 on SCCM 2007 SP2 SUP

Environment: SCCM 2007 SP1 with WSUS 3.0 SP1. We are also running Nomad Branch v3.2.100.81

Purpose: The intention of this post is to provide you with a high level overview on how to upgrade to WSUS 3.0 SP2 when you have a SCCM 2007 SP2 Software Update Point.  This is not a step by step, log file drilldown. I can provide that in seperate post if requested.

Overview: It all started with the requirement to deploy software updates to Windows 7.0 machines.  WSUS 3.0 SP2 is the supported way and the only way I am aware of (sure you could use software distribution to deploy out the patches, but even this would require a hotfix on SCCM 2007 SP1 for Windows 7.0 to be a supported platform in the program property) to deploy Windows 7.0 patches using SCCM 2007 SP2.  Even if you upgrade to SCCM 2007 SP2, it is still not going to provide you with the ability to patch those Windows 7.0 machines.  Bummer…

While I am on this topic, I want to point out that Windows 7.0 and Windows Server 2008 R2 are supported with SCCM 2007 SP1 as clients but if your running in native mode OR have NAP there is additional hotfixes required:

KB974236– Update rollup for System Center Configuration Manager 2007 SP1 to add support for Windows Server 2008 R2 and Windows 7 clients

KB974236– Update rollup for System Center Configuration Manager 2007 SP1 to add support for Windows Server 2008 R2 and Windows 7 clients.  This is to add support to the supported platform list in a program property.

When you upgrade to WSUS 3.0 SP2, it automatically updates SCCM 2007 clients to the new versions of the WUA 7.4 client. This may or may not work for you given your environment.  This is definitely something to be aware of, particularly if you want tight control over your lower bandwidth sites and want to know what version of the WUA is deployed to your environment.   Windows 7.0 and Windows Server 2008 R2 client already have the latest version of the WUA so they are the exceptions. Horayy for that!

Meanwhile, back at the ranch..Below are the high level steps and recommended approach to upgrade your SUP to WSUS 3.0 SP2

  1. Deploy and Install WUA 7.4 to the clients.
    We can send the WUA 7.4 client out via software distribution in advance of the upgrade to SP2 for WSUS 3.0 on the server side. Deploying this with Nomad Branch v3.2.100.81 will help throttle the amount of bandwidth used and provide better visibility into the success of the upgrade on the client side. If we go the other way around, clients will get the new WUA 7.4 off the SUP and it’ll go unthrottled. There also will be no visibility clearly defined on the success on the client. If pulling from the SUP is a concern for sites with thin pipes, you could throttle IIS on the SUP to for a while.
  2.  Upgrade the WSUS 3.0 SP1 to SP2.
  3. Upgrade the SUP console on the site server also. This will keep all WSUS components on the same SP level.

A couple things in the release notes:

  • Windows Update Agent (WUA) client improvements. The new WUA client offers a collection of performance enhancements, user experience improvements, plus an array of bug fixes based on customer feedback.
  • Client scan time is faster than previous versions.
  • Windows Update Agent (WUA) user experience improvements help users better organize updates and provide greater clarity on update value and behavior.
  • Imaged machines will be more clearly displayed in the WSUS console. For more information, see article titled A Windows 2000-based, Windows Server 2003-based, or Windows XP-based computer that was set up by using a Windows 2000, Windows Server 2003, or Windows XP image does not appear in the WSUS console.
  • Known issues with Windows Update Agent that are resolved in this release:
    WSUS 3.0 SP2 and Windows 7 include a new release of the Windows Update Agent (for Windows XP, Windows Vista, Windows Server 2000, Windows Server 2003, and Windows Server 2008). This release fixes the following issue: APIs called by nonlocal system callers in a noninteractive session will fail.
  • Issue that is fixed by version 7.2.6001.788 of the Windows Update Agent. This update fixes the following issue: When you try to install 80 or more updates at the same time from the Windows Update Web page or from the Microsoft Update Web page, you may receive the error code 0x80070057.

Improvements and issues that are fixed by version 7.2.6001.784 of the Windows Update Agent. This update includes the following:

  • Improves scan times for Windows Update, improves the speed at which signature updates are delivered, enables support for Windows
  • Installer reinstallation functionality, and improves error messaging.

The other thing worth mention is that in the release note, it mentions if your running two or more Web sites that are on port 80,  and that you delete all except one of them before you install WSUS.  If you do not do this, the server’s clients may fail to self-update. We are running in mixed mode but have installed WSUS on port 8530 and 8531 which we did not have to worry about. If you have validated this as a problem, please let me know and I can update the post.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.