Windows Server Update Services 3.0 SP2 Deployment Guide Abstract

of different situations, depending on whether the deadline has expired, whether there are other updates in the queue for the client to install, and whether the update (or another update in the queue) requires a restart.

Expired and unexpired deadlines

If the client contacts the server after the update deadline has passed, it will try to install the update as soon as possible. WSUS administrators can set update deadlines to a date in the past in order to have clients install the update immediately.

If the deadline has not passed, the client will download the update and install it the next time an install occurs. For example, if the client downloads an update with a deadline of 6:00 A.M., and the scheduled installation time is 3:00 A.M., the update will be installed at 3:00 A.M. Likewise, if a user starts an install before a (downloaded) update's deadline, the update will be installed.

Deadlines and updates that require restarts

Updates that have deadlines and require restarts will cause a forced restart at the time of the deadline, no matter when the update was actually installed. For example, if an update with a 6:00

A.M. deadline was downloaded and installed at 3:00 A.M., but the computer was not restarted at that time, it will be restarted at 6:00 A.M.

Moreover, if the computer is pending restart (because another update requiring a restart was installed, but the computer was not restarted), and an update with a deadline is installed, the computer will be restarted. The following is an example of client behavior with an unexpired deadline:

1. Update 1, which has no deadline but requires restart, is installed at 1:00 A.M., and the computer is not restarted.

2. Update 2, which has a deadline of 6:00 A.M. and does not require restart, is downloaded and installed at 3:00 A.M.

3. The computer is restarted at 6:00 A.M. (the deadline of Update 2).

The following is an example of client behavior with an expired deadline:

1. Update 1, which has no deadline but requires restart, is installed at 2:00 A.M., and the computer is not restarted.

2. Update 2, which has a deadline of 1:00 A.M. and does not require restart, is downloaded and installed at 3:00 A.M.

3. The computer is restarted after Update 2 is installed, at 3:00 A.M. (the first possible restart time).

WSUS updates and deadlines

A WSUS update (an update that is required in order for WSUS to continue functioning correctly) has installation priority over other kinds of update. If an update with a deadline is blocked by a

85

WSUS update, the deadline will apply to the WSUS update, as in the following sequence of events:

1. Update 1, which is a WSUS update with a deadline of 6:00 A.M., and Update 2, which is a non-WSUS update with a deadline of 2:00 A.M., are both downloaded at 1 A.M.

2. The next scheduled install is at 3:00 A.M.

3. The install of Update 1 starts at 2:00 A.M.

If the deadline of a blocked update has expired, the WSUS update that is blocking it will be installed immediately.

Set Up a Disconnected Network (Import and

Export the Updates)

Managing WSUS on a disconnected network involves exporting updates and metadata from a

WSUS server on a connected network and then importing them to the WSUS server on the disconnected network. There is a conceptual discussion of this feature in the "Networks

Disconnected from the Internet" section in Choose a Type of WSUS Deployment earlier in this

guide.

There are three steps to exporting and then importing updates:

1. Make sure that the options for express installation files and update languages on the exporting server are compatible with the settings on the importing server. This ensures that you collect the updates you intend to distribute.

2. Copy updates from the file system of the export server to the file system of the import server.

3. Export update metadata from the database on the export server, and import it into the database on the import server. The last section explains how to import exported updates to a replica server.

In this guide



Step 1: Matching Advanced Options



Step 2: Copying Updates from the File System



Step 3: Copying Metadata from the Database



Importing Updates to Replica Servers

Step 1: Matching Advanced Options

Make sure that the options for express installation files and languages on the exporting server match the settings on the importing server. For example, if you did not select the option for express installation files on the exporting server but did have the express installation file option selected on the importing server, you would not be able to distribute updates by using express

86

installation files, because none were synchronized by the exporting server. A mismatch of language settings can have a similar effect.

You do not have to concern yourself with matching the settings for schedule, products and classifications, source, or proxy server. The setting for deferred download of updates has no effect on the importing server. If you are using the option for deferred downloads on the exporting server, you must approve the updates so they can be downloaded before taking the next step, which is migrating updates to the importing server.

To ensure that express installation and language options on the exporting server match settings on the importing server

1. In the WSUS Administration snap-in of the exporting server, click the Options node in the left pane, and then click Update Files and Languages.

2. In the Update Files tab, check the setting for Download express installation files.

3. In the Update Languages tab, check the settings for the update languages.

4. In the WSUS Administration snap-in of the importing server, click the Options node in the left pane, and then click Update Files and Languages.

5. Make sure the settings for Download express installation files and Languages options match the selections on the exporting server.

For more information about these options, see the topics "Using Express Installation Files" and

"Filtering Updates" in Determine Bandwidth Options to Use earlier in this guide.

Step 2: Copying Updates from the File

System

Copy updates from the file system of the exporting server to the file system of the importing server. The procedures described below use the Windows Backup or Restore Wizard, but you can use any utility you like, including xcopy. The object is to copy updates from the file system on the exporting server to the files system of the importing server. When you copy files to the importing server, you must maintain the folder structure for all folders under the content directory.

Make sure that the updates appear in the folder on the importing server that has been designated to store updates; this designation is typically made during the setup process. You should also consider using an incremental backup system to limit the amount of data you need to move each time you refresh the server on the disconnected network.

To back up updates from file system of the exporting server to a file

1. On your exporting WSUS server, click Start, and then click Run.

2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.

87

3. Click the Backup tab, and then select the folder where updates are stored on the exporting server. By default, WSUS stores updates at

WSUSInstallationDrive\WSUS\WSUSContent\, where WSUSInstallationDrive is the drive on which WSUS is installed.

4. In the Backup media or file name box, type a path and file name for the backup (.bkf) file.

5. Click Start Backup. The Backup Job Information dialog box appears.

6. Click Advanced. Under Backup Type, click Incremental.

7. From the Backup Job Information dialog box, click Start Backup to start the backup operation.

8. Copy the backup file you just created to the importing server.

To restore updates from a file to the file system of the importing server

1. On your importing WSUS server, click Start, and then click Run.

2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.

3. Click the Restore and Manage Media tab, and select the backup file you created on the exporting server. If the file does not appear, right-click File, and then click Catalog File to add the location of the file.

4. In the Restore files to box, click Alternate location. This option preserves the folder structure of the updates; all folders and subfolders will appear in the folder you designate.

You must maintain the directory structure for all folders under \WSUSContent.

5. Under Alternate location, specify the folder where updates are stored on the importing server. By default, WSUS stores updates at

WSUSInstallationDrive\WSUS\WSUSContent\, where WSUSInstallationDrive is the drive on which WSUS is installed. Updates must appear in the folder on the importing server designated to hold updates; this is typically done during installation.

6. Click Start Restore. When the Confirm Restore dialog box appears, click OK to start the restore operation.

Step 3: Copying Metadata from the Database

Export update metadata from the database on the exporting server and import it into the database on the importing server using the WSUSUtil.exe utility program. For more information about this utility, see the WSUS Operations Guide at http://go.microsoft.com/fwlink/?LinkId=139838 .

88

Note

You must be a member of the local Administrators group on the WSUS server to export or import metadata; both operations can be run only on a WSUS server.

You should copy updates to a directory on the importing server before you import metadata. If

WSUS finds metadata for an update that is not in the file system, the WSUS console shows that the update failed to be downloaded. This type of problem can be fixed by copying the update to a directory on the importing server and then deploying the update again.

Although you can use incremental backups to move update files to the importing server, you cannot move update metadata incrementally. WSUSutil.exe exports all the metadata in the

WSUS database during the export operation.

Important

Never import exported data from a source that you do not trust. Importing content from a source you do not trust might compromise the security of your WSUS server.

Note

During the import or export process, the Update Service, the Windows NT service that underpins the WSUS application, is shut down.

To export metadata from the database of the exporting server

1. At the command prompt on the exporting server, navigate to the folder that contains

WSUSutil.exe (usually …\Program Files\Update Services\Tools).

2. Type the following:

wsusutil.exe export packagename logfile

For example:

wsusutil.exe export export.cab export.log

The package (.cab file) and log file name must be unique. WSUSutil.exe creates these two files as it exports metadata from the WSUS database.

3. Move the export package you just created to the importing server.

To import metadata to the database of the importing server

1. At the command prompt on the importing server, navigate to the directory that contains

WSUSutil.exe (usually …\Program Files\Update Services\Tools).

2. Type the following:

wsusutil.exe import packagename logfile

For example:

wsusutil.exe import export.cab import.log

WSUSutil.exe imports the metadata from the exporting server and creates a log file of the operation.

89