You are browsing the archive for 2012 October.

Configmgr 2012 SP1 : Installing Multiple Software Update Points per single primary site and use a single shared WSUS database on your SQL Cluster

10:00 am in AdminUi, ConfigMgr 2012, ConfigMgr 2012 SP1, SCCM 2012, SCCM 2012 SP1, SUP, wsus by Kenny Buntinx [MVP]


After installing ConfigMgr 2012 SP1 Beta (you can’t install SP1 in production, unless you have signed a TAP agreement with Microsoft), We wanted to install a new feature/functionality called Multiple SUP. In SP1 they have support for multiple software update points for a site (also for non trusted forests)  to provide automatic redundancy for clients in the same way as you can configure multiple management points.

In Configuration Manager 2012 Service Pack 1, they have added the ability to set multiple SUPs per Primary Site, to :

  • Provide the ability to add SUPs cross-forest
  • Provide fault tolerance without requiring NLB.

Clients will automatically fail over to additional SUPs in the same forest if scan fails , but switching SUP’s has a different network cost involved depending if you are using a shared WSUS database or not. The cheapest  network cost would be if you are sharing the WSUS database. By design , clients will try to scan to the SUP 4 times with a fixed interval of 30 minutes ( it will wait 30 min before it tries again )before switching to another SUP in the SUP list.

NOTE: Be aware that the above defined values or specifications can change any time as this product is still in beta !

However I believe this is a big step forward for Configuration Manager and that this is a nice solution for security and redundancy options, we had some difficulties to get this working with multiple WSUS servers sharing the database on the same SQL cluster / instance.

The product team is aware of the issue and is working at a solution . Until then , if you want to try this in a lab with a SQL cluster , here are the steps on how to work around the issue .

Scenario that failed :

1. Install WSUS-02 server.

2. Choose use existing WSUS-01 SUSDB database (on a remote SQL cluster ), and specify the remote SQL server name + instance.

You will get an error :  “Existing database is not compatible with this version of WSUS 3.0 SP2” . After clicking OK, then the option to use existing DB is greyed out.” When that happens , the remote SUSDB for existing WSUS server goes to single user mode (and doesn’t revert, so it can’t be contacted SUP) . Your WSUS-01 ( first WSUS can’t connect anymore)

3. Run a query to revert SUSDB from single user mode.

4. The assumption is that the required KBs (2720211 and 2734608), which have been applied to WSUS-01 before installing SP1 beta , are required on WSUS-02.  However, they can’t be applied until after WSUS-02 is installed, so we’re stuck adding another WSUS server using a shared database where the existing WSUS server has been patched with the KBs.

Scenario that succeeded:

1. Install WSUS-02 on its own dedicated database (internal) . Human error alert — we accidentally specified the server name and instance of the existing SUSDB, and overwrote it without any notification ! Used System Center Data Protection Manager to recover the SUSDB.  Phew.

2. Then the following steps were required to get the second WSUS (and second SUP) working successfully:

  • Install WSUS with a local DB.
  • Install KB2720211 and KB2734608
  • Stop WSUS Service on both WSUS servers

3. Modify the registry to point WSUS-02 to WSUS-01 SUSDB on remote SQL cluster as well and some other keys (listed below):

  • wYukonInstalled=0
  • SqlServerName= <clustername>\<instanceName>
  • SqlInstanceIsRemote=1

4. Cycle IIS services

5. Restart WSUS service.

6. Validate WSUS console opens.

7. Add SUP role to new WSUS server.

When you have success , go to the WCF.log file and see if he finds your SUP’s successfully :


Go to the monitoring tab and look into the “Software update point synchronization status”. What you maybe have questioned yourself is that there has not been anything about sync source, sync schedule, classification or products during the installation of the role when adding the second SUP. You specified everything already with the installation of the first SUP. When the second SUP has been installed I start a synchronization of the updates again to see what happens. See picture below :


After a few hours, you will see a confirmed number that clients are scanning off of the new SUP (WSUS-02).  Go to reporting and select “ Software Updates – D. Scan “ and use report “ Scan 1 –Last scan states by collection” .


Drill down to “Scan Completed”  . You will see this


If you export in a pivot table you will get excellent results that are more clear :



The feature really works well and I am pleased that the Product Team provide us these new features ! Above graphic proves it really works !

However it is NOT certified and therefore NOT SUPPORTED for Configuration Manager 2012 SP1 by the Product Group in production unless you are TAP. If you already use it in production , don’t expect Premier Support to help you . Certification and support statements will take official 90 days after RTM of Windows 8 . These experiences are being build during a TAP program and may be solved as we move to RTM .

Hope it Helps ,

Kenny Buntinx

ConfigMgr 2012 SP1 Beta : Skipping Client prerequisites in the OSD “Setup windows and install Configmgr client” step.

6:22 pm in CM12, ConfigMgr 2012, ConfigMgr 2012 SP1, Operating System Deployment, OSD, SCCM 2012, SCCM 2012 SP1, System Center, WES, WES 2009, WES2009 by Kenny Buntinx [MVP]


Hi guys ,

Working for a customer on managing WES 2009 Clients with Configmgr 2012 sp1 in TAP. On of the requirements by the customer was not to install Silverlight 5.0 or .net 4.0 onto the WES2009 Device as they did not manage or support their core image.

The client prerequisites documentation can be found here on technet .

Silverlight is not required, Software Center and Software Catalog are the only things that need it.  You can specify a commandline switch on ccmsetup to not install Silverlight.  Example: CCMSetup.exe /skipprereq: silverlight.exe but that only works to client push or manual install in RTM

If my base image has .net 2.x installed and I don’t want install .net 3.0/3.5/4.0 because of lack of disk space – (image being build by another company and no possibility to adjust ) and app compatibility on the embedded, how can I use the */skipprereq* on the OSD “Setup windows and install Configmgr client” step ?

GOOD NEWS ! They fixed that in SP1 . Now you are able to pass that “/SKIPPREREQ” parameter in your  OSD “Setup windows and install Configmgr client” step .

Hope it Helps ,

Kenny Buntinx