How to configure the WSUS server that use the WSUS services????

Question

Hi all,

I am trying now for a long time to configure our WSUS server here in the company.

We have the following:
Using Microsoft Server 2019 Datacenter license
Veaam backup
M365 for some users

Infra:
2 ESxi hosts
5 VLAN groups
2 domain controllers (2d domain controller is for sync/backup of 1 one.
1 sync server for AZ Hybride
1 WDS server
1 WSUS server
1 exchang sync server (only for Azure to sync accounts)

GPO's enabled as followed:

1

So my question is, how can i put the WSUS server that it goes through the WSUS update services as well? I had some issues with the clients as well. but with adding some extra GPO's it is now going through the WSUS update server.

The WSUS server it self does not go through the WSUS update services.

when i run the command on the server
PowerShell

Get-WindowsUpdateLog
[[-ETLPath] <String[]>]
[[-LogPath] <String>]
[-ProcessingType <String>]
[-ForceFlush]
[-WhatIf]
[-Confirm]
[<CommonParameters>]

the AGENT and server are (Null)
The clients where before as well (Null) now they show the server, so that is good.

thank you in advance.

2022.11.14 10:24:03.0855660 8040  8484  Agent           Datastore directory: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb  
2022.11.14 10:24:03.0863190 8040  8484  DataStore       JetEnableMultiInstance succeeded - applicable param count: 5, applied param count: 5  
2022.11.14 10:24:03.1062827 8040  8484  Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.  
2022.11.14 10:24:03.1063993 8040  8484  Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.  
2022.11.14 10:24:03.1076512 8040  8484  Shared          Network state: Connected  
2022.11.14 10:24:03.2132862 8040  8484  Misc            *FAILED* [8024000C] LoadHistoryEventFromRegistry completed  
2022.11.14 10:24:03.2142043 8040  8484  Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.  
2022.11.14 10:24:03.2142185 8040  8484  Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.  
2022.11.14 10:24:03.2142342 8040  8484  Shared          Power status changed  
2022.11.14 10:24:03.2198241 8040  8484  Agent           Initializing global settings cache  
**2022.11.14 10:24:03.2198280 8040  8484  Agent           WSUS server: (null)  
2022.11.14 10:24:03.2198307 8040  8484  Agent           WSUS status server: (null)  
2022.11.14 10:24:03.2198529 8040  8484  Agent           Alternate Download Server: (null)**  

Answer 1

Some extra details the GPO for WORKSTATIONS

GPO for the Servers the same, only the client side targeting group is different.
The strange this is .

when i run powershell command: get-windowsupdatelog i get target group 2. Production to see on the servers..
On the clients it shows the correct group.

I have placed the GPO for the location (intranet enabled) GPO in two places on under the Root OU because two domain controllers are there.
And also under OU of our office under Computers i hadded the same Location GPO.
So this will be the correct way.

using your scenario1

1. wsus server
2. rings, one automatic, and one manual.

Answer 2

i get a step further:

Refreshing global settings cache
2022/11/17 16:46:02.1105641 7248 7444 Agent WSUS server: http://server:8530 (Unchanged)
2022/11/17 16:46:02.1105653 7248 7444 Agent WSUS status server: http://server:8530 (Unchanged)
2022/11/17 16:46:02.1105700 7248 7444 Agent Alternate Download Server: (null) (Changed)
2022/11/17 16:46:02.1105711 7248 7444 Agent Fill Empty Content Urls: No (Unchanged)
2022/11/17 16:46:02.1105722 7248 7444 Agent Target group: 3. Servers (Changed) <- getting the correct target group now
2022/11/17 16:46:02.1105735 7248 7444 Agent Windows Update access disabled: Yes (Unchanged)
2022/11/17 16:46:02.1105746 7248 7444 Agent Do not connect to Windows Update Internet locations: No (Unchanged)
2022/11/17 17:07:35.1841838 7248 7444 Agent WU client refresh cache for DisableWUAccess policy: 0
2022/11/17 17:07:35.1841852 7248 7444 Agent Refreshing global settings cache
2022/11/17 17:07:35.1841865 7248 7444 Agent WSUS server: http://server:8530 (Unchanged)
2022/11/17 17:07:35.1841877 7248 7444 Agent WSUS status server: http://server:8530 (Unchanged)
2022/11/17 17:07:35.1841886 7248 7444 Agent Alternate Download Server: (null) (Changed)
2022/11/17 17:07:35.1841895 7248 7444 Agent Fill Empty Content Urls: No (Unchanged)
2022/11/17 17:07:35.1841904 7248 7444 Agent Target group: 3. Servers (Unchanged)
2022/11/17 17:07:35.1841912 7248 7444 Agent Windows Update access disabled: No (Changed)
2022/11/17 17:07:35.1841923 7248 7444 Agent Do not connect to Windows Update Internet locations: No (Unchanged)
2022/11/17 17:07:48.6869949 7248 7444 Agent Refreshing global settings cache
2022/11/17 17:07:48.6869963 7248 7444 Agent WSUS server: http://server:8530 (Unchanged)
2022/11/17 17:07:48.6869975 7248 7444 Agent WSUS status server: http://server:8530 (Unchanged)

to add extra context: i added the following rules
under administrative settings / system /device installation (specify search order for device driver source locations: enabled [do not search Windows Update]
under administrative settings / system /device installation (specify the search server for device driver updates: enabled [Search Managed Server]