WSUS replica

SYS ADM 1 Reputation point

Hello there

I have a main WSUS01 for the installation of updates from the office computers. On this server, I authorize the updates to be installed. Then I have a WSUS02 replica server configured as "This server is a replica of the upstream server", with the option of "don not store update files locally; computers install form Microsoft Update" enabled and a GPO for computers to access that WSUS02 does not download from WSUS and saturate the VPN line.

My question:

1.- Is this configuration correct?

2.- Why do I get updates in the updates tab of WSUS02? Nothing should appear if the WSUS01 does that task, right?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,467 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Rita Hu -MSFT 9,626 Reputation points

    Hi @SYS ADM ,

    Thanks for your posting on Q&A.

    Please help reconfirmation. The computers pointed to the WSUS02 to get the approved updates in your environment. Am I right?

    A WSUS server running in replica mode inherits the update approvals and computer groups created on an administration server. So we have to approve the required updates on the WSUS01 first and then the WSUS02 could sync approved updates from WSUS01 successfully.
    According to the configuration of the group policies, the computers will scan updates from WSUS02 and download and install the required updates from the Internet.

    Please review this link to know more about the WSUS in Replica mode. Please ignore it if you have already known.

    Here are some comments for your questions:
    Is this configuration correct?
    Depends on your needs. Please choose a deployment that works for your environment.

    Why do I get updates in the updates tab of WSUS02? Nothing should appear if the WSUS01 does that task, right?
    In fact, there are two types of the update files when we use the WSUS server to deploy updates for the clients, metadata(shown on the WSUS console) and Binary update files(use to install on the clients). We have to approve the metadata and then we could get the Binary update files. But the replica WSUS server could not approve updates. So we have to approve the updates on the upstream WSUS and then sync the approved updaets on the downstream WSUS.

    Please don't hesitate to inform me if you have any questions.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments