Point de mise à jour logicielle dans DMZ - Software update point in DMZ

Anne-Charlotte Bourgeais 1 Reputation point
2020-08-16T04:39:45.35+00:00

Good Afternoon,

I allow myself to pose my problem here. Here I have 1 MP and 4 DP, one of the DP is in a DMZ. The problem is that all my client workstations in the DMZ are getting application packages but not receiving Windows security updates. My Wsus Server is not in the DMZ. I had already configured the software update point on my DP DMZ. despite this, client workstations in DMZ do not receive updates. I see nothing blocked on my Stormshiel firewall. Do you know what escapes me?

Thank you for your help.

Microsoft Security | Intune | Configuration Manager | Updates
{count} votes

3 answers

Sort by: Most helpful
  1. Youssef Saad 3,416 Reputation points
    2020-08-16T11:55:16.837+00:00

    Hi,

    Do you have configured the boundary groups related to the DMZ subnets with your internal SUP ? Make sure also that the 8530 & 8531 ports are allowed between your DMZ clients and the Software Update Point.

    Regards,

    Youssef

    0 comments No comments

  2. Jason Sandys 31,411 Reputation points Microsoft Employee Moderator
    2020-08-17T01:10:09.867+00:00

    First, the boundary groups need to configured correctly as noted by @YoussefSaad-6209 so that the clients map to the proper SUP.

    Next, Clients don't change SUPs unless they fail to access their current SUP three times. Failure in this case equates to a limited set of result codes. Not being able to connect because of a firewall restriction does in not included though.

    Finally, have you reviewed the client logs? wuahandler.log is always the place to start with software updates and for site role location issues, review locationservices.log.

    0 comments No comments

  3. Amandayou-MSFT 11,156 Reputation points
    2020-08-17T09:56:45.147+00:00

    Hi,

    Thanks for posting in TechNet.

    Agree with Jason and YoussefSaad, we could check if the boundary group is set correctly. Here is the article about configuring boundary group:
    https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/boundary-groups#bkmk_sup

    In addition to the logs mentioned by Jason, the client could not receive update, kindly check policyagent.log to see if the policy is received.

    Thanks for your time.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.