How to Publish Software Updates and Software Update Bundles
Applies To: System Center 2012 Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2, System Center Essentials 2010
Use these procedures to publish a software update or a software update bundle from the Updates workspace. The first procedure describes what you must do to connect to the Windows Server Update Services (WSUS) server and specify a signing certificate. (Following that procedure is information that you need to know if Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2.) The second procedure describes how to publish the software updates from the Updates workspace.
To connect to a WSUS server and specify a signing certificate
In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.
Click Overview.
On the Overview page, click Configure WSUS and Signing Certificate.
Important
Always publish to the top-level WSUS server in your Configuration Manager environment so that all child sites have access to the Updates Publisher 2011 updates that you publish.
Select the Enable publishing to an update server check box for Updates Publisher 2011 to publish software updates.
Specify whether the software update server is local or remote.
Click Connect to a local update server if the software update server and the Updates Publisher 2011 console are installed on the same computer.
Important
When a custom WSUS website is used for a local update server, and the website is configured to use an HTTP port other than HTTP port 80 or HTTP port 8530, you must select Connect to a remote update server, or the connection to the local update server fails.
Click Connect to a remote update server if the update server and the Updates Publisher 2011 console are not on the same computer. Specify the following settings:
Select the check box Use SSL when communicating with the update server to use Secure Socket Layer (SSL) when you connect to the update server. Use this setting only when the update server is configured to use SSL.
Specify the NetBIOS name of the updates server in the Name box.
Specify the port that you want to use when connecting to the update server in the Port box. Use the HTTP port number if SSL is not used, and use the HTTPS port number if the check box Use SSL when communicating with the update server is selected. The default HTTP port is 80, and the default HTTPS port is 443. Check the update server configuration to verify which port you should use.
Click Test Connection to validate that the update server name and port settings are valid. A message appears that indicates whether the connection succeeded or failed. If the connection failed, verify the server name, port settings, and that the update server is accessible, and then test the connection again.
If a digital certificate is not detected for the update server, specify a certificate by clicking one the following buttons:
Browse: Opens a Browse dialog box in which you select the certificate file. This option is available only when Updates Publisher 2011 is local to the update server or when you used SSL to connect to a remote update server. Select the certificate, and then click Create to add the certificate to the WSUS certificate store on the update server.
Create: Creates a new certificate, or uses the certificate that you specified by using Browse, and adds the certificate to the WSUS certificate store on the update server. Enter the .pfx file password for certificates that you selected by using Browse.
Remove: Removes the certificate from the WSUS certificate store on the update server. This option is available only when Updates Publisher 2011 is local to the update server or when you used SSL to connect to a remote update server.
Updates Publisher 2011 uses the certificate that is specified here to sign the software updates that are published to the update server. Publishing to the update server fails if the digital certificate specified is not copied to the appropriate certificate stores on the update server, and on the computer running Updates Publisher 2011 if it is remote from the update server. For more information about adding the certificate to the certificate store on the update server, see Managing Security for System Center Updates Publisher 2011.
Important
If Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2, the following requirements must be met:
- When Updates Publisher 2011 and WSUS (full) are installed on the computer running Windows 2008 Server R2 and you are publishing to a remote update server, you must be part of the WSUS Administrators group on both computers.
- When Updates Publisher 2011 and the WSUS Administrative console are installed on the computer running Windows 2008 Server R2 and you are publishing to a remote update server, you must be part of the WSUS Administrators group only on the remote server. The remote update server will always have WSUS (full) installed.
- When publishing to a local update server and Updates Publisher 2011 and WSUS (full) is installed on the same computer, you must be part of the WSUS Administrators group only on the local computer.
To publish a software update or software update bundle
In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.
Locate the software updates and bundles that you want to publish by using the following methods:
Important
You can publish only those software updates that are 375 megabytes (MB) or less in size.
Click All software updates to display all the software updates and bundles in the Updates Publisher 2011 repository.
Click a Manufacturer folder to see only those software updates and bundles that are related to the manufacturer.
Click a Product folder to see only those software updates and bundles that are related to a product of a manufacturer.
Use Search to list only those software updates and bundles that include the search term.
Select the software update or bundle that you want to publish, and then on the Home tab, click Publish.
In the Publish Software Updates Wizard, on the Publish Options page, specify how you want to publish the software updates and bundles.
Click Automatic for Updates Publisher 2011 to query Configuration Manager whether the selected software update or bundle is published with full content or only metadata. In this mode, software updates are published only when they meet the client request count and package size thresholds that are specified on the ConfigMgr Server page of the Options dialog box. Automatic mode is available only if Configuration Manager Integration is specified in the Updates Publisher 2011 configurations options. For information about setting Configuration Manager Integration and setting thresholds, see Configuration Manager Server.
Click Full Content when you are sure that you want to deploy the software update by using Configuration Manager. When Full Content is selected, Updates Publisher 2011 publishes the binary of the software update and the definition (metadata) of the software update.
Click Metadata Only when you only want to gather compliance information for software updates. When Metadata Only is selected, Updates Publisher 2011 publishes only the definition of the software update, but does not publish software update binaries.
Important
Software updates that are published as metadata only cannot be used to deploy software packages. Metadata only publications can be used only for scanning purposes.
To sign published software updates that have not changed but their signing certificate has changed with a new certificate, select the check box Sign all software updates with a new publishing certificate when published software updates have not changed but their certificate has changed.
Click Next.
On the Summary page, review the items to be published, and then click Next.
On the Confirmation page, review what was published, and then click Close to exit the Wizard. Updates Publisher 2011 indicates which software updates were published, if the software update was published with full content or metadata only, if the software update was skipped, and if the software update failed to be published. Links to the Updates Publisher 2011 log file are provided if a software update was skipped or it failed to publish.
Here are some things to remember about publishing software updates:
Software update bundles are always published as metadata only because the binaries for the software updates in the bundles are not published.
Software updates can be published individually by using the Updates workspace or as a group by using the Publications workspace. For information about publishing in the Publications workspace, see How to Publish Software Updates Publications.
After a software update has been published with specific vendor and product metadata, you cannot publish a second software update whose vendor name is contains the vendor and product name of the first software update. For example, if the first software update has Vendor “A” and product “B”, you cannot publish a second software update that has a vendor “AB”.