In the previous article, I have explained how to Deploy the SCCM Client using Client Push . which automates computer to be installed in existing and newly discovered computer. In this article i will be explaining the step by step guide to add site system role (Software Update Point) in the MECM server.
This automates communication between WSUS(Windows Server Update Service) and server which will be using to synchronized with Microsoft upstream for metadata updates. It enables administrator to monitor, manage and deploy updates, patches and upgrade all over the client computer centrally.
By default, SCCM have 8 roles installed during the installation of the server but software update point do not installs during setup. administrator need to install it manually.
Open Configuration Management Console -> Administration -> Overview -> Site Configuration -> Server and Site System Roles -> Right Click on Site and Add Site System Roles.
On General Tab, i need to Choose an account which will be use for install role on the server. In this example i will using the mcm user to install it. hence, i will choose “Use the site server’s computer account to install this site system“. This will automatically detects the computer account is being used in this computer and use for SUP installation and click on Next.
On proxy Tab, There are no any proxy server being used , hence Click on Next.
On System Role Selection Tab, Select Software Update Point and click on Next.
On Software Update Point Tab, Check on Allow Internet and intranet client connections and Next.
On Proxy and Account Settings Tab, There no any specific requirement need to be fulfilled. Click On Next.
On Synchronization Source Tab, as i will be using direct synchronized metadata with Microsoft Update. and updates will be download through Windows Server Update Service. Here i will select “Synchronize from Microsoft Update“. Here i do not want any reporting event for WSUS and i will check on do Not create WSUS reporting events. Click on Next.
On Synchronization Schedule Tab, This page provides the configuration details of the Update synchronization from Microsoft to MECM server. Here i will be enabling the details to synchronized automatically in specific time period. to Make this possible check mark on “Enable Synchronization on a schedule”. and select the time period when to sync this. In production, usually this sync in every week but in this lab setup i will be running this in every 8 hours. also i want alert in MECM server if synchronization failed or any other issue occurred which creates disruption on synchronization. also check on ” Alert when synchronization fails on any site in the hierarchy” and Next.
On Superdense Rules, Microsoft automatically expires older updates from the latest update. The most recent update makes expire to older and removes from the MECM database. to achieved this automated update status details. it is recommended to enable this feature, check on “Immediately expire a superseded software update” also check on “Immediately expire a superseded feature update” and Next.
On WSUS Maintenance Tab, Click on “Remove obsolete updates from the WSUS database”. this will remove meta expire data appearing in MECM console. click on Next.
On Maximum Run time, Leave all as default and click Next.
On Update Files, Here need to specify configuration for SUP contents. i will check mark on “Download both full files for all approved updates and express installation files for windows 10 or later.” and Next.
On Classifications Tab, choose software updates you want, i will choose Critical Updates, Security Updates, Tools, Upgrade Rollups, Updates, Upgrades. Next
On Products Tab, Select all the updates you will be updating in your environment. i will select Windows 10,11, Server 2012-2022. Next.
Choose the language as English, Next
On Summary Page, review your changes details and Next.
Installation Completed. click on Close.
Lets verify the details if installed or not, Open Configuration Management Console -> Administration -> Overview -> Site Configuration -> Server and site System Roles -> Click on Server and check roles installed or not. As verified role is installed.
Also let verify also in logs, got Drive:\Program Files\Microsoft Configuration Manager\Logs\SUPSetup.log
Installation was successful.
That’s it!
Conclusion!!!
In this article i have explained step by step process about install software update point in MECM server with its benefits. In the next article i will be explaining step by step about Synchronizing WSUS with Microsoft and reflection of update in MECM Server.
