Full of I.T.

Kevin Remde's IT Pro WebLog

Windows Server 2003 Administration Webcast Series (Part 12 – Maintenance and Updates) Q-n-A

Here, is this week’s “best of” Q&A log from the webcast.  Sincere thanks again to my teammates for doing such a great job helping to answer questions!  I give them the credit for the information in this document.  You guys rock!

Also I want to make sure also have the link to the Session Resources I posted for Part 12, and the homework assignment also.

Part 12 Questions and Answers:

“Will the earlier sessions in this series be made available for download? I notice that only the last 4 or so had the option to download and watch later.”

We will be making all of these available for download; they should be available within the next few weeks. Thx!

“Hi! How long will the recorded web cast be available?”

It should be available for at least a year if not two.  And of course I’ll have a copy of it forever if you want it after it’s gone from the events sites. J

“Will WSUS work with W2003 SBS?”

Yes. Although in general it is not recommended to install WSUS to a DC. If you have the option you would want it install it to a separate Server.

“Can WSUS run without Active Directory? If so, how?”

Yes. You simply install it to a server based machine. You then use Registry settings or Local Policy to allow clients to connect. The full instructions are of course a part of the setup docs included with WSUS.

“Is WSUS the merging of SUS and WUS??”

WSUS is the next version/evolution of SUS.  SUS was going to named SUS 2.0, then Windows Update Services (WUS), and now the final and forevermore name is Windows Server Update Services (WSUS).

“Is BITS 2.0 installed by default on 2003 server standard, or do you have to download it?”

It is a separate download. See the following — http://support.microsoft.com/kb/842773

“Should the SUS server be a standalone server, or can it be run from a server performing other functions.  If so, what is the load requirements for determining which of my servers I should run it from?”

SUS / WSUS should ideally run on a server separate from other network services. System requirements are posted here — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“Is WSUS still in RC?  If so, when is it expected to be released?”

Yes it is – See the following for release dates as they get posted — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“When is the anticipated release date for WSUS?  I understand it’s still a release candidate.”

You will have to monitor the site for the information — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“Is this the final version or is it still in BETA?”

It is in Release Candidate Status — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“Is WSUS available now, or is it still in beta?”

RC Status – http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“If you already have an SUS server, do you have to make any changes to the group policy if you deploy WSUS?”

No, however, the final product may have additional options you CAN configure.

“I just started getting this error on my WSUS server. There was an error adding updates to the database. Please try to synchronize again, or check your database configuration. 4/27/2005 The metadata for the update was invalid and could not be processed successfully by the database.”

You will need to check the WSUS site for support options since it is still not a released product.  There is also information on the WSUS site for posting Bug Information — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“If you select automatic updates on a SBS2003 what happens if an update needs to reboot?”

You should NOT set the Server itself to automatically update.  However, if you do, it will perform as any other client does.

“Can the update files reside on a share pointed to by DFS taking advantage of site awareness of Windows XP to find the file share to pull the updates from?  Or, do the updates have to come from a WSUS server?”

What we support is having them come from the WSUS Server at this time. This may change when the product releases.

“Does WSUS work with remote computers connecting for a small amount of time, or do you need to be connected for extended period to ensure updates are pushed to the client?”

1) Clients PULL the updates. 2) They have to stay connected long enough to PULL the file. How long this is depends upon the size of the files. 3) The benefit of BITS technology (Background Intelligent Transfer Services) is that an interrupted download will pick up where it left off the next time the computer starts up. 

 “When will WSUS be out for general availability?”

Please refer to the Main WSUS site for release dates — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“Can these WSUS updates be deployed to Windows 2000 desktops, or only Windows XP?”

Windows 2000 is a supported Client also.

“Can the WSUS policy be used in a W2K environment?”

Yes.  You can import the wuau.adm policy template file into the Group Policy object in the GP Editor.

“Can you use the SUS repository for getting the updates for WUS?”

If you are referring to chaining, you can set up a hub and spoke distribution method for deploying multiple update servers. Only one needs access to Windows Update where other WSUS server can point to another local update server for updates.

“Is there a way to use WSUS without policy and AD?”

Yes. Go to the WSUS Site and review the docs there. We have a deployment guide available that explains this. — http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

“Is WSUS a chargeable product?”

No. It is a free download now as a Release Candidate and will be a free download once finished.

“Is WSUS site aware? I.E. can updates be deployed based on what site a computer is in?”

No..or rather, somewhat.  WSUS doesn’t natively detect or work with site boundaries.  But it is Active Directory aware in that you can use Group Policy to define what group a computer is in.  And that being the case, you could apply that group policy object at the site level. 

“Does WSUS work with SQL Server 2005 Beta 3 Express?”

I don’t think it has been tested, so I can’t really speculate.

“With WSUS installed and configured what does a user see if they open IE and go to the internet update site? Can a laptop user get critical updates while traveling?”

A user can ALWAYS go directly to the Windows Update Site on the web to get updates. if you use Group Policy to configure clients to point to a WSUS server for Automatic Updates they will also check on the schedule you define with the WSUS Server.

“I missed it earlier… does WSUS come with its own SQL server, or do you have to supply that?  If you have to supply it, can it run as a separate instance on another SQL server?”

It does install the MSDE for you if you want it to, or you can use your own instance of SQL on the local or another server.

“If others use port 80 – you need to change the port for WSUS?”


“I am referring to the fact that now we are using SUS for patching. Can I integrate WUS

Please refer to the Deployment guide for these types of configurations — http://www.microsoft.com/windowsserversystem/updateservices/techinfo/deployment.mspx

“How does this affect update that require re-boot?  Esp. In a Server patch.”

It depends on your Automatic Update settings.  You can force a reboot or you can have it wait.

“Is there or will there be a MOM knowledge pack for WSUS & auto update clients?”

Hmmmm….good question…I am not sure.  There isn’t one currently, but that doesn’t mean that there won’t be one.

“If I fill out will I win the drawing?? Can you make me win??.:o)”

Uh…..no. J  If I can’t make ME win, why would I be able to make YOU win?  (and why would I want to? <heh>)

“Will WSUS work without Active Directory? If so, how?”

Yes!  And so does SUS, actually.  You can configure the registry in SUS, but in WSUS you can set computer groups by NETBIOS name or IP

“Any documentation that I can refer to regarding WSUS work without AD?”

There is a deployment guide on the site now that discusses all deployment options — http://www.microsoft.com/windowsserversystem/updateservices/techinfo/deployment.mspx

When will the full version of WSUS be available?

VERY soon, I believe.  It’s already a release candidate.

“LM system is still very buggy (joining, PDF) – effectively missed this webcast also and wasted my time 🙁 Sorry!!!”

I hope you put that in the evaluation, too.  I’m sorry this week was difficult for you.  Heck.. even I had connection issues – but they were hotel-related.  L

“I’ve been using WSUS for a few weeks, and it is a great tool. I highly recommend it.”


 “Are there any white papers on the difference between SUS and WSUS?”

Not yet.  But in a nutshell… Reporting, Bandwidth-savings, product updates, targeting, approval options (“detect only”, “install”, etc)… oh man… the list gets longer and longer!

“If you update office patches from an AIP installation, is it okay to use the SMS SUS until you patch the AIP?”


“If the only server in our network is SBS2003 are there anything we need to watch out for?”

If you decide to load WSUS to the SBS Server you need to understand it will increase the lode further on that single server. And you want to make sure to use the OTHER port option when you install it (so it’s not stomping on your Port 80 web apps).  It’s doable, but it is recommended to install WSUS to a member server if possible. 

“Can WSUS be installed on a win2000 server and service XP clients?”

Yes. You must have Windows 2000 SP4 to install WSUS to the server and we would still support the same clients.

“Can it be installed on a XP Pro Workstation?

The WSUS product must be installed on a server.  However, you can administer WSUS from your workstations.

“When is Part 7 available?”

Ah yes.. Part 7 is the one that they weren’t able to use the original recording on.  It should be soon, though, if not already.  I re-recorded it last Thursday, so it should be. Try re-registering for the on-demand one again.

“Thanks for all the great info!!!”

You are welcome!

“Thanks, Kevin! Really enjoyed the webcasts!”

You betcha!

“What is Kevin’s next TechNet Series?”

Keep watching this space.  J  Seriously, I don’t have one scheduled yet, but I hope to do one again someday.  In the meantime, I’m still doing the one-off webcasts and the live events.  And you’ll find me at TechEd again this year, too!  And if I get the nod to do another series, I’ll be sure to post it here.

Once again – thank you for making this series so enjoyable!  I hope you learned some cool stuff!