How to install SCUP and configure
This will show the steps on how to install SCUP and also configure a third party catalogue, (EH Adobe Flash player) and deploy the clients reporting to SCCM server.
You can download the SCUP from the following link http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0446cce9-94a4-4fb0-b335-e7516044063d&displaylang=en
On the SCCM server or on any other server you can install System Center Updates Publisher.
The perquisite is to have SQL server. You can use the express installation or use any other SQL server.
Updates Publisher is supported on the following operating systems:
- · The Microsoft Windows® XP Professional operating system with Service Pack 2 (SP2)
- · The Microsoft Windows® XP Professional x64 Edition operating system
- · The 32-bit versions of the Microsoft Windows Server®°2003 operating systems with Service Pack 1 (SP1)
- · The x64-based editions of the Microsoft Windows Server®°2003 operating systems
- · The 32-bit versions of the Microsoft Windows Server®°2003 R2 operating systems
- · The x64-based editions of the Microsoft Windows Server®°2003 R2 operating systems
- · The Windows Vista™ operating systems
- · The x64-based editions of the Windows Vista™ x64 Edition operating systems
- · Updates Publisher has the following software requirements:
- · Microsoft Management Console 3.0 (MMC). MMC 3.0 must be installed prior to running the Updates Publisher Setup. You can download the MMC 3.0 from the Microsoft Download Center Web site (http://go.microsoft.com/fwlink/?linkid=21788).
- · For Updates Publisher 4.5, WSUS 3.0 SP2SP1 Administration Console. If WSUS 3.0 SP2 is not already installed on the local computer, the WSUS 3.0 SP2 Administration Console must be installed prior to running the Updates Publisher Setup. You can download the WSUS 3.0 SP2 Administration Console from the Windows Server Update Services Web site
- · Microsoft Internet Explorer 6 SP1 or later. A supported version of Internet Explorer must be installed prior to running the Updates Publisher Setup. You can download Internet Explorer 6 SP1 from the Microsoft Download Center Web site (http://go.microsoft.com/fwlink/?linkid=21788).
- · Microsoft Windows Installer 3.1. The Updates Publisher Setup installs Windows Installer 3.1, if required.
- · Microsoft .NET Framework 2.0. The Updates Publisher Setup installs .NET Framework 2.0, if required.
- · Microsoft SQL Server 2005 SP1 or Microsoft SQL Server 2005 Express Edition SP2. The Updates Publisher Setup installs SQL Server 2005 Express Edition SP2, if required.
How to install SCUP
Double click the SystemCenterUpdatesPublisher45.exe.
Click next and it will ask to select local database or install SQL express edition. DO the same
Once clicked next it will install the perquisite and then will proceed the installation
Select The folder
Installation will proceed and will complete the installation
Once done complete the installation click on finish.
How to configure SCUP
Once the installation is over open the console of SCUP.
Click on import updates from the right side. You can download the adobe flash player catalogue from the following link http://fpdownload.adobe.com/get/flashplayer/current/licensing/win/AdobeFlashPlayerCatalog_SCUP.cab
Click on Single Catalogue Import
Point to the CAB file downloaded.
IT will then start uploading
Click on Accept
Once you have completed this you will find adobe flash player as shown below.
Now the set the Publish flag. On the Adobe flash player select settings and then do the following configuration. Select the update server if locally installed the same one or you can select the remote in case you install SCUP.
First, you have to configure SCUP to sign patches with the WSSC. To do that, select the settings option from the console screen
On the Update Server tab, select create to create the WSSC
Once complete, you should have a new WSSC as shown
This action creates the WSSC in the WSUS > Certificates note of the Certificates.msc as shown
So the certificate we need is now created, but we aren’t ready to go yet. Next we have to make sure the WSSC cert is included in the Trusted Publishers > Certificates and the Trusted Root Certificate Authorities > Certificates store.Simple process to export the cert and import it to the other two stores. To export the cert, just right click on it and select to export – take all the defaults and save the cert to a .cer file. To import, just right click on the Trusted Publishers and Trusted Root Certificate Authorities nodes, respectively, and select to import and point to the file.
One this is completed On the SCUP console please do the following. Click on Publish updates
Click on Accept
Once successfully published run the Synchronization in the SCCM server
Once the synchronization is completed the security update you would see the adobe flash layer
Now on the SCCM server Download the update and then create a deployment
Select the DP
Create a Deployment
Now on the clients do the following settings
So now SCUP should be configured to sign updates with the WSSC and publish updates to the SCCM Software Update point and you can deploy them to clients. But, the clients aren’t ready to receive them and will reject the update if it arrives. To get the client ready to receive updates you need to transfer the WSSC to the clients certificate store as well. You can do this manually or even through software distribution using the certutil command.
To deploy the certificate with software distribution, do the following.
- Export the WSUS Publishers Self-signed certificate and public key to a directory on the local computer.
- Copy the Certutil.exe and Certadm.dll files to the same directory as the exported files. Certutil.exe is a command-line program that is installed as part of Certificate Services in the Windows Server 2003 family and both files are installed in %windir%\system32, by default.
- Create a software distribution package containing the files from step 1 and step 2. For more information, see How to Create a Package (http://go.microsoft.com/fwlink/?LinkId=108444)
- Add a software distribution program that runs the following command-line: certutil.exe -addstore TrustedPublisher wsus.cer, where TrustedPublisher is the name of the certificate store and wsus.cer is the name of the exported certificate. For more information about creating a software distribution program, see How to Create a Program (http://go.microsoft.com/fwlink/?LinkId=108446). For more information about certutil.exe, see the Certutil Web site on TechNet (http://go.microsoft.com/fwlink/?LinkId=108447)
- Create an advertisement for distributing the package and program to the appropriate collection. For more information, see How to Create an Advertisement (http://go.microsoft.com/fwlink/?LinkId=108449).
You may also have to include the WSSC in the Trusted Root Certificate Authorities node as well, which can be done with easy adjustments to the package if needed. Be sure and test first to determine exactly what is needed for your environment.
Once you have the certificates deployed, now you just have to adjust local policy to allow signed cupdates from an intranet Microsoft update service location. You can find that setting as shown below.
To test that everything is working, deploy a SCUP patch to a test client and review the WUAHandler.log. If all is configured properly, you should see the patch install if needed. If there are problems you will notice errors similar to the following in the log.
In the server the updatepublisher.log in %temp% on the SCUP installed machine also help to check the error.
Hope this information would be useful