Hi guys,

I have this 3-tier hierarchy - Central, Primary sites & Secondary sites.

Central site has its own SQL Server 2005 DB, and all Primary sites also have its own SQL Server 2005 DB.

Central and Primary sites was installed with SUP role each, and connect to a single WSUS server as upstream server.

I'm not sure why the setup was like this, but I'd like to know whether it's necessary to have SUP role installed on all Primary Servers as well?

Afterall, we only created software updates package from Central server & distribute it to all DPs on Primary servers.

Please let me have some advice with this design, on SUP roles especially.



Many thanks in adv

"Central and Primary sites was installed with SUP role each, and connect to a single WSUS server as upstream server."

Does that mean you have the Central configured to connect to an upstream WSUS instance? If so, that's unsupported and will cause problems to my knowledge.

"Central and Primary sites was installed with SUP role each, and connect to a single WSUS server as upstream server."

Does that mean you have the Central configured to connect to an upstream WSUS instance? If so, that's unsupported and will cause problems to my know

That will happen automatically, you don't have a choice in the matter there: ConfigMgr will force all WSUS instances (that are also SUPs of course) at child sites to point to the WSUS instance (that is also a SUP) at its parent site as its upstream server. Any other way wouldn't really make sense.

holy.. we have been doing it wrong all this time?

i've just read Wally's post here http://social.technet.microsoft.com/Forums/en-US/704e29cd-f934-480b-884d-38a494210362/configuring-wsus-and-sccm

now this is the statement from Torsten is what puzzled me..

If WSUS is located on a remote machine you just have to install the WSUS console on the siteserver (http://technet.microsoft.com/en-us/library/bb693886.aspx). The computer account of the SCCM siteserver has to be local admin and WSUS admin on the WSUS box (or define a SUP connection account: http://technet.microsoft.com/en-us/library/bb694264.aspx)

now when I checked again

- the single WSUS server (namely WSUS-1) on diagram was assigned a site server role for SUP

- Central server was installed with WSUS console, and configured to point to the WSUS-1
(under WSUS update source & proxy server options)

- All Primary servers then installed with SUP & have their WSUS update source & proxy pointed to the WSUS-1 also.

is this setup design is still unsupported?

No, as mentioned, this is enforced automatically by ConfigMgr in a hierarchy exactly as I stated.

What's not supported is pointing your top-level WSUS instance at a stand-alone WSUS instance as its upstream source. Perhaps there is some confusion in the actual wording of your original question?