Update ADR - Download Server in DMZ/Workgroup

Greetings and hope all are well ? 

very quick question.   Want to create an ADR for SCEP,  the WSUS download server is in a DMZ and a workgroup. Manually all sychronisation and downloads work perfectly for SCEP and other "normal"  Software Updates, however it fails with the ubiquitous 87D20417 / access denied error when using ADR.  Same process works manually as I can of course enter the server name and user account (local admin for the DMZ WSUS server).

Ive tried setting an access account - in the SUP settings, and can obviously only use a local account that is "on" the WSUS server. -  It fails if I use "administrator"

How do I configure this for the ADR to work.

many thanks

March 26th, 2015 6:36am
What does ruleengine.log tell?
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2015 6:54am

Hi Torsten

The error - 

"Failed to download the update from UNC content source. Error = 1326"

the download source is the "stand alone" WSUS server in the DMZ

If I do the download/update manually - it works

I did see/read your post, 

https://social.technet.microsoft.com/Forums/en-US/b4c7ccf7-aff1-4cfc-bda2-c93ea48d0ce0/automatic-update-deployment?forum=configmanagersecurity

but Id noticed the last question wasnt answered - which would have answered m

March 26th, 2015 9:03am

Hi,

As you know, you cannot add the system account of site server to the UNC content source. You need to save these updates to a network location accessible by the site server.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
March 27th, 2015 2:05am

OK, so what we are saying is - ADRs will only ever work when the WSUS synch server is a domain member and not a workgroup (like most DMZs)  UNLESSS we set a  scheduled job to copy those files, once downloaded from MS Update, to an accessiblenetwork share

thanks for all the replies.

March 27th, 2015 3:40am

Ive had an idea !!

Set up an auto approval for the SCEP Def Updates on the downstream WSUS server (the SCCM SUP)

this then populates the local WSUSCONTENT folder, and thus becomes the download source for the ADR pacakage...........

Initial testing shows - manually running the auto approval rule -  it works.

I'll update later if people are keen to know if this works as a whole solution ?  It may help the person in the link that I posted in response to Torsten

====================================================

EDIT - / - UPDATE

I can conform the above works automat

Free Windows Admin Tool Kit Click here and download it now
March 27th, 2015 7:37am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics