In need of an SCCM expert to help me with the following.....

I have a primary site which consists of 3 different AD forests with no trusts between them. Primary site "serverA" is in forestA which has SUP role installed (among others) and configured to download from Microsoft Update. Site system "serverB" is in forestB and also has SUP role installed (among others) and is correctly configured as a downstream replica of "serverA". Site system "serverC" is in forestC and is also configured as above. The WCM.log on "serverA" indicates that the validation test of the all 3 WSUS servers is good as successful connections to each server with the relevant AD account is recorded. Probably worth noting that these are new servers that have not had WSUS installed until recently. 

Clients in forestA are correctly configured to point at serverA for their WSUS configuration and so are receiving updates. The issue I have is that clients in forestB & forestC are both trying set the WSUS configuration to point at serverA.

I think that is because in the LocationServices.log on the clients it is only listing 1 "WSUS Path=serverA......." when it is performing the Software Update Scan. I can see from the logs that before I began to troubleshoot this issue at some stage I had 2 servers listed in the LocationServices.log - serverA and serverB. Over the course of today I have repeatedly been removing and re-adding the SUP role to serverB and serverC.

It's probably worth noting that, in LocationServices.log, the client in forestB is aware it is in the correct AD site and that there are 3 MP's available and that MP in forestB is preferred. This is shown in the ClientLocation.log. In the WUAHandler.log I can see that serverA is getting set as the WSUS update source, which is also reflected in the WindowsUpdate.log but this fails as this communication is disallowed by our security. If I manually set the WSUS settings to point to serverB I get an error in the WUAHandler.log and the Software Update Scan fails.

I'm now at the stage where, using log files on the various servers, I have confirmed that the SUP roles installed successfully and as above the primary server can communicate with both downstream site system servers.

Can anyone help me determine the what I need to do to get all 3 servers listed in the LocationServices.log on all clients?

Thanks in advance.
Paul

Hi,

>>The issue I have is that clients in forestB & forestC are both trying set the WSUS configuration to point at serverA.

The multiple software update points is designed for fault-tolerance. Haven't found any way to specify SUP for clients. If you have multiple software update points at a site, and then one fails or becomes unavailable, clients will connect to a different software update point and continue to scan for the latest software updates. When a client is first assigned a software update point, it will stay assigned to that software update point unless it fails to scan for software updates on that software update point.