SOLVED

1810 third party updtaes

Iron Contributor

Hi,

 

I have 1 site with 3 server 2 2012 r2 with SUP installed working with the same SUSDB and one 2016 with MP and DP. One 2012 is our site system and server and the second one is in our DMZ network for ICBM.

 

I'm trying to deploy third party updates. When I publish those updates and sync them the source content of the updates changes to our DMZ server location for some reason and when I try to download the updates I get 404 error so I can't deploy them.

 

I would really appreciate the help because I tried googling and didn't find anything.

 

Thanks in advance.

1 Reply
best response confirmed by RahamimL (Iron Contributor)
Solution

Hello @RahamimL

 

In general, for 404 first check that you can access the download URL manually with the same network configuration(like proxy)in DMZ.

 

Based on the details you provided you seem to be using the Shared DB option for WSUS and this has some unique issues. There are 2 things to be aware of when using the shared db option for WSUS with Configuration Manager:

 

1 – (Possibly the issue you describe) The WSUS content share must be configured with a UNC and accessible for primary SUP server so downloads can happen. The UNC requirement is already mentioned in our docs around “shared db”, and again in this blog post: 

https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/How-to-implement-a-shared-SUSDB...

 

2 –The certificate management functions will not work correctly because sync will use a random SUP for cert operations instead of the default SUP.  This is a known issue that we are working on. 

 

Workarounds:

For #1 it is a configuration issue.

For #2 use SCUP or other tools to configure WSUS content signing cert and install the same cert on both WSUS at top-level site. Don’t let ConfigMgr manage the cert or don’t use shared db.

 

I hope this helps

Yvette

1 best response

Accepted Solutions
best response confirmed by RahamimL (Iron Contributor)
Solution

Hello @RahamimL

 

In general, for 404 first check that you can access the download URL manually with the same network configuration(like proxy)in DMZ.

 

Based on the details you provided you seem to be using the Shared DB option for WSUS and this has some unique issues. There are 2 things to be aware of when using the shared db option for WSUS with Configuration Manager:

 

1 – (Possibly the issue you describe) The WSUS content share must be configured with a UNC and accessible for primary SUP server so downloads can happen. The UNC requirement is already mentioned in our docs around “shared db”, and again in this blog post: 

https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/How-to-implement-a-shared-SUSDB...

 

2 –The certificate management functions will not work correctly because sync will use a random SUP for cert operations instead of the default SUP.  This is a known issue that we are working on. 

 

Workarounds:

For #1 it is a configuration issue.

For #2 use SCUP or other tools to configure WSUS content signing cert and install the same cert on both WSUS at top-level site. Don’t let ConfigMgr manage the cert or don’t use shared db.

 

I hope this helps

Yvette

View solution in original post