question

Tutek avatar image
0 Votes"
Tutek asked RitaHu-MSFT commented

Do I need join WSUS server to domain

Hi,
I will configure WSUS on Windows 2019, I have a domain, and my question is, if I need to connect this WSUS server to my domain, or this is not necessary?

thanks

windows-active-directorywindows-server-update-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·
learn2skills avatar image
1 Vote"
learn2skills answered

Hi @Tutek

WSUS server is not a domain based, there's no requirement that we must join the WSUS server to the domain. You can join to the domain, [OR] not join is OK.

You can use WSUS as a standalone server and it requires modifying the registry on the client devices.
refer- https://social.technet.microsoft.com/Forums/ie/en-US/15c28bc8-e28e-4b67-913e-d27597fdb435/do-i-have-to-join-wsus-server-to-domain?forum=winserverwsus

Configure WSUS


If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Tutek avatar image
0 Votes"
Tutek answered learn2skills commented

I read that if I did not connect wsus to domain, then clients cannot report to it, is that true?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

It's not like that, if you join or not join to domain client machines will report to wsus, once the WSUS IP address is available in client machines GPO.

WSUS can use a standalone server

To report client machines in wsus server, refer below screenshot this settings should update on the client machines.
cmd->gpedit.msc -> Local Computer Policy -> Computer Configuration -> Administraive Templates -> Windows Components -> Windows Updates
86088-image.png


If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.


0 Votes 0 ·
image.png (1.2 MiB)

To follow-up, Please let us know if you have further query on this.
Please don’t forget to Accept the answer

0 Votes 0 ·
RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered

Hello Tuteck,

Thanks for your posting on Q&A.

There is not necessary to join the WSUS server in to domain. Of course, you can.

I read that if I did not connect wsus to domain, then clients cannot report to it, is that true?
No. The report is not related whether the WSUS Server is joined into domain or not.

Regards,
Rita


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Tutek avatar image
0 Votes"
Tutek answered RitaHu-MSFT commented

I have a problem, I created reg file for non-domain servers to apply setting related to WSUS, content of this file is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="https://wsus.ad.company.com:8531"
"WUStatusServer"="https://wsus.ad.company.com:8531"
"UpdateServiceUrlAlternate"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000003
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"ScheduledInstallEveryWeek"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"UseWUServer"=dword:00000001

Servers appear in WSUS, but they do not report. My domain computers are reporting while after they connect to WSUS, and these non ddomain computers do not reports at all (I waiting already 24 hours).

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Did all the non domain-joined clients fail to report?

Please help to confirm whether the clients installed the latest updates. If not, please help to install the latest updates.

Remove the non domain-joined clients on the WSUS console and check for updates manually on the clients to see whether this issue will be resolved or not.

0 Votes 0 ·