How to Publish Software Updates Publications

  • Article

Applies To: System Center 2012 Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2, System Center Essentials 2010

Use these procedures to publish software updates from the Publications workspace. To publish software updates, you must connect to a Windows Server Update Service (WSUS) server and specify a signing certificate before you can publish the software updates. (The Windows Server Update Service (WSUS) server is also referred to as the update server.) The first procedure describes what you have to do to connect to the WSUS server and specify a signing certificate. (Following that procedure is information that you need to know if Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2.)The second procedure describes how to publish the software updates from the Publications workspace. System Center Updates Publisher 2011

To connect to a WSUS server and specify a signing certificate

  1. In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.

  2. Click Overview.

  3. On the Overview page, click Configure WSUS and Signing Certificate.

    Important

    Always publish to the top-level WSUS server in your Configuration Manager environment so that all child sites have access to the Updates Publisher 2011 updates that you publish.

  4. Select the Enable publishing to an update server check box for Updates Publisher 2011 to publish software updates.

  5. Specify whether the software update server is local or remote.

    • Click Connect to a local update server if the software update server and the Updates Publisher 2011 console are installed on the same computer.

    Important

    When a custom WSUS website is used for a local update server, and the website is configured to use an HTTP port other than HTTP port 80 or HTTP port 8530, you must select Connect to a remote update server, or the connection to the local update server fails.

    • Click Connect to a remote update server if the update server and the Updates Publisher 2011 console are not on the same computer. Specify the following settings:

      • Select the check box Use SSL when communicating with the update server to use Secure Socket Layer (SSL) when you connect to the update server. Use this setting only when the update server is configured to use SSL.

      • Specify the NetBIOS name of the updates server in the Name box.

      • Specify the port that you want to use when you connect to the update server in the Port box. Use the HTTP port number if SSL is not used, and use the HTTPS port number if the check box Use SSL when communicating with the update server is selected. The default HTTP port is 80, and the default HTTPS port is 443. Check the update server configuration to verify which port you should use.

  6. Click Test Connection to validate that the update server name and port settings are valid. A message appears that indicates whether the connection succeeded or failed. If the connection failed, verify the server name, port settings, and that the update server is accessible, and then test the connection again.

  7. If a digital certificate is not detected for the update server, specify a certificate by clicking one the following buttons:

    • Browse: Opens a Browse dialog box in which you select the certificate file. This option is available only when Updates Publisher is local to the update server or when you used SSL to connect to a remote update server. Select the certificate, and then click Create to add the certificate to the WSUS certificate store on the update server.

    • Create: Creates a new certificate, or uses the certificate that you specified by using Browse, and adds the certificate to the WSUS certificate store on the update server. Enter the .pfx file password for certificates that you selected by using Browse.

    • Remove: Removes the certificate from the WSUS certificate store on the update server. This option is available only when Updates Publisher 2011 is local to the update server or when you used SSL to connect to a remote update server.

    Updates Publisher 2011 uses the certificate that is specified here to sign the software updates that are published to the update server. Publishing to the update server fails if the digital certificate specified is not copied to the appropriate certificate stores on the update server, and on the computer running Updates Publisher 2011 if it is remote from the update server. For more information about adding the certificate to the certificate store on the update server, see Managing Security for System Center Updates Publisher 2011.

Important

If Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2, the following requirements must be met:

  • When Updates Publisher 2011 and WSUS (full) are installed on the computer running Windows 2008 Server R2 and you are publishing to a remote update server, you must be part of the WSUS Administrators group on both computers.

  • When Updates Publisher 2011 and the WSUS Administrative console are installed on the computer running Windows 2008 Server R2 and you are publishing to a remote update server, you must be part of the WSUS Administrators group only on the remote server. The remote update server will always have WSUS (full) installed.

  • When publishing to a local update server and Updates Publisher 2011 and WSUS (full) is installed on the same computer, you must be part of the WSUS Administrators group only on the local computer.

When joining the WSUS Administrators group, you must log off and log on again for those settings to take effect.

To publish software updates

  1. In the Updates Publisher 2011 console, click Publications. The workspace is displayed at the bottom of the navigation pane in the console.

  2. Select the publication that you want to publish, and then on the Home tab, click Publish. For information about creating a publication, see How to Create a Publication.

    Important

    Software updates that are published as metadata only cannot be used to deploy software packages. Metadata-only publications can be used only for scanning purposes.

  3. If you have changed your signing certificate and you want to sign all your software updates with a new certificate, select the check box Sign all software updates again with a new publishing certificate when the software updates have not changed after the last time they were published.

  4. Click Next.

  5. On the Summary page, review the items to be published, and then click Next.

  6. On the Confirmation page, review what was published, and then click Close to exit the wizard. Updates Publisher 2011 indicates which software updates were published, if the software update was published with full content or metadata only (software update bundles are always published as metadata only), if the software update was skipped, and if the software update failed to be published. Links to the Updates Publisher 2011 log file are provided if a software update was skipped or if it failed to publish.

See Also

Concepts

Managing Publications