Step 3: Configure the Network Connection
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server Update Services
After installing WSUS, you are ready to access the WSUS console in order to configure WSUS and get started. By default, WSUS is configured to use Microsoft Update as the location to obtain updates. If you have a proxy server on your network, use the WSUS console to configure WSUS to use the proxy server. If there is a corporate firewall between WSUS and the Internet, you might need to configure the firewall to ensure that WSUS can obtain updates.
Although you must have Internet connectivity to download updates from Microsoft Update, WSUS offers you the ability to import updates onto networks not connected to the Internet. For more information, see the “Deploying Microsoft Windows Server Update Services” white paper.
Step 3 contains the following procedures:
Configure your firewall so that WSUS can obtain updates.
Open the WSUS console.
Configure proxy-server settings so that WSUS can obtain updates.
To configure your firewall
If there is a corporate firewall between WSUS and the Internet, you might need to configure that firewall to ensure that WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable.
If your organization does not allow those ports and protocols open to all addresses, you can restrict access to only the following domains so that WSUS and Automatic Updates can communicate with Microsoft Update:
The steps for configuring the firewall above are meant for a corporate firewall positioned between WSUS and the Internet. Because WSUS initiates all its network traffic, there is no need to configure Windows Firewall on the WSUS server.
Although the connection between Microsoft Update and WSUS requires ports 80 and 443 to be open, you can configure multiple WSUS servers to synchronize with a custom port. For more information about synchronizing WSUS servers with a custom port, see the “Deploying Microsoft Windows Server Update Services” white paper.
To open the WSUS console
- On your WSUS server, click Start, point to All Programs, point to Administrative Tools, and then click Microsoft Windows Server Update Services.
You must be a member of either the WSUS Administrators or the local Administrators security groups on the server on which WSUS is installed in order to use the WSUS console.
If you do not add http://<WSUS Web site name> to the list of sites in the Local Intranet zone in Internet Explorer on Windows Server 2003, you might be prompted for credentials each time you open the WSUS console.
If you change the port assignment in IIS after you install WSUS, you need to manually update the shortcut on the Start menu.
You can also open the WSUS console from Internet Explorer on any server or computer on your network by entering the following URL: http://WSUSservername/WSUSAdmin
To specify a proxy server
On the WSUS console toolbar, click Options, and then click Synchronization Options.
In the Proxy server box, select the Use a proxy server when synchronizing check box, and then type the proxy server name and port number (port 80 by default) in the corresponding boxes.
If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server check box, and then type the user name, domain, and password of the user in the corresponding boxes. If you want to enable basic authentication for the user connecting to the proxy server, select the Allow basic authentication (password in clear text) check box.
Under Tasks, click Save settings, and then click OK in the confirmation dialog box.