Prerequisites for software updates in System Center Configuration Manager
Applies to: System Center Configuration Manager (Current Branch)
This article lists the prerequisites for software updates in System Center Configuration Manager. For each of these, the external dependencies and internal dependencies are listed in separate tables.
Software update dependencies that are external to Configuration Manager
The following sections list the external dependencies for software updates.
Internet Information Services
Internet Information Services (IIS) must be installed on site system servers to run the software update point, the management point, and the distribution point. For more information, see Prerequisites for site system roles.
Windows Server Update Services
Windows Server Update Services (WSUS) is necessary for software updates synchronization and for the software updates applicability scan on clients. The WSUS server must be installed before you create the software update point role. The following versions of WSUS are supported for a software update point:
- WSUS 10.0.14393 (role in Windows Server 2016)
- WSUS 10.0.17763 (role in Windows Server 2019) (Requires Configuration Manager 1810 or later)
- WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
- Beginning with version 1702, Windows Server 2008 R2 isn't supported for the software update point role. For more information, see Supported operating systems for site system servers.
When you have multiple software update points at a site, ensure that they're all running the same version of WSUS.
The Upgrades software updates classification is only supported starting with WSUS 4.0. Before you synchronize this new classification and have the ability to evaluate Windows 10 computers in a Windows 10 servicing plan, it is critical that you install hotfix 3095113 for WSUS on your software update points and site servers. This hotfix enables WSUS on a Windows Server 2012-based server or a Windows Server 2012 R2-based server to sync and distribute feature upgrades for Windows 10. For more information, see Manage Windows as a service.
If you synchronize software updates with the Upgrades classification before you install hotfix 3095113, see Recover from synchronizing the Upgrades category before you install KB 3095113.
WSUS Administration Console
The WSUS Administration Console is required on the Configuration Manager site server when the software update point is on a remote site system server and WSUS isn't already installed on the site server.
The WSUS version on the site server must be the same as the WSUS version that's running on the software update points.
Don't use WSUS Administration Console to configure WSUS settings. Configuration Manager connects to the instance of WSUS that is running on the software update point and configures the appropriate settings.
Windows Update Agent
The Windows Update Agent (WUA) client is required on clients so that they can connect to the WSUS server. WUA retrieves the list of software updates that must be scanned for compliance.
When you install Configuration Manager, the latest version of WUA is downloaded. Then, when you install the Configuration Manager client, WUA is upgraded if necessary. However, if the installation fails, you must use a different method to upgrade WUA.
Software update dependencies that are internal to Configuration Manager
The following sections list the internal dependencies for software updates in Configuration Manager.
Management points transfer information between client computers and the Configuration Manager site. The managment points are required for software updates.
Software update points
You must install a software update point on the WSUS server to be able to deploy software updates in Configuration Manager. For more information, see Install and configure a software update point.
Distribution points are required to store the content for software updates. For more information about how to install distribution points and manage content, see Manage content and content infrastructure.
Client settings for software updates
By default, software updates are enabled for clients. However, there are other available settings that control how and when clients assess compliance for the software updates and control how the software updates are installed.
For more information, see the following articles:
Reporting services points
The reporting services point site system role can display reports for software updates. This role is optional but recommended. For more information about how to create a reporting services point, see Configuring reporting.
Recover from synchronizing the Upgrades category before you install KB 3095113
You must install hotfix 3095113 for WSUS on your software update points and site servers before you synchronize the Upgrades classification. If the hotfix is not installed when the Upgrades classification is enabled, WSUS sees the Windows 10 build 1511 feature upgrade even if it can’t properly download and deploy the associated packages.
If you synchronize any upgrades without having first installed hotfix 3095113, you populate the WSUS database (SUSDB) with unusable data. That data must be cleared before the upgrades can be properly deployed. Use the following procedure to recover from this issue.
To recover from synchronizing the Upgrades classification before you install KB 3095113
Delete software updates with the Upgrades classification. You can use a PowerShell script that's similar to the following sample script:
$Server = Get-WSUSServer $Config = $Server.GetConfiguration() $Update10563 = “df4e45a3-946d-4467-b3fd-8621174bb666” $UpdateGUID = New-Object Guid($Update10563) $Server.DeleteUpdate($UpdateGUID)
You must run the script on all software update points in your Configuration Manager hierarchy before you go to the next step.
To bulk delete software updates with the Upgrades classification, you can modify the PowerShell script to read multiple GUIDs from a text file.
Uncheck the Upgrades classification in the Software Update Point component properties. (For more information, see Configure classifications and products.) Then start software updates synchronization. (For more information, see Synchronize software updates.)
Install hotfix 3095113 for WSUS on your software update points and site servers.
Select the Upgrades classification in the Software Update Point component properties. (For more information, see Configure classifications and products.) Then start the software updates synchronization. (For more information, see Synchronize software updates.)
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.