Current scenario
Production Environment: (1) Windows 2003 WSUS server configured as replica in Production DMZ (Production clients connect to this server to get patches.)
Test Enviornment: (1) Windows 2003 WSUS server configured as the upstream server in Test DMS (Test clients connect to this server to get patches.)
Firewall with NAT (From replica server in production dmz to the upstream server in the test DMZ)
This scenario works great as we can download, test and approve in the TEST Environment and then synch a few times from the production DMZ and approvals and patches are brought over to the production LAN.
I am replacing two existing Windows 2003 WSUS servers in the DMZ to Server 2008 R2. The existing servers will be retired.
New scenario
Step 1: I installed and configured a new WSUS server in the Test DMZ (host name and ip different than the upstream) and configured this WSUS server as replica and pointed to the existing upstream server and did a synch.
“Waited for initial synchronisation to complete. This will synchronise update files, approvals, and computer groups, but not other server settings. This step saves you having to download your
approved updates from the internet again.”
1<sup>st</sup> problem: the sych brought over all of the update files, and brought over the groups but not the computers in the groups.
Step 2: Download WSUS API Samples and Tools from Microsoft)
Step 3: Changed the new server from replica to standalone (will be the new upstream server)
Next steps from tutorial found on web
Step 4: Run "wsusmigrationexport.exe settings.xml" to export the settings. This will backup your approvals and target groups to an XML file.
Step 5: Copy the XML file to the new server.
Step 6: On the new server open a command prompt and navigate toC:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\WsusMigrationImport folder. Run "wsusmigrationimport.exe settings.xml All None".
Step 7: Change the GPO in the Test Enviornment to point to the new Upstream Server. (Success)
Step 8: Changed the NAT on the firewall to point to the new upstream server.
Step 9: Ran a synch from the (replica WSUS in the Production DMZ) traffic passed through firewall no issue.
Step 10: Turned off the Windows Update services on the existing upstream server which is being removed and replaced.
NOTE: The existing WSUS Replica server in the Production DMZ has not been changed at this point.
2<sup>nd</sup> problem:
Downstream replica server does not show up in the downstream section on the console of upstream server. Also the computers from the Production LAN do not show up on the upstream server console.
From the Replica server when attempting to Sych to the upstream server, synch fails with the following message:
WebException: The request failed with HTTP status 400: Bad Request.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
I would like to get the replica and upstream server to communicate before proceeding any further.
Any ideas on how I can get the replica to synch to upstream?
Thanks.
bc