We're in the process of deploying WSUS on Windows 2012 R2 in our environment and I have a question regarding access over the web... I would like to provide clients with the ability to access the update server regardless of being connected to the company internal network. I see that the standard GPO settings call for following, and in our lab it is working fine. One the same internal network.
Computer Configuration, Policies, Administrative Templates, Windows Components, Windows Update
Specify intranet Microsoft update service location
Set the intranet update service for detection updates: http://serverhostname:5830
Set the intranet statistics server: http://serverhostname:5830
So, If I wanted to change this to HTTPS and make it accessible over the web, based on my experience with Windows Server the steps would look something like this:
1. Create Internal and external DNS record that will resolve the internal IP address of the WSUS server and the External IP address of the WSUS server. wsus.domain.com for example.
2. Purchase a Godaddy or competing certificate from a public store and install it for the default site in IIS. Configure HTTPS bindings to answer on port 5830.
3. Configure GPO mentioned above to utilize https://wsus.domain.com:5830
~~~~~~~~~~~~~~~~~
Seems pretty straight forward.. However I am wondering if this configuration is supported, recommended, or if anyone else out there has it configured in this way? Our deployment will service approximately 300 workstations from a single installation at our datacenter. Any insight or recommendations would be greatly appreciated. Thank you!
Adam Tyler / adam@tylercrew.com