Table of Contents
Related Articles
Summary
Because the SBC 1k/2k ASM employs Microsoft's Windows Server operating system, it is necessary to periodically download Windows Updates. Updates are normally downloaded directly to the ASM from the Microsoft Windows Update website.
In some cases, the ASM may be installed in networks that do not have Internet access to Microsoft's Windows Update website, therefore the ASM requires an alternative method to download Windows Updates.
This document details how to configure a local Windows Server Update Services (WSUS) Server to permit the ASM to download any necessary updates via a local server.
Installing a WSUS
The WSUS installation instructions are provided as a convenience. Please consult the Microsoft's WSUS documentation should you have any further questions or issues.
The WSUS server must have access to the Internet in order to download windows updates from Microsoft.
An additional benefit to using a WSUS Server is that the ASM installs Windows Updates much faster. The WSUS Server works by pre-fetching all necessary updates as they become available. When the ASM requests an update, the update itself is loaded to the ASM directly from the WSUS Server.
On the target WSUS Server, begin the WSUS installation by opening the Server Manager and selecting Add role and feature.
Add Roles and Features
- Click Next until you reach the Server Role tab.
- Select Windows Server Update Services.
Click Add Features to accept the additional features required.
Add Features
- Click Next.
Select .NET Framework 3.5 Features.
.NET Framework 3.5 Features
Click Next until the Content tab, fill a folder the will host the update.
Content
Click Next then Install, let the install complete and click on Launch Post-Installation tasks
Launch Post-Installation Tasks
Once the Configuration successfully completed, you can close the Wizard
Close Wizard
Start the Windows Server Update Services, hit Next until the Proxy Server tab
Windows Server Update Services
Click Start Connecting to ensure the access to the Microsoft Server.
Start Connecting
Choose your languages.
Choose Language
- Choose the following Products
- Silverlight
- Microsoft SQL Server 2012
- Microsoft SQL Server 2014
- SQL Server 2008 R2
- Windows Defender
- Windows Drivers
- Windows Server 2008 R2
- Windows Server 2012 R2
- Visual Studio 2008
- Visual Studio 2010
- Visual Studio 2012
- Visual Studio 2013
- In the Choose Classifications tab, select then click Next
- Critical Updates
- Feature Packs
- Security Updates
- Service Packs
- Updated Rollups
- Update
Choose Classifications tab
Click Begin initial synchronization then Finish
Initial Synchronization
Configuring the WSUS server to accept Windows Update Requests from an ASM
The WSUS Server must be configured to accept incoming requests from the ASM server. Use the instructions below to configure the WSUS server to accept incoming requests.
Configure WSUS to accept ASM requests
- On the WSUS server, open Update Services.
Go to Options, then Computer.
Options
Choose Use Group Policy or registry settings one computers.
Computers
Configuring the ASM to Use the WSUS Server
The ASM must be configured to use the local WSUS server instead of Microsoft's Windows Update site. There are two methods for configuring the ASM to use a WSUS Server to download updates:
Using GPO to Specify a WSUS Server
To set the ASM down download from a WSUS Server:
- Remote desktop to the ASM Server.
- Using the Group Policy editor set "Computer Configuration" \ Policies \ "Windows Components" \ "Administrative Templates" \ "Windows Update" \ “Specifying an Intranet Microsoft Update Service location”.
- Set the Specify intranet Microsoft update service location to Enabled.
- Configure replace two server addresses listed in the Options section with the appropriate information for your WSUS Server.
Group Policy Management Editor
Do not modify the Configure Automatic Update setting. See the warning below.
Using the Registry to Specify a WSUS Server
To set the ASM's WSUS Server via the ASM registry, modify the WindowsUpdate key with the Sonus Require values as noted below:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
ASM Registry 'WindowsUpdate' Keys
Entry name | Data type | Sonus Required Values | Values |
|---|---|---|---|
AcceptTrustedPublisherCerts | Reg_DWORD | 0 |
|
DisableWindowsUpdateAccess | Reg_DWORD | 1 |
|
ElevateNonAdmins | Reg_DWORD | 1 |
|
TargetGroup | Reg_SZ | Name of the computer group to which the computer belongs. This policy is paired with TargetGroupEnabled. | |
TargetGroupEnabled | Reg_DWORD |
| |
WUServer | Reg_SZ | Your_Wsus | HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). This policy is paired with WUStatusServer, and both keys must be set to the same value to be valid. |
WUStatusServer | Reg_SZ | Your_Wsus | The HTTP(S) URL of the server to which reporting information is sent for client computers that use the WSUS server that is configured by the WUServer key. This policy is paired with WUServer, and both keys must be set to the same value to be valid. |
Do not modify the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU key to permit the ASM to automatically load updates from either the WSUS Server or Microsoft Windows Update site. Sonus selects specific updates to the ASM to ensure the SBC appliance operates within our published specifications, eliminating updates which might either break functionality or reduce the ASM's capacity.
Downloading unapproved updates to the ASM violates Sonus' Terms of Service
How to Initiate ASM Roll-up Updates
Go to ASM Roll-up Update page to apply ASM Roll-up updates on Sonus SBC 1000/2000 nodes.
Do not update ASM using any other method than what is documented.
Overview
Content Tools