On the 24th of May the System Center Team released System Center Updates Publisher 2011. See the following link to the detailed announcment: http://blogs.technet.com/b/systemcenter/archive/2011/05/24/system-center-updates-publisher-2011.aspx. Yesterday I installed en configured SCUP in my own lab environment.
Installation of SCUP 2011
- Download the source from here
- Start the SCUP installer with administrative rights.
- On the welcome screen click Next
- Install the Microsoft .Net Framework 4.0
- Install the Microsoft WSUS 3.0 SP2 hotfix as suggested on all your WSUS servers in your SCCM environment and the SCUP 2011 server.
- Accept the License Agreement and click Next
- Select the Installation Location and click Next
- Click on Next to start the installation
- Click on Finish to end the installation
- Start the SCUP console from the Start Menu
- Click on the blue settings button and click Options
- Enable the option “Enable publishing to an update server” and select the correct WSUS Server configuration. Click on “Test Connection” to test the connectivity to your WSUS server
- Now we need to select or create a singning certificate. Click on the Create button to create a self-signed certificate
- Now we need to export the self-signed certificate from the Certificates store. This can be done through the certificates MMC snapin. The certificate can be found in the Computer account >> WSUS >> Certificates
- Right-Click on the WSUS self-signed certificate and select All Tasks >> Export. Follow the wizard an save the certificate with the standard options.
- Now import this certificate on your Update Servers and your SCUP server in the following Stores:
– Trusted Publishers
– Trusted Root Certification Authorities
- After adding the certificate to the servers you also need to place the certificate on the clients. The certificate needs to be placed in the same certificate folders. Beside importing the certificate you also need to enable the group policy option “Allow signed content from intranet Microsoft update service location”. I used a Group Policy to deploy the certificate and to enable te setting. See the Policy below
After adding the above settings SCUP is ready to deploy the updates to your WSUS/SCCM environment. During the above process I got the following error/problems:
Problem: Access Denied errors during the deployment of the updates to the WSUS environment
Solution: Run the SCUP console with administrative permissions
Problem: Unable to install updates on the clients
Solution: I didn’t enabled the “Allow signed content from intranet Microsoft update service location”