Importing Updates to an Offline WSUS Server
In this lecture, I want to talk to you about importing updates to a WSUS server that does not have Internet connectivity.
Generally, the way this works is that you have a network that contains sensitive data, and is so sensitive that it's actually better to keep that computer network disconnected from the Internet.
You may have 100 servers and thousands of clients that need to be patched, and the best way to do this is with a WSUS server, so you set up a WSUS server, and then on that WSUS server, it can't reach Microsoft.com.
The way you get around this is that you set up a WSUS server that has Internet connectivity in a separate network, completely separate from this disconnected network, and on that WSUS server that has Internet connectivity you download all of your updates, you synchronize to Microsoft.com and then you export those updates and transfer them over to the disconnected network, typically with an external hard drive and then you import these updates to the disconnected WSUS server.
So essentially you are just manually importing these updates to this disconnected WSUS server. Generally, you will do this once a month on every Patch Tuesday or after, and that way you are able to keep your WSUS clients, in your disconnected network, up to date.
Let’s see how we can do this.
On the IPWSUS01 server, I am going to export the updates from the server. Now, that’s a two-step process. First, we are going to copy these files from the E:\WSUSUpdates folder, which is actually holding all the actual files. We will copy that folder to an external media so we can get it over to the disconnected WSUS server.
Next, open a Command Prompt window and choose to Run as administrator.
Type cd “C:\Program Files\Update Services\Tools” and type dir.
We will be using the WsusUtil.exe program.
Type WsusUtil.exe export command and press Enter. We will see information about the parameter for the command.
We need to specify a package and a log file. This package, make it in a .xml.gz extension.
Type the following command WsusUtil.exe export 22MAR2018_wsus_export.xml.gz 22MAR2018_wsus_export.log and press Enter.
We name it based on the date and the file content with the .xml.gz extension to avoid errors when exporting to CAB files due to the size of the file we generate. The same naming convention for the log file
Open File Explorer and navigate to C:\ > Program Files > Update Services > Tools. We can see the WsusUtil.exe export 22MAR2018_wsus_export.xml.gz file is being created with a log file.
We are not actually exporting the updates right now, we are just exporting the metadata for these updates. This will help our import server to know what updates we have available. This process might take a while to complete.
Meanwhile, I am going to compress the WSUSUpdates folder by right-clicking the folder and choosing Send to and Compressed (zipped) folder.
This compressed file will be transferred to an external hard drive with the WsusUtil.exe export 22MAR2018_wsus_export.xml.gz file.
After a while, in our command prompt window, we will see a message that All updates are successfully exported.
Checking on our compressed file, it will also be done.
And our .xml.gz file will also be completed.
We can compress these two files together as well. Basically, the purpose is to get these files easily to the target server.
Now, to import, we are located on IPWSUS03 server, which is a server on the disconnected network.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.