Importing Updates to an Offline WSUS Server
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lecture, I want to talk to you about importing updates to a WSUS server that does not have Internet connectivity.
Generally, the way this works is that you have a network that contains sensitive data, and is so sensitive that it's actually better to keep that computer network disconnected from the Internet.
You may have 100 servers and thousands of clients that need to be patched, and the best way to do this is with a WSUS server, so you set up a WSUS server, and then on that WSUS server, it can't reach Microsoft.com.
The way you get around this is that you set up a WSUS server that has Internet connectivity in a separate network, completely separate from this disconnected network, and on that WSUS server that has Internet connectivity you download all of your updates, you synchronize to Microsoft.com and then you export those updates and transfer them over to the disconnected network, typically with an external hard drive and then you import these updates to the disconnected WSUS server.
So essentially you are just manually importing these updates to this disconnected WSUS server. Generally, you will do this once a month on every Patch Tuesday or after, and that way you are able to keep your WSUS clients, in your disconnected network, up to date.
Let’s see how we can do this.
On the IPWSUS01 server, I am going to export the updates from the server. Now, that’s a two-step process. First, we are going to copy these files from the E:\WSUSUpdates folder, which is actually holding all the actual files. We will copy that folder to an external media so we can get it over to the disconnected WSUS server.
Next, open a Command Prompt window and choose to Run as administrator.
Type cd “C:\Program Files\Update Services\Tools” and type dir.
We will be using the WsusUtil.exe program.
Type WsusUtil.exe export command and press Enter. We will see information about the parameter for the command.
We need to specify a package and a log file. This package, make it in a .xml.gz extension.
Type the following command WsusUtil.exe export 22MAR2018_wsus_export.xml.gz 22MAR2018_wsus_export.log and press Enter.
We name it based on the date and the file content with the .xml.gz extension to avoid errors when exporting to CAB files due to the size of the file we generate. The same naming convention for the log file
Open File Explorer and navigate to C:\ > Program Files > Update Services > Tools. We can see the WsusUtil.exe export 22MAR2018_wsus_export.xml.gz file is being created with a log file.
We are not actually exporting the updates right now, we are just exporting the metadata for these updates. This will help our import server to know what updates we have available. This process might take a while to complete.
Meanwhile, I am going to compress the WSUSUpdates folder by right-clicking the folder and choosing Send to and Compressed (zipped) folder.
This compressed file will be transferred to an external hard drive with the WsusUtil.exe export 22MAR2018_wsus_export.xml.gz file.
After a while, in our command prompt window, we will see a message that All updates are successfully exported.
Checking on our compressed file, it will also be done.
And our .xml.gz file will also be completed.
We can compress these two files together as well. Basically, the purpose is to get these files easily to the target server.
Now, to import, we are located on IPWSUS03 server, which is a server on the disconnected network.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
Dear Server Academy,
I want to WSUS offline configuration course please let me know how can i reach to you.
This my details
Siva
Email id : <– Edited email for privacy –>
Hi
venkata sivakumar pilli
The WSUS offline configuration is just one part of the course. We don’t think we need one entire course for the topic. What are you looking for in a course like that?
Thank you,
Ricardo
Hi Ricardo P,
Good Evening,
My office network is isolated so we need to install offline WSUS for Windows patching activity so i want to offline WSUS configuration course only.
i want to documents,Videos or course for offline WSUS configuration only.
Please let me know how much can i pay for that.
Thank you,
Siva.
My email id : (editing email address for privacy)
I know what you mean. Unfortunately, we don’t have offline video courses.
Dear Ricardo P,
Oh please let me know what i can do for the course.
if it is online or offline there is no issue.
Thank you,
Hi there!
This is an article that really appeals to me. I’d like to ask how relevant it is still now that it’s been a little while since it’s been posted. The section that specifically related to my work is the offline export/import section. It’s no problem for me to get the WSUS server up and running, but my issues really begin during the export/import process.
I find that when I import the updates to the target server, WSUS recognizes that content should be there, but it tries to synchronize which obviously leads to failures due to the server being disconnected from any external sources. I suppose my questions are:
I believe that’s all.
Thank you for any help you can provide!
Hi
Daniel Shearer
The drive letter doesn’t matter as long as you maintain the correct directory structure and paths for the updated files and metadata. There’s no need to hit the synchronize button since your disconnected server cannot access external sources as expected for an offline server. I understand, and you’re right that you don’t want to re-download the same updates every time. WSUS Offline Update Tool and some other utilities offer the option to download differential updates, but haven’t seen a way to avoid the large files.
Ricardo