«

»

Apr 23 2015

Migrating WSUS from one Server to another

WSUS is running in your infrastructure for many years, and is doing a pretty good job at patching your clients and your servers, but now has come to a point where you need to migrate it to a new box. This usually happens when the OS is at the end of life support (EOL) or the hardware has reached the warranty limit. Another reason why migrate and not start with a new installation is so you don’t have to download from Microsoft the required updates and approve them all over again. I don’t know about you, but approving hundred of updates is not something I will do for a second time. In either case, the service needs to be migrated with minimal downtime and not to much headache.

To simulate this, I installed one WSUS service on a 2003 server, and this one is the WSUS that is patching the infrastructure right from the beginning. I named it WSUS-OLD for the sake of the example and for you to better follow the migration procedure. If your WSUS is not running on a 2003 server, no problem, this works with every OS version you might have. The second WSUS server will run on a 2012 R2 server and this will replace the old WSUS. I’m going to name the new server WSUS-NEW, again, for the sake of the example. Both of them are installed with a local database, but in case yours are configured with a remote SQL, don’t worry, it works either way the same. You can have your old WSUS with a local database and the new WSUS with a remote SQL server or vice versa.

Now, on the new server go ahead and install WSUS and when you get to the configuration wizard set it as a downstream replica server; point it to your working WSUS.

Migrating WSUS Server-01

Start connecting to save and download upstream server information.

Migrating WSUS Server-02

At the end of the configuration wizard choose to begin the initial synchronization then click Finish. Be patient, it will take a while.

Migrating WSUS Server-03

Once the synchronization is done your two WSUS servers should look almost the same.They should have the same computer groups, approved updates, downloaded updates, etc.

Migrating WSUS Server-08

One thing they are not synchronizing are the configuration options, and unfortunately these configurations will need to be done manually. Don’t worry, it’s a two minute job, but before you can do that the new WSUS server needs to be set in an autonomous mode. Go to Options > Update Source and Proxy server and un-check the box This server is a replica of the upstream server then click the radio button Synchronize from Microsoft Update.

Migrating WSUS Server-04

Now you can go ahead and match the rest of the options with the old WSUS server, like Products and Classifications, Update Files and Languages, computers assignment, E-Mail Notifications.



Migrating WSUS Server-05     Migrating WSUS Server-06

Migrating WSUS Server-07    Migrating WSUS Server-09

Once the options between the two servers match, the last step is to modify your group policy in order to point your clients to the new WSUS server. Open your GPO or GPOs and change the server name from the Specify intranet Microsoft update service location policy.

Migrating WSUS Server-10     Migrating WSUS Server-11

After a few hours, clients should appear in the WSUS console at the exact same patch level they were on the old WSUS server. If you want to force the process on one or two of the clients just to see if it actually works do a gpupdate /force to get the new policy then type wuauclt /detectnow and wuauclt /reportnow to force checking for updates and to report to WSUS. Wait a few days, and if everything is working fine you can go ahead and decommission the old box. And that’s it !

Migrating WSUS Server-12

Migrating WSUS to a new server is not a difficult process and it can be done with minimal downtime. The hard part is to wait for all the clients to get the new policy and register themselves with the new WSUS server. Everything after that is the same as it was before, approve/decline updates and patch the systems in your environment.

Want content like this delivered right to your

email inbox?


15 comments

Skip to comment form

  1. Tony

    Hi,

    Can you please help me if the below scenario will work or not?

    1) My existing wsus server name WSUS-A.dev.internal(2012 R2)

    2) Renamed it to WSUS-A-OLD.dev.internal

    3) Deployed new 2016 server WSUS-A.dev.internal

    4) On the new server go ahead and install WSUS and when you get to the configuration wizard set it as a downstream replica server; point it to WSUS-A-OLD.dev.internal

    Will this work without any issues so that i don’t need to make any changes in my GPO to point to new WSUS server?

    Thanks in advance
    Tony

    1. Adrian Costea

      Hi,
      In theory it will work, but in practice is something else. There is always something that can go wrong. Before doing this make sure you have backup, then go ahead and do it. Let me know how it works.

  2. kenmich

    I am unable to change the new WSUS server from synchronizing from another WSUS server to synchronizing from Windows Update. The interface just crashes and throws the following error:

    Event ID 7042
    System.Data.SqlClient.SqlException — Maximum stored procedure, function, trigger, or view nesting level exceeded (limit 32).
    Info:spSetConfiguration – SyncToMU or UpstreamServerName config value changed – no reset

    Have you seen anything like this?

    1. Adrian Costea

      Not the error in particular, but check and see so the server does not synchronize during your operation. If it does, stop the synchronization.

  3. Ben

    Just tried this method and now the PCs don’t seem to be able to connect to WSUS anymore. If I manually try checking for updates I get an error “Windows could not search for new updates. Code 80244019”, tried this on just two computers so far but a bit worrying. The only difference from your instructions was that I switched off the old server (2008) and changed the IP address of new server (2012) to match the same as the old so I didn’t have to change the GPOs. Could this be the problem?

    1. Adrian Costea

      Hi,
      Yes, the GPO is the problem. It does not matter if the new WSUS server has a different IP address or name. All that matters is to configure the GPO to point the clients to the new WSUS server.

  4. Hakan

    Thank you bro. You save my life.

  5. vluu

    Hi,

    I migrated our windows 2003 wsus server to windows 2012r2 wsus. It’s a fresh install and wsus 2012 was installed and configured as a downstream replica server with local WID database. I did not copy the DB from 2003 to 2012. The sync was successful with upstream server. I changed our GPO to point to the new wsus 2012 server and rebooted the server. New setting is being applied via GPO. I did a detectnow and see a buch of errors in log.

    I’m wondering do i need to to change the wsus2012 server identity as per the link below for clients to check in?

    https://technet.microsoft.com/en-au/library/hh852349.aspx#BKMK_3.4

    thx

    1. Adrian Costea

      Never heard of this. Usually all you have to do is change the URL in the GPO where clients connect and you are good to go. What errors are you seeing in the log?

  6. Masrizal

    Hi Adrian,

    I’m looking at your instructions and it is pretty simple to carry out. Can i safely say the “Migrate WSUS Update Binaries from the Source Server to the Destination Server Using Windows Server Migration Tools”(https://technet.microsoft.com/library/ee822836(ws.10).aspx) has been done using your method?

    I’m actually planning to migrate 2003 R2 to 2012 R2 thus trying to figure out all necessary actions.

    Thanks in advance.

    1. Adrian Costea

      Hi,
      I never tried using the tool, but if you do, I will appreciate if you post the results here so others can benefit form this.

      Thanks.

  7. garry ferguson

    Brilliant Adrian.
    What a clever way to migrate!
    Thanks, Garry

    1. Adrian Costea

      Thank you 🙂

  8. Martin

    Hello,

    The last Point as you wrote dit not work:

    Options > Update Source and Proxy server and un-check the box This server is a replica of the upstream server then click the radio button Synchronize from Microsoft Update.

    The Radio button to Switch to Synchronize from Microsoft Update is greyed out and can’t be set!

    1. Adrian Costea

      Hi,
      Settings can’t be changed usually when WSUS is synchronizing. Make sure there is no running job and try again.

Leave a Reply to Martin Cancel reply

Your email address will not be published. Required fields are marked *

*

css.php