Install and Configure Software Update Point

About

The software update point is required on the central administration site, or stand-alone primary site, and on primary sites to enable the software updates compliance assessment and to deploy software updates to clients. The software update point is optional on secondary sites.

Article Covers

• Software Update Point Prerequisites
• Install Software Update Point 

Software Update Point Prerequisites

• Internet Information Services: IIS must be installed on the site system servers to run the software update point, the management point, and the distribution point. Refer “Prerequisites for site system roles”
• Windows Server Update Services: The software update point site system role must be created on a server that has WSUS installed. The software update point interacts with the WSUS services to configure the software update settings and to request synchronization of software updates metadata.
  • The following versions of WSUS are supported for a software update point:
    • WSUS 10.0.14393 (role in Windows Server 2016)
    • WSUS 10.0.17763 (role in Windows Server 2019) (Requires Configuration Manager 1810 or later)
    • WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
      • KB 3095113 and KB 3159706 (or an equivalent update) are needed for WSUS 6.2 and 6.3 if you deploy Windows 10 upgrades.

For Step by Step WSUS installation and Post-Installation, you can refer to my “Install And Configure WSUS”

• WSUS Administration Console: The WSUS Administration Console is required on the Configuration Manager Site server when the software update point is on a remote site system server and WSUS isn’t already installed on the site server. 

Install Software Update Point

• Open ConfigMgr console and navigate to Administration -> Overview -> Site Configuration -> Servers and Site System Roles. Select the Site System and right click -> Add Site System Roles.
• On General Tab, Click Next.

• Specify Proxy Server Name, if there is no proxy server. Just click Next.

• Check the “Software Update Point” role and Click Next.

• Select the option “WSUS is configured to use ports 8530 and 8531 for client communications (default settings for WSUS on Windows Server 2012)”. Click Next.

• You can configure an account to be used by the site server when it connects to WSUS that runs on the software update point. When you don’t configure this account, the Configuration Manager uses the computer account for the site server to connect to WSUS. Specify the account if required else click Next.

• Select the option “Synchronize from Microsoft Update” as it is a Stand Alone Primary Site. Click Next.

        In case you have Upstream WSUS/SUP in your hierarchy select the option “Synchronize from an upstream data source location (URL)”. 

• Configure the Synchronization Schedule as per your requirement. Click Next.

• On Supersedence Rules, select “Immediately expire a superseded software update” and “Immediately expire a superseded feature update”. Check the option “Run WSUS Cleanup after synchronization”. Click Next.

• On Update Files, select the option Download full files for all approved updates. Click Next.

• Choose Classification as per requirement. Click Next.

• Choose Products as per your environment. Click Next.

          Make sure to select only relevant Products which are used in your environment.

• Choose the languages. Click Next

• On Summary Page, review your configurations and Click Next.
• Once the role installation is completed. Click on Close.
• You verify the SUP installation in SUPsetup.log