No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • WSUS Sync

    Hello everybody,

    I have a little problem here and I wonder if you could help me...

    I've installed 2 wsus servers :
    1 with Internet connection (to download the updates) (External)
    1 without Internet connection to update all my domain pcs (The domain isn't connected on Internet) (Internal)

    I heard that if I want to offline sync the two servers, they have to have exacly the same configuration.

    1st : I cant update the internal wsus to list all the products and classifications.
    2nd : I dont want to make the exacly list of server/pc groups to the External wsus for confidentiality reasons.

    If I just sync the wsus contents, the internal wsus will work properly?

    Thanks in advance,

  • #2
    Re: WSUS Sync

    Greetings Alexandros.

    I think perhaps you're taking the "exactly the same configuration" a bit too far. The requirements for implementing a "disconnected WSUS Server" are documented in the WSUS Deployment Guide in the article Configure a Disconnected Network to Receive Updates. (I would have hyperlinked this here but the site has a really STUPID rule that prevents me from doing so.)

    You can find the article at
    (see how stupid that rule is?)

    There is a fairly short list of things that need to be identical:
    1. The Product Categories, Update Classifications, and Languages. In neither case would you ever want to select ALL of the products/classifications anyway. On the Connected server, select the Products/Classifications/Languages that you need to deploy in the disconnected network, so you get those updates. Set those three dialogs exactly the same on the disconnected server.

    2. The Express Installation Files setting should be disabled on both servers. (There is no legitimate value in using Express Installation Files on a disconnected network.)

    In addition, you do not need to define any groups on the connected server. You will need to "approve" groups on the connected server in order to allow the update files to be downloaded, but it doesn't matter where these updates are approved for. Create a dummy group named "DisconnectedNetwork" or just approve them for the All Computers group.

    You WILL need to approve the updates again, on the disconnected server, for the correct groups.


    • #3
      Re: WSUS Sync


      Thank you very much for the answer.

      I'll check it out tomorrow...