Sccm Software Update Point Configuration
Once you have completed PKI certificates pre-requisites, ready to configure SCCM MP and SUP site systems components to use SSL/HTTPS. HTTPS MP and HTTPS SUP configurations are explained in this post via video tutorial as well as by step by step instructions. All these configurations are explained with SCCM 1802 production version infrastructure.
The software update point interacts with the WSUS services to configure the software update settings and to request synchronization of software updates metadata. When you have a Configuration Manager hierarchy, install and configure the software update point on the central administration site first, then on child primary sites, and then optionally, on secondary sites. 6.Specify whether to use the existing Internet Information Services (IIS) Default Web site or to create a custom WSUS 3.0 Web site. When using the WSUS server for a software update point, it is recommended that Create a Windows Server Update Services 3.0 Web site is selected. Software Update Cleanup of Superseded and Expired Overview. Superseded and Expired updates need to periodically be cleaned up from Software Update Groups. Superseded Updates Procedure. Within the SCCM Console go to Software Library Overview Software Updates All Software Updates; Add Criteria - Superseded + Deployed. Downloads the software updates from the catalog when published; Enable Software Update point with HTTPS. Enable Third-party Software Updates feature. This new feature can be enabled on the Software Update Point component in the ConfigMgr console. Navigate to the Administration – Site Configuration – Sites node and select your Site server.
Content of this post
Video Tutorial to Setup HTTPS/SSL MP and SUP Site System Server
How to Setup HTTPS MP – How to make MP communication via SSL channel?
There are two parts in the configuration of management point (MP). The First part of configuration should be done from SCCM CB console. The Second part of the configuration should be done from Management Point server IIS console. I have shown these two options in this video tutorial. HTTPS MP is one of the requirements for co-management with SCCM 1802 version.
SCCM CB Console Actions
Reallusion iClone Pro 7 free download OverviewDesigned for ease of use and integrating the latest real-time technologies, iClone 7 unifies the world of 3D Animation in an all-in-one production tool that blends character creation, animation, scene design and story direction into a real-time engine with artistic visual quality for unparalleled production speed and rendering power.Reallusion iClone Pro 7 Crack Only is a virtual studio to create 3D animation with special effects. Download iclone 7 free.
A management point provides policy and content location information to clients. It also receives configuration data from clients. This section is HTTPS MP configuration from SCCM Cb 1802 console.
1. Open SCCM console –> AdministrationWork space –> Site Configuration –> Servers and Site System Roles
2. Select the Management Point (MP) server and Right Click on MP Role and Click Properties
3. Select HTTPS from the client connections section under the GENERAL tab of properties windows of MP site system. This will reinstall the MP component.
4. CHOOSE on “Allow Configuration Manager Cloud Management Gateway traffic”
Microsoft is constantly improving the designs of Client – CMG – MP communication. Hence, I would recommend reading the latest Microsoft documentation if you are in doubt whether this is the suitable option for you or not.
5. CHOOSE to allow mobile devices and Mac computers to use the management point (when required). Click OK to close the window.
MP Server IIS Console
Login to Management Point (MP) server for IIS configurations. This section explains the HTTPS MP configuration from IIS console side.
1. Make sure you have successfully enrolled web certificate to that MP server. More details in the following video post here.
2. Open Internet Information Services (IIS) Manager. Expand Sites – select your MP web site (usually ‘Default Web Site’) and select Bindings
3. Select the HTTPS entry and Edit
4. Select the new Web cert and click OK and Close
5. Test the HTTPS/SSL connectivity by browsing your MP web site using the FQDN and HTTPS with no certificate errors.
How to Configure Setup Software Update Point (SUP) to use SSL/HTTPS
There are two parts in the configuration of Software Update Point (SUP). The First part of configuration should be done from SCCM CB console. The Second part of the configuration should be done from SUP server IIS console.
SCCM CB Console Actions
A software update point(SUP) integrates with WSUS to provide software updates to SCCM clients. For SCCM to use software update point that is not installed on the site server, you must first install WSUS admin console on the site server. My preference would be to use Windows Update for Business for the software update or patching.
1. Open SCCM console –> AdministrationWork space –> Site Configuration –> Servers and Site System Roles
2. Select the Software Update Point (SUP) server and Right Click on MP Role and Click Properties
3. The ports should already be listed
WSUS Configuration details are given below:-
Port Number: 8530
SSL port Number: 8531
4. Click Require SSL communication to the WSUS server
5. Click Allow Configuration Manager cloud management gateway traffic
6. Choose “Allow Internet and intranet client connections” from Client Connection Type section. This option will automatically get selected when you select “Allow Configuration Manager cloud management gateway traffic”. Click OK to close the window.
SUP Server IIS Console
Login to Software Update Point (SUP) server for IIS configurations. This section explains the HTTPS SUP configuration from IIS console side. To configure SSL on the WSUS server by using IIS 7.0
1. On the WSUS server, open Internet Information Services (IIS) Manager.
2. Expand Sites, and then expand the Web site for the WSUS serverWSUS Administration.
3. Perform the following steps on the following virtual directories that reside under the WSUS Web site WSUS Administration.
APIRemoting30
ClientWebService
DSSAuthWebService
ServerSyncWebService
SimpleAuthWebService
4. In Features View, double-click SSL Settings.
5. On the SSL Settings page, select the Require SSL checkbox. Ensure that Client certificates are set to Ignore.
6. In the Actions pane, click Apply.
7. Close Internet Information Services (IIS) Manager.
8. Run the following command from <WSUS Installation Folder>Tools: WSUSUtil.execonfiguressl <Intranet FQDN of the SUP site system server>
9. Restart the IIS services or Click ok Recycle button from IIS console
Configuration Management Database offers training via webinars. Atrium CMDB is available as SaaS software. ServiceNow is a software company based in the United States that was founded in 2003 and offers a software product called Configuration Management Database. Some alternative products to Atrium CMDB include NetBrain, Configuration Management Database, and i-doit. Free cmdb software.
Bonus Video – How to Setup PKI for SCCM CB Lab
Sccm Software Update Point Setup
Co-Management Related Posts
Setup Sccm Wsus Software Updates
Resources:-
Sccm Configure Software Updates
For more information, see Enable management point for HTTPS.
Just for clarification. The check box “Require SSL communication to the WSUS server” has nothing to do with the client communication to the SUP…right? This check box merely causes the traffic/communication between the SUP and WSUS to be SSL.