Partilhar via


System Center Updates Publisher 2011 and Windows Server 2012 R2

Published on configuration manager team blog as well: https://blogs.technet.com/b/configmgrteam/archive/2013/12/11/system-center-updates-publisher-2011-support-statement-update.aspx

 

System Center Updates Publisher 2011 (SCUP) is supported for use on computers with Windows Server 2012 R2 with the following known limitations:

1. Windows Server 2012 R2 includes Windows Server Update Services (WSUS) 4.1. WSUS 4.1 cannot communicate with WSUS 3.0 and WSUS 4.0.  If you install System Center Updates Publisher 2011 on a machine with pre-WSUS 4.1 admin console and try to publish to Windows Server 2012 R2 based WSUS Server with WSUS 4.1, you’ll get a WSUS version mismatch error in the SCUP log.

This issue doesn’t occur when System Center Updates Publisher 2011 is installed on Windows 8.1 for use with a Windows Server 2012 R2 based WSUS server.  To install System Center Updates Publisher 2011 on a Windows 8.1 system the Remote Server Administration Tools for Windows 8.1 (RSAT) https://www.microsoft.com/en-us/download/details.aspx?id=39296 is required.  Installation of RSAT 8.1 includes the WSUS 4.1 version of the WSUS admin console binary for Windows 8.1 and allows applications like System Center Updates Publisher 2011 to connect to a Windows Server 2012 R2 based WSUS Server.

2. To allow local administrators to publish updates from System Center Updates Publisher 2011 to Windows Server 2012 R2, you still need the same workaround for Windows Server 2012 as described here: https://technet.microsoft.com/en-us/library/hh134747.aspx#PublishToServer2012

3. The updated version of WSUS for Windows Server 2012 R2 no longer issues self-signed certificates as described here: https://blogs.technet.com/b/wsus/archive/2013/08/15/wsus-no-longer-issues-self-signed-certificates.aspx

When using System Center Updates Publisher 2011 this change to WSUS affects the “Create” button for the Signing Certificate group in the Update Server configuration settings (see picture).

 

By default because the updated version of WSUS no longer issues self-signed certificates this button will not work.  The recommended way to work around this is to use a Certificate Authority to generate the signing certificate. You can refer to this blog for a step-by-step guidance to create a signing certificate with Windows Certificate Authority:  https://blogs.technet.com/b/jasonlewis/archive/2011/07/12/system-center-updates-publisher-signing-certificate-requirements-amp-step-by-step-guide.aspx.  In addition to this recommended approach there is a way to configure the new version of WSUS to issue self-signed certificates described in the update to the WSUS Product Team blog entry referenced above. Once this is configured, the “Create” button should work as before. However as mentioned the issue of self-signed certificates by WSUS remains a deprecated feature and may be removed in the future.