Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Will WSUS work across forests?

Status
Not open for further replies.
kmkeshav

kmkeshav

IS-IT--Management
Dec 12, 2005
273
NL
...if so, how should I configure a WSUS server in one forest to serve the computers in another forest. Both the forests have network connectivity and have trusts in place.

Thanks,
Keshav
 
Sort by date Sort by votes
Yes, setup a GPO in each forest pointing to the WSUS location.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
The poster formerly known as lander215
 
Upvote 0 Downvote
Yes. WSUS is not dependent on AD for it's services. It can serve as many domains and forests as you wish. The controlling factor resides in the clients Windows Update Services properties/policies.

Like davetoo stated, configuring your policies in each domain/forest to point to the WSUS server is all that needs to be done.

I hope you find this post helpful,

Jonathan Almquist
Minneapolis, MN
 
Upvote 0 Downvote
Thank you very much for the replies.

We have two forests in our infrastructure spanning globally (multiple sites). WSUS server is in DomainA (ForestA) and there are group policies designed in both the forests to use this WSUS server. Computers and Servers in ForestA have no problem in getting the updates from this WSUS server but ForestB doesn't update from this WSUS server.

I can see the group policy applied to these computers in ForestB (Group Policy Results Wizard, GPRESULT and a script to check the respective key in the Registry).

What should be wrong then?

What are the other troubleshooting steps in this?

Any help would be appreciated.

Thanks,

Keshav.
 
Upvote 0 Downvote
Are you sure the WSUS server is resolvable and reachable from ForestB?

I hope you find this post helpful,

Jonathan Almquist
Minneapolis, MN
 
Upvote 0 Downvote
Yes, computers in ForestB are able to resolve and reach the SUS server.

Will there be any events logged if a computer has obtained any updates from the SUS server?

By this, I will be able to find out if the computers in ForestB are able to get the updates from ForestB. I don't see any events related to Windows Update in the event viewers of computers in ForestB. Also, I don't find any errors in Windows Update.log file of the computers.

-Keshav
 
Upvote 0 Downvote
Are you using SSL for your WSUS traffic? If so, do the machines in ForestB have the certificate installed?

Are these machines checking in with the WSUS server? Or, are you getting no status at all?

Another thing to check is that these machines have BITS 2.0 and WinHTTP 5.1 installed. This is required for WSUS communications, and needs to be installed before proceeding with WSUS communications.

What happens if you do a WUAUCLT /DETECTNOW from the CMD and wait about an hour?

I hope you find this post helpful,

Jonathan Almquist
Minneapolis, MN
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
483
antonio_dsanchez
antonio_dsanchez
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
1K
mangentle
mangentle
Leozack
  • Locked
  • Question
WSUS activity history
Replies
0
Views
148
Leozack
Leozack
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
244
tacohunter
tacohunter
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
330
technome
technome

Part and Inventory Search

Sponsor

Back
Top