I need to build a WSUS server in a disconnected environment. This environment bears no relation to our office domain in any way. So I have built the WSUS server and followed the instructions from Microsoft on how to configure it, instructions here - https://docs.microsoft.com/de-de/security-updates/windowsupdateservices/18127442
Essentially instructions advised to do the following:
- Using 'Windows Server Backup' to backup the WSUSContent folder from our office WSUS server and then using 'Windows Server Backup' to 'Recover' the data on the disconnected server. Note that I have copied the file structure of the office network WSUS server so the data is going into the same path on the disconnected WSUS server.
- I then used 'WSUSUtil.exe' to export the metadata from the office network WSUS server and then imported it on the disconnected WSUS server.
After doing that, I can actually see all of the updates (over 7000) listed in the WSUS administration console and I selected them all and approved for download and install.
However, even though the WSUS server sees the updates, it is reporting that it needs to download the updates. So all updates are stuck on trying to download which they are not doing. Of course, since I already manually copied over the updates, the system shouldn't think it needs to download them.
And being a disconnected environment, the WSUS server should talk to itself to get the updates but even though the server is listed under 'Computers' in the console, the status reports that it needs 48 updates.
I looked in local group policy and there was a computer policy called 'Specify intranet Microsoft update service location' and in that, I put the address of the server itself so it would hopefully point to itself but when I go 'Check for updates', it says its up to date.
I think the core issue here is that WSUS itself thinks it needs to download the updates, but it doesn't actually have to because I manually copied them over. I assumed that after copying across the updates manually, that importing the metadata would let the system see the updates were local already.
Does anyone have a clue what I am missing here? Thanks in advance.