Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

DYNAMIC Intranet Microsoft Update Service Location

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 03-28-2009
sali
 

Posts: n/a
DYNAMIC Intranet Microsoft Update Service Location
problem:
having mobile workers [users with laptops/notebooks travelin from branch
office to branch office], they have configured wsus server at headquarter,
and when they boot their mobile computer at branch office, they start to
download updates accross corporate network from headquarter, overloading
corporate network

question:
is it possible to have group policy, some script or anything to allow mobile
users to automaticaly receive updates from the *nearest* update server
[server from the local lan] and not from the fixed server from remote
headquarter
since they change their location frequently and in unknown interval, mobile
users need to automaticly discover curently the nearest update server
the local network is controlled by dhcp, so when they boot their mobile
computers they may hev info on which their current network is

i try to avoid option to have update disabled or switched to manual

any help or suggestion?

thnx


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-29-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
We don't use "chatspeak" here.

sali wrote:
> problem:
> having mobile workers [users with laptops/notebooks travelin from branch
> office to branch office], they have configured wsus server at headquarter,
> and when they boot their mobile computer at branch office, they start to
> download updates accross corporate network from headquarter, overloading
> corporate network
>
> question:
> is it possible to have group policy, some script or anything to allow
> mobile
> users to automaticaly receive updates from the *nearest* update server
> [server from the local lan] and not from the fixed server from remote
> headquarter
> since they change their location frequently and in unknown interval,
> mobile
> users need to automaticly discover curently the nearest update server
> the local network is controlled by dhcp, so when they boot their mobile
> computers they may hev info on which their current network is
>
> i try to avoid option to have update disabled or switched to manual
>
> any help or suggestion?
>
> thnx


Reply With Quote
  #3 (permalink)  
Old 03-29-2009
Robert Aldwinckle
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
(cross-post added to WSUS)
"sali" <gabor.salai@tel.net.ba> wrote in message news:%23wDQOV9rJHA.2368@TK2MSFTNGP06.phx.gbl...
> problem:
> having mobile workers [users with laptops/notebooks travelin from branch
> office to branch office], they have configured wsus server at headquarter,
> and when they boot their mobile computer at branch office, they start to
> download updates accross corporate network from headquarter, overloading
> corporate network
>
> question:
> is it possible to have group policy, some script or anything to allow mobile
> users to automaticaly receive updates from the *nearest* update server
> [server from the local lan] and not from the fixed server from remote
> headquarter
> since they change their location frequently and in unknown interval, mobile
> users need to automaticly discover curently the nearest update server
> the local network is controlled by dhcp, so when they boot their mobile
> computers they may hev info on which their current network is
>
> i try to avoid option to have update disabled or switched to manual
>
> any help or suggestion?



Try the WSUS NG. Cross-posting to it for convenience.


>
> thnx



Good luck

Robert Aldwinckle
---


Reply With Quote
  #4 (permalink)  
Old 03-29-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
"Robert Aldwinckle" <robald@techemail.com> wrote in message
news:O%23hSGcBsJHA.1504@TK2MSFTNGP03.phx.gbl...

>> problem:
>> having mobile workers [users with laptops/notebooks travelin from branch
>> office to branch office], they have configured wsus server at
>> headquarter,
>> and when they boot their mobile computer at branch office, they start to
>> download updates accross corporate network from headquarter, overloading
>> corporate network


This is a quite common scenario, discussed many many, times in this forum
and others.

>> question:
>> is it possible to have group policy, some script or anything to allow
>> mobile
>> users to automaticaly receive updates from the *nearest* update server
>> [server from the local lan] and not from the fixed server from remote
>> headquarter


Well, yes. It involves the use of DNS through Netmask Ordering and
Round-Robin resolution. I would suggest consulting with somebody with
expertise in DNS and networking infrastructure if you're interested in this
solution, as configuring it incorrectly can do more harm than good.

--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
  #5 (permalink)  
Old 03-29-2009
SuperGumby [SBS MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
I can see how DNS would handle it but get concerned about how the WSUS
servers react.

Let's keep it simple with two sites, HQ and Location1 (L1).

WSUS is installed on HQWSUS.our.lan and also on L1WSUS.our lan with L1WSUS
being a replica of HQWSUS. A DNS entry exists at each location pointing
LOCALWSUS to the local WSUS at each location and group policy tells all PC's
to use LOCALWSUS.

The user of PC37 is at HQ and connects for less time than a download takes,
unplugs the PC and takes it to L1. It would not surprise me to find the PC
'resuming' the download but it may start from beginning again, no real
problem either way. Problem is we now have PC37 registered on both servers
(even if it wasn't partway through a download).

Does the WSUS 'uniqueID' given each workstation allow such movement to be
tracked between cascaded servers? Is the entry on HQWSUS deleted or moved so
that it is recognised as 'belonging' to L1WSUS? or do we end up with
different status of the machine (and hence in reports) on the 2 servers?

--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org

"Lawrence Garvin [MVP]" <lawrence@news.postalias> wrote in message
news:OWKuBAJsJHA.1212@TK2MSFTNGP04.phx.gbl...
> "Robert Aldwinckle" <robald@techemail.com> wrote in message
> news:O%23hSGcBsJHA.1504@TK2MSFTNGP03.phx.gbl...
>
>>> problem:
>>> having mobile workers [users with laptops/notebooks travelin from branch
>>> office to branch office], they have configured wsus server at
>>> headquarter,
>>> and when they boot their mobile computer at branch office, they start to
>>> download updates accross corporate network from headquarter, overloading
>>> corporate network

>
> This is a quite common scenario, discussed many many, times in this forum
> and others.
>
>>> question:
>>> is it possible to have group policy, some script or anything to allow
>>> mobile
>>> users to automaticaly receive updates from the *nearest* update server
>>> [server from the local lan] and not from the fixed server from remote
>>> headquarter

>
> Well, yes. It involves the use of DNS through Netmask Ordering and
> Round-Robin resolution. I would suggest consulting with somebody with
> expertise in DNS and networking infrastructure if you're interested in
> this solution, as configuring it incorrectly can do more harm than good.
>
> --
> Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>


Reply With Quote
  #6 (permalink)  
Old 03-29-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:OTxk28JsJHA.528@TK2MSFTNGP06.phx.gbl...


> Let's keep it simple with two sites, HQ and Location1 (L1).
>
> WSUS is installed on HQWSUS.our.lan and also on L1WSUS.our lan with L1WSUS
> being a replica of HQWSUS. A DNS entry exists at each location pointing
> LOCALWSUS to the local WSUS at each location and group policy tells all
> PC's to use LOCALWSUS.
>
> The user of PC37 is at HQ and connects for less time than a download
> takes, unplugs the PC and takes it to L1. It would not surprise me to find
> the PC 'resuming' the download but it may start from beginning again, no
> real problem either way.


This is where understanding the functionality of BITS is important, as well
as the benefits of using Range Protocol Headers in HTTP v1.1. Suffice it to
say that BITS is capable of resuming the download from where it's left off.
In fact, this is no different a solution than if this were a desktop PC and
simply powered off whilst a download were in progress -- a scenario that
happens a lot more often than is likely thought of.

> Problem is we now have PC37 registered on both servers (even if it wasn't
> partway through a download).


Actaully PC37 will only *register* if an actual detection takes place. The
download, which is a pure HTTP-based file transfer from
http://LocalWSUS/Content/* will not cause a registration with the WSUS
Server to take place; that's done by a call to the webservice
http://LocalWSUS/ClientWebService/* -- but your point is, nonetheless,
valid. As some point PC37 *will* become registered with both machines, and
this is a management issue that must be worked out.


> Does the WSUS 'uniqueID' given each workstation allow such movement to be
> tracked between cascaded servers?


If you're doing reporting rollup from the replica server, presumably all of
the "events" recorded against the SusClientID of PC37 will be rolled up, and
the upstream server will have a full record of activity against this client.
The consideration here is that the replica server(s) will *not* have a
complete record of activity against this client.

> Is the entry on HQWSUS deleted or moved so that it is recognised as
> 'belonging' to L1WSUS? or do we end up with different status of the
> machine (and hence in reports) on the 2 servers?


The whole key is the GUID, known as the SusClientID, combined with (added in
WSUS v3), the FQDN of the machine.

The other consideration, even more critical, is understanding that the TTL
on the DNS records must be abnormally short in a scenario where there is
high mobility, in order to prevent the client machine from accessing the
"last accessed" server across the WAN, because of cached DNS 'A' records,
pointing to the wrong (not local) WSUS Server.


--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
  #7 (permalink)  
Old 03-29-2009
SuperGumby [SBS MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
Would the use of different policy settings re 'Set the intranet update
service for detecting updates:' vs 'Set the intranet statistics server:'
avoid such problems?

Seems to me that 'Set the intranet update service for detecting updates:'
should be changed to 'Set the intranet update service for DOWNLOADING
updates:' and both detection and reporting could be set to the 'master'
WSUS. The intention being that all PCs only report to master but may
download from a local WSUS at each location.

--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org

"Lawrence Garvin [MVP]" <lawrence@news.postalias> wrote in message
news:egX%23PELsJHA.4324@TK2MSFTNGP05.phx.gbl...
> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> news:OTxk28JsJHA.528@TK2MSFTNGP06.phx.gbl...
>
>
>> Let's keep it simple with two sites, HQ and Location1 (L1).
>>
>> WSUS is installed on HQWSUS.our.lan and also on L1WSUS.our lan with
>> L1WSUS being a replica of HQWSUS. A DNS entry exists at each location
>> pointing LOCALWSUS to the local WSUS at each location and group policy
>> tells all PC's to use LOCALWSUS.
>>
>> The user of PC37 is at HQ and connects for less time than a download
>> takes, unplugs the PC and takes it to L1. It would not surprise me to
>> find the PC 'resuming' the download but it may start from beginning
>> again, no real problem either way.

>
> This is where understanding the functionality of BITS is important, as
> well as the benefits of using Range Protocol Headers in HTTP v1.1. Suffice
> it to say that BITS is capable of resuming the download from where it's
> left off. In fact, this is no different a solution than if this were a
> desktop PC and simply powered off whilst a download were in progress -- a
> scenario that happens a lot more often than is likely thought of.
>
>> Problem is we now have PC37 registered on both servers (even if it wasn't
>> partway through a download).

>
> Actaully PC37 will only *register* if an actual detection takes place. The
> download, which is a pure HTTP-based file transfer from
> http://LocalWSUS/Content/* will not cause a registration with the WSUS
> Server to take place; that's done by a call to the webservice
> http://LocalWSUS/ClientWebService/* -- but your point is, nonetheless,
> valid. As some point PC37 *will* become registered with both machines, and
> this is a management issue that must be worked out.
>
>
>> Does the WSUS 'uniqueID' given each workstation allow such movement to be
>> tracked between cascaded servers?

>
> If you're doing reporting rollup from the replica server, presumably all
> of the "events" recorded against the SusClientID of PC37 will be rolled
> up, and the upstream server will have a full record of activity against
> this client. The consideration here is that the replica server(s) will
> *not* have a complete record of activity against this client.
>
>> Is the entry on HQWSUS deleted or moved so that it is recognised as
>> 'belonging' to L1WSUS? or do we end up with different status of the
>> machine (and hence in reports) on the 2 servers?

>
> The whole key is the GUID, known as the SusClientID, combined with (added
> in WSUS v3), the FQDN of the machine.
>
> The other consideration, even more critical, is understanding that the TTL
> on the DNS records must be abnormally short in a scenario where there is
> high mobility, in order to prevent the client machine from accessing the
> "last accessed" server across the WAN, because of cached DNS 'A' records,
> pointing to the wrong (not local) WSUS Server.
>
>
> --
> Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>


Reply With Quote
  #8 (permalink)  
Old 03-29-2009
Lawrence Garvin [MVP]
 

Posts: n/a
Re: DYNAMIC Intranet Microsoft Update Service Location
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:%23nHQgVLsJHA.724@TK2MSFTNGP03.phx.gbl...
> Would the use of different policy settings re 'Set the intranet update
> service for detecting updates:' vs 'Set the intranet statistics server:'
> avoid such problems?


No, those two values must be identical. Even the most insignificant
variation in their values will totally halt the functionality of the Windows
Update Agent.

> Seems to me that 'Set the intranet update service for detecting updates:'
> should be changed to 'Set the intranet update service for DOWNLOADING
> updates:' and both detection and reporting could be set to the 'master'
> WSUS. The intention being that all PCs only report to master but may
> download from a local WSUS at each location.


Well, presumably, the original intention, way back in the days of SUS 1.0,
was that the WUA was going to support alternate reporting locations (the
"statistics server") vs the detection server.

Alternatively, it may be that "statistics server" is used internally at
Microsoft Update, and simply needs to be replicated in the WUA setup for
functionality purposes.

Truly we've never gotten a good detailed answer as to why they must be
identical, or even why both continue to be retained after so many years,
despite their redundancy. It seems a simple thing to have 'bugfixed' the WUA
in any of the last half dozen releases to simply ignore the "intranet
statistics server" value, and point it at the "detection" server value.


--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot update Microsoft .Net framework 3.5 service pack 1 Tendai microsoft.public.windowsupdate 2 02-16-2009 23:56
Microsoft Windows Dynamic Cache Service on 32-Bit? Steve Mavronis microsoft.public.windows.vista.performance maintenance 3 02-10-2009 22:05
cannot install update for Microsoft .NET Framework 1.1 Service Pac ben microsoft.public.windowsupdate 1 01-04-2008 18:33
Proofpoint releases dynamic reputation service Steve Security News 0 05-04-2007 10:54




All times are GMT +1. The time now is 05:11.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120