> wds wrote:
>> I recently installed WSUS 3 server on one of my systems. I have a Win2K3
>> server endpoint that uses WUA 2.0 (126.96.36.19994) to talk to WSUS. I was
>> able to run a scan on the endpoint using this combo (WSUS3 +WUA 2.0) and
>> seemed to have worked.
This is good news! It means you're WSUS Server is properly configured.
What actually happened is that the WUA first checks the selfupdate folder of
the WSUS Server, so the WSUS Server being v3, caused the WUA to immediately
"selfupdate" to the WUA v7.0 client (which ships on WSUS v3). If the
selfupdate had failed, no detection would have taken place. I assume that
"it seemed to have worked" means that your machine actually
detected/downloaded/installed needed/approved updates.
>> What I am not sure is that can it be assumed that
>> WUA 2.0 will *always* function properly with WSUS 3.0? or Is WSUS 3.0
>> backword compatible with earlier versions of windows Update Agent?
Neither of these, actually.
Technically speaking, WSUS 3 cannot support WUA v5.x clients; however, the
WUA v5.x client can selfupdate to the WUA v7.x client and then work with a
WSUS 3 server.
As noted above, correct functionality is dependent upon a successful
selfupdate -- which is, arguably, the most often failed component of WSUS 3.
So, no, it cannot be assumed that a WUA v5.x client will always function
properly with WSUS 3.0, because it's dependent on the WSUS 3.0 server having
a functioning selfupdate feature (which we've ostensibly established in this
case), and the WUA v5.x being properly configured and functional, unto
Plus, WSUS v3 is not "backward compatible" with earlier versions, because
the earlier versions must be updated to the latest version of the agent.
The other direction, however, is true. The WUA is backward compatible with
earlier versions of WSUS -- that is, the WUA v7.x client can successfully
update from a WSUS 2.0 server, should that be necessary. This is how
machines that have been connected to WU/MU (which promptly causes the update
of the WUA to the v7.x client), can still work in a WSUS v2 environment.
One other observation of interest: if you still have a WUA v5.8 client on
this Windows Server 2003 system, then it's either brand new (in which case
it should be baselined at Service Pack 2, which would have upgraded the WUA
to v7.x), or it's been eons since the server had any updates applied (which
is not a good thing in any circumstance), or it's been talking to a WSUS 2.0
server for some time, or it's been maintained with SMS2003 using ITMU v3.
FWIW, build v188.8.131.5294 was the build required to run ITMU v3 (Nov 2006), so
perhaps this machine has only been maintained by an SMS2003 installation? Or
perhaps it was built from an image configured to be used in an SMS2003
The WUA v7.x client was released with WSUS v3 and WU/MU in early 2007 -- the
only way I know of to have a WUA v5.8 client legitimately still on a machine
is one of those four scenarios I just identified -- so being concerned about
WSUS v3 working with 'downlevel' Windows Update Agent's may actually be
symptomatic of a more significant issue.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin