Educause Security Discussion mailing list archives
Re: DNS change to switch WSUS servers
From: Chris Green <cmgreen () UAB EDU>
Date: Fri, 3 Oct 2008 13:28:29 -0500
Gary Flynn wrote:
We've got two WSUS servers. An old one running 2.0 and a new one running 3.1sp1.
[ snip ]
Can I just change the DNS record for the old server to point at the new one? Has anyone done this?
I did that exact scenario. WSUS is one of those strang MS services that just works off DNS 0) Installed new WSUS on new server with WSUS in default site. IF you don't do the default site, you'll have to muddle IIS to take on the new CNAME from Step 3. 1) Setup synchronizations 2) Manually migrated approvals 3) Retired old server; Pointed CNAME for OLDWSUS.ad -> NEWWSUS.SUS 4) Watched all clients migrate over next day. Caution points: WSUS 3.x is *much* different approval than WSUS 2.0 if you have operational experience with it. - "DetectOnly" got renamed "NotApproved". This really mucked with some of my reporting tools I'd done with WSUS API - Approvals if you have client side targets got annoyingly confusing. This led to me accidentally approving an IE7.0 upgrade to the wrong group of folks. Probably the worst IT day I ever had ;-) Cheers, Chris
Current thread:
- DNS change to switch WSUS servers Gary Flynn (Oct 03)
- <Possible follow-ups>
- Re: DNS change to switch WSUS servers Chris Green (Oct 03)
- Re: DNS change to switch WSUS servers Jay Krous (Oct 03)