Air-gapped SUP sync to upstream WSUS.
I am setting up an air-gapped ConfigMgr environment (no internet). I have the WSUS for my SUP pointing to an internet facing upstream WSUS (different domain, not a site system, firewall opened to allow sync).
Problem: While most patches are downloading, many are failing to download (“DownloadUpdateContent() failed with hr=0x80070002” in the patchdownloader.log).
*** Do updates on the Upstream WSUS need to be approved in order for them to sync/download to the downstream WSUS/SUP? ***
Otherwise, I am used to leaving WSUS patches in an ‘unapproved’ state for a simple standalone connected SUP.