Air-gapped SUP sync to upstream WSUS.

Question

I am setting up an air-gapped ConfigMgr environment (no internet). I have the WSUS for my SUP pointing to an internet facing upstream WSUS (different domain, not a site system, firewall opened to allow sync).

Problem: While most patches are downloading, many are failing to download (“DownloadUpdateContent() failed with hr=0x80070002” in the patchdownloader.log).

*** Do updates on the Upstream WSUS need to be approved in order for them to sync/download to the downstream WSUS/SUP? ***

Otherwise, I am used to leaving WSUS patches in an ‘unapproved’ state for a simple standalone connected SUP.

solved 0
Joe Novo 2021-03-24T00:25:14+05:30 3 Answers 215 views Beginner
0

Answers ( 3 )

  2. Anoop C Nair
    0
    2021-03-24T12:42:30+05:30
    Reply
    • Joe Novo
      0
      2021-03-25T03:18:56+05:30
      Reply

      Unless I am missing something, this article seems specific to 1806 needing a hotfix. I am running 1910.

      It seems to me as if I need to have the patches approved upstream before they can be downloaded downstream. Perhaps setting up auto-approval rule to an empty computer group at the top level WSUS would be a way to get it dynamically?

      Best answer
    • Anoop C Nair
      0
      2021-03-25T12:33:30+05:30
      Reply

      Have you already tried the method you explained above ? I never tested this

Leave an answer

Sorry, you do not have permission to answer to this question .