Air-gapped SUP sync to upstream WSUS.


I am setting up an air-gapped ConfigMgr environment (no internet). I have the WSUS for my SUP pointing to an internet facing upstream WSUS (different domain, not a site system, firewall opened to allow sync).

Problem: While most patches are downloading, many are failing to download (“DownloadUpdateContent() failed with hr=0x80070002” in the patchdownloader.log).

*** Do updates on the Upstream WSUS need to be approved in order for them to sync/download to the downstream WSUS/SUP? ***

Otherwise, I am used to leaving WSUS patches in an ‘unapproved’ state for a simple standalone connected SUP.

Answers ( 3 )


      Unless I am missing something, this article seems specific to 1806 needing a hotfix. I am running 1910.

      It seems to me as if I need to have the patches approved upstream before they can be downloaded downstream. Perhaps setting up auto-approval rule to an empty computer group at the top level WSUS would be a way to get it dynamically?

      Best answer
    • Have you already tried the method you explained above ? I never tested this

Leave an answer

Sorry, you do not have permission to answer to this question .