Hi,
Most companies who use Microsoft WSUS Services will hit the time when they will need to move the WSUS service to a new server due to capacity constrain on the old one or just to decomission an old hardware that is out of warrenty & avoid the high maintenance cost. no matter what is the reason is all will need to look for the easiest and most reliable approach to do so. As I just have been through this last week and I had to cut and paste procedure from many places I decided to compile my own and share it on here.
Moving Microsoft WSUS Services to a new one server consist of five major steps as below:
- Step 1: Install WSUS on the new Server just as you would in a new Vanilla Installation check here for reference
- Step 2: Matching Advanced Options on the old WSUS Server & the new WSUS Server
- Step 3: Copying Updates from File System of the old WSUS Server to the new WSUS server
- Step 4: Copying Metadata from Database on the old WSUS Server to the new WSUS Server
- Step 5: Point your Clients to the new WSUS Server.
Below is the details of each step:
Step 1: Install WSUS on the new Server just as you would in Vanilla new Installation check here for reference
Step 2: Matching Advanced Options on the old WSUS Server & the new WSUS Server
Ensure that the advanced synchronization options for express installation files and languages on the old Microsoft Windows Server Update Services server match the settings on the new Windows Server Update Services server following the below steps.
To ensure that advanced synchronization options on the old WSUS server match settings on new WSUS server.
1. In the WSUS console of the old WSUS server, click the Options tab, and then click Advanced in the Update Files and Languages section.
2. In the Advanced Synchronization Settings dialog box, check the status of the settings for Download express installation files and Languages options.
3. In the WSUS console of the new server, click the Options tab, and then click Advanced in the Update Files and Languages section.
4. In the Advanced Synchronization Settings dialog box, make sure the settings for Download express installation files and Languages options match the selections on the old server.
Step 3: Copying Updates from File System of the old WSUS Server to the new WSUS server
Copy updates from the file system of the old WSUS server to the file system of the new WSUS server. These procedures use the Windows Backup or Restore Wizard, but you can use any utility you like. The object is to copy updates from the file system on the old WSUS server to the files system of the new WSUS server.
***Important:
The initial settings for access control lists differ between Windows 2000 Server and Windows Server 2003. If you are copying content from Windows 2000 Server to Windows Server 2003, you have to manually add the Network Service group to the access control list for the folder where updates are stored. Give the Network Service group Full Control.
To back up updates from file system of old WSUS server to a file:
1. On your old WSUS server, click Start, and then click Run
2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.
3. Click the Backup tab, and then specify the folder where updates are stored on the old WSUS server. By default, WSUS stores updates at WSUSInstallationDrive:\WSUS\WSUSContent\.
4. In Backup media or file name, type a path and file name for the backup (.bkf) file.
5. Click Start Backup. The Backup Job Information dialog box appears.
6. Click Advanced. Under Backup Type, click Incremental.
7. From the Backup Job Information dialog box, click Start Backup to start the backup operation.
8. Move the backup file you just created to the new WSUS server.
To restore updates from a file to the file system of the new server
1. On your new WSUS server, click Start, and then click Run.
2. In the Run dialog box, type ntbackup. The Backup or Restore Wizard starts by default, unless it is disabled. You can use this wizard or click the link to work in Advanced Mode and use the following steps.
3. Click the Restore and Manage Media tab, and select the backup file you created on the old WSUS server. If the file does not appear, right-click File, and then click Catalog File to add the location of the file.
4. In Restore files to, click Alternate location. This option preserves the folder structure of the updates; all folders and subfolders will appear in the folder you designate. You must maintain the directory structure for all folders under \WSUSContent.
5. Under Alternate location, specify the folder where updates are stored on the new WSUS server. By default, WSUS stores updates at WSUSInstallationDrive:\WSUS\WSUSContent\. Updates must appear in the folder on the new WSUS server designated to hold updates; this is typically done during installation.
6. Click Start Restore. When the Confirm Restore dialog box appears, click OK to start the restore operation.
Step 4: Copying Metadata from Database on the old WSUS Server to the new WSUS Server
Export update metadata from the database on the old WSUS server, and import it into the database on the new WSUS server. The WSUS Setup program copies WSUSutil.exe to the file system of the WSUS server during installation. You must be a member of the local Administrators group on the WSUS server to export or import metadata; both operations can only be run from the WSUS server itself.
Important:
Never import exported data from a source that you do not trust. Importing content from a source you do not trust might compromise the security of your WSUS server.
Note:
During the import or export process, the Update Service, the Windows NT service that underpins the WSUS application, is shut down.
To export metadata from the database of the old Microsoft Windows Server Update Services Server
1. At the command prompt on the old Microsoft Windows Server Update Services Server server, navigate to the folder that contains WSUSutil.exe.
2. Type the following:
wsusutil.exe export packagename logfile
For example:
wsusutil.exe export export.cab export.log
That is, WSUSutil.exe followed by the export command, the name of an export .cab file, a space, and the name of a log file.
The package (.cab file) and log file name must be unique. WSUSutil.exe creates these two files as it exports metadata from the WSUS database.
3. Move the export package you just created to the new Microsoft Windows Server Update Services Server.
To import metadata to the database of the new Microsoft Windows Server Update Services Server.
Note:
It can take from 3 to 4 hours for the database to validate content that has just been imported. Please be patient.
1. At the command prompt on the new WSUS server, navigate to the directory that contains WSUSutil.exe.
2. Type the following:
wsusutil.exe import packagename logfile
For example:
wsusutil.exe import export.cab import.log
That is, WSUSutil.exe followed by the import command, the name of export .cab file created during the export operation, a space, and the name of a log file.
WSUSutil.exe imports the metadata from the old WSUS server and creates a log file of the operation.
Step 5: Point your Clients to the new WSUS Server.
Are not you glad its over??? I was when I finished mine 🙂 I bet its about time to GO HOME !!!!!
Thank you very much for this great post! This was a great help for me while putting up a new VMWare virtualized WSUS server in order to take down the physical server.
Thanks again,
Robin
Appreciate you post. Friends send me a link. It’s very interesting. Subscribed on RSS! Will come soon!
Thanks for your long hours doing this and documenting it for everyone. Just a quick question: Are the Approvals also kept? In another article somewhere else they said when they moved wsus, they had to manually do the approvals again.
Thanks!
Hi Alen,
I had followed this guide few weeks back. I was happy with the fact that I did not have to re approve all updates as the other guided on the internet mentioned. Though I still recommend you try it out in a testing environment before doing it in production. When testing try to match your production environment as much as possible, to make sure your environment migration go smooth you have to test it for exceptions.
I hope I helped and I should be thankful for this Guide.
Enjoy,
Virtualization Guru
http://www.virtualizaitonteam.com
Hi Virtualization Guru,
Thanks for your reply, it sounds great and I will follow these steps. Thanks again for this blog and taking the time to help others!
Why do you do an incremental backup instead of a full of the content directory?
After the import is complete via
wsusutil.exe export export.cab export.log
should the computer groups and approvals be shown or does the 3-4 hours to verify start after the import? Only the import takes about 1 hour.
I did this process two times but no updates are approved on new WSUS! Everything is Not Approved!
Now I need to click and click and click to approve one by one 🙁
Sorry to say this was not a method that worked for me. None of the approvals came accross – ok, probably didn’t hurt to recheck them. 4000 later it looked good but the status of stations did not come accross either, next several stations failed to connect. Logs showed a connection error that pointed to many possibillities – IIS, folder security, etc. We were going from 2003 32bit 3.0sp1 to 2008 (IIS7) 64bit 3.0sp1. After much tinkering I uninstalled and followed these instructions instead-
http://www.capslockassassin.com/2008/09/22/how-to-move-wsus-30-to-a-new-server/
Not to say it’s a better method but if anyone gets stuck as I did it’s an alternate.
Too bad MS can’t offer decent instructions on this.
Hi Lukas,
I am sorry, but this approach was meant to move between WSUS running on 2000 & 2003. I had not have a chance yet to test it for moving to WSUS 2008. Thanks for giving a link for working method for WSUS 2008. I am sure people will find it useful.
ENjoy,
themsblogger
Pingback: WSUS Question - Tech Support Forums - TechIMO.com
We are but men. Arise O Lord. Amen