How to connect to the UKCloud Windows Server Update Services (WSUS)
When you create a virtual machine (VM) running a Windows Server operating system, you need to register it with the UKCloud Windows Server Update Services to receive updates for it.
UKCloud provides Windows updates for server operating systems and SQL.
Before you establish a connection to the update service, you need to ensure your VMs can communicate with the update server, which exists outside your cloud organisation.
This may involve editing the NAT and firewall settings on your edge gateway to allow traffic to traverse out of your virtual data centre (VDC). You'll need to open ports
8530 on your firewall to the update server. For more information on how to do this, see How to create NAT rules and How to create firewall rules.
Configuring Windows update
In this section you'll need to use the appropriate address depending on the location you're targeting.
Open a console to the VM you want to update.
Test connectivity to the update servers by opening an Internet Explorer browser window, then opening a connection to one of the update servers on:
https://wsus.cor.ukcloud.com(Assured OFFICIAL, Corsham)
https://wsus.frn.ukcloud.com(Assured OFFICIAL, Farnborough)
For Elevated OFFICIAL, raise a Service Request via the My Calls section of the Elevated UKCloud Portal to get the appropriate IP address
Ensure that you can resolve this name via DNS or via a host entry you have manually put into your VMs. If you require details on what IP address you need to put into your host file, raise a Service Request via the My Calls section of the UKCloud Portal.
Ensure that you have the full certificate chain installed. If not, you may have to install the certificates into your VM manually.
Links for Root CA and Issuing CA:
For Windows Server 2008:
Select Place all certificates in the following store.
In the Select Certificate Store select the option Show Physical Stores.
Install the certificate into Trusted Root Certification authorities/local PC.
For Windows Server 2012 and 2016:
On the welcome screen of the Certificate import wizard, select Local Machine, then click Next.
Select Place all certificates in the following store, and click Browse.
Select Trusted Root Certification Authorities and click OK.
Click Next and confirm the import settings, then click Finish.
Restart your browser and open a connection to
https://wsus.frn.ukcloud.comor the appropriate Elevated IP address.
Confirm that no certificate warnings appear and that the full certificate chain is present.
In the Group Policy Management Editor, expand and navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
Enable and configure the following settings:
Specify intranet Microsoft update service location — in both boxes enter
https://wsus.frn.ukcloud.comor the appropriate Elevated IP address
Configure Automatic Updates — enter required settings
Enable client-side targeting — enter
clientin the group name field
Open an elevated command prompt and type
Open Windows update and click Check for updates.
Replicating settings to other Windows VMs
To quickly replicate the settings defined above to other Windows VMs in your environment:
Copy the update server record in the host file to the additional VMs.
Export the certificate from the trusted root folder to a file and import it to the additional VMs.
Export the following key from the registry and import it onto the additional VMs:
Restart the Windows update service on the additional VMs.
Another option is to reference these settings in a Group Policy Object if you have Group Policy running in your environment.
These settings will depend on your current setup. The Configure Group Policy Settings for Automatic Updates article from Microsoft provides some useful information.
UKCloud are not responsible for content published on the URLs in the above guide. If you believe the link is broken or is no longer relevant, contact UKCloud Customer Support via the My Calls section of the UKCloud Portal.
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to firstname.lastname@example.org.