Sunday, June 21, 2015

SCUP 2011 / SCCM 2012 SP1 Step by Step Guide Part 16: Software Updates (Non-Microsoft)


SCUP 2011 / SCCM 2012 SP1 Step by Step Guide Part 16: Software Updates (Non-Microsoft)


Part 15 describes the process of configuring a Microsoft Software Update solution. Part 16 now extends the solution to include Non-Microsoft updates using System Center Updates Publisher 2011 (SCUP 2011). I will be concentrating on Adobe updates for the purposes of demonstration.

I wish to acknowledge that I learned how to deploy SCUP by following this excellent guide by Kent Agerlund.

http://blog.coretech.dk/kea/the-complete-scup-2011-installation-and-configuration-guide/

Download SCUP 2011 here and save to a folder on your Config Mgr server

SystemCenterUpdatesPublisher.msi


1. SCUP Installation
2. SCUP Configuration - Integration with WSUS and Config Mgr
3. Certificates
4. GPO
5. Config Mgr package to distribute certificate
6. SCUP Configuration - Publish Updates


1. SCUP Installation

Open a command prompt as Administrator and run the command


The SCUP 2011 installation wizard starts


Click Next to continue


Ignore this as we are using a later version of WSUS. Click Next to continue through the wizard.






SCUP 2011 has now installed. See the console.



2. SCUP Configuration - Integration with WSUS and Config Mgr

Click Options on the SCUP console ribbon

Update Server: Click to "enable publishing to an update server" and Test Connection




Test is successful but we are informed that we have no signing certificate. Click to Create one.



See Certificate



Select the ConfigMgr tab



Enable Configuration Manager integration, choose whether your server is local or remote and Test Connection.



3. Certificates

Open Certificates Console

Type mmc and Add Certificate snap-in



Choose Computer Account



Choose Local Computer





Click OK



See WSUS Publishers Self-Signed Certificate that we created earlier.

Copy and Paste the certificate into Trusted Root Certification Authorities/Certificates and Trusted Publishers/Certificates.




Now we will export the certificate to use in a Config Mgr package (to deploy the certificate to the estate of computers).



Right Click the certificate and choose to Export




Choose "No, do not export the private key".



Choose DER encoded binary X.509



Choose a path for the .cer file



Finish the wizard


OK

4. GPO

Create GPO to "Allow signed updates from an intranet Microsoft update service location"




Right click required OU and "Create GPO, link it here"



Name the object



Edit the object




Computer Configuration, Administrative Templates, Windows Components, Windows Update

Enable "Allow signed updates from an intranet Microsoft update service location"




5. Config Mgr package to distribute certificate

Copy the following to a folder

yourcert.cer (mine is scupcert.cer)
certadm.dll
certutil.exe



You can find certadm.dll and certutil.exe in SysWOW64 folder




Create Config Mgr package










Create a Program to add the cert to the local Root store






certutil.exe -addstore Root scupcert.cer




Create a Program to add the cert to the Trusted Publisher store




certutil.exe -addstore TrustedPublisher scupcert.cer 


Configure to run "Add SCUP cert to local Root store" first




Distribute the package to your DPs

Deploy the package to your computers collection (I have chosen a test collection)













6. SCUP Configuration - Publish Updates

Open SCUP console. Select Catalogs tab/ Add Catalogs




Select the Adobe Catalogs and Add





Select the Updates tab and click Import




This starts the Import Software Updates Catalog wizard



Choose all the Adobe Catalogs and click Next




Click Next to continue and accept all the Security Warnings






Close the Wizard




See the Software Updates that have been imported. Highlight the updates you need, right click and choose Assign. This starts the Assign Updates Wizard




Choose "Full Content" and create a new publication. You can add multiple updates to a publication. Click OK to create the publication

Navigate to the Publication tab and select your publication





Select Publish to start the Publish Software Updates Wizard






On Summary page click Next to commence publishing



Verify progress




Wizard is complete



Verify update download and publishing via SCUP,log (log can be found in user profile - see path in screenshot)





Confirmation that updates have been published

Configure Config Mgr Software Update Point for Adobe Products






Verify synchronization via WSYNCMGR.log



See Adobe Updates in Config Mgr. They can now be deployed in the same way as the Microsoft Updates.

  1. Note: 
    This guide is really helpful. I did have to do an additional step as I'm running Server 2012 R2. I had to edit the registry following the instructions found here: http://blogs.technet.com/b/wsus/archive/2013/08/15/wsus-no-longer-issues-self-signed-certificates.aspx . Without doing the fix I wasn't able to create the certificate during the SCUP setup. Other than that I was able to get the updates working following the guide.
Courtesy : http://gerryhampsoncm.blogspot.in

No comments:

Post a Comment