Use these procedures to publish a software update or a software update bundle from the Updates workspace. The first procedure describes what you must do to connect to the Windows Server Update Services (WSUS) server and specify a signing certificate. (Following that procedure is information that you need to know if Updates Publisher 2011 is installed on a computer running Windows 2008 Server R2.) The second procedure describes how to publish the software updates from the Updates workspace.
To connect to a WSUS server and specify a signing certificate
-
In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.
-
Click Overview.
-
On the Overview page, click Configure WSUS and Signing Certificate.
Important Always publish to the top-level WSUS server in your Configuration Manager environment so that all child sites have access to the Updates Publisher 2011 updates that you publish. -
Select the Enable publishing to an update server check box for Updates Publisher 2011 to publish software updates.
-
Specify whether the software update server is local or remote.
Click Connect to a local update server if the software update server and the Updates Publisher 2011 console are installed on the same computer.
Important When a custom WSUS website is used for a local update server, and the website is configured to use an HTTP port other than HTTP port 80 or HTTP port 8530, you must select Connect to a remote update server, or the connection to the local update server fails. Click Connect to a remote update server if the update server and the Updates Publisher 2011 console are not on the same computer. Specify the following settings:
- Select the check box Use SSL when
communicating with the update server to use Secure Socket Layer
(SSL) when you connect to the update server. Use this setting only
when the update server is configured to use SSL.
- Specify the NetBIOS name of the updates
server in the Name box.
- Specify the port that you want to use when
connecting to the update server in the Port box. Use the
HTTP port number if SSL is not used, and use the HTTPS port number
if the check box Use SSL when communicating with the update
server is selected. The default HTTP port is 80, and the
default HTTPS port is 443. Check the update server configuration to
verify which port you should use.
- Select the check box Use SSL when
communicating with the update server to use Secure Socket Layer
(SSL) when you connect to the update server. Use this setting only
when the update server is configured to use SSL.
-
Click Test Connection to validate that the update server name and port settings are valid. A message appears that indicates whether the connection succeeded or failed. If the connection failed, verify the server name, port settings, and that the update server is accessible, and then test the connection again.
-
If a digital certificate is not detected for the update server, specify a certificate by clicking one the following buttons:
- Browse: Opens a Browse dialog
box in which you select the certificate file. This option is
available only when Updates Publisher 2011 is local to
the update server or when you used SSL to connect to a remote
update server. Select the certificate, and then click Create
to add the certificate to the WSUS certificate store on the update
server.
- Create: Creates a new certificate, or
uses the certificate that you specified by using Browse, and
adds the certificate to the WSUS certificate store on the update
server. Enter the .pfx file password for certificates that you
selected by using Browse.
- Remove: Removes the certificate from
the WSUS certificate store on the update server. This option is
available only when Updates Publisher 2011 is local to
the update server or when you used SSL to connect to a remote
update server.
Updates Publisher 2011 uses the certificate that is specified here to sign the software updates that are published to the update server. Publishing to the update server fails if the digital certificate specified is not copied to the appropriate certificate stores on the update server, and on the computer running Updates Publisher 2011 if it is remote from the update server. For more information about adding the certificate to the certificate store on the update server, see Managing Security for System Center Updates Publisher 2011.
- Browse: Opens a Browse dialog
box in which you select the certificate file. This option is
available only when Updates Publisher 2011 is local to
the update server or when you used SSL to connect to a remote
update server. Select the certificate, and then click Create
to add the certificate to the WSUS certificate store on the update
server.
Important |
---|
If Updates Publisher 2011 is installed on a computer
running Windows 2008 Server R2, the following requirements must be
met:
|
To publish a software update or software update bundle
-
In the Updates Publisher 2011 console, click Updates. The workspace is displayed at the bottom of the navigation pane in the console.
-
Locate the software updates and bundles that you want to publish by using the following methods:
- Click All software updates to display
all the software updates and bundles in the
Updates Publisher 2011 repository.
- Click a Manufacturer folder to see only those
software updates and bundles that are related to the
manufacturer.
- Click a Product folder to see only those
software updates and bundles that are related to a product of a
manufacturer.
- Use Search to list only those software
updates and bundles that include the search term.
- Click All software updates to display
all the software updates and bundles in the
Updates Publisher 2011 repository.
-
Select the software update or bundle that you want to publish, and then on the Home tab, click Publish.
-
In the Publish Software Updates Wizard, on the Publish Options page, specify how you want to publish the software updates and bundles.
- Click Automatic for
Updates Publisher 2011 to query Configuration Manager
whether the selected software update or bundle is published with
full content or only metadata. In this mode, software updates are
published only when they meet the client request count and package
size thresholds that are specified on the ConfigMgr Server
page of the Options dialog box. Automatic mode is available
only if Configuration Manager Integration is specified in
the Updates Publisher 2011 configurations options. For
information about setting Configuration Manager Integration and
setting thresholds, see Configuration
Manager Server.
- Click Full Content when you are sure
that you want to deploy the software update by using Configuration
Manager. When Full Content is selected,
Updates Publisher 2011 publishes the binary of the
software update and the definition (metadata) of the software
update.
- Click Metadata Only when you only want
to gather compliance information for software updates. When
Metadata Only is selected, Updates Publisher 2011
publishes only the definition of the software update, but does not
publish software update binaries.
Important Software updates that are published as metadata only cannot be used to deploy software packages. Metadata only publications can be used only for scanning purposes.
- Click Automatic for
Updates Publisher 2011 to query Configuration Manager
whether the selected software update or bundle is published with
full content or only metadata. In this mode, software updates are
published only when they meet the client request count and package
size thresholds that are specified on the ConfigMgr Server
page of the Options dialog box. Automatic mode is available
only if Configuration Manager Integration is specified in
the Updates Publisher 2011 configurations options. For
information about setting Configuration Manager Integration and
setting thresholds, see Configuration
Manager Server.
-
To sign published software updates that have not changed but their signing certificate has changed with a new certificate, select the check box Sign all software updates with a new publishing certificate when published software updates have not changed but their certificate has changed.
-
Click Next.
-
On the Summary page, review the items to be published, and then click Next.
-
On the Confirmation page, review what was published, and then click Close to exit the Wizard. Updates Publisher 2011 indicates which software updates were published, if the software update was published with full content or metadata only, if the software update was skipped, and if the software update failed to be published. Links to the Updates Publisher 2011 log file are provided if a software update was skipped or it failed to publish.
Here are some things to remember about publishing software updates:
- Software update bundles are always published
as metadata only because the binaries for the software updates in
the bundles are not published.
- Software updates can be published
individually by using the Updates workspace or as a group by
using the Publications workspace. For information about
publishing in the Publications workspace, see How to Publish Software
Updates Publications.
- After a software update has been published
with specific vendor and product metadata, you cannot publish a
second software update whose vendor name is contains the vendor and
product name of the first software update. For example, if the
first software update has Vendor “A” and product “B”, you cannot
publish a second software update that has a vendor “AB”.