Couple months back I was assigned a task to migrate our WSUS server which was running under W2k3 R2 to W2k12 R2. The existing WSUS server was 10+ years old and actually was installed in a Domain Controller (Don’t laugh at me. I didn’t do that). The challenge I had to face was migrate all the content along with approved updates. To be exact I worked on this for 4 days following every article I could find but each time I failed at approvals. Finally it was just a simple task (I was a fool to not look at TechNet) described as in here.
I’m gonna describe how I did it (just the facts, cut the crap)
Migrate WSUS update binaries
- Before starting the work, I stopped WSUS service and the synchronization schedule in the existing server.
- Installed WSUS role on the new server. At the end of the configuration wizard I’ve left the configuration for later. This is a must.
- Then created a NT Backup task to the entire WSUS Backup content folder (in my case this was 97 GB+)
- As Windows Server 2008 onwards NT Backup is retired, I copied the NT Backup binaries from a W2k3 server and copied it to the 2012 server. It works just fine and from there I imported the backup to the new WSUS location.
Migrate WSUS security groups
I didn’t do anything specific in this step. All the users, groups and security permissions were exact same in my new setup. If you are not certain go ahead and double check as described here.
Back up the WSUS database
This is the most important step. I’m not gonna fill all the details but you can see how to do it here. Remember you need to install SQL Server 2012 Management Studio in your new server as 2005 version is not supported in 2012. This is required for WSUS database import.
- After completing the WSUS database migration, open up WSUS console in the new server. You may notice that approved updates along with rest (yes 97 GB+) are there.
- Configure the new WSUS server with exact same configuration (products, classifications, automatic approvals, sync schedule etc… ). Most of the items are already there as we imported the WSUS database but make sure everything is same.
- In my organization, we had group policy in place to define the WSUS server. I just had to change the host name to the new one.
- Start a manual synchronization in the new server. Once it is finished make sure that the sync is Succeeded.
- As you have change the WSUS server in the domain group policy, you may need to log off and log in to client computers or run a gpupdate /force. Alternatively follow the step in the TechNet article to manually detect a client computer.
At the end of the day I saved a huge amount bandwidth for my company with a minimum downtime. So now you can stop worrying about downloading everything from the beginning if you are planning to migrate your WSUS setup to Server 2012 R2.
Watch below video from MVA featuring Andrew McMurry on how to perform this.