step by step how to installing & configuring WSUS in Windows Server 2012 R2.

Step by Step : Installing & Configuring WSUS in Server 2012 R2

step by step on how to installing & configuring WSUS in Windows Server 2012 R2.

But as usual, before we start, let me explain a little bit about WSUS (Windows Server Update Services).

What Is WSUS?

WSUS is a server role included in the Windows Server 2012 R2 OS, and that downloads and distributes updates to Windows clients and servers.

WSUS can obtain updates that are applicable to the OS and common Microsoft applications such as Microsoft Office and Microsoft SQL Server.

In the simplest configuration, a small organization can have a single WSUS server that downloads updates from Microsoft Update.

The WSUS server then distributes the updates to computers that are configured to obtain automatic updates from the WSUS server. You must approve the updates before clients can download them.

For more info about WSUS, please browse to http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx, and for those who will be joining my Win Svr 2012 R2 class this coming months, not to worries because WSUS will be available as our Hands-On Lab. :-)

Orait, for those who following my blog, you should know know that I had my own small infrastructure built on Windows Server 2012 R2 and my client which is Windows 8.

So for this WSUS demo, I will be using my Domain Server which is DC01.comsys.local and my client Surface01.comsys.local.

So, once you confirm that your WSUS Server having internet connection, lets proceed with the WSUS installation Process.

1 – On your Server, open Server Manager, on the Dashboard, click Add Roles and Features then click next 3 times till you get Select server roles box, in Select server roles box, select the Windows Server Update Services (In the pop-up window, click Add Features)… then click Next…

2 – On the Select features box, click Next…

3 – On the Windows Server Update Services box, click Next…

4 – On the Select role services box, verify that both WID Database and WSUS Services are selected, and then click Next…

5 – On the Content location selection box, type C:\Comsys WSUS, and then click Next…

6 – On the Web Server Role (IIS) box, click Next…

7 – On the Select role services box, click Next…

8 – On the Confirm installation selections box, click Install…

9 – When the installation completes, click Close…

10 – Open Windows Server Update Services console, in the Complete WSUS Installation window, click Run, and wait for the task to complete then click Close…

We had successfully installed WSUS on DC01.comsys.local now, our next task is to configure WSUS to synchronize with Windows Updates…

11 – In the Windows Server Update Services Configuration Wizard window, on the Before You Begin, click Next to proceed…

12 – On the Join the Microsoft Update Improvement Program, just click Next…

13 – On the Choose Upstream Server box, click the Synchronize from Microsoft Update option and then click Next…

14 – On the Specify Proxy Server box, click Next…

15 – On the Connect to Upstream Server box, click Start Connecting. Wait for the Windows Update to be applied, and then click Next…

16 – On the Choose Languages box, click Next…

17 – On the Choose Products box, I choose Windows 8 and Windows Server 2012 R2 (you can use any Updates follow by you existing application), and click Next…

18 – On the Choose Classifications box, I choose Critical Updates (you can choose all updates classification if you require and your internet is fast) click Next…

19 – On the Set Sync Schedule box, I choose Synchronize manually, then click Next…

20 – On the Finished box, click the Begin initial synchronization option, and then click Finish…

21 – In the Windows Server Update Services console, in the navigation pane, double-click DC01, and please spend few minutes to reviews what you had on the WSUS consoles and the information…

** If you notice in my WSUS Server, WSUS is synchronizing update information, this might take few minutes…

** If everything goes well, on the synchronization status you can see that Status is Idle and the Last Synchronization result: Succeeded… 

22 – Next, let’s add Computer Group to WSUS, this method is to make sure that any computer listed in the Computer Group will get the Updates from WSUS Server…

On the WSUS console, click Options and then double click Computers…

23 – In the Computers dialog box, select Use Group Policy or registry settings on computers then click OK…

** I choose Use Group Policy because I wanted all my Clients getting windows updates by GPO…

24 – Next, click All Computers, and then, in the Actions pane, click Add Computer Group…

25 – In the Add Computer Group dialog box, in the Name text box, type Comsystem Laptop, and then click Add…

26 – Once you successfully add a New Computer Group to WSUS, now we need tocreate new GPO and configure it so that all our clients will be effected by this GPO to get the Windows Updates…

** On the Domain Server, open Group Policy Management,  right click Comsystem Laptop and then click Create a GPO in this domain, and Link it here…

27 – In the New GPO dialog box, type WSUS Comsystem Laptop ,and then click OK…

28 – Next, right-click WSUS Comsystem Laptop, and then click Edit…

29 – Next, in the Group Policy Management Editor, under Computer Configuration, double-click Policies, double-click Administrative Templates, double-click Windows Components, and then click Windows Update…

30 – Next, in the Setting pane, double-click Configure Automatic Updates, and then click the Enabled option, under Options, in the Configure automatic updating field, click and select 3 – Auto download and notify for install, and then click OK…

31 – In the Setting pane, double-click Specify intranet Microsoft update service location, and then click the Enabled option, then in the Set the intranet update service for detecting updates and the Set the intranet statistics server text boxes, type http://WsusServer:8530, and then click OK…

32 – In the Setting pane, double click Enable client-side targeting, in the Enable client-side targeting dialog box, click the Enabled option, in the Target group name for this computer text box, type Comsystem Laptop, and then click OK…

33 – Next, let’s log in to our client PC as domain administrator and verify that our client is receiving the GPO by typing gpresult /r in the command prompt, In the output of the command, confirm that, under COMPUTER SETTINGS, WSUS Comsystem Laptop is listed under Applied Group Policy Objects…

34 – Next, we need to Initialize the Windows Update by typing Wuauclt.exe/reportnow /detectnow in the cmd…

35 – Next, we need to Approve and at the same time deploy an Update to our client PC…

in WSUS console, under Updates, click Critical Updates, right click any updates you prefer for your client PC and then click Approve…

36 – In the Approve Updates window, in the Comsystem Laptop drop-down list box, select Approved for Install…

37 – Next, Click OK and then click Close…

38 – Now, to deploy the selected updates, on the Client PC, in the cmd type Wuauclt.exe /detectnow…

39 – before you confirm the client can receive the update from the WSUS Server,return to WSUS Server and the on the WSUS console, on the Download Status, verify that the necessary / selected updates is finish downloading…

40 – Next, Click Critical Updates, an the right panes, verify that few updates is stated 100%…

41 – Now return to Client PC and open Windows Update from Control Panel, you should notice update available for your client PC and you can proceed with installation…

INTERVIEW Microsoft SYSTEM ADMIN

Main responsibilities performed by a system administrator are:

• * Active Directory management (adding and configuring new workstations and setting up user accounts to provide authorizations)
• * Installing and updating system software
• * OS patching/upgrades
• * Preventing the spread of viruses and malicious programs
• * Allocating mass storage space
• * Reviewing system logs
• * System security management
• * Creating a backup and recovery policy
• * Performance monitoring and optimization

Before facing any interview for a system administrator position, make sure that you have enough knowledge on these technologies:

Basic Network Concepts:

• * Data communication and transmission techniques
• * Fundamentals of OSI and TCP/IP model
• * IP address classes
• * IP subnetting
• * IPv6 fundamentals
• * Basics of switching

Microsoft Server Functionalities:

• * Active Directory Domain Controller (Read only DC , Child DC)
• * Active Directory Domain Services
• * DHCP Server
• * DNS
• * File and print server
• * Database storage server
• * Windows Deployment Services (WDS)
• * Group Policy management
• * Registry management
• * Hyper V
• * Schedule tasks (Backup, AD DS Backup)
• * High Availability Features (Failover Clustering, Network Load Balancing)

Top Interview Questions for a System Administrator (Microsoft) Position:

All of the questions below are very common and must be prepared for before facing any interview for a System-Server Administrator position.

Q: What is Active Directory?

A: Active Directory provides a centralised control for network administration and security. Server computers configured with Active Directory are known as domain controllers. Active Directory stores all information and settings for a deployment in a central database, and allows administrators to assign policies and deploy and update software.

Q: What is a Domain?

A: A domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory database. A tree can have multiple domains.

Q: What is Domain Controller?

A: A domain controller (DC) or network domain controller is a Windows-based computer system that is used for storing user account data in a central database. It is the centrepiece of the Windows Active Directory service that authenticates users, stores user account information and enforces security policy for a Windows domain.

A domain controller allows system administrators to grant or deny users access to system resources, such as printers, documents, folders, network locations, etc., via a single username and password.

Q: What is Group Policy?

A: Group Policy allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).

Q: What are GPOs (Group Policy Objects)?

A: A Group Policy Object (GPO) is a collection of settings that control the working environment of user accounts and computer accounts. GPOs define registry-based policies, security options, software installation and maintenance options, script options, and folder redirection options.

There are two kinds of Group Policy objects:

• * Local Group Policy objects are stored on individual computers.
• * Nonlocal Group Policy objects, which are stored on a domain controller, are available only in an Active Directory environment.

Q: What is LDAP?

A: LDAP (Light-Weight Directory Access Protocol) determines how an object in an Active Directory should be named. LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv2 and LDAPv3.

Q: Where is the AD database stored?

A: The AD database is stored in C:\Windows\NTDS\NTDS.DIT.

Q: What is the SYSVOL folder?

A: The SYSVOL folder stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain.
All AD databases are stored in a SYSVOL folder and it’s only created in an NTFS partition. The Active Directory Database is stored in the %SYSTEM ROOT%NDTS folder.

Q: What is Garbage collection?

A: Garbage collection is the online defragmentation of the Active Directory which happens every 12 hours.

Q: When do we use WDS?

A: Windows Deployment Services is a server role used to deploy Windows operating systems remotely. WDS is mainly used for network-based OS installations to set up new computers.

Q: What is DNS and which port number is used by DNS?

A: The Domain Name System (DNS) is used to resolve human-readable hostnames like www.intenseschool.com into machine-readable IP addresses like 69.143.201.22.

DNS servers use UDP port 53 but DNS queries can also use TCP port 53 if the former is not accepted.

Q: What are main Email Servers and which are their ports?

A: Email servers can be of two types:

Incoming Mail Server (POP3, IMAP, HTTP)

The incoming mail server is the server associated with an email address account. There cannot be more than one incoming mail server for an email account. In order to download your emails, you must have the correct settings configured in your email client program.

Outgoing Mail Server (SMTP)

Most outgoing mail servers use SMTP (Simple Mail Transfer Protocol) for sending emails. The outgoing mail server can belong to your ISP or to the server where you setup your email account.

The main email ports are:

• * POP3 – port 110
• * IMAP – port 143
• * SMTP – port 25
• * HTTP – port 80
• * Secure SMTP (SSMTP) – port 465
• * Secure IMAP (IMAP4-SSL) – port 585
• * IMAP4 over SSL (IMAPS) – port 993
• * Secure POP3 (SSL-POP) – port 995

Q: What do Forests, Trees, and Domains mean?

A: Forests, trees, and domains are the logical divisions in an Active Directory network.

A domain is defined as a logical group of network objects (computers, users, devices) that share the same active directory database.

A tree is a collection of one or more domains and domain trees in a contiguous namespace linked in a transitive trust hierarchy.

At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.

Q: Why do we use DHCP?

A: Dynamic Host Configuration Protocol assigns dynamic IP addresses to network devices allowing them to have a different IP address each time they are connected to the network.

Q: What are Lingering Objects?

A: A lingering object is a deleted AD object that still remains on the restored domain controller in its local copy of Active Directory. They can occur when changes are made to directories after system backups are created.

When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old. This can happen if, after the backup was made, the object was deleted on another DC more than 180 days ago.

Q: How can we remove Lingering Objects?

A: Windows Server 2003 and 2008 have the ability to manually remove lingering objects using the console utility command REPADMIN.EXE.

Q: Why should you not restore a DC that was backed up 6 months ago?

A: When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old. If you attempt to restore a backup that is expired, you may face problems due to lingering objects.

Q: How do you backup AD?

A: Backing up Active Directory is essential to maintain the proper health of the AD database.

Windows Server 2003

You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003 or use any 3rd-party tool that supports this feature.

Windows Server 2008

In Server 2008, there isn’t an option to backup the System State data through the normal backup utility. We need to use the command line to backup Active Directory.

1. Open up your command prompt by clicking Start, typing “cmd” and then hit Enter.

2. In your command prompt, type “wbadmin start systemstatebackup -backuptarget:e:” and press Enter.

User is already logged in, PRIMAVERA ERROR SQL Database

User is already logged in PMDB Databse (SQL Server)

Type this Query in the database

SELECT us.actual_name, dbo.USESSION.*  
FROM dbo.USERS AS us 
     LEFT JOIN dbo.USESSION ON us.user_id = dbo.USESSION.user_id 
WHERE user_name = 'your_login_name'

Delete the Session 

You might be able to reset the login with a delete on this session.

DELETE FROM dbo.USESSION where session_id =