WSUS on Secondary Site
Generally speaking if everything is OK you install WSUS role with the same setup as your primary site, launch the console once, close it, install SUP from the SCCM and configure it and that’s it. However, sometimes the WSUS breaks and when that happens it is usually a pain to get it back. These are just my two cents.
Good post on SUP installation could be read here.
I would uninstall the WSUS and WID roles, and DELETE any resource used by WSUS. This includes:
- The %ProgramFiles%\Update Services folder
- The ~\WSUS folder tree
- The HKLM\Software\Microsoft\Update Services registry key. – from
Remove-Item HKLM: \Software\Policies\Microsoft\Windows\WindowsUpdate -Recurse
- REBOOT the server and restart the installation.
- Sometimes wsusutil.exe is missing, just create Tools folder in %ProgramFiles%\Update Services, search for it and copy it there – if missing the wsus console will crash when postinstall is launched
- If postinstall fails with Fatal Error: Attempted to perform an unauthorized operation check in IIS manager is WSUS app pool and WSUS Administration site created – if not create them manually and try the post install again. Wsus Administration site is using 8530 for http on server 2012 and port 8531 for https. Check WSUS local folder – Network Service should have Full permissions, thanks to https://doitfixit.com/blog/2016/11/30/wsus-post-installation-failed-attempted-to-perform-an-unauthorized-operation/
- remove KB3159706 and KB3148812 if installed
- Cross your fingers and read the logs….