This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 78%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
I'm managing an Endpoint Manager Current Branch (2002) environment. I had everything setup so that clients could get updates while on the internal network/VPN. With COVID and work-from-home, my company asked me to setup an external SUP so that users don't have to connect to VPN to get updates.
I setup an external server on our DMZ and confirmed clients could communicate with it over SSL / WSUS port 8531. However, when I added the WSUS feature to the server, I failed to point the update content location to the shared path on the primary SUP server. This ran for a little while until I noticed clients complaining about SOAP issues and getting 0x80244010, 0x80244007, & 0x8023300d (on different endpoints) errors.
After noting my mistake on the external server, I ran WSUSUTIL.EXE movecontent \\primarysup\wsus -skipcopy and the output said it was successful. I've verified my SQL Server 2012 database is showing the correct path by running Select LocalContentCacheLocation from tbConfigurationB. However, my clients are still reporting the above errors and are basically pounding my primary SCCM server with requests causing high CPU usage.
Is there a step I'm missing to fix the endpoints? Or did I hose my database and need to uninstall and re-install SUP roles on all servers?
Thanks for your posting.
This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.
Hi @Charlie Dobson ,
-->However, when I added the WSUS feature to the server, I failed to point the update content location to the shared path on the primary SUP server.
It seems that we could install the secondary SUP on the SCCM console instead of adding the WSUS feature to the server.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
--> It seems that we could install the secondary SUP on the SCCM console instead of adding the WSUS feature to the server.
The documentation I've found online states you must install the WSUS feature to the server before installing the SUP role via the console. Is that not the case anymore? Are you saying I should uninstall SUP & WSUS and start over?
Hi,
Yes, we could install the WSUS feature to the server before installing the SUP role via the console. We could use checkhealth to check if the health of the WSUS serve, and results will appear in the Application Event log. If there is no error in Application Event log, the error which reported on the side of client may not be related to WSUS.
Here is the article about checkhealth:
https://video2.skills-academy.com/zh-cn/security-updates/windowsupdateservices/18126034
I ended up removing and re-installing WSUS & SUP on my IBCM server with the corrected settings. Everything seems to be working fine now as best I can tell.
Hi,
Thank you very much for the update and we're glad the problem is solved now. If you have any questions in future, we warmly welcome you to post in this forum again.
Have a nice day!
Regards,
Amanda