Hi,
Do you have configured the boundary groups related to the DMZ subnets with your internal SUP ? Make sure also that the 8530 & 8531 ports are allowed between your DMZ clients and the Software Update Point.
Regards,
Youssef
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Good Afternoon,
I allow myself to pose my problem here. Here I have 1 MP and 4 DP, one of the DP is in a DMZ. The problem is that all my client workstations in the DMZ are getting application packages but not receiving Windows security updates. My Wsus Server is not in the DMZ. I had already configured the software update point on my DP DMZ. despite this, client workstations in DMZ do not receive updates. I see nothing blocked on my Stormshiel firewall. Do you know what escapes me?
Thank you for your help.
Hi,
Do you have configured the boundary groups related to the DMZ subnets with your internal SUP ? Make sure also that the 8530 & 8531 ports are allowed between your DMZ clients and the Software Update Point.
Regards,
Youssef
First, the boundary groups need to configured correctly as noted by @YoussefSaad-6209 so that the clients map to the proper SUP.
Next, Clients don't change SUPs unless they fail to access their current SUP three times. Failure in this case equates to a limited set of result codes. Not being able to connect because of a firewall restriction does in not included though.
Finally, have you reviewed the client logs? wuahandler.log is always the place to start with software updates and for site role location issues, review locationservices.log.
Hi,
Thanks for posting in TechNet.
Agree with Jason and YoussefSaad, we could check if the boundary group is set correctly. Here is the article about configuring boundary group:
https://video2.skills-academy.com/en-us/mem/configmgr/core/servers/deploy/configure/boundary-groups#bkmk_sup
In addition to the logs mentioned by Jason, the client could not receive update, kindly check policyagent.log to see if the policy is received.
Thanks for your time.