This post is a step by step guide to install and configure System Center updates publisher. Also referred as SCUP or updates publisher. System Center Updates Publisher (SCUP) is a tool that enables us to import third party software update catalogues. It also allows to create and modify software update definitions. You can then export update definitions to catalogs and publish software updates information to a configured WSUS server. Once you export the updates, you can synchronize these custom updates with Configuration Manager. The updates are then ready for deployment to computers and servers in the organization.
So what is this System Center Updates Publisher Preview tool ?. SCUP preview tool was announced in June 2017. You can consider SCUP as a third party patching solution for Configuration Manager. The SCUP preview adds support for modern OS such as Windows 10 and Windows Server 2016. The look and functionality is almost similar to SCUP 2011. Therefore if you have worked on SCUP 2011, you will not see much difference while working with SCUP preview.
Download the SCUP UpdatesPublisher.msi. You will notice that this is a SCUP Preview 1 version 18.104.22.168. Copy it to the server on which you intend to install SCUP preview. Before that check the prerequisites for updates publisher.
Install and Configure System Center Updates Publisher Preview
The steps to install System Center Updates Publisher are very simple. Configuring SCUP preview is something that we will go through in detail. We will be covering both installation and configuration in the same post. The below steps are performed on my primary site server running SCCM 1802 tech preview. Run UpdatesPublisher.msi and click Next.
Configure System Center Updates Publisher Preview
We will now look at steps to configure system center updates publisher preview. There are many options and we will go through each one of them. Click on drop down at top left and click Options.
The first option on left pane is Update Server. Check the box to enable publishing to an update server. You have to configure update server to use for publishing. You see two options here and they are self explanatory.
- Connect to a local update server
- Connect to a remote update server.
In my case SCCM and WSUS are installed and running on same server. So I have selected the first option. Now click Test Connection button.
Create Signing Certificate for SCUP
Let’s create a signing certificate by clicking Create button. You will notice that once you click Create button, there is a certificate created. In addition this is a self signed certificate and we need this cert to be imported into cert stores.
Let’s look at the certificate location. Launch mmc and load certificates snap-in. Under certificates (Local Computer), expand WSUS at bottom and under certificates you will find WSUS Publishers Self-Signed certificate. Double click certificate to see more details.
Exporting Self Signed Certificate for SCUP
This self signed certificate must be imported to Trusted Publishers store and Trusted Root Certification Authorities store. Let’s export the certificate first. Right click certificate and click All Tasks > Export.
There is no option to export private key, click Next.
Select DER encoded binary X.509 format and click Next.
Click Browse and save the certificate with some name. Click Next.
Hit Finish to close the export wizard.
Using the same steps listed above, import certificate to Trusted Publishers store. Expand Trusted Publishers, right click Certificates > All Tasks > Import.
Select the certificate and click Next.
When you now click Test Connection, it shows the connection test was successful. It also tells you to add signing certificate to both Trusted Publishers and Trusted Root Certification Authorities store. This is what we did in the above steps so let’s proceed with next steps.
On the left pane click ConfigMgr Server. Check the box “Enable Configuration Manager integration. Again there are two options
- Connect to a local Configuration Manager server.
- Connect to a remote Configuration Manager server.
Click Test Connection. Now see you see a box which confirms whether test was successful or not. Click OK.
In this section you will see some certificates as you work with updates. Catalogs or update installation files signed with certificates below will be automatically accepted. For now you won’t see anything here, probably you might later see more certs in this space.
Furthermore under Updates there are two options.
- Automatically check for available updates at startup.
- Include preview builds when checking for updates.
Logging in SCUP provides options to configure max log size. Updates Publisher logs basic information about Updates Publisher to <path>\Windows\Temp\UpdatesPublisher.log. It’s more of allowing detailed logging. Click OK if you have completed configuring all the options.