Install and Configure System Center Updates Publisher
This post is a step by step guide to install and configure System Center updates publisher. Also referred as SCUP or updates publisher. System Center Updates Publisher (SCUP) is a tool that enables us to import third party software update catalogues. It also allows to create and modify software update definitions. You can then export update definitions to catalogs and publish software updates information to a configured WSUS server. Once you export the updates, you can synchronize these custom updates with Configuration Manager. The updates are then ready for deployment to computers and servers in the organization.
So what is this System Center Updates Publisher Preview tool ?. SCUP preview tool was announced in June 2017. You can consider SCUP as a third party patching solution for Configuration Manager. The SCUP preview adds support for modern OS such as Windows 10 and Windows Server 2016. The look and functionality is almost similar to SCUP 2011. Therefore if you have worked on SCUP 2011, you will not see much difference while working with SCUP preview.
Download the SCUP UpdatesPublisher.msi. You will notice that this is a SCUP Preview 1 version 6.0.191.0. Copy it to the server on which you intend to install SCUP preview. Before that check the prerequisites for updates publisher.
Install and Configure System Center Updates Publisher Preview
The steps to install System Center Updates Publisher are very simple. Configuring SCUP preview is something that we will go through in detail. We will be covering both installation and configuration in the same post. The below steps are performed on my primary site server running SCCM 1802 tech preview. Run UpdatesPublisher.msi and click Next.
That’s the default installation location. Click Next.
The installation steps are simple. Click Finish to close the setup wizard.
You should find Updates Publisher (PREVIEW) in recently installed applications. Launch Updates Publisher tool.
Click OK to accept license terms. This appears only once when you launch tool for first time.
Configure System Center Updates Publisher Preview
We will now look at steps to configure system center updates publisher preview. There are many options and we will go through each one of them. Click on drop down at top left and click Options.
The first option on left pane is Update Server. Check the box to enable publishing to an update server. You have to configure update server to use for publishing. You see two options here and they are self explanatory.
- Connect to a local update server
- Connect to a remote update server.
In my case SCCM and WSUS are installed and running on same server. So I have selected the first option. Now click Test Connection button.
Notice that test connection succeeded. However it says no signing certificate was detected for update server. Without registering signing certificate, you cannot publish content to update server.
Create Signing Certificate for SCUP
Let’s create a signing certificate by clicking Create button. You will notice that once you click Create button, there is a certificate created. In addition this is a self signed certificate and we need this cert to be imported into cert stores.
Let’s look at the certificate location. Launch mmc and load certificates snap-in. Under certificates (Local Computer), expand WSUS at bottom and under certificates you will find WSUS Publishers Self-Signed certificate. Double click certificate to see more details.
Exporting Self Signed Certificate for SCUP
This self signed certificate must be imported to Trusted Publishers store and Trusted Root Certification Authorities store. Let’s export the certificate first. Right click certificate and click All Tasks > Export.
If you are familiar with certificate export wizard, you can proceed quickly here. Click Next.
There is no option to export private key, click Next.
Select DER encoded binary X.509 format and click Next.
Click Browse and save the certificate with some name. Click Next.
Hit Finish to close the export wizard.
We will now import self signed Certificate to Trusted Root Certification Authorities. Expand Trusted Root Certification Authorities. Right click Certificates > All Tasks > Import.
On Certificate Import Wizard page, click Next.
Click Browse and select the cert to import. Click Next.
The certificate is stored in Trusted Root Certification Authorities store. Click Next.
The certificate has been imported, click Finish.
Using the same steps listed above, import certificate to Trusted Publishers store. Expand Trusted Publishers, right click Certificates > All Tasks > Import.
Select the certificate and click Next.
To confirm check if the cert is now visible in both stores. If Yes, proceed to next step.
When you now click Test Connection, it shows the connection test was successful. It also tells you to add signing certificate to both Trusted Publishers and Trusted Root Certification Authorities store. This is what we did in the above steps so let’s proceed with next steps.
Integrating SCUP and Configuration Manager
On the left pane click ConfigMgr Server. Check the box “Enable Configuration Manager integration. Again there are two options
- Connect to a local Configuration Manager server.
- Connect to a remote Configuration Manager server.
Click Test Connection. Now see you see a box which confirms whether test was successful or not. Click OK.
Under Proxy Settings, you can specify proxy server details. If you aren’t using any, leave it as it is.
In this section you will see some certificates as you work with updates. Catalogs or update installation files signed with certificates below will be automatically accepted. For now you won’t see anything here, probably you might later see more certs in this space.
In the Advanced menu, it is now possible to change the database location directly. Another good feature which was not possible in SCUP 2011.
Furthermore under Updates there are two options.
- Automatically check for available updates at startup.
- Include preview builds when checking for updates.
Logging in SCUP provides options to configure max log size. Updates Publisher logs basic information about Updates Publisher to <path>\Windows\Temp\UpdatesPublisher.log. It’s more of allowing detailed logging. Click OK if you have completed configuring all the options.
Need more help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.