Howdy,
Wasn't sure where to post this so hopefully it works OK here.
We use SCCM to handle pushing patches to all of our workstations and servers. However, we don't have it push to Clustered machines since I don't think it supports Cluster Updating. All of our machines are set to use the SCCM server as their WSUS server but we don't actually approve anything there since SCCM takes care of that for us.
So, what is the best way to go around patching up our clustered machines? Do I need to have a 2nd WSUS server or can I use the SCCM server?
Here's what I'm thinking so please let me know what I'm missing.
Option 1: Approve updates on the SCCM Server's WSUS program but set all workstations and servers to never check for updates so they don't get pushed out at all. This should not affect SCCM so everything should patch how it works now. However, I could then run CAU and I'm guessing that it would see the approved updates and compare those to the servers and know what they need and would patch them up properly?
Option 2: Have a second WSUS server and only point the Clustered Servers at it. Then I could run CAU against this server and it should work normally. Only problem would be figuring out how I could make sure the same updates were being installed
from SCCM and WSUS so all the servers were in sync.
Option 3: I've seen some pretty complicated scripting methods to accomplish Cluster Updating via SCCM using Orchestrator or other things. Those I know nothing about to know if they are easy to setup and make work or not but since it bypasses WSUS I guess it'd be a way of keeping everything in sync.
Are there any other options or would any of these just not work? I'm guessing #1 would be a No since I generally see people saying to not touch WSUS on the SCCM server or bad things can happen.
Thanks!