Discussion:
McAfee ePolicy Orchestrator and WSUS
(too old to reply)
Dan Overes
2005-06-17 21:46:06 UTC
Permalink
Does anyone out there run WSUS on the same server as ePO? If so, was there
any sort of special configuration needed to make WSUS run properly?

For the record, I would like to install WSUS onto a machine where ePO is
already configured and running, not the othe way around.
Jason Ede
2005-06-18 06:44:57 UTC
Permalink
We've got WSuS running on an EPO server. It runs ok, but does trigger the
remote modification of files in the windows directory when you start trying
to do things with wsusadmin. However, thats on warn only here so it doesn't
stop things from working. Otherwise it works fine.

Jason
Post by Dan Overes
Does anyone out there run WSUS on the same server as ePO? If so, was there
any sort of special configuration needed to make WSUS run properly?
For the record, I would like to install WSUS onto a machine where ePO is
already configured and running, not the othe way around.
Dan Overes
2005-07-19 21:17:02 UTC
Permalink
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port 80 which
WSUS needs. I'd really like to avoid having to reinstall ePO just to change
the port.

Did you have this issue or was your ePO running on a different port which
made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does trigger the
remote modification of files in the windows directory when you start trying
to do things with wsusadmin. However, thats on warn only here so it doesn't
stop things from working. Otherwise it works fine.
Jason Ede
2005-07-20 07:32:52 UTC
Permalink
We have EPO running on a different port 81 in that case. I'm pretty
certain that there is a method of changing the port number without
having to re-install EPO... I'd check but their knowledge base isn't
responding atm.

Jason
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port 80 which
WSUS needs. I'd really like to avoid having to reinstall ePO just to change
the port.
Did you have this issue or was your ePO running on a different port which
made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does trigger the
remote modification of files in the windows directory when you start trying
to do things with wsusadmin. However, thats on warn only here so it doesn't
stop things from working. Otherwise it works fine.
Asher_N
2005-07-20 13:22:35 UTC
Permalink
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port 80
which WSUS needs. I'd really like to avoid having to reinstall ePO
just to change the port.
Did you have this issue or was your ePO running on a different port
which made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does trigger
the remote modification of files in the windows directory when you
start trying to do things with wsusadmin. However, thats on warn only
here so it doesn't stop things from working. Otherwise it works fine.
Log on to ePO, select the server and click on the 'settings' tab. the
Agent-to-server port is one that cannot be changed. This wouold involve
reloading ePO and reloading all the agents.

Easier to load WSUS on a different port, 8530 is the alternate I believe.
JeffG
2005-07-20 13:22:08 UTC
Permalink
But I believe that WSUS still requires port 80 for the selfupdate
process, no matter what port you actually install WSUS on...
J
Post by Asher_N
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port 80
which WSUS needs. I'd really like to avoid having to reinstall ePO
just to change the port.
Did you have this issue or was your ePO running on a different port
which made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does trigger
the remote modification of files in the windows directory when you
start trying to do things with wsusadmin. However, thats on warn only
here so it doesn't stop things from working. Otherwise it works fine.
Log on to ePO, select the server and click on the 'settings' tab. the
Agent-to-server port is one that cannot be changed. This wouold involve
reloading ePO and reloading all the agents.
Easier to load WSUS on a different port, 8530 is the alternate I believe.
Lawrence Garvin
2005-07-20 22:21:51 UTC
Permalink
Yes.. it does require port 80 -- at least until the organization gets to a
point that it will never have a downlevel AU/WUA client installed.

Another option to explore, but the actual occurrences of this have been
fairly sparse.. is to configure WSUS on a host header. This would allow you
to configure a dedicated port 80 virtual server exclusively for WSUS that
would not interfere with the ePO running under the hostname.
Post by JeffG
But I believe that WSUS still requires port 80 for the selfupdate
process, no matter what port you actually install WSUS on...
J
Post by Asher_N
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port 80
which WSUS needs. I'd really like to avoid having to reinstall ePO
just to change the port.
Did you have this issue or was your ePO running on a different port
which made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does trigger
the remote modification of files in the windows directory when you
start trying to do things with wsusadmin. However, thats on warn only
here so it doesn't stop things from working. Otherwise it works fine.
Log on to ePO, select the server and click on the 'settings' tab. the
Agent-to-server port is one that cannot be changed. This wouold involve
reloading ePO and reloading all the agents.
Easier to load WSUS on a different port, 8530 is the alternate I believe.
Asher N
2005-07-21 03:29:10 UTC
Permalink
Post by Lawrence Garvin
Yes.. it does require port 80 -- at least until the organization gets
to a point that it will never have a downlevel AU/WUA client
installed.
That'll never happen, as the client is bound to change in the future.
Post by Lawrence Garvin
Another option to explore, but the actual occurrences of this have
been fairly sparse.. is to configure WSUS on a host header. This would
allow you to configure a dedicated port 80 virtual server exclusively
for WSUS that would not interfere with the ePO running under the
hostname.
Post by JeffG
But I believe that WSUS still requires port 80 for the selfupdate
process, no matter what port you actually install WSUS on...
J
On Wed, 20 Jul 2005 06:22:35 -0700, "Asher_N"
Post by Asher_N
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port
80 which WSUS needs. I'd really like to avoid having to reinstall
ePO just to change the port.
Did you have this issue or was your ePO running on a different port
which made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does
trigger the remote modification of files in the windows directory
when you start trying to do things with wsusadmin. However, thats
on warn only here so it doesn't stop things from working.
Otherwise it works fine.
Log on to ePO, select the server and click on the 'settings' tab. the
Agent-to-server port is one that cannot be changed. This wouold
involve reloading ePO and reloading all the agents.
Easier to load WSUS on a different port, 8530 is the alternate I believe.
Lawrence Garvin
2005-07-21 16:59:57 UTC
Permalink
But you miss the point that once the /legacy/ clients are updated, the
subsequent selfupdate will happen from the /home/ WSUS virtual server.. not
from a kludge applied to the port 80 server because of limitations in the
old AU client.

In fact, now that MBSA v2 is released, and the WindowsUpdateAgent20-x86.exe
package is available, there really is /no/ reason to continue to maintain
selfupdate on a port 80 virtual server if WSUS is installed on an alternate
port.
Post by Asher N
Post by Lawrence Garvin
Yes.. it does require port 80 -- at least until the organization gets
to a point that it will never have a downlevel AU/WUA client
installed.
That'll never happen, as the client is bound to change in the future.
Post by Lawrence Garvin
Another option to explore, but the actual occurrences of this have
been fairly sparse.. is to configure WSUS on a host header. This would
allow you to configure a dedicated port 80 virtual server exclusively
for WSUS that would not interfere with the ePO running under the
hostname.
Post by JeffG
But I believe that WSUS still requires port 80 for the selfupdate
process, no matter what port you actually install WSUS on...
J
On Wed, 20 Jul 2005 06:22:35 -0700, "Asher_N"
Post by Asher_N
Post by Dan Overes
I have been doing more checking, and (of course!) our ePO server is
configured to do all of its Agent-to-Server communication over Port
80 which WSUS needs. I'd really like to avoid having to reinstall
ePO just to change the port.
Did you have this issue or was your ePO running on a different port
which made it a non-issue?
Post by Jason Ede
We've got WSuS running on an EPO server. It runs ok, but does
trigger the remote modification of files in the windows directory
when you start trying to do things with wsusadmin. However, thats
on warn only here so it doesn't stop things from working.
Otherwise it works fine.
Log on to ePO, select the server and click on the 'settings' tab. the
Agent-to-server port is one that cannot be changed. This wouold
involve reloading ePO and reloading all the agents.
Easier to load WSUS on a different port, 8530 is the alternate I believe.
JeffG
2005-07-21 11:53:46 UTC
Permalink
On Wed, 20 Jul 2005 17:21:51 -0500, "Lawrence Garvin"
Post by Lawrence Garvin
Yes.. it does require port 80 -- at least until the organization gets to a
point that it will never have a downlevel AU/WUA client installed.
Kindly see my new post "possible misconceptions about SelfUpdate".
J
Continue reading on narkive:
Loading...