Add a WSUS server to Patch Manager

After you verify that WSUS is installed in the Windows Server operating system, Patch Manager can distribute Windows updates, third-party updates, and custom packages to managed systems in your deployment.

If you configured WSUS on a separate server, ensure that the server is running the same Windows Server operating system as your Patch Manager server to prevent API Mismatch errors. If both servers are running disparate operating systems, set up an Automation Server.

  1. Verify that the account used to launch or connect to the Patch Manager Administrator Console is included in the WSUS Administrators group on all WSUS servers.
  2. Locate the WSUS server IP address or hostname.
  3. Log in to the Patch Manager Administrator Console as an administrator.
  4. Expand Enterprise and click Update Services.

  5. In the Actions menu, click Add or Configure WSUS Server.
  6. In the Add or Modify WSUS Server window, enter the IP address or host name of the WSUS server in the Server Name field.

  7. Click Resolve.

    Patch Manager connects with the WSUS API and populates the host name (or fully qualified domain name), connection name, and port number fields. Port 80 is the default port.

  8. In the Port field, click the drop-down menu and select the port based on the operating system and connection.

    Operating System SSL Enabled Use This Port
    Windows Server 2008 R2 Yes 443
    No 80

    Windows Server 2012

    Windows Server 2012 R2

    Windows Server 2016

    Windows Server 2019

    Yes 8531
    No 8530
  9. Complete the remaining fields and selections.
  10. Click Test Connection.

    Patch Manager contacts the WSUS API to establish a connection with the WSUS server. If the connection is good, the Connection Succeeded window opens. Click OK to close the window.

    If the connection fails, select a corresponding port (for example, 8531 instead of 8530) and retest. See this KB article for additional troubleshooting.

  11. Click Save.

    The WSUS server is configured in Patch Manager and the server displays in the menu. In this example, SPM-MGOM is the WSUS server.

    If an HTTP status 404 error displays after you connect to the WSUS server, double-check the port assignment and correct if required.

View updates

After you add a WSUS server to Patch Manager, additional nodes display below the server. The Updates menu contains nodes that store the updates.

After you download the updates, the Windows updates are stored in the Critical Updates and Security Updates nodes. All non-Microsoft updates are stored in the Third Party Updates node.

Click a node to view the updates. For example, click Critical Updates to display all approved critical updates. To view declined or unapproved critical updates, click the Approval drop-down menu and select an option.

Enable SSL in WSUS

  1. Log in to Patch Manager as an administrator.
  2. In the Patch Manager menu, expand Enterprise and select Update Services.
  3. Select the WSUS server in the center pane and click Delete in the Actions pane.
  4. Right-click Update Services and select Add or Remove WSUS Wizard.
  5. Select port 8531 (for Windows Server 2012) or port 443 (for Windows Server 2008) to add the SSL flag.
  6. Complete the wizard.

    The WSUS server is enabled with SSL on port 8531.