Documentation forPatch Manager

Configure the publishing servers

To prevent errors when you publish software updates, run the Server Publishing Setup Wizard and generate the WSUS self-signed publishing certificate for the Patch Manager server certificate store. This process enables the WSUS server to publish third-party updates and custom packages to the managed systems.

If you installed SolarWinds Patch Manager on a dedicated server and chose not to allow the application to automatically deploy the SolarWinds WMI Providers, the Server Publishing Setup Wizard is disabled. Manually deploy the WMI Providers to the WSUS server or distribute the publishing certificate using the Group Policy. See Configure the group policy to enable third-party updates in the Patch Manager Getting Started Guide for details.

See Manage Client WMI connectivity for details about WMI connections.

See Using Group Policy to Configure Managed Clients if you need to use Group Policy to configure your publishing server. The Group Policy procedure is the same whether you are configuring publishing servers or managed clients.

Configure the WSUS upstream server

The upstream WSUS server publishes software updates to the managed systems. Perform the following procedure to create a signing certificate that establishes a chain of trust between the WSUS server and the managed systems.

  1. Log in to the Patch Manager Administrator Console as an administrator.
  2. In the navigation menu, expand Administration and Reporting and select Software Publishing.

  3. In the Actions pane, click Server Publishing Setup Wizard.
  4. In the wizard, click the WSUS Server drop-down menu and select the upstream WSUS server that requires a certificate.

    In this example, SPM-MGOM is the WSUS server added to Patch Manager.

  5. Select Create self-signed certificate, and click Next.

    If the WSUS server is provisioned with a certificate, the wizard completes the remaining fields. Select Distribute existing WSUS signing certificate to required servers to distribute the certificate or click Close to end this procedure.

  6. Select the WSUS server, and click Next.
  7. Complete the Provision WSUS Server for Publishing wizard.
  8. In the Summary window, click Finish.
  9. Review the information in the WSUS Client Certificate and GPO Management window, and click OK.

    The certificate is signed and distributed to the SolarWinds Patch Manager server and all managed servers in your deployment.

  10. In the navigation menu, expand Enterprise > Update Services and select the WSUS server.
  11. Click Refresh Update Server in the Actions pane.

    The certificate is signed and distributed to the SolarWinds Patch Manager server and all managed servers in the deployment.

  12. Click Software Publishing Certificate in the Actions column to view the certificate.


If the Server Publishing Setup Wizard fails to create the self-signed certificate, see the following KB articles:

Set up and configure a WSUS downstream server

See Add a downstream WSUS server to Patch Manager for details about installing and configuring one or more downstream servers. After you configure the server, push a publishing certificate to the server.