H thng WSUS - Phn 1

Qun l tnh trng h thng l mt trong nhng cng vic quan trng ca
ngi qun tr mng, qun l vic cp nht cc bn v li phi c tin
hnh lin tc cung cp cho h thng nhng phin bn v li mi nht ca
nh sn xut khng nhng mang li hiu qu bo mt, m cn gip h
thng hot ng n nh hn rt nhiu.
Nhng mt iu cn phi ch rng i khi cc bn v li do nh cung cp phn mm a
ra thng chm hn so vi cc bn v li ca cc hng bo mt, mt v d nh symantec
a ra 40 bn v li trong c 20 bn cho h thng my Dell chy Windows XP v hn 20
bn v li cho Windows 2000 Service Pack 3 trc khi Microsoft a ra cc bn v li chnh
thc vo ma h nm 2003. V vic cp nht ton b h thng qua Internet l mt gii php
kh thc hin khi c nhiu my tnh trong h thng mng cn c cp nht bn v li ngay.
Vic trin khai h thng t cung cp cc bn v li ngay trong h thng mng l iu cn
thit.
C vi phng php bn cung cp cc bn v li cho h thng ca mnh t:
- T nhng ngi cung cp du tn
- S dng cc bn v li chnh thc ca Microsoft
- S dng cc bn v li t cc hnh sn xut khc.
Trong ba phn ca bi vit ny, ti s gii thiu vi cc bn v Microsoft's Software Update
Service (SUS), bao gm gii thiu, ci t cng nh vic qun tr v bo dng n. Ti cng
cung cp cho cc bn mt vi nh cung cp min pha cc bn v li khc mang n kh
nng mm do trong vn cp nht bo mt cho h thng m i khi khng nht thit phi
ph thuc hon ton vo hng sn xut ra sn phm .
Gii thiu Software Update Services

Microsoft Windows Update l mt phn mm cung cp gii php cp nht phn mm tp
chung cho ton mng v l bn nng cp ca Windows - drivers SUS. Cc t chc, doanh
nghip s gii hn SUS vi mt s bn cp nht (nh ch cho Windows XP chng hn - SUS
cung cp kh nng update cho ton b sn phm ca Microsoft), cho php cc nh qun tr
d dng trin khai thnh mt my ch trung tm cung cung cp gii php update phn mm
s dng Windows Server 2000 hay Windows Server 2003, cung cp cc bn v li cho
cc my client chy Windows 2000 Professional hay Windows XP Professional. N c
thit k trong mng lm vic vi Active Directory, nhng n khng phi l mt thnh phn
trong Active Directory. SUS l mt cng c ht sc mm do linh hot trong s dng hot
ng n nh vi nhiu li ch to ln.
S dng SUS bn phi cn t nht l mt my ch kt ni vi Internet, my ch ny ci t
mt phin bn Windows Update, bao gm cc gi fix bo mt, cc service packs h tr cho
tt c cc h iu hnh. My ch ny lm vic ng b ho vi my ch cung cp ca
Microsoft hay ng b vi mt my ch no khc trong h thng mng ca bn chy SUS.
My ch ny download cc bn v li v, sau khi c yu cu t cc my khc chng phn
tch cc thng tin hin ti ca my v cung cp cc bn v li hp l.
Tnh nng Automatic Updates c tch hp trong cc phin bn t Windows 2000 Service
Pack 3 tr ln hay t phin bn Windows XP Professional u l cc client ca my ch
SUS. Trc tip can thip vo Registry ca client thng qua vic s dng Group Policy trn
my ch chy dch v Active Directory, vi vic s dng Group Policy cung cp cho cc my
client l vic chnh sa li mc nh cc my client c cp nht t my ch ca Microsoft
nhng by gi n s s dng my ch trong h thng mng ca h cp nht phn mm.
My ch SUS s phn tch cc h iu hnh yu cu cp nht, kim tra cc bn service
pack v cung cp cho my client nhng gi tin cn phi download v ci t cc phin bn
cp nht.
SUS l mt gi phn mm c cung cp min ph ci t, ngoi ra cc ti liu v n
cng c cung cp min ph ti:
http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx.
ng b d liu v cung cp cho h thng
Khi bn bt u vic ng b d liu my ch SUS s truy vn n my ch Windows
Update ca Microsoft hay cc my ch SUS khc trong h thng mng v download ton b
ti nguyn v cc bn v li hay cc service pack cho mi sn phm v ngn ng m bn
cu hnh. Qu trnh ng b d liu s c truyn khong 150 MB cho phin bn
English v 600MB cho mi ngn ng khc.
thc hin vic ng b d liu, bn vo trang web qun tr SUS v pha bn tri bn kch
vo Synchronize server, kch vo Synchronize now v h thng bt u qu trnh kim tra v
download cc phin bn cp nht t my ch ca Microsoft.
Bn cng c kh nng t lch cho qu trnh t ng ng b ho d liu vi my ch ca
Microsoft cho my ch SUS ca bn, bi tnh nng ny gip bn khng qun vic cp nht
cc bn v li cho h thng. Trong trang Synchronize bn chn Synchronization schedule
sau khi thit lp xong bn chn OK. Nu qu trnh kt ni t my ch SUS ti my ch ca
Microsoft tht bi h thng s t ng kt ni li sau mi na gi.
V by gi bn c mt th vin vi cc bn v li cho h thng trong my ch SUS, bn
c th cung cp nhng bn v li c th cho cc my client trong h thng mng ca bn.
bt u cho vic cung cp cc bn v li bn kch vo Approve updates, sau bn
chn nhng bn cp nht no cn cung cp cho client th bn chn sau nhn Approve
hon tt qu trnh thit lp trn my ch SUS, bc sau chng ta s ni v vic cung cp
cho my Client.
Thit lp Automated Updates trn my client
Bn c th ci t cc cp nht t Automatic Updates ca my client bng vic ci t cc
gi MSI. cung cp cc gi cp nht dng MSI bn c th d dng s dng Group Policy
cung cp. Bo to ra mt GPO mi, gn chng cho cc my tnh trong h thng mng
ca bn, v n s c ci t mt cch t ng. Bn c th cung cp cc gi MSI cho
client di dng logon script gn cho gi tin MSI v h thng s c thc hin trc khi
ngi dng ng nhp vo h thng.
S dng Group Policy c 4 vn bn cn phi cu hnh:
Configure Automatic Updates: Tu chn ny s lm cho my tnh t ng nhn cc bn v
li. Trong tu chn u tin sau khi ngi dng logon vo my tnh s a ra thng tin cho
bn l h thng ang download cc bn cp nht, v mt on thng bo cng c a ra
khi h thng bt u ci t cc bn cp nht . Trong tu chn th hai h thng s t
ng download ton b cc bn v li nhng s khng t ng ci t chng cho n khi
ngi dng ci t. Tu chn th ba cung cp kh nng t ng download v ci t cc
bn nng cp trong mt thi gian c nh trc.
Specify intranet Microsoft Update Service Location: Tu chn ny c thit k s dng
my ch SUS trong h thng thc hin vic cp nht (mc nh client s download t
my ch ca Microsoft). Sau khi thit lp ny cc Automatic Update Client s tm kim v
download cc bn v li t my ch c thit lp (S dng Group Policy chnh thit
lp trong Registry ca client iu chnh n cp nht t my ch bn trong h thng - thay i
thit lp mc nh).
Reschedule Automatic Updates Scheduled Installations: Trong tu chn ny s cho bn thit
lp thi gian khi mt thit lp t trc c hot ng nhng li c nhng li xy ra khin
lch trnh c thit lp b li, v thi gian ny l thi gian cho kt ni c thc hin sau
khi b li. Nu bn chn "enable" h thng s yu cu bn thit lp thi gian c th (tnh theo
pht) cho vic kt ni li. Nu thit lp ang trng thi "Disable or Not Configured" th sau
khi mt kt ni tht bi n s ch n thi gian tip theo c ln k hoch trc.
No Auto-Restart for Scheduled Automatic Updates Installations: Trong tu chn ny c
thit lp mt my client c th t ng khi ng li khi h thng c ci t v yu cu
khi ng li. Nu thit lp trng thi Enable, Automatic Update s khng khi ng li
my tnh t ng sau khi mt lch trnh cp nht c ci t xong. Nu thit lp trng thi
Disable hay Not Configured th Automatic Update s t ng khi ng li sau 5 pht cnh
bo
Bn cn phi bit nhng kh nng c th xy ra vi GPO: Nu bn gn ton b domain vo
mt my ch SUS, nu h thng c trn 5000 my tnh th s lm cho my ch rt chm
chp. Vn t ra y l bn phi cn bng v nh tng OU s c mt GPO khc nhau
v s cp nht cng nh vic ln lch cho qu trnh cp nht cn khc nhau trnh cng mt
thi im ton b h thng yu cu n my ch SUS s lm ton b h thng mng ca
bn b tc nghn.
To ra nhiu GPO vi nhiu lch trnh khc nhau cho mi OU m bo h thng lun
c p ng tt nht.
Cc thng tin m Group Policy chnh trong my client l:
enable hay disable Automatic Updates: To ra mt key l NoAutoUpdat trong
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU. thng s DWORD vi s 0 l enabled hay s 1 l disabled.
cu hnh update download and notification: To ra mt key vi tn l AUOptions trong
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU. DWORD bao gm s nguyn 2 l (notify of download and notify before
installation), 3 l (automatically download but notify before installation), v 4 l (automatically
download and schedule the installation).
t lch cho mt Automated installation: to v mt key vi tn l ScheduledInstallDay v
ScheduledInstallTime trong
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU . Thng tin ny dng DWORD. Vi ScheduledInstallDay, thng tin t
0 n 7, vi 0 l thc hin vi mi ngy v 1 l 7 ngy trong tun, c ch nht v th 7. Vi
ScheduledInstallTime, thng s t 0-23, c gn l s gi trong ngy m bn cu hnh
bn trn.
thc hin vic update t my ch bn trong h thng: To mt DWORD vi tn
UseWUServer trong HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU. Thit lp l 1 enable SUS server. Sai khi to ra WUServer v
WUStatusServer vi cng mt key g Reg_SZ, v c th tn ca my ch cn thit lp
http://
thit lp thi gian i sau khi mt kt ni b tht bi: to ra mt DWORD vi tn
RescheduleWaitTime trong
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU. Thng s t 1 n 60, l s pht cn thit.
thit lp c t ng khi ng li hay khng: to ra mt DWORD
NoAutoRebootWithLoggedOnUser trong
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU . Thng s ny c th l 0, n s thc hin vic khi ng li v thng
s l 1 n s hon li vic khi ng li.
Nu bn khng mun thc hin bng tay tng thng s bn c th chp on di y vo
notepad v save di dng file *.reg sau chy file s thc hin qu trnh cho bn:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate]
"WUServer"="http://YOUR-SUS-SERVER"
"WUStatusServer"="http://YOUR-SUS-SERVER"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU]
"RescheduleWaitTime"=dword:00000003
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000006
"UseWUServer"=dword:00000001


H thng WSUS - Phn 2

S dng SUS: trn my client
cu hnh trn Windows XP s dng SUS u tin bn phi enable tnh
nng Automatic Updates. Trong Windows XP, bn m Control Panel, chn
System, chn tip Automatic Updates. Trong Windows 2000 bn m Control Panel, tip n
nhn vo Automatic Updates.
Bn s nhn thy trong Properties ca tnh nng ny. Bn s nh ngi qun tr, chn cch
update v download cng nh ci t, gn chng vo nhng ngi dng c th trn my. Nu
bn log vo h thng bi quyn administrator bn s nhn thy mt thng bo pha di gc
phi ca mn hnh h thng hin th cho bn thy ang download hay ang ci t nu bn cu
hnh update t ng, hoc ch t ng download v ci t l bn phi t thc hin sau khi c
thng bo bn v li c ti v y .
Update Download v installation
Qu trnh downloaded c th hin di hai ng l s bits c download v hay s hin
th di dng thanh ko th hin s % h thng download c. S Bits c kim tra trn
mt network connection s dng download t trang web cung cp cc bn v li, v tnh
nng ny cho php bn pause hay dng li ln sau bn thc hin li vic download, khi h
thng s kim tra li s bits download c v tip tc, khng phi download li t u v rt
nhiu bn v li ln nh bn service pack chng hn phi download rt lu v c th trong
khong thi gian h thng b tt i v khi ng li, y l mt tnh nng thng minh trong
Automatic Update ca Windows.
Qu trnh ci t s c bt u khi qu trnh download hon tt, nu trong qu trnh cu hnh
trong Automatic Update bn ch t ng ci t th h thng s thng bo qu trnh ci
t c bt u nu bn chn khng t ng ci t n s thng bo cho bn cn phi ci t,
sau qu trnh ci t h thng s yu cu bn cn phi khi ng li my tnh hay khng, y
cng l mt tu chn m bn cn phi thit lp trong Phn 1 ca bi vit ny.
Li c bn v cch khc phc.
S dng cc thit lp trong Policy c th iu khin tin trnh t download n ci t cng nh
vic thit lp my tnh cn phi khi ng li hay khng. Cng mt vn quan trng khc l
bn phi cu hnh chnh xc trn my ch SUS m bo ch nhng gi update l cung cp
cho h thng clients m thi. Mt khc bn cng phi m bo rng my ch SUS lun lun cp
nht nhng bn v li mi nht t Microsoft.
Mt vn thng gp l my ch SUS ca bn ng sau mt h thng firewall v vic ng b
ho d liu vi my ch ca Microsoft l khng thc hin c, do bn cn phi bit m
cng no v n nhng trang web no cn thit cho vic ng b ho d liu gia my ch
SUS v my ch cung cp cc bn v li ca Microsoft.
Bn cn m port 80 n cc a ch sau:
http://www.msus.windowsupdate.com
http://download.windowsupdate.com
http://cdm.microsoft.com
Bn cng c th c mt li do bng thng ng truyn, v nh bng thng ng truyn ca
bn qu thp download mt bn Service Pack rt ln (SP1 ca Windows Server 2003 - gn
400MB). Khi qu trnh ng b ho d liu s b li v trng hp ny bn khng la chn
download bn update na.
Nu bn ang c gng khc phc nhng li gia client-side v SUS server, bn cn phi quan
tm n vic chnh sa trong Registry bn b nhng thng s trong cc key sau:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\WindowsUpdate\Auto Update\DetectionStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\WindowsUpdate\Auto Update\LastWaitTimeout
Bn cng c th truy vn vo Windows Automatic Update Servie t mi trng dng lnh bng
cu lnh sau bn c th refresh c service ny:
Net stop wuauserv
Net start wuauserv
Vi vic refresh bn s khc phc c li dch v khng c cung cp cho cc my client.
Gim st h thng Client-Side.
SUS v Automatic Update client c cung cp mt vi s kin c sn trong h thng, nu
cc s kin sy ra h thng s lu li trong system event log, bn c th s dng n phn
tch cc li lin quan n SUS cng nh Automatic Update clients. Di y l cc event v
phn tch nhng event .

Event
ID
Label Description
16
Unable to
connect
My client khng th kt ni n trang
Windows Update hay my ch SUS.
17
Install ready;
no recurring
schedule
Cc bn v li c download xong v
chun b cho qu trnh ci t, nhng
ngi qun tr my tnh phi thc hin
vic start qu trnh ci t ny.
18
Install ready;
recurring
schedule
Cc bn v li c download xong v
chun b cho qu trnh ci t. Ngy
c ln lch cho qu trnh ny s c
thc hin.
19 Install success
Updates c ci t hon tt, v n
c trong danh sch nhng gi c ci
t
20 Install failure
Mt vi gi cp nht c ci khng
ng, n cng c trong danh sch nhng
gi c ci t.
21
Restart
required; no
recurring
schedule
Cc gi cp nht c ci t, nhng
cn thit phi khi ng li, v cho n khi
qu trnh khi ng li ny c thc hin
th cc bn v li mi chnh thc hon
thnh qu trnh ci t.
22
Restart
required;
recurring
schedule
Qu trnh ci t xong, nhng mt yu
cu khi ng li trong 5 pht s c
hin th

Table 1: SUS/AU Client Event Log Messages
Logs
My ch SUS s ghi li ton b qu trnh ng b ho cng nh vic my ch c gng kt ni
n my ch cung cp cc bn v li. Ton b log ny c th c truy cp bi ngi qun tr
trong my ch SUS thng qua mi trng Web; trong mi trng web n lm trong mc
Autoupdate\administration\history-sync.xml
File log ny ghi li qu trnh ng b ho d liu cc ln ng b trc kia, cng nh lch trnh
ng b cho nhng ln tip theo, hay qu trnh ng b ho c hon thnh hay c li xy
ra trong qu trnh , cng nh vic ln lch hay c th thc hin ng b bi ngi qun tr.
Trn my client, cn thit mt iu l ton b cc client c th s dng giao thc HTTP yu
cu t my ch SUS mt file vi tn l wutrack.bin, bao gm nhiu thng tin v trng thi ca
client. vi ni dung sau:
2004-02-09 09:09:41 192.168.0.121 - 80 GET /wutrack.bin
V=1&U=63a9dfd44a7aca47ade26684ed5fe66a&C=iu&A=n&I
=&D=&P=5.1.1677.2.0.1.
0&L=en-US&S=s&E=00000000&M=&X=031101050105756200 Whistler+Update+Control+Pack
Ngoi ra h thng cng s lu li cc trng thi ca qu trnh update trn cc client trong system
event c gii thiu trn, t bn cng c th s dng nhiu thng s trong cc file log ny
phn tch cc li c th xy ra, cng nh cch khc phc n mt cch nhanh nht.
Trong phn 3 ca bi vit ti s gii thiu v cc phin bn ca Windows Software Update
Service v tnh nng u vit ca cc phin bn WSUS mi.