Let’s discuss ConfigMgr SCCM SUP Enhancements in a Quick Overview.“Multiple Active Software Update Points” per SCCM Primary Site is the new enhancement with SCCM ConfigMgr 2012 SP1.
Quick overview of New SUP underlying technology.
ConfigMgr SCCM SUP Enhancements a Quick Overview
1. Multiple software update points per Primary Site, which provides fault tolerance without requiring the complexity of NLB.
2. The design of SUP failover is a necessarily different design than the pure randomization model used in the Management Point design.
3. When one SUP goes down or is unreachable, clients will be able to failover to another SUP and still scan for the latest updates.
4. The Client will stay assigned to that SUP forever unless it fails to successfully scan. If a scan fails, then it waits 30 minutes to try again, using the same SUP. The client will minimally retry four times at 30-minute intervals. So after 2 hours, the client will fall back to the next SUP in the list.
5. When a client is disconnected from the corporate intranet and the scan fails, we will not switch SUPs.
6. You can install Software Update Points on Untrusted Forest. The SUPs from the same forest that the client is in are prioritized first, ahead of the cross-forest SUPs. So for all scenarios, the client will get connected to the SUP in the same forest.
7. Now we can specify that the DMZ WSUS server is the updated catalog source for your top-level SUP. So there is no internet connectivity is required for Configuration Manager Roles.
8. You can have only ONE SUP at a secondary site.
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
1 thought on “ConfigMgr SCCM SUP Enhancements a Quick Overview”
Hi Anoop, This is very informative and thanks for it. Need your suggestion
For one of my clients, scan is getting failed with 0x80072ee2. We have a primary and 47 secondary sites. But the problem is with three sites. Half of the CCM clients in these sec sites are connecting to Primary SUP.
0x80072ee2 is time out error. Followed these procedures. Still no luck.
1. WSUS port 8530 is enabled from CCM clients to SUP of secondary site (as observed the issue is with only 50% of endpoints. Others are pointing to the correct SUP). And interestingly for one secondary site, all clients and its SUP are in the same subnet. So not required to enable any ports. But few clients are pointing to Primary SUP.
2. Default website and WsusPool restarted on IIS. This partially fixed the issue (assume this could be overload on local WSUS).
3. Manually changed the registry value for WUServer and WUStatusServer with the correct URL and port of the WSUS web site
4. Tried reinstalling the CCM clients.