Closed
Bug 790335
Opened 12 years ago
Closed 12 years ago
Install WSUS and KMS on kms1.ad.mozilla.com
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dustin)
References
()
Details
This server will serve updates and licenses to all Windows hosts in the Mozilla forest.
Assignee | ||
Updated•12 years ago
|
Assignee | ||
Comment 1•12 years ago
|
||
KMS is stalled on getting a KMS key - bug 790691.
Assignee | ||
Comment 2•12 years ago
|
||
KMS is still stalled. I'll start rolling out WSUS on the servers using GPO.
Assignee | ||
Comment 3•12 years ago
|
||
For the KMS key: https://mozilla.service-now.com/nav_to.do?uri=com.glideapp.servicecatalog_checkout_view.do?sysparm_sys_id=c114c79587ec3000dd5c99616a434d7f ETD 9/27 Hopefully Ann can figure out what we need, or has a login to find what we need.
Assignee | ||
Comment 4•12 years ago
|
||
I bumped KMS out to bug 792995. This will track finishing WSUS.
Assignee | ||
Comment 5•12 years ago
|
||
I just added a WSUS GPO to the domain controllers to point them to WSUS. There are two GPOs for WSUS now: WSUS - download and prompt WSUS - no updates the latter is for slaves. The former is probably best everywhere else. If we decide we want things randomly rebooting (fun! excitement!) we can add a third to enable that. Still need to figure out how to add a machine to a WSUS group based on its OU - if that's even possible.
Assignee | ||
Comment 6•12 years ago
|
||
The client-side group configuration for WSUS is called "client-side targeting": http://technet.microsoft.com/en-us/library/cc708574%28v=ws.10%29.aspx I made a GPO entitled "WSUS - client - Domain Controllers" that puts hosts in the "Domain Controllers" group in WSUS. I linked this to the "Domain Controllers" OU in ad.mozilla.com. Now, we wait.
Assignee | ||
Comment 7•12 years ago
|
||
The "WSUS - client - download and prompt" GPO worked great. Settings are locked in on the DC's now. The client-side targetting did not. Error 80072ee6. Add another swift kick to the head for the microsoft engineers for still using numeric error codes.
Assignee | ||
Comment 8•12 years ago
|
||
http://dave.harris.net/windows-could-not-search-for-new-updates-code-80072ee6/ suggests this means that the WSUS client on the DC is too old to talk to this WSUS box, meaning I need to update against Microsoft once first. Let's hope that's not the case.
Assignee | ||
Comment 9•12 years ago
|
||
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/0f08d5ee-4d1c-4c21-9e0f-e2a79cafc04f recommends looking in windowsupdate.log (start -> run seems to find it).
Assignee | ||
Comment 10•12 years ago
|
||
OK, the problem there was a missing http:// on the WSUS server hostname in GPO. I added that, and it's now checking for updates from kms1.ad.mozilla.com. However, it's still in the wrong group on that server (Unassigned Computers) and listed as "Not Yet Reported" (which may be because I only did a force check, rather than a timed check?)
Assignee | ||
Comment 11•12 years ago
|
||
http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/70a4f5ee-9f39-4fe0-9e54-5c24d0413eb3 points out that client-side targetting needs to be enabled on the client machine. Duh :)
Assignee | ||
Comment 12•12 years ago
|
||
OK, that seems to work. I documented the GPOs for this here: https://mana.mozilla.org/wiki/display/IT/WSUS+GPOs Now it just remains to build a WSUS box from a bare-metal install using GPO. That's lower-priority than other things, though.
Assignee | ||
Updated•12 years ago
|
Severity: normal → minor
Assignee | ||
Comment 13•12 years ago
|
||
..which is bug 798596
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•