Migrate WSUS to Windows Server 2012 R2


  • Collect source and destination server name, IP address, Database Name, Instance Name, service account for Database instance.
  • Download Microsoft SQL Server Management Studio and install on source and destination SQL Server.
  • Make sure destination server is joined to the domain and time is synced
  • Do not run initial configuration wizard in Destination Server.
  • As best practice, do not migrate WSUS into a Domain Controller.
  • Obtain appropriate permission in source server, destination server and SQL server to initiate and complete migration tasks

Migrate local users and groups

1. Right-click in the Taskbar, click Properties, highlight Toolbars, and then click Address.

2. Type lusrmgr.msc, and then press ENTER.

3. In in the console tree of the Local Users and Groups MMC snap-in, double-click Users.

4. Manually create a list of the local users.

5. In the console tree of the Local Users and Groups MMC snap-in, double-click Groups.

6. Manually add the users from the source server to the WSUS Administrators and WSUS Reporters groups.

Back up the WSUS database on the source server

1. After you connect to the appropriate instance of the database in Object Explorer, click the server name to expand the server tree.

2. Expand Databases, and select the SUSDB database.

3. Right-click the database, point to Tasks, and then click Back Up. The Back Up Database dialog box appears.

4. In the Database list, verify the database name.

5. In the Backup type list, select Full.

6. Select Only Backup. only backup is a SQL Server backup that is independent of the sequence of conventional SQL Server backups.

7. For Backup component, click Database.

8. Accept the default backup set name that is suggested in the Name text box, or enter a different name for the backup set.

9. Follow the prompt to complete backup.

Restore the WSUS database backup on the destination server

1. After you connect to the appropriate instance of the database in Object Explorer, click the server name to expand the server tree.

2. Expand Databases, and select the SUSDB database.

3. Right-click the database, point to Tasks, and then click Restore. The Restore Database dialog box appears.

4. On the General page, use the Source section to specify the Source.

5. In the Destination section, the Database box is automatically populated with the name of the database to be restored.

6. In the Backup sets to restore grid, select the backups to restore. This grid displays the backups available for the specified location. By default, a recovery plan is suggested.

7. Follow the prompt to complete Restore. Click OK

Install WSUS Server on the destination server

Before you begin installing WSUS server into the destination server you must install Microsoft .NET Framework, Background Intelligent Transfer Service (BITS) 2.0 and Microsoft Internet Information Services (IIS) on the destination server. Follow the procedure to install WSUS into destination server and point to the new Database.

1. Open Server Manager, Click Add Roles and Features, Select WSUS and install WSUS role.

2. On the Welcome page, click Next.

3. Read the terms of the license agreement carefully, click I accept the terms of the License Agreement, and then click Next.

4. On the Select Update Source page, you can specify where client computers get updates. If you select Store updates locally, updates are stored on WSUS and you can select a location in the file system to store updates. If you do not store updates locally, client computers connect to Microsoft Update to get approved updates.

5. Make your selection, and then click Next.

6. On the Database Options page, click Use an existing database server, and select the instance name from the drop-down list.

7. Make your selection, and then click Next.

8. On the Web Site Selection page, you specify the Web site that WSUS will use. Note two important URLS: the URL to point client computers to WSUS and the URL for the WSUS console where you configure WSUS.

9. Make your selection, and then click Next.

10. On the Mirror Update Settings page, you specify the management role for this WSUS server. If you want a central management topology, enter the name of the upstream WSUS server. If this is the first WSUS server on your network or you want a distributed management topology, skip this screen.

11. Make your selection, and then click Next.

12. On the Ready to Install Windows Server Update Services page, click Next.

Change the WSUS server identity

Performing this step guarantees that WSUS-managed clients are not affected during the migration process. If the source server and the destination server run with the same identity, and a change is made to one of the servers, the communication between the client and server will fail.

1. On the destination server, open an elevated Windows PowerShell prompt and run the following script:

$updateServer = get-wsusserver

$config = $updateServer.GetConfiguration()

$config.ServerId = [System.Guid]::NewGuid()


2. As soon as the server identity is changed, run the following command to generate a new encryption key:

WSUSUTIL.exe Postinstall

Point the WSUS clients to the new destination server

1. Open the Local Group Policy Editor, and in Specify intranet Microsoft update service policy, change the URL to reflect the new WSUS server.

2. Update the Group Policy settings that are used to point WSUS clients to the WSUS server by entering the FQDN of the new WSUS server. After you have updated the Group Policy settings, WSUS clients will synchronize with the new WSUS server.

3. To force the clients to detect the new destination server, open a command prompt, and run wuauclt.exe /resetauthorization /detectnow and GPUpdate /Force.

Verify the destination server configuration

  1. In Server Manager, click Tools, and then click Windows Server Update Services.
  2. In the WSUS Administration Console, expand Computers, and verify that all the Computer Groups that existed on the source server are displayed.
  3. Expand Synchronizations. In the Actions pane, click Synchronize now. After the synchronization is complete, (this may take several minutes), confirm that Succeeded is displayed in the Results column.

Reconfigure Group Policy

Open WSUS Group Policy, Edit Group Policy and Change WSUS Server.

Verify client computer functionality

After the detection is finished, open Windows Explorer and check the %WinDir%WindowsUpdate.log to verify that the forced detection was successful.

7 thoughts on “Migrate WSUS to Windows Server 2012 R2

  1. I would like to migrate WSUS from Windows Server 2003 to Windows server 2012 r2. I want to give same server name and IP Address as source to my destination server after migration. Is it possible with above migration process?


  2. I am trying to migrate WSUS 3.0 SP2 to Windows Server 2012 R2. The database was local but has been moved to a MS SQL2008 server.

    Do I need to still backup and restore the database to the same server? All the instructions I have seen online don’t seem to mention if this step is required and if so why? I would l back it up just to be safe but don’t get why a restore is required (if it is).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.