Microsoft WSUS
Click here to see this page in full context

 

Microsoft WSUS connector

Microsoft WSUS connector reads security update information from WSUS (Windows Server Update Services) or Microsoft SCCM, and imports the data to Miradore. In Miradore, the data is used as a part of quality index and inventory information. WSUS connector Installer can be found from <Miradore server installation directory>\Connectors\WSUS Connector.

 

Requirements

 

Installation using Windows Installer

  1. Run “WSUS 3 Connector.msi” installer file (located in <Miradore server installation directory>\Connectors\WSUS Connector).

  2. Set connector configurations (1 of 2)). All fields must be filled before Next button can be pressed.

  1. Miradore server name: Host name or IP-address of Miradore server. Collected data is sent to this server.

  2. Miradore instance name: Many Miradore Servers can run on same host. Instance name specifies the server.  By default, server is installed with instance name "Miradore".

  3. Miradore server port: TCP/IP port that Miradore server uses. By default it is 80.

  4. Use HTTPS: This option defines protocol (HTTP/HTTPS) that is used when WSUS connector sends result file to the Miradore server.

  5. Ignore SSL errors: If checked, all SSL certificate errors are ignored.

  6. Use proxy: If checked, connector uses proxy server to connect with Miradore server.

  7. Proxy server: Host name or IP-address of proxy server.

  8. Proxy port: Proxy server’s port

  9. Proxy authentication method: Authentication method that proxy server uses. Available methods: none, basic, digest and NTLM

  10. Proxy user name: User name for proxy server

  11. Proxy password: Password for proxy server

  1. Set connector configurations (2 of 2)

    1. Data source: This selection defines whether the connector should read the information from Microsoft WSUS or SCCM.

    2. WSUS computer group: WSUS computer group name. If you want to define path to subgroup use '\' as delimiter (For example: 'All Computers\Workstations'). If this field is left empty, information about all computers in WSUS database is read. See the Connector configuration section for more information on configuration of computer groups.

    3. Scanned items: This selection determines which data is being scanned by WSUS connector.

      • Updates: Scans for update data only

      • Computers: Scans for computer data only

      • Both: Scans for update and computer data.

    4. Include computers from replica downstream servers: Check this to include computers replicated from other WSUS servers. Otherwise, only computers which are managed by this server are included.

    5. Read database settings from WSUS: If this is checked, WSUS API is used to get database settings. In this case the connector must be installed to WSUS server. Notice that Database Server name, Instance, and Database name can be read from WSUS, whereas SQL Server user ID and password must always be entered manually. In addition to that, the user account used to run the connector, must have access to database.  

    6. Database server: Database server name and instance. You can also leave this field empty if connector is installed on WSUS server,

    7. Database name: Database name. If 'Database server' is left empty also this field is read from WSUS settings.

    8. Database user ID: SQL Server user ID which has read access to WSUS database. If this field is left empty, Windows user account that runs the connector is used to connect to database.

    9. Database password: Database password.

  2. Set Windows Task Scheduler configurations.

    1. Add to Scheduled Tasks checkbox: If checked, Miradore WSUS Connector task is added to Windows Scheduled Task and all fields must be filled before Next button can be pressed.

    2. Start time: Connector is run daily at this time.

    3. User account: Select to use SYSTEM account or give username and password that is used to run task.

    4. [Domain\] User Name: Scheduler will run task as it was started by this user. Add domain if needed.

    5. Password and Retype password: User’s password. Passwords must match.

  3. Start installation

  4. Authorize connector, see Connector authorization

  5. Test that connector works properly

 

Testing

  1. Open Scheduled Tasks menu (Start Menu -> All Programs -> Accessories -> System Tool -> Scheduled Tasks).

  2. Right click WSUS Connector and click Run.

  3. Open WSUS Connector log file (see log for details).

  4. Check that there are no errors or warnings in the log.

 

Log

WSUS Connector writes log every time it is run. It creates two files for log: wsus_connector.log and wsus_connector.old. Wsus_connector.log has information about last run and wsus_connector.old archives old log files. Size of wsus_connector.old is limited to 2MB. Location of those files is defined in wsus_connector.ini file. By default log files are stored to  <Connector installation directory>\Log

Technical description

Miradore connector for Microsoft WSUS

Additional information

MSI Installer parameters
 

Following WSUS Connector specific parameters can be given to installer from command line.

Value name

Description

Format

Default value

INSTALLDIR

Installation directory

Path

 

SERVER_HOST_NAME

Host name or IP-address of Miradore Server

String

-

SERVER_INSTANCE

Miradore Server’s instance name

String

-

SERVER_HTTP_PORT

Miradore Server’s http port

Numeric

80

SERVER_HTTPS_PORT

Miradore Server’s https port

Numeric

443

USE_HTTPS

Determines if HTTPS is used instead of HTTP. You must set some value for this. Possible values: 0 = false, 1 = true.

Numeric

 

LOG_SEVERITY

Severity level of information that is written to the log file. (Debug, Info, Warning)

String

Info

LOG_PATH

Directory of log files

Path

%ProgramFiles%\Miradore\Server\Connectors\Logs\AD

ADD_TO_SCHED

If 1, connector will be added to Windows Scheduled tasks. Then also four following parameters must be given. (1, 0)

Numeric

1

START_HOUR

Starting hour of Scheduled task. Must contain two digits

Numeric

00

START_MIN

Starting minute of Scheduled task. Must contain two digits

Numeric

00

SCHED_USER

Scheduler will run task as it was started by this user. Add domain if needed

String

-

SCHED_PW

Scheduler user’s password

String

-

SCANITEMS

Items that WSUS connector will scan (Computers, Updates or Both).

String

Both

MAX_PARTIAL

The maximum amount of partial scans before the full scan is forced.

Numeric

10

DB_SERVER

Database server name.

String

-

DB_NAME

Database name.

String

SUSDB

DB_USER

Database user ID.

String

-

DB_PASSWORD

Database password. The password will be encrypted by the connector.

String

-

GROUP_NAME

Determines the computer group name.

String

WSUS computer group

INCL_REPLICAS

Determines whether the replica servers are included into the scan or not. Possible values: 0 = false, 1 = true.

Numeric

0

 

 

Connector configuration

INI file (wsus_connector.ini)

Connector uses wsus_connector.ini file for its configurations. INI file has two built-in sections [_DefaultValues_] and [_Global_]. If wsus_connector.ini file doesn’t exist in the same directory as WSUS Connector.exe, it’s created to that directory and it contains [_Global_] and [_DefaultValues_] sections.

[_Global_] has logging specific settings and they can’t be under other sections. [_DefaultValues_] contains default network settings.

[_DefaultValues_]

ServerInstanceName=

IncludeReplicaServers=

ServerHttpPort=

ScanItems=

ServerHostName=

MaxPartialScans=

UseHttps=

[_Global_]

DBName=

DBPassword=

DBUserID=

DBServerName=

LogFilePath=

FileLogSeverity=

Local settings

Value name

Description

Type

Default value

DBName

Database name

String

SUSDB

DBPassword

Database password. The password will be encrypted by the connector.

String

-

DBUserID

User ID for the database

String

-

DBServerName

Database server name

String

-

IncludeReplicaServers

Determines whether the replica servers are included into the scan or not. Possible values: 0 = false, 1 = true.

Numeric

0

ScanItems

Items that WSUS connector will scan (Computers, Updates or both)

String

Both

MaxPartialScans

Determines the maximum amount of partial scans before the full scan is forced.

Numeric

10

 

Logging settings

Value name

Description

Type

Default value

LogFilePath

The path of directory where to the log file is written.

String

<installation directory>\Log

FileLogSeverity

Can have four different values: Debug, Info, Warning and Error. Those values mean severity level or information that is written to the log file. At Debug level it writes all log events and at Error level only Error messages.

String

Info

 

Network settings

Value name

Description

Type

Default value

ServerHostName

Miradore server host name

String

-

ServerInstanceName

Miradore instance name

String

Miradore

UseHttps

Determines if HTTPS is used instead of HTTP.  Possible values: 0 = false, 1 = true.

Numeric

0

ServerHttpPort

Miradore server http(s) port

Numeric

80

 

Example INI files

With following settings connector reads data about all computers and updates from WSUS database and sends it to “s0001” server’s “Miradore” instance. It uses SQL Server Authentication with login SQLUser and password dbpw for database connection.

[_Global_]

FileLogSeverity=Info

LogFilePath=c:\Miradore\Connectors\WSUS\Log

DBName=SUSDB

DBPassword=dbpw

DBUserID=SQLUser

DBServerName=dbsrv001\SQLEXPRESS

[_DefaultValues_]

ServerHostName=s0001

ServerInstanceName=Miradore

ServerHttpPort=80

UseHttps=0

IncludeReplicaServers=1

ScanItems=Both

MaxPartialScans=10

 

With following settings connector reads data about all patches and computers in “All Computers > Laptops” and “All Computers > Desktops” groups from WSUS database and sends it to “s0001” server’s “Miradore” instance using HTTPS. It uses Windows user account, which runs connector, for database connection.

[_Global_]

FileLogSeverity=Info

LogFilePath=c:\Miradore\Connectors\WSUS\Log

DBName=SUSDB

DBServerName=dbsrv001\SQLEXPRESS

[_DefaultValues_]

ServerHostName=s0001

ServerInstanceName=Miradore

ServerHttpPort=443

UseHttps=1

IncludeReplicaServers=1

ScanItems=Both

MaxPartialScans=10

[All Computers\Laptops]

[All Computers\Desktops]

 

With following settings connector reads data about all patches and computers in groups “ All Computers > Client A” and sends it to “s0001” server’s “Miradore1” instance using https, “All Computers > Client B” and sends it to “s0001” server’s “Miradore1” instance using https and “All Computers > Client C” and sends it to “s0002” server’s “Miradore1” instance using http.  It uses Windows user account, which runs connector, for database connection. It reads database settings using WSUS API (connector is installed to WSUS server).

[_Global_]

FileLogSeverity=Info

LogFilePath=c:\Miradore\Connectors\WSUS\Log

 [_DefaultValues_]

ServerHostName=s0001

ServerHttpPort=443

UseHttps=1

IncludeReplicaServers=1

ScanItems=Both

MaxPartialScans=10

[All Computers\Client A]

ServerInstance=Miradore1

[All Computers\Client B]

ServerInstance=Miradore2

[All Computers\Client C]

ServerHostName=s0002

ServerInstance=Miradore1

UseHttps=0

ServerHttpPort=80

 

See also

Network settings for connectors

Connector authorization

System settings for connectors

Connector item

Microsoft patches status view

Microsoft patches view

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.