Adding an Update Server to VMM

I have been playing with compliancy in VMM recently which requires update baselines to be configured. Before that is possible an Update Server needs to be add to VMM. The following post steps through how to do this, ready to then begin playing with the compliancy elements of VMM.


  • Run As Account that has local administrator rights on the WSUS server.
  • WSUS server, either dedicated for SCVMM or installed as part of a SCCM deployment.

Setup Run As account:

Before adding an Update Server we need to create a Run As account that has local administrative rights on the WSUS server we plan to add.

  • Create an AD service account (in this example SVC_SCVMMWSUS)
  • Add the service account to the local administrators group on the WSUS server

Open VMM, select the Settings workspace, click on Run As Accounts and then from the top ribbon select Create Run As Account.


Fill in the Name, Description, User name and Password then click OK. Once complete, the Run As Account should be displayed in the list of Run As Accounts on the right.


Now the Run As Account has been created, we are good to begin adding the Update Server.

Adding an Update Server to VMM:

The first step to adding an Update Server to VMM is to open the VMM console and click on the Fabric workspace to bring up the Fabric View.


On the ribbon bar at the top, click on Add Resources, then select Update Server from the drop down menu.


This will initiate the Add Windows Server Update Services Server dialog box.


Fill in the Computer Name of the WSUS server and TCP/IP port that the WSUS website listens on for connections.

  • WSUS on a computer with Windows Server 2012 or later, use port 8530 (non-SSL) or 8531 (SSL).
  • For earlier versions of Windows, use port 80.

Select the Run As account we created earlier or enter the details of an account which has administrative rights on the WSUS server. If necessary, select the Use Secure Socket Layer (SSL) to communicate with the WSUS server and clients check box.

Finally click Add.

VMM will begin a job to install the VMM agent on the WSUS server, add the Update Server to VMM, followed by an initial synchronization of the updates catalog. Obviously depending on numbers of updates and so on, this part of the job may take a while but can be monitored on the Jobs workspace of VMM.


Once the WSUS server has been added to VMM, you can open the Fabric workspace then expand Servers, Infrastructure then finally Update Server to list the WSUS server as attached.


Now the update server has been added to VMM, the update categories, products and so on need to be configured and baseline policies to be created and assigned.

NOTE: To configure VMM to use a WSUS server shared with Configuration Manager, we have to manage all the WSUS settings in SCCM rather than SCVMM. Open the VMM console, select the Fabric workspace, expand Servers, Infrastructure then Update Server. Right click on the update server and on the General tab of the properties window, make sure the Allow update Server configuration changes is unchecked.


Leave a Reply

Your email address will not be published. Required fields are marked *