Migrating WSUS to a new Windows 2016 server, and 2014 standalone SQL server

Plan is to retain current WSUS data and configuration while moving the SUS service from old Windows 2016 TP 5 server to an new fully licensed Windows 2016 Standard server, and move database from WID to a standalone SQL 2014 server.

1)   Setup a new Windows 2016 Server, update. Patch, reboot. Install the WSUS role on it, choose the WID database during the install. Make sure to point to a drive\folder for wsusContent.
a. Copy the wsusContent folder from old server to the new one. Make sure you placing it to the proper drive\path, you identified during post-install configuration for new WSUS service.

I highly recommend to designate a separate drive for the wsusContent folder, and enable Windows Deduplication on the drive, that gives you about 30%-38% of space savings, about 150GB in my case.

2)  Install SQL Management studio on the old WSUS server
Start SM studio and connect to SUS’ WID database, make sure that you running the SM Studio with an escalated privileges:

You could use your Domain Admin account in order to connect to the WID database. Once logged in, right click on the SUSDB database, and check its current size to make sure that we have enough disk space prior to backing it up.

I already have another SUSDB database on our SQL server, so I am saving this server’s SUS DB backup with a different name(SUSDS2), and will have to use the backed-up name while restoring it on the SQL server.

Once the backup is ready copy it to the SQL server, Open up your SQL Management Studio, and “Restore database”, make sure to name new DB name accordingly to meet your requirements.

Now, still on the SQL server, you will need to grant your new WSUS server account access to the SUSDB database itself, so it could do its read/writes/updates. Identify the WSUS server’s computer account name and replace WSUSServer$ with it, and then run the below query:

It should return a successful message.

Further adjustments needed:

Go to [SQLServerName]\Security\Logins, find “[YourDOmainName\WSUSServer$] ” login
– Double click on the name, or right-click and open Properties
– Click User Mapping
– Tick the checkbox for SUSDB (SUSDS2) in my case
– Select db_owner and webService (leave public <checked)

Click close ,and exit the SQL Management Studio

3) Back to new WSUS server.

a. Open the Services,
i. find “Windows Internal Database” service and change its startup from Automatic to Manual or just disable it.
b. Open registry
c. Traverse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup
d. Under “SqlDatabaseName” type in the new DB name, in my case that is SUSDS2
e. Under “SqlServerName” type in the SQL server’s FQDN name, example ; sql1.labs.shaulov.us
Under “SqlAuthenticationMode” make sure that it still says WindowsAuthentication, so don’t change it.

4) Still on the new WSUS Server

a. Go to Services,
b. Find “World Wide Web Publishing Service” service
c. Click the “Log on” tab, and check mark “Allow service to interact with desktop”
d. Open CMD with elevated privileges, and run “iisreset”

Reboot the server, login back, and open WSUS MMC. Now you should see previously created computer groups, and their memberships intact. It might take some time for wsusContent folder to re-populate. In my case i copied over the data from old server.

Ideally the same steps should work for moving 2003/2008 WSUS server, with one notable difference; you could use SQL 2008/R2 as your SQL server.


References/ Credits: