Change configuration settings for the WSUS Web service

As part of deploying the WSUS Web service on a WSUS server, you define how SA connects and imports patches from WSUS via the WSUS Web service.

You can change your settings at any time, from the two WSUS Web service configuration files: WsusConfig.config and Web.config. These XML files are available on the machine that holds the WSUS server, under C:\inetpub\wwwroot\[your folder].

To change metadata import settings:

By default, SA imports metadata only for patches that the WSUS Administrator marked as Approved. You can edit this filter to import Declined and Not Approved patches as well.

You cannot change the list of patch products and patch locales that SA reads from WSUS. This list is defined by the WSUS administrator on the WSUS side.
  1. On the WSUS machine, go to C:\inetpub\wwwroot\<folder_where_you_deployed_the WSUS_Web_service> and open WsusConfig.config.
  2. Find the includeApprovedUpdatesOnly attribute and set it to False.
  3. Save your changes and close the XML file.
  4. Restart the IIS site that holds the WSUS Web service.

To change connection settings:

The WsusConfig.config XML file defines the IP, port number and specifies whether the connection between the WSUS server and your WSUS Web service is secure or not. To change the connection or the URL of the WSUS Web service:

  1. On the WSUS machine, go to C:\inetpub\wwwroot\<folder_where_you_deployed_the WSUS_Web_service> and open WsusConfig.config.
  2. Find the serverName attribute and change it to use the new hostname or IP of your WSUS Web service.
  3. Change the port number if required.
  4. Set the secureConnection to True if you want to create an SSL HTTPS connection between the Web service and the WSUS server.

  5. Save your changes and close the WsusConfig.config XML file.
  6. Open the XML file Web.configand remove the bindingConfiguration="secureHttpBinding line if you want to create an HTTP connection. To create an HTTPS or both an HTTP and HTTPS connection, make sure the following line is available in the XML file: <endpoint address="" binding="webHttpBinding" bindingConfiguration="secureHttpBinding" contract="WsusREST.IWsusREST" behaviorConfiguration="web"></endpoint>.
  7. Go to IIS and ensure that the connection endpoints defined in the Web.config XML file mirror your current IIS binding settings. For secure HTTPS connections, make sure the Require SSL option is enabled for the following pages of the WSUS Administration node in the Connections pane: APIRemoting30, ClientWebService, DssAuthWebServicee, ServerSyncWebService and SimpleAuthWebService.
  8. Restart the IIS site that holds the WSUS Web service.