There are 3 different types of ways to upgrade WSUS.

1. Install the new Server OS, install the WSUS role synchronizing with Microsoft Update, creating your groups, adjusting your settings, and then changing your GPOs over to the new server.
2. An In-place upgrade of the server OS, where you just upgrade the OS over top of the current OS, thereby upgrading WSUS to the latest version. You then should check to make sure WSUS uses the same ports (a change from 2008 [80/443] to 2012+ [8530/8531])
3. A migration from the old WSUS server to the new WSUS server. This is my recommended way. It is the easiest, and most efficient when not doing an in-place Server OS Upgrade. You get all of the updates, all the approvals, all of the groups, and all of the configuration from the old WSUS server locally so that you don’t have to redownload any of the updates. The sync to the old WSUS server should be fairly fast and you don’t start from scratch, but rather start off where you left on the old server.

To accomplish the migration, install the new WSUS Server as a downstream replica server getting it’s updates from the old WSUS Server (Synchronize from another Windows Server Update Services server in replica mode). Let the downstream sync with the upstream and finish syncing all of the data from the upstream. Then promote it to an upstream by changing the “Update Source and Proxy Server” options window back to Microsoft Update by deselecting replica server, and then changing the radial dot to “Sync from Microsoft Update” and click OK. You’ve now made an exact replica of your WSUS server – change your GPOs over to your new server and you’re done.

Don’t Forget About Those Pesky WSUS Ports!

Server 2008 uses ports 80/443 and 2012+ uses ports 8530/8531. Make sure you make these changes in your GPOs and include the port reference (http://server.domain.local:8530, or https://server.domain.local:8531). Let your systems re-connect with the new server and then you can turn off your old server.

Don’t Forget About The WSUS Maintenance!

To quote myself in Part 8 of my blog series on How to Setup, Manage, and Maintain WSUS:

Just because you’ve installed a new WSUS server, doesn’t mean that it’s clean or optimized; it just means that it’s NEW!

Make sure that you perform all of the WSUS Maintenance on this system. There are still optimizations that are required that do not transfer over with the migration process. With WSUS Automated Maintenance (WAM) © simply install the software and allow it to run the -FirstRun. It’s that easy!