Make the SCCM computer account a member of local administrators on your WSUS server
On the WSUS server, startup Server Manager and expand Configuration and bring up Local Users and Groups.
Click on Groups and then Double click on Administrators and click on Add. For ‘Select This Object Type’ click on Object Types, enter your administrative credentials if asked.
For object types, select computers and click ok.
click on Advanced and then Find Now
Select the SCCM computer object from the list and click ok, this is important as we want to grant our SCCM server access to control the WSUS server, failure to do this will result in ConfigMgr Status Error Messages in the SMS_SITE_COMPONENT_MANAGER log.
click ok again twice.
Install the WSUS server as a site system in SCCM
Expand the Site Database, Site Management, Site Settings node in ConfigMgr, and then expand Site systems. Right click and choose New, Server.
when the new site system server wizard appears enter your details like below paying close attention to the FQDN field
Note: When the computer account for the site server has access to the site system server and the site is in mixed mode, the settings on this page are optional. When the computer account does not have access to the site system server or when the site is in native mode, the following settings should be configured:
Specify a fully qualified domain name (FQDN) for this site system on the intranet: This setting must be configured for the active software update point site system when the site server is in native mode or when it is in mixed mode and uses Secure Sockets Layer (SSL). By default, this setting must be configured.
Specify an Internet-based fully qualified domain name for this site system: This setting must be configured for the active software update point if it accepts Internet-based client connectivity or for the active Internet-based software update point site system.
Use another account for installing this site system: This setting must be configured when the computer account for the site server does not have access to the remote site system.
Allow only site server initiated data transfers from this site system: This setting must be specified when the remote site system does not have access to the inboxes on the site server. This allows a site system from a different domain or forest to store the files that need to be transferred to the site server. The site server will periodically connect to the remote site system and retrieve the files. The Internet-based software update point might require this setting to be enabled.
Note: you may mistakenly enter something like wsus.windows-noob.local which would be wrong, it needs the FQDN which would be wsus.sccm2007.windows-noob.local, a simple PING test to the FQDN will resolve any confusion.
Select Software Update Point as the site role and click next
enter your proxy settings if you have any then click next
for Active Software Update Point, select the checkbox as below
click next and verify your synchronisation source
leave synch schedule on 7 days
leave the classifications as they are *we can change them later if needed*
select your products, be careful to only select what you need or it wil take forever to download everything…
select your desired language (i chose english only)
review the summary and click next and then close.
On the ConfigMgr server, you should now see the newly added site system.
Expand the Software Updates node in ConfigMgr and right click on Update Repository, choose Run Synchronisation.
answer Yes when prompted