Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Support Multiple Updates on Local Update Server e.g. ESR and Release

  • 3 replies
  • 2 have this problem
  • 1 view
  • Last reply by Mike Kaply

more options

I'm operating in an environment with 1,500 - 2,000 clients managed through a combination of SCCM, and Intune. We're transitioning over to ESR for all of our clients however a large portion of them are Release version.

For the Release versions the plan is to give them ESR when their system is replaced or reimaged via SCCM (we're still rolling out windows 10) but in the mean time we want to keep them updated. I attempted to use the msi to just install the version we want but it blew up on my first test group. too many variables in the installs and versions to contend with.

Instead of using the straight installer method I was looking at setting up a local update server and allowing our clients to grab from that . However its not clear if I can host both an ESR and a Release update on the same update server? that would be ideal since it would keep the release clients and the ESR clients updated while we work through getting everyone to ESR.

Or am I just going about this the wrong way? I'm open to any help or suggestions

I'm operating in an environment with 1,500 - 2,000 clients managed through a combination of SCCM, and Intune. We're transitioning over to ESR for all of our clients however a large portion of them are Release version. For the Release versions the plan is to give them ESR when their system is replaced or reimaged via SCCM (we're still rolling out windows 10) but in the mean time we want to keep them updated. I attempted to use the msi to just install the version we want but it blew up on my first test group. too many variables in the installs and versions to contend with. Instead of using the straight installer method I was looking at setting up a local update server and allowing our clients to grab from that . However its not clear if I can host both an ESR and a Release update on the same update server? that would be ideal since it would keep the release clients and the ESR clients updated while we work through getting everyone to ESR. Or am I just going about this the wrong way? I'm open to any help or suggestions

All Replies (3)

more options

Yes, you can totally host your own update server and do esr and release update.

They send different URLs to the update server.

I'm curious, though, why you wouldn't just let Firefox update itself?

more options

Well it's complicated.

First We have some systems that have to run legacy apps that right now only reliably run on ESR however we have a mixed bag of systems with regular FireFox and ESR in the wild so we don't want to miss one in favor of the other for updates

Second a lot of the systems we support are deliberately isolated from the internet 911 dispatch for instance, internal video surveillance for another and we already use a combination of SCCM / GPO / DSC / WSUS to provide OS and other critical updates to these isolated systems we wanted to do the same with our browser updates to keep up with security bulletins

But thirdly as a general rule we don't just blindly let ANYTHING update especially something like browsers because any time we have it's bit us in the butt and caused issues with the myriad of legacy applications our end users have to use. With an intranet update server we stay in control of it but we can still keep our clients updated

more options

Makes sense.

We do allow you to change the Update URL via policy and we do provide some info on setting up your own update server here:

https://developer.mozilla.org/en-US/docs/Mozilla/Setting_up_an_update_server

You can flip the preference app.update.log to true and see exactly what the URLs we are serving look like in the Browser console. That's the best way to see what's going on.

Then you can just copy the XML and the download of the MAR file (MAR files are our update files)