Patches missing in SCCM 2012

Similar Messages

• Handling of pending reboot, exclusive updates for patch management with SCCM 2012

  Hello,
  Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
  Assuming I have the following:
  - A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
  - A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
  - Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
  --> when the maintenance window will be reached:
  - will the server first be restarted to clean the pending reboot ?
  - will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
  Another scenario on workstation side:
  - can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
  would have the following behavior. For instance:
  - patches are automatically installed on Monday at 10 AM
  - as soon as deployment is done, warning message is displayed to ask users to reboot
  - then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
  --> Can such a scenario be managed by SCCM 2012 ?
  Regards.

  Hi,
  I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012.  Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked?  There seems to
  be only 2 different options for reboots, Suppress them all or don't suppress them at all.  We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
  a notification that their machine needs to be rebooted (at their convenience). 
  We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
  option to postpone or delay.
  This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
  For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
  Please tell me there is a way to achieve our desired result.
  Thanks,
  Dan 

• Control SMSPKG Folder creation in a Particular Partition - SCCM 2012

  Hi Team,
  In SCCM 2012 SP1 environment I have the following hierarchy :
  1 CAS
  2 Primary
  5 Secondary under each Primary
  Secondary Server has 3 partitions C ( 100 GB ), D ( 50 GB ) and E ( 500 GB ).
  C has the OS
  D has the SCCM installed + SQL Express
  E has the Software Content Library, Patches, SCCM backup etc....
  Now when the SCCM Secondary server was installed, During the DP role installation, I chose E drive for Software Lib and package share ( Primary option ) and Secondary as Automatic in both the cases. Based on this configuration, Software Lib and package share
   ( SMSPKGE$ ) got created in E Drive as expected. But SMSPKG folder got created in D Drive which we do not want.
  Now whenever we distribute big package e.g 15GB OS image to Secondary server DPs, it uses D drive SMSPKG folder for the PCK file and fails due to insufficient space in D Drive. 
  What we want is....... that SMSPKG folder should be created and used on E drive which has ample space and should not use SMSPKG folder on D Drive.
  Please let me know if you need any further details in this regard.
  Thanks in Advance for your help
  Mike

  Hi Jorgen,
  Thanks for your reply. 
  That stage has gone as the installation was done 1 month back without
  NO_SMS_ON_DRIVE.SMS file at that time and now we are facing this space issue. Also, I have already tried below options with NO Success :
  1.  Remove DP role from Secondary server, created NO_SMS_ON_DRIVE.SMS file and then again created the DP role back. When the package was pushed to Secondary server DP, it again created and  SMSPKG
  folder in D drive, ignoring the .SMS file.
  2. With DP role in-place,  created NO_SMS_ON_DRIVE.SMS file and again pushed the package. Same result as above..... used the SMSPKG folder on D
  Drive, ignoring the .SMS file.
  3. Under the Windows shares, removed SMS_CPSC$ share mapped to C:\SMSPKG and created SMS_CPSD$ share with same permission level and mapped that to newly created D:\SMSPKG, but no fun... when I pushed the package, it again created SMS_CPSC$ share mapped
  to C:\SMSPKG and used it.
  4. Used Contentlibrarytransfer.exe ( available in R2 toolkit ) to move the SMSPKG folder to E Drive.... it did but when I pushed a package again..... it created SMSPKG folder in D drive and started using it.
  5. Under the Windows shares, used the same SMS_CPSC$ share and mapped that to D:\SMSPKG , but no fun... when I pushed the package, it replacedD:\SMSPKG to C:\SMSPKG and used it.
  In SCCM 2007 we used to have a very simple option to specify the Drive letter where we want to keep the compressed files.... which I see missing in SCCM 2012....or I'm not able to find it.
  Please suggest.
  Regards,
  Mike
  [email protected]

• SCCM 2012 Software Updates not installing (bothh Windows patches & 3rd party updates)

  Using SCCM 2012 R2, I am having a problem getting Windows updates to install.  Applications published to people work, and basic software installations published to machines for a straight install work.  However, both Windows patches and Adobe patches
  fail to install on clients. I have imported the Adobe catalog into SCUP, and publish through WSUS. I can see the Adobe patches and Windows patches in SCCM, and can publish them. However, in deployment status out of 4 machines in my test group the Windows patches
  installed on 1 and the other 3 are still in Unknown status with category of "Client check passed/Active". However, none of them are installing the patch - they don't even seem to try.  All of those are Windows 7 PCs, incidentally. On Adobe patches,
  one PC fails and the other 3 machines still sit in Unknown status.  Certificates are distributed,
  Any ideas what might cause the deployment to not push some targets, even when it's past the deadline?
  Thanks,
  Andy Maslin

  An unknown status means that the clients are not reporting back to ConfigMgr correctly. This is often due to the WUA not pointing at the correct WSUS instance. You can verify this by examining the WUAHandler.log on one of those clients and it will clearly
  indicate an issue with this which in turn is often due to a group policy overriding the ConfigMgr behavior.
  Jason | http://blog.configmgrftw.com

• Windows 8.1 Mobile Device Management and SCCM 2012 R2 - 'Turn on' option missing

  I am trying to test a virtual desktop with SCCM 2012 R2 integrated with Intune. There is no Configuration Manager client on the workstation, the Intune subscription is configured and enabled for Windows enrolment, AD is synchronizing with Intune, DNS has
  the enrolment record added and resolves, the user can logon to Intune from the client using Internet Explorer and the client has had the registry key added with the DiscoveryService  configured to manage.microsoft.com. The problem is that on
  the 8.1 workstation in Workplace Settings the only option is 'Join' and the 'Turn-on' option is missing. How do I get it to appear?

  Yes I am using an activated version of 8.1 Enterprise, it is in a workgroup and I am logged in as a member of the local Administrator's group but not Administrator. I even joined the domain again and then removed it. Still there is only the 'Join'
  option and no 'Turn on' option. This is driving me nuts.

• Software Distribution & Patching Design Issues - Migration of Packages SCCM 2007 to Application or Conventional Packages in SCCM 2012

  Hi All
  I am starting in discussion to deep root on Software Distribution & Patching model in large environments from SCCM 2007 migrating to SCCM 2012.
  Below are certain assertions i am putting forward for your expert views or you may in a similar situation
  1- I have migrated the packages from SCCM 2007 to SCCM 2012 as conventional methods, now i am deploying them [ not migrated the advertisements and collections ], so while deploying i am facing a peculiar situation that the deployment when created is of the
  name "<<Package name>>(program)". I am not able to rename the deployment for the conventional packages. is there a way out to that??
  2- Will the collection queries work the same in SCCM 2012 as was in SCCM 2007??
  3- In SCCM 2012 Primary site there is default role called Site System role in that there is tab for proxy settings. I have observed that if do not check the proxy tab there and punch in proxy IP and port then after some time in the WSUS server the update
  source and proxy server tab the proxy option gets unchecked and hence the sync in software update point status appears failed. Is that anyone else also has observed !!!!!
  Regards Sushain KApoor

  This is a duplicate of
  https://social.technet.microsoft.com/Forums/en-US/2ddb8170-529b-4652-830e-fd0ade384b98/software-distribution-patching?forum=configmanagermigration
  Please do not double post.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Install offline update patches on SCCM 2012

  Dear every one,
  Could you help me how to install offline update patches for windows on SCCM 2012?
  Please show me some materials or any link to learn it
  I'm on my way to research and deploy it
  Thanks show much!!!

  Dear Arnavsharma,
  Yes, I mean to talk about MS updates.
  I have read your topic that you show, but my situation is difference
  the first purpose, I built SCCM 2012 to update Definitions for System center Endpoint Protection 2012 through Software update Point. It 's still working normally
  And now, I need to do more tasks with SCCM 2012. I need to deploy some specify offline MS update which locate in Server through SCCM.
  Because, this MS updates has been built reserved for my Company, so it's not available on Micsoft
  Could you help me ?

• SCCM 2012 Client - Powershell to Patch and Reboot

  Powershell script to install all outstanding security patches and reboot server having sccm 2012 client.
  ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] (Get-WmiObject -Query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK')); 
  while (!((gwmi -Namespace 'ROOT\ccm\ClientSDK' -Class 'CCM_ClientUtilities' -list).DetermineIfRebootPending().RebootPending)){
  Write-Host "Patching";Start-Sleep -s 120;
  if((gwmi -Namespace 'ROOT\ccm\ClientSDK' -Class 'CCM_ClientUtilities' -list).DetermineIfRebootPending().RebootPending)
  {(Get-WmiObject -Namespace 'ROOT\ccm\ClientSDK' -Class 'CCM_ClientUtilities' -list).RestartComputer()}

  If your clients are member of an Active Directory, you could also use a startup script to update the client.
  Jason has a very popular script you can use:
  http://blog.configmgrftw.com/configmgr-client-startup-script/
  Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
  www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
  @ronnipedersen

• Adobe Flash appears to be installing with SCCM 2012 deployment, but ActiveX is missing

  I have found that even though SCCM 2012 deployment has installed flash, I later find that Active X is missing and that it is missing a registry key ?
  HKLM:\Software\Microsoft\Macromed\FlashPlayerActiveX
  Anybody have this problem?

  Yes, look at http://forums.adobe.com/thread/1447047

• Installing MS Office Updates using SCCM 2012 patch management.

  Hi,
  We have SCCM 2012 in our customer environment, we would like to deploy MS office 2012 non-security updates using SCCM patch management. Can someone help me how to configure non-security updates on SCCM 2012 and deploy the same.
  Regardsm
  Madhan

  The process of deploying non-security updates and security updates are the same.
  As a side note:
  To reduce the numbers of required updates, you can also download service packs, and other updates (msp files) and copy them to the update folder of your Office installation source. Then they will be installed as part of the Office deployment process.
  Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
  www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
  @ronnipedersen

• WSUS with SCCM 2012 - Products Missing, and Best Practices

  Good morning all
  I am integrating SCCM with WSUS, and I have a few questions regarding products.  I've noticed when running through the "Add site system roles wizard" in SCCM 2012 console that when I go to "Products" it does NOT list a few major
  products, such as office 2013, sql server 2013, exchange 2013, etc. 
  Am I missing something? I'm sure I am...what do I need to do? 
  Also, if there are any other gotchas or best practices you all can point me in the right direction as far as managing SCCM / WSUS together i'd be greatly appreciated. 
  Thanks so much!

  Do not use WSUS Console to manage the updates. All you things you can finish is in the SCCM Console. Refer to the link posted by Jason.
  Juke Chou
  TechNet Community Support

• SCCM 2012 PXE setup error PXE-E7B - Missing MTFTP Server IP Address

  Have just configured PXE on our new SCCM 2012 server.  Seems like it should be simple to setup.  66/67 options are setup as is IPhelper.
  When PXE booting a client it hangs at the DHCP prompt and then throws the following error:
  PXE-E7B - Missing MTFTP Server IP Address
  Any ideas what the problem might be?
  Thanks

  PXE is enabled on DP and WDS service running fine.  There are both 32 and 64 PXE enabled boot images uploaded on DP. When trying to PXE boot a VM on the same subnet as the SCCM 2012 server you see entries in the smspxe.log.  The PXE doesn't
  work because there's no DHCP scope available, but you can see PXE reacting and it throws a different error PXE-E52: No DHCP offers were received.  When you try PXE booting on a different subnet nothing appears in smspxe.log, as you say it's like it's
  not seeing the PXE traffic at all.
  Network guys have confirmed IP helper setup for old and new SCCM servers.  Discard, echo, and 4001 access allowed. 

• SCCM 2012 CU1: client patching needed?

  Hi,
  We installed SCCM 2012 R2 patch on the sccm server some time ago.
  Now I wonder:
  -do we need to take specific actions to update existing clients? -probably yes -deploying the package sccm 2012 client that the upgrade installed?-
  -new deployed clients take the CU1 update automatically in their deploy, correct (I noticed that somewhere in a log if I remember correct)
  -what would be the impact if we do not take actions (as for now no issues).
  J.
  Jan Hoedt

  Yes, you need to deploy CU1 to the clients -- it is in no way automatic (unfortunately).
  Here's the official guidance for deploying updates: http://technet.microsoft.com/en-us/library/jj553405.aspx
  There aren't any specific negative ramifications of not doing so, but anything added by CU1 -- like fixes -- won't affect the client if the client doesn't have the CU installed also.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• SCCM 2012: install individual patch, not visible in monitoring

  Hi,
  I was deploying a single Windows patch via SCCM 2012. Now this seems to work fine (I can see the deployment status) BUT I cannot see it in monitoring.
  When I add the patch to a "Software Update Groups", I CAN see it in monitoring.
  My question: what's the logic behind this? Why would I use an individual deployment if there is no monitoring built in. I'd need to know the KB then look into the software updates, select it and select the deployment status. Then also nobody sees that this
  deployment exists since it doesn't appear anywhere else.
  In other words fully useless(?)
  Please advise.
  J.
  Jan Hoedt

  Hi,
  You can follow up a single update using a report or the Software Updates view on required/installed column but not under montioring,.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SCCM 2012 integration with SCOM 2012 - Disable Alerts during patching

  Have SCCM 2012 R2 and SCOM 2012 R2 and use the Software Update Patching process for servers.  When using the checkbox to "Disable Operations Manager Alerts when this program runs" option have noticed on completion of the job and the target
  server is rebooted, a scheduled task appears for a short time titled "SCOM 2007 Agent Resume Task".  The task disappears and there is no history to view.
  Is this a legacy naming convention from 2007 world when the maintenance mode is turned off from the SCCM patching process?
  How do I see the actual code behind the SCCM and SCOM integration with Maintenance mode to validate it.

  SCCM should use the following SCOM SDK to do that.
  http://msdn.microsoft.com/en-us/library/bb437532.aspx
  That's incorrect. There is no API or method to put an OpsMgr agent into maintenance mode on the client itself -- maintenance mode is a centrally controlled feature of OpsMgr. The API/code sample you linked is performing that activity on the management server
  which assumes you know the management server name and have permissions to carry out the action -- neither of which is fulfilled by the ConfigMgr agent.
  The ConfigMgr agent pauses the OpsMgr client agent service and also unloads the workflows from the OpsMgr agent (it only did the first part in ConfigMgr 2007). This effectively puts the agent in Maintenance Mode (although to my knowledge this is not directly
  reflected in the OpsMgr console).
  Jason | http://blog.configmgrftw.com