My SCCM 2012 server is listed in the Windows updates local policy

Similar Messages

• Manage SCCM 2012 clients in DMZ (OS Deploy, Windows updates) via DP/MP

  Hi,
  We ’d like to manage (=OS Deploy, Packages,Windows updates) Windows clients (Windows 2008/2012 R2 servers for now, about 20 of them) in a DMZ (= different domain).
  There is this article
  https://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ which explains what to do … in 2011. Since then lots of things are changed I guess
  Before I dive in, I’d need to have an overview + do some administrative tasks (like asking for firewall accesses).
  Current setup DMZ:
  Our SCCM 2012 R2 server is on a Windows 2008 R2 OS
  Client communication is done via HTTP (not HTTPS)
  An extra physical Distribution point is setup (only DP, nothing more) in our current domain
  A new Windows 2012 server is setup in the DMZ which should host the DP and probably management point (since it should manage the clients over there)
  There are clients in DMZ that are currenlty managed by SCCM 2007 but 
  this server will be phased out, these client have:
  Correct sccm functionality
  Correct DNS resolution
  My steps/questions, please comment:
  Add the DMZ ip range to SCCM 2012 boundary as “DMZ”
  Add the network access account to be able to deploy as well clients as distribution point in DMZ
  In the DMZ accesses on firewall for server VLAN have to be asked
  When we have a distribution point and communication is “HTTP only” then http (port 80) from DMZ to sccm server should suffice, correct? Or are
   extra firewall openings needed for management point access/packages and windows updates sync?
  Now the sccm clients will be deployed to the servers in DMZ: deploy SCCM clients to hosts in DMZ, how this should be done: we connect a console to the SCCM-server in the DMZ then deploy the discovered clients?
  OS Deploy should be made available, but no dhcp is available in DMZ and it is not an option either, therefore we would boot from an ISO then enter an ip (or pre-enter it so there is already filled in an ip?). So tasksequences/deployments
  for servers in DMZ, where are they configured/deployed then? Via console access on DMZ management point or can we deploy on our domain SCCM management point (not in DMZ) and it will be synced to the DMZ management point? Not clear
  Selective sync of software to this distribution point (howto? not sure), we don’t need any Windows 8 software/drivers to be synced.
  Thanks for your input!
  J.
  Jan Hoedt

  No comment;
  I think you mean the client push installation account and the site system installation account;
  More ports are required, see site server > distribution point and distribution point > management point from the provided link;
  The console will always be connected to your primary site server. The client will be pushed from the primary site server and it will provide the initial files. The other files will be downloaded from the local distribution point;
  The task sequence deployment will be just like a normal taks sequence deployment. The only difference is the location of the server;
  Only the content that's distributed to the distribution point in the DMZ will be available on that distribution point.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Unable to reinstall WSUS on SCCM 2012 Server

  I'm trying to reinstall WSUS on my SCCM 2012 Server after having removed the SUP role from SCCM and then following
  these steps to remove WSUS from the server. However I am not able to reinstall WSUS. I also tried all of the steps outlined
  here but no luck. Here are the results from the WSUSSSetup.log:
  2014-05-05 12:16:44  Success   MWUSSetup          Detected that setup was launched through Server Manager
  2014-05-05 12:16:45  Success   MWUSSetup          Validating pre-requisites...
  2014-05-05 12:16:45  Error     MWUSSetup          Failed to determine if an higher version of WSUS is installed. Assuming it is not... (Error 0x80070002: The system cannot find the file specified.)
  2014-05-05 12:16:45  Error     MWUSSetup          WSUS is outdated. But this will not block setup (Error 0x00000000: The operation completed successfully.)
  2014-05-05 12:19:05  Success   MWUSSetup          Initializing installation details
  2014-05-05 12:19:05  Success   MWUSSetup          Skipping Asp.Net install since not running on win2k3...
  2014-05-05 12:19:05  Success   MWUSSetup          Installing wYukon using ocsetup
  2014-05-05 12:19:05  Success   MWUSSetup          Installing Windows Internal database using ocsetup with command line as "ocsetup "WSSEE" /quiet /norestart"
  2014-05-05 12:19:16  Error     MWUSSetup          The process ocsetup "WSSEE" /quiet /norestart returned error: 0x643 (Error 0x80070643: Fatal error during installation.)
  2014-05-05 12:19:16  Error     MWUSSetup          ExecCmd failed (Error 0x80070643: Fatal error during installation.)
  2014-05-05 12:19:16  Error     MWUSSetup          Install Windows Internal database: Failed to execute "ocsetup "WSSEE" /quiet /norestart" (Error 0x80070643: Fatal error
  during installation.)
  2014-05-05 12:19:16  Error     MWUSSetup          CInstallDriver::PerformSetup: Installation of wYukon failed (Error 0x80070643: Fatal error during installation.)
  2014-05-05 12:19:16  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
  2014-05-05 12:19:23  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
  I am at a loss, any suggestions would be greatly appreciated. Perhaps I can try installing SQL express and use that as my database rather than WID, since the problem appears to be with WID installation?
  Shaun

  Another question then - is it okay to have WSUS reside on the same server as SCCM, but without using SCCM SUP role to manage updates?
  I would strongly discourage it. If you're using a single Configuration Manager instance, then most notably ConfigMgr installs an SSL-enabled Management Point website which has been known to interfere with a non-SSL standalone WSUS server.
  But perhaps more importantly, looking for the long term, if at some point you determined you wanted to enable a Software Update Point, you'd be backed into the corner with your standalone WSUS already installed on the Site Server.
  Converting an in-use WSUS Server to a SUP is fraught with complications, the least of which is being without a patch management environment for some period of time whilst you "convert" from standalone WSUS to ConfigMgr Software Updates.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Why is it not possible to move a SCCM 2012 Server to a new Domain?

  Hello everybody,
  I know it is not supported to move a SCCM 2012 Server to a new Domain. But I am still missing why it is not supported or possible....
  I could not find anything that explained it in detail on the forums/internet. So when the question comes up in front of a customer it is always better to have a good argumentation...Can somebody describe the reasons why??
  Thank you very much in advance!

  Have them call CSS then.
  It's ultimately the result of the design of the product but not an explicit decision. To my knowledge, it relies on the domain name for certain things and this is explicitly embedded with no defined way to change this. Could it be changed? Probably.
  But, that would take a lot of work and effort and is not something Microsoft has ever invested any time in.
  The grass is green and the sky is blue. Knowing why doesn't change these.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• How to find using SQL query application deployed on win 7 machines with SCCM 2012 server or user installed manually.

  Hi,
  how to find using SCCM SQL query,  application deployed on win 7 machines with SCCM 2012 server or user/technician installed manually. Please let me know.

  Thanks, is it not possible via any script also?
  Like Torsten said, how can you tell the difference between CM12 installed applications and locally installed? Once you can answer that, then you can write report.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server

  How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server
  Thanks in Advance
  NTRao

  Hi,
  There are numerous ways to change the cache size.
  You could deploy a vbscript to a collection of the devices.
  On Error Resume Next
  Dim UIResManager
  Dim Cache
  Dim CacheSize
  CacheSize=20000
  Set UIResManager = createobject("UIResource.UIResourceMgr")
  Set Cache=UIResManager.GetCacheInfo()
  Cache.TotalSize=CacheSize
  Or you could use a configuration item.
  http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/
  You can also use the right click tools by Now Micro on a collection, if all the servers are on this would be the easiest / quickest way.
  http://www.nowmicro.com/recast/right-click-tools/
  http://www.david-obrien.net/2013/02/how-to-configure-the-configmgr-client/
  select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%6.2%'
  https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

• Migrate SCCM 2012 server

  I have a working Primary SCCM 2012 SP1 server in my environment. Now company has aquired another company which is in another domain and forest. We are in the process of migrating them to our domain.
  Problem is another company already has an SCCM 2012 server with 300 client and they want to join that server to our existing SCCM 2012 primary server and they want to manage the patches and OSD through it.
  Can someone please guide how can we add their server to our primary server and where can we give them access to manage their environment

  Nothing to guide, what they want is not possible: not only can you not change the domain membership of COnfigMgr site server/system but you cannot join a primary to another primary in 2012. It also makes no sense, that's what RBA is for in ConfigMgr 2012.
  Jason | http://blog.configmgrftw.com

• SCCM 2012 Operating System - is it the recommended OS today

  I would like to confirm that the 2012 server Operating System is the preferred OS for SCCM 2012 at this time.
  Is it performing well without issues?
  I would like to upgrade from SCCM 2007 using 2003 OS to SCCM 2012 with 2012 Server Standard.
  K. Smith

  All supported OSes will work, but I'd use the lastest one (Server 2012 R2) if possible.
  Torsten Meringer | http://www.mssccmfaq.de

• Is there a way to change the Windows Update service startup type on Windows Server 2012 R2?

  We have a number of newly built 2012 R2 servers that we have HP Operations Manager agent running on that monitors the status of several services and reports if they are "stopped". One of these services is Windows Update. Every day we
  get at least one alert saying:
  "Service "Windows Update" is not started. Current state is stopped"
  Checking the event logs shows that the Windows Update service stops, then a while later it just starts again. Not an error, just an information event.
  In Windows 2012 R2 the Windows Update service is set to "Automatic (Trigger Start)", where in previous versions we run (2012/2008R2) it would be set to just "Automatic" or "Automatic (Delayed Start)"
  I have come to understand that this behaviour is normal for Windows 2012 R2, and that Trigger Start services by design stop themselves after a period of inactivity. I was unable to find any info on how this works. Our client would like this to
  be changed and the Windows Update service stay running all the time, understanding that this impacts performance.
  Is there a way to change the Windows Update service in Server 2012 R2 to the old Automatic startup behaviour so that it stays running all the time instead of stopping and starting periodicall? There is no option to do this via the services mmc
  gui.
  So far I have tried:
  Removing the Triggers using the command: sc triggerinfo wuauserv delete
  This works temporarily, the service then shows as just Automatic in the services console, however if you restart the server or restart the service it goes right back to being Automatic (Trigger Start).
  Any kind of help would be appreciated.

  This one might help.
  Allow configuration of Automatic Updates in Windows 8 and Windows Server 2012
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Can't install the Windows Update package KB2674319 (SQL Server 2012 SP1)

  Hi. I need to get the update of my MS SQL Server 2012 installation in order to get the SP1.
  When I run the Windows Update it appears to download well the package.
  Then when it begins to install  I get the error "84C4000E: Se ha producido un error con Windows Update" (our server is in Spanish).
  I have the last updates for Windows Server, a rebooted our server and the issue remains.
  Any idea of what should I do to get the SP1 update?
  Thanks in advance.
  Gustavo.

  Hi Gustavo,
  Based on your description, I suggest you should refer to the following articles. And then check if you can install the update successfully.
  SQL 2012 Server fails in Windows Update with error 84C4000E
  http://techtuxwords.blogspot.in/2013/10/sql-2012-server-fails-in-windows-update.html
  MS SQL Server 2008 R2 SP1 fails with error 84C4000E
  http://techtuxwords.blogspot.in/2011/09/ms-sql-server-2008-r2-sp1-fails-with.html
  If this issue still persists, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Automaitc Updates through SCCM 2012 not showing up on the updates status

  Hi,
  I have configured Automatic Update rule on SCCM 2012 and it works fine but on the client machine i see this.
  This is the update status it shows which means updates are not being installed since long time.
  But when i see the update history it shows me the latest updates installed.
  Why would this happen? please suggest.
  Regards,
  Maqsood
  Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

  Hi,
  That is as expected as the updates are installed using SCCM and not the Windows Update Agent, if you deploy a client using SCCM OSD and install software updates using SCCM and not WSUS/Windows Update it will actually say:
  "Updates were installed: Never"
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SCCM 2012 R2 Pull DP fails, works on Update Distribution Points

  I'm seeing some odd behavior out of a DP, in particular around driver packages. The system is running SCCM 2012 R2.  When I create the driver package I deploy it to the DP on the Primary Site Server. That usually happens in a couple of minutes or less.
  I then deploy to a remote DP configured for Pull.  This generates the log entries below in the PullDP.log. Even waiting hours doesn't seem to help. If I do a Update Distribution Points for the package, it runs successfully.  I know
  there was something similar fixed in SP1 CU3.
  Intializing DP Monitoring Manager... PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  Getting site code PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  Getting DP Cert Type PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  Getting this DP NALPath PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  Report state message 0x00000004 to MP PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  Report Body: <ReportBody><StateMessage MessageTime="20140322004854.000000+000" SerialNumber="1"><Topic ID="ACC0006D" Type="902" IDType="0"/><State ID="4" Criticality="0"/><UserParameters
  Flags="0" Count="3"><Param>ACC0006D</Param><Param>["Display=\\DP.xxxxx.xxx\"]MSWNET:["SMS_SITE=ACC"]\\DP.xxxxx.xxx\</Param><Param>{B187E44B-4BF3-4748-B437-AFF29D679AA3}</Param></UserParameters></StateMessage></ReportBody>
   PullDP 3/21/2014 8:48:54 PM 3564 (0x0DEC)
  CPullDPResponse::ReportPackageState return value 0x00000000. PullDP 3/21/2014 8:48:55 PM 3564 (0x0DEC)
  Start Download  package ACC0006D version 1 PullDP 3/21/2014 8:48:55 PM 3460 (0x0D84)
  Start Download  package ACC00070 version 1 PullDP 3/21/2014 8:48:55 PM 3460 (0x0D84)
  ExecuteJob (1-NotStarted) 9A25E477-3C0C-499E-A0C1-65243BDBCBF0 for package ACC00070, version 1 PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
   Cannot find FileInfo (\\?\E:\SMS_DP$\ACC00070\9A25E477-3C0C-499E-A0C1-65243BDBCBF0.tar), content download failed PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
  CPullDPPkgContJob::ExecuteJob() failed for package ACC00070, version 1 PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
  State at failure: NotStarted PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
  Content job 9A25E477-3C0C-499E-A0C1-65243BDBCBF0 has failed for package ACC00070, version 1 PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
  Package job has failed for package ACC00070, version 1 PullDP 3/21/2014 8:48:55 PM 2712 (0x0A98)
  Bob

  We ended up changing the DP back to a standard distribution point.  That allowed the driver package to distribute successfully.  so as a result I can't access the logs any longer.
  I should note for anyone who goes searching for this that we had problems with every one of our driver packages.  As I dug into it I found the contents, it looked like for some reason that it wasn't being transferred from the download location into
  the final DP distribution location.  It almost looked like SCCM was ignoring driver package types.  I don't know if its a bug or just something quirky about this environment.
  We were hoping to use Pull DP to handle our distributions more effectively, but we've backed off on that because of all the issues we've had with it.  I hate say it, but it appears to be another SCCM 2012 feature that sounds like a good idea, but the
  implementation leaves a lot to be desired.
  Bob

• I tried to send a mail message to too many addees. when the rejection came back "cannot send message using the server..." the window is too long to be able to see the choices at the bottom of it. how can i see the choices at the bottom of that window?

  I tried to send a mail message to too many addees. when the rejection came back "cannot send message using the server..." the window is too long to be able to see the choices at the bottom of it. how can I see the choices at the bottom of that window?

  I tried to send it through gmail and the acct is  a POP acct
  I'm not concerned about sending to the long address list. I just can't get the email and window that says "cannot send emai using the server..." to go away. The default must be "retry", because although I cannot see the choices at the bottom of the window if I hit return it trys again... and then of course comes back with the very long pop up window that I cannot see the bottom of so I can tell it to quit trying...

• Invisible windows appears when trying to open a new window. These windows are listed in the Window list, but I cannot switch to them or close them. This also occurs when I try to "View Source". This was not a problem prior to my 6.0 upgrade.

  I cannot open a new window for FireFox.
  Invisible windows appears when trying to open a new window. These windows are listed in the Window list on the menu, but I cannot switch to them or close them. This also occurs when I try to "View Source". This was not a problem prior to my 6.0 upgrade.
  The Downloads Window cannot be accessed either.
  This is very annoying. Is this a bug? Or is there a fix.

  If anyone is reading this still looking for what caused the issue and how to fix it here is what I discovered.
  The antivirus program our company uses, Bitdefender Antivirus Plus, was causing some of the PDF files not to open. After troubleshooting the different modules and settings the culprit was..
  Scan SSL in Privacy Control Settings. Turning it OFF solved the problem and all the PDF files that previously would not open now open just fine. This issue has been sent to Bitdefender for them to review. If you use a different antivirus program and are having this issue try locating the Scan SSL setting and see if turning it off solves the problem.

• Hyper-V not listed in the Windows Features dialog box

  Hi,
  I'm trying to install Hyper-V on my Lenovo H520s and the feature is not listed in the Windows 8 features dialog box. I've confirmed that I'm running 64 bit windows, that the bios is configured to enable virtualisation etc but no joy.
  Anyone any idea on what this could be?
  Thanks,

  Hello and welcome,
  Have you cold booted your machine since enabling VT?  Some computers don't correctly report VT status to the OS until a full power off - power on sequence.
  No idea if yours is one of them.  Just something to check.
  Z.
  The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.  The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored. ... GeezBlog
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество