Quickest way to install Windows Updates SCCM

Similar Messages

• Proper way to install windows update on Exchange 2010 DAG with one mailbox server in Head Office and 1 mailbox server in DR site both are members of 1 DAG

  Hi Guyz,
  I have this setup in my exchange environment.
  1 DAG with 2 members
  - One member is located in Head Office and the other member is located in DR site. All of the mailbox databases are located only in HO (Plan to add additional second member in HO soon). Now what is the proper way to install windows patches on the
  member in HO? I don't want to move the databases to DR site as much as possible.
  Appreciate your feedback and Many thanks in advance guyz..
  More power to all!
  Regards,

  Hi,
  To update the DAG members with new patches, the update process should be managed to prevent all of the DAG members from being offline at the same time.
  To do this, I recommend you move the active mailbox databases off a particular server so that it can be patched, and if necessary rebooted, without causing any downtime for mailbox users on that database.
  For detailed steps, here is an article for your reference.
  How to Install Updates on Exchange Server 2010 Database Availability Groups
  http://exchangeserverpro.com/how-to-install-updates-on-exchange-server-2010-database-availability-groups/
  Note: Microsoft is providing this information as a convenience to you. The site is not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• SCCM Client PC's failing to download/install Windows Updates

  Hi,
  Last month I noticed that our client PC's, shortly after they had built (using SCCM Task Sequence)  were downloading and installing Windows Updates using the usual Windows Update process. What I mean is, I had Software Centre showing Updates as installing,
  but also had the Windows Update agent installing various updates. It was also showing in the start menu (Yellow icon saying Shut down and install updates). Now my understanding is, that that shouldn't of been happening, and only SCCM/Software Centre should
  be showing Windows Updates as installing.
  I noticed that we had some GPO's set for Windows Updates, which I have disabled, as I believed these were not necessary. Also, I like to control my Updates via SCCM Software Update groups after testing them, and not just allow clients to grab any updates
  that are required and approved.
  My problem now is, none of the clients are getting/installing any updates. I'm getting the following errors in the WUAHandler.log:
  Unable to read existing WUA resultant policy. Error = 0x80070002.
  WUAHandler
  09/04/2015 19:03:29
  8732 (0x221C)
  Group policy settings were overwritten by a higher authority (Domain Controller) to: Server  and Policy NOT CONFIGURED
  WUAHandler
  09/04/2015 19:03:29
  8732 (0x221C)
  Failed to Add Update Source for WUAgent of type (2) and id ({FC358571-80C5-4EAA-8A33-F79AD4C14785}). Error = 0x87d00692.
  WUAHandler
  09/04/2015 19:03:29
  8732 (0x221C)
  So, I've checked in:
  HKLM\Software\Policies\Microsoft\Windowa\WindowsUpdate\ & HKLM\Software\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate 
  and neither have a WSUS server set. I'm assuming this is correct?
  RSOP shows all policies in \\Computer Configuration\Administrative Templates\Windows Components\Windows Update as
  DISABLED
  GPEDIT shows \\Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location as
  Enabled and as our server (https://XXX.XXX:8531) - I'm assuming this is what SCCM client sets as if I changed this setting and then restart the setting comes back. If it was a Group Policy conflict then I
  would expect to see it in RSOP.
  Does anyone have any suggestions? I'm puzzled as to what to look at next. Is my first assumption of having 0 group policies configured for WSUS correct? Am I also correct in assuming Windows Updates shouldn't show in Control panel, or at the Start > Shutdown
  prompt, and only show in Software Centre?
  Thanks, and sorry for the long winded post!

  Hey Jason,
  Thanks for replying and explaining the WUA stuff. That made sense to be but my mind was being clouded by the issue all of the PC's/Clients onsite were, and are still getting. I cleared out the Group Policy cache as detailed on the link.
  - Cleared C:\Program Data\Microsoft\Group Policy\History\*.*
  - Ran a gpupdate /force
  - Restarted PC
  Issue still remains. Here is the output from the WUAHandler.log
  CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3;
  for bundles 
  WUAHandler 13/04/2015 16:14:34 2508 (0x09CC)
  Its a WSUS Update Source type ({FC358571-80C5-4EAA-8A33-F79AD4C14785}), adding it. WUAHandler 13/04/2015 16:15:02 2488 (0x09B8)
  Unable to read existing resultant WUA policy. Error = 0x80070002. WUAHandler 13/04/2015 16:15:02 2488 (0x09B8)
  Enabling WUA Managed server policy to use server: https://(Name.domain of our SCCM SUP):8531 WUAHandler 13/04/2015 16:15:02 2488
  (0x09B8)
  Waiting for 2 mins for Group Policy to notify of WUA policy change... WUAHandler 13/04/2015 16:15:02 2488 (0x09B8)
  Unable to read existing WUA resultant policy. Error = 0x80070002. WUAHandler 13/04/2015 16:15:11 2488 (0x09B8)
  Group policy settings were overwritten by a higher authority (Domain Controller) to: Server  and Policy NOT CONFIGURED WUAHandler 13/04/2015 16:15:11 2488 (0x09B8)
  Failed to Add Update Source for WUAgent of type (2) and id ({FC358571-80C5-4EAA-8A33-F79AD4C14785}). Error = 0x87d00692. WUAHandler 13/04/2015 16:15:11 2488 (0x09B8)

• Some of the machines are not installing windows updates in SCCM 2012 SP1

  I have deployed the current month patches to the machines. But, some of the machines are failed to install.
  Most commonly I am getting the below errors in windowsupdate.log ,
  Report REPORT EVENT: {811D3FE5-A254-4C7E-B7F1-6132320AD5E0}
  2015-02-23 08:18:40:851-0000 1
  148 101
  {00000000-0000-0000-0000-000000000000}
  0 80072ee2
  CcmExec Failure
  Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
  ::OnScanComplete -Scan Failed with Error=0x80072f78
  How to resolve this issue with installing windows updates?
  0x80072ee2 looks like time out error.

  I have uploaded the log file on dropbox
  https://www.dropbox.com/s/bt09vpyhab56dgs/WindowsUpdate%20log.txt?dl=0
  I am going to check WSUS IIS log file. I will keep you posted with my findings.
  I dont know how to confirm whether the client is talking with wsus server or not. But, I could see some more errors in softwareupdates related logs,
  Below is the error in updatestore.log,
  Failed to refresh Resync state message. Error = 0x87d00310. 
  Below are the errors in update deployment.log,
  Job error (0x80072ee2) received for assignment ({1566B12B-1731-479D-BFD1-98F2D24346B2}) action - Update Deployment
  Job error (0x80072ee2) received for assignment ({1566B12B-1731-479D-BFD1-98F2D24346B2}) action
  Updates will not be made available

• How to install Windows Updates on a 2012 Domain Controller w/Group Policy Settings

  Hello All,
  I'm having an issue installing Windows Updates on my Windows Server 2012 Standard with AD DS role, acting as a backup DC.
  I have Group Policies setup for the Domain Controllers to download updates from my WSUS server but not to install them. When I go to my Windows Server 2003 R2 Domain Controller, I can install updates via the "Install Updates and Shutdown". That
  option doesn't show up on the 2012 server. I can see from my WSUS server and the event viewer that the updates are being downloaded to the 2012 server........just no option for me to install the updates.
  Am I just missing something or will I need to change the way my Group Policy is setup to allow installs and/or downloads? Any help would be greatly appreciated!
  Tony

  So I've totally removed the GPO settings for configuring updates on the Default Domain Controllers OU and I can get the Windows Server 2003 Server to get updates from Windows Updates, but the 2012 Server still won't show me how to download or install any
  updates. It just states on the log-in screen that there are "Windows Updates Sign in and install important updates".
  Well guess what Microsoft! I've signed in and still don't see where I can install updates!!!
  I guess because you've set AU=3.
  There doesn't seem to be much documented in depth about AU/WUAgent (not in the history of forever), but Lawrence and others in the WSUS forum do cover a lot of related question about the agent and also GP settings.
  Lawrence has blogged a lot of detail about the registry settings which are available for AU/WU, and how some of those settings are not practically of any use since WinXP.
  So, even though your question isn't about WSUS, the WSUS forum is a great place to visit for help for WUAgent etc.
  Anyway, "where can I install updates?" :
  on the Start screen, Search for "Windows Update"
  or
  Settings charm
  Change PC Settings
  Update and Recovery
  Windows Update
  or
  Control Panel\System and Security\Windows Update
  Some further (light) discussion on the "new" behaviour:
  http://blogs.msdn.com/b/b8/archive/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update.aspx
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Server 2012 (not R2) RODC fails to install Windows Updates

  Good morning all
  Since around October, our 80-odd 2012 (non-R2) RODCs have been failing to install windows updates, rolling them back on reboot. Patches that don't require a reboot are fine. The short version is, please log a call with MS and reference this thread, if you're
  having this issue as currently they're saying they won't fix this!!
  Our product support group opened an official case and reported this with Microsoft and they've found the cause. PLEASE NOTE however, that this relates to RODC and ALL patches failing, not just 3000061 on non-RODC.
  There was some chat relevant to this as originally it was thought KB3000061 was to blame, and a few other people had had the same issue there (see links at the bottom). I think however, that this issue now stands alone as any patch we try to install will
  fail.
  000093 2015-01-23 20:18:30, Info CSI 00000015 Begin executing advanced installer phase 38 (0x00000026) index 4 (sequence 43)
  000094 Old component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.16384, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS"
  000095 New component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.17100, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS"
  000096 Install mode: install
  000097 Installer ID: {118ca598-79a0-4297-953d-e82183960fd2}
  000098 Installer name: [13]"Group Trustee"
  000099 2015-01-23 20:18:30, Error CSI 00000001@2015/1/23:20:18:30.673 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED)
  000100 [
  000101 (null)
  000102 ]
  000103 [gle=0x80004005]
  000104 2015-01-23 20:18:30, Error CSI 00000002@2015/1/23:20:18:30.673 (F) CMIADAPTER: AI failed. HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED)
  000105 Element:
  000106 [372]"<groupTrustee xmlns="urn:schemas-microsoft-com:asm.v3" name="WinRMRemoteWMIUsers__" description="Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user." type="User" enabled="true">
  000107
  000108 <members></members>
  000109
  000110 </groupTrustee>"
  000111 [gle=0x80004005]
  000112 2015-01-23 20:18:30, Error CSI 00000003@2015/1/23:20:18:30.673 (F) CMIADAPTER: Exiting with HRESULT code = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED).
  000113 [gle=0x80004005]
  Cause:
  The installer uses SAM API calls to manage the group. It always connects to the local SAM instance. The component also handles an uninstall task in the same function. On uninstall the group is being deleted.
  So the SAM handle is requested with "Create Group" and "Delete" access.
  The error happens because a RODC does not allow any changes and thus returns STATUS_NOT_SUPPORTED.
  More information about the prevent from accidental deletion feature please refer :
  http://technet.microsoft.com/en-us/library/cc773347(v=WS.10).aspx
  http://technet.microsoft.com/en-us/library/cc739350(v=WS.10).aspx
  Recommendation:
  This is a Bug in the RODC running on server 2012, However you may do an in place upgrade to Server 2012 R2 and then proceed with the installation of the patch.
  The bad news is this is fixed in 2012 R2 with a hotfix - but it isn't fixed in 2012 and it won't be because.. they've only had one official report logged. And that was by us. So, if you want this fixed, you need to start logging this with MS now.
  What I can say just now is that this isn't related to the registry fixes with WinEVT we've all been trying, it's NOT limited to 2008 that has been upgraded in place to 2012 (our product support group replicated it in the lab with a brand new 2012 promoted
  to RODC) and it IS only happening with RODC. Possible fix might be to make your RODC RW for a bit and install your patches then.
  Background reading:
  https://social.technet.microsoft.com/Forums/en-US/f77691d8-a9d0-4714-98ad-71665cfa8965/kb3000061-fails-to-install-on-server-2012?forum=winserver8gen
  https://social.technet.microsoft.com/Forums/en-US/70219bcb-36a8-466e-900b-cbf390db38d2/failure-configuring-windows-updates-reverting-changes-postreboot-status-0x800f0922?forum=winserver8gen

  The error indicates that IIS is returning a "404 not found" error back to the Windows Update Agent.  That might mean that you need to specify the correct port that WSUS is listening on, e.g.:
  WSUSServer=http://yourserver:8530
  Thanks,
  -Michael Niehaus
  Senior Product Marketing Manager, Windows Deployment
  http://blogs.technet.com/mniehaus
  [email protected]

• HT3986 i made a dual boot of windows 7 and mac os x lion in my macbook pro .i installed microsoft support software also. now, can i install windows updates? do i turn on the automatic updating of updates?

  i made a dual boot of windows 7 and mac os x lion in my macbook pro .i installed m icrosoft support software also. now, can i install windows updates? do i turn on the automatic updating of updates?

  yes you need the updates and patches.
  Only some of the drivers that Windows will automatically install at times
  and always make sure to insure it is using restore points
  do all the maintenance andsuch as normal
  use MS Security Essentials for AV is really top notch
  Clean disk space
  Use WinClone new program to inisure you have a restore image

• I made a dual boot of windows 7 and mac os x lion in my macbook pro .i installed m icrosoft support software also. now, can i install windows updates? do i turn on the automatic updating of updates? does hot fix of microsoft helps in stop freezing?

  i made a dual boot of windows 7 and mac os x lion in my macbook pro .i installed m icrosoft support software also. now, can i install windows updates? do i turn on the automatic updating of updates? does hot fix of microsoft i.e, " support.microsoft.com/kb/979491" helps in stop freezing in dual boot mechanism?

  Windows has a software updater built into Windows and when you install the Boot Camp drivers then it will install an Apple software updater also. I believe Windows is set to automatically download and install your updates as does the Apple software Updater. They both will update the individual files it needs to periodically.
  "Microsoft updates" and "Windows updates" are basically the same thing in Windows. Are you talking about the "Windows support software" when downloading from Boot Camp Assistant? Apple installs a software updater for it's Boot Camp drivers in Windows 7 so you can do it manually or automatically.
  The "Hot Fix" your referring to is only for certain motherboards built from other Windows only computer manufacturers and does NOT pertain to any Apple computers.
  If you have a problem with your computer then it's best to ask a specific question so we can help better.

• OSD: capture TS doesn't install Windows updates

  Hi,
  We capture a Windows 7 machine, this works fine but the mandatory updates do not install.
  It says "no updates need to be installed" though there ARE updates available (checked on the captured machine andstarted update, see screenshots for clarification).
  We did a capture with this TS before and updates installed correctly then. Do we need to add an extra step to install Windows updates (see screenshot below: "you must first install an update" ...).
  Please advise.
  J.
  Jan Hoedt

  Is a software update group targeted to the collection where the TS is deployed to?
  Torsten Meringer | http://www.mssccmfaq.de

• Any way to install Windows 7 by copying the install disk to a HD first?

  Any way to install Windows 7 by copying the install disk to a HD first?
  I have HDs installed in my optical bays.
  I can copy the Win 7 install disk to a new freshly formatted HD if needed.
  I am unable to install from my Firewire DVD.
  It will not work.
  I have a NTFS partition ready to go on an internal drive.
  If there is a way to do this I would appreciate any help.
  I really do not want to put my DVD back in if it can be avoided.
  Thanks ... Ken

  I've done an install off a hard drive, but I was already running Windows on a separate drive partition.
  People have put DVD on flash memory, though that is 'maybe' and depends on booting from USB devices.
  I routinely put OS X Install DVD on a firewire hard drive and installs quickly (to say nothing of booting in under 60 sec).

• My Pavillion m7760n has stopped installing windows updates, Error Code 0x80070020. Unable to find a

  my Pavillion m7760n has stopped installing windows updates, Error Code 0x80070020.  Unable to find a fix for it.

  Start with this: http://support.microsoft.com/mats/windows_update/en-us?entrypoint=lightbox
  Then if that does not do it: http://support.microsoft.com/kb/883825/en-us
  {---------- Please click the "Thumbs Up" to say thanks for helping.
  Please click "Accept As Solution" if my help has solved your problem. ----------}
  This is a user supported forum. I am a volunteer and I do not work for HP.

• Installed windows update, appears to have been June 16 2011 at 3:00.13 am now can't get on line I did a restore to previous of install and all worked oK

  This started with windows 7 update June 16 2011
  installed windows update, appears to have been June 16 2011 at 3:00.13 am now can't get on line I did a restore to previous of install and all worked oK But This morn I restarted my computer and update reinstalled and I don't have a restore point that will help (my bad)

  These are the updates that were installed
  Security Update for Windows 7 for x64-based Systems (KB2476490)
  Installation date: ‎6/‎16/‎2011 11:31 PM
  Security Update for Windows 7 for x64-based Systems (KB2544893)
  Windows Malicious Software Removal Tool x64 - June 2011 (KB890830)
  Security Update for Windows 7 for x64-based Systems (KB2535512)
  Security Update for Windows 7 for x64-based Systems (KB2503665)
  Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521)
  Security Update for Windows 7 for x64-based Systems (KB2536276)
  Security Update for Windows 7 for x64-based Systems (KB2525694)
  Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2530548)
  Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867)
  Update for Windows 7 for x64-based Systems (KB2488113)
  Security Update for Windows 7 for x64-based Systems (KB2536275)
  Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870)
  Security Update for Windows 7 for x64-based Systems (KB2476490)
  Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663)
  Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661)
  Security Update for Windows 7 for x64-based Systems (KB2544893)
  Installation date: ‎6/‎16/‎2011 3:00 AM

• Installed windows updates. Stuck on "getting windows ready"

  Hi Guys,
  I've installed windows updates on our mail server (security updates and Exchange CU6). After rebooting the server is stuck on "getting windows ready". This is in our test environment for exchange migration(so I'm not worried if this is down for
  a while).
  The issue I have is because it won't get past this screen I can't actually view any errors in event viewer etc. I've tried safe mode, safe mode with command prompt and last known good config.
  Any ideas as to how I can get into windows?
  http://i.imgur.com/3TmnK2x.png (stuck here)

  Hi NZ_Kiwi,
  PLease follow the steps below:
  1.  please run the Windows Update troubleshooter in safe mode to find the error information.
  2.  A clean boot helps to eliminate software conflicts and to determine what is causing the problem. To perform a clean boot, please refer to the section “How to perform a clean boot” and
  follow the instructions:
  http://support.microsoft.com/kb/929135
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Looking for a way to install Windows Intune via powershell

  I'm very new to Powershell and completely lost on how to do this.
  Looking for a way to install Windows Intune via powershell from a self extracting zip file I will send to remote users. This will also need to run Corp admin level privileges to install.
  Thank you in advance for your help.

  Hi Mtirado,
  For Windows Intune issue, I recommemd you can post in dedicated forum for more effective support:
  https://social.technet.microsoft.com/Forums/en-US/home?category=windowsintune
  If you get the initial Powershell script, and the script encounter error or problem, you can post back with current script and issue.
  Thanks for your understanding.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support

• Is there a way to monitor Windows Updates

  We're looking for a way to use SCOM 2012 to alert us when Windows Updates are ready to install on our servers.  I've been able to create an event based monitor that generates an alert when the following Event is detected.
  Log Name:       System
  Source:           Microsoft-Windows-WindowsUpdateClient
  Event ID:         18
  Task Category: Automatic Updates
  Level:              Information
  Keywords:        Success,Download
  User:               SYSTEM
  The only issue is that I can't seem to find a way to get this monitor to self-resolve.  Is there a method I can use to get this to self-resolve once the updates have been applied?  Or is there a different way all together that I can use to monitor
  when Windows Updates are ready to install?

  We're using both SCOM and SCCM.  We are the technicians as well.  ;-)
  I did find out that Event ID 19 as well as some others are in fact being generated.  However they aren't found under the Applications and Services WindowsUpdateClient folder in Event Viewer.  Instead they are being generated under the Windows System
  Log.  But Events 26 and 40 are only found under the Applications and Services log.  
  But now knowing that I thought about it and realized what you just mentioned.  Using SCOM in this manner will create way more alerts than we're wanting.  We already looked into SCCM and will probably be using baselines for checking the compliance
  of our machines updates.  We were just hoping to be able to gather this information along with other info that SCOM is gathering for us so that it is all in one place and can be collected in a single report.  It sounds like that's not going to be
  possible though.