Software Update Deployment - Compliance Status = Unknown - Client Check passed/active
Hi,
First I want to say, that I found many Forum-Posts which describes a similar issue, but it is not exactly my issue...
I have a ADR (Auto Deployment Rule) which creates every Month a Windows Update Package, and deploys it. The Deployment starts from a custom day, and ends 14 days later (Deadline). Now I have the issue, that the compliance chek in the deployment status is
"reseted" every day (at 0:00) - (at least after the Deadline!)... The Compliance Check starts every day at 0:00 and then tries to reach every Computer again! So if the Computer-object is powered on and responding, it turns over to compliant (because
it is already compliant - the Windows Update Installation works fine...). But if the Computer is not powered on / not responding the next day, it turns over to "Unknown - Client check passed/active" instead of staying in the Status "compliant"
until it is powered on / respinding again, then it changes over to compliant again... Why is that?
Is there a issue with the Client Settings?:
- Software Update Scan (every day)
- Software Update Re-Evaluation (every day)
- Compliance Settings (every day at 0:00) -> but is this not for the Configuration Baselines?
any other ideas?
Patrik
As soon as the computer get the Software Update configuration items, it will start compliance checking, then send the compliance check result to MP.
From your description, the powered on computers sent the state message to the MP when they got the deployment policy. And the frequency of Status Summarizers of updates deployment for a deployment that was modified in the last
30 days is 60 minutes. Because the site server had not recieved the state message from the powered off computers so that the compliance state was changed to Unknown.
Juke Chou
TechNet Community Support
Similar Messages
-
Software Update status stuck in Unknown Client check passed/Active
I've been rooting around in this for a week now so I'm looking for some other ideas.
A couple of weeks back I tried publishing some updates from SCUP into SCCM. Shortly thereafter I started seeing all my client getting stuck in Unknown "Client check passed/Active" status for Software Updates, starting with my most recent Software
Update Groups and progressively creeping its way back into older ones.
Clients' WUAHandler.log show errors with <![LOG[OnSearchComplete - Failed to end search job. Error = 0x8024000f.]LOG]!><time="18:16:20.329+240" date="08-14-2014" component="WUAHandler" context="" type="3"
thread="2496" file="cwuahandler.cpp:3064">
Client WindowsUpdate.log shows the same error code: 2014-08-15 11:37:16:278 520 1b7c Agent WARNING: WU client failed Searching for update with error 0x8024000f.
I also have one of my older deployments starting to pick up a status of Error, code 0X8024000F "Circular update relationships were detected in the metadata."
I found some folks with similar issues where they were advised to remove the offending updates from their packages. I never got the SCUP updates into any packages; they were showing up as Metadata Only and I started troubleshooting this issue instead. At this
point I have removed everything from SCUP showing in SCCM console just to make sure. (I think I expired them all in SCUP and then synced with it again.)
I have tried several client-side fixes that have not resolved the issue (KB971058, rebuild the SoftwareDistribution folder, KB947821).
I have even uninstalled the WSUS role off my server, restarted, then reinstalled. SCCMw ill sync happily with WSUS and received this week's updates successfully but it cannot pull a status for these new updates and all the existing ones still sit in Unknown
status in their deployments. I tried creating a new small deployment and it still gets stuck in the same place.
It looks like my Software Updates metadata in SCCM is a mess and I'm not sure how to resolve it. I think the next step I can think of is to strip the SUP role off the server and pop it back in after its had some time to clean itself up. Does anybody have
any other less severe suggestions?Hi,
There is someone remove all the third-party metadata in WSUS Database, then run full sync and initiated scan cycle on the machine. The client successfully scanned updates.
But editing database directly is unsupported by Microsoft.
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Compliance Unknown - Client Check passed/Active
I am running SCCM 2012 R2 in a test environment. My setup is very simple in that I only have around a dozen machines in it and I only have one site server.
I have a couple of software deployments for my baseline updates and when I check these all of my machines are green and compliant. However, I have another deployment that is created via an ADR and most of my machines are green and compliant except two which
are stuck on the Unknown tab saying "client check passed/Active". I have rebooted them, kicked off every action, refreshed, run summarization, reinstalled the client - yet none of these seem to be having any effect. Keep in mind these two machines
are also in my 'baseline' deployments and they are reporting back just fine. For whatever reason, they are stuck as unknown in my ADR deployment.
I've checked on a few of the logs and haven't stumbled across anything that stuck out but if anyone could kindly point me in the direction of the logs that are relevant to this issue I would appreciate it.
EDIT 1:
I ran the 'Compliance 1 - Overall Compliance' report against the ADR deployment and my test collection and the two machines in question came back as "Non-compliant" rather than compliance state unknown... which I find interesting
EDIT 2:
In my past experiences with SCCM 2012, I had very similar issues related to checking compliance. We would have a ton of machines go into the 'unknown' state and several other weird issues. We had a complex environment at my past job so I figured this evaluation
would go much smoother since I have one site system and a dozen test machines. It makes me nervous that I am already experiencing similar issues. I am also shocked I can't find more info when searching related to machines reporting back as
Unknown Passed/Active...One of the servers in question has not received updates since February. Here is WUAHandler.log and updatesHandler.log - I don't see anything that sticks out. Most logs appear to be acting normal and don't have any glaring errors being reported. I do not
have any updates showing up in the software center on the server in question. It is the same OS and image as other servers that are working. Please let me know if you would like to see a different log....
WUAHandler.log (timestamps removed for readability)
Its a WSUS Update Source type ({E280636E-013D-473D-96D6-E9A09826B935}), adding it.
Existing WUA Managed server was already set (**EDITED OUT**), skipping Group Policy registration.
Added Update Source ({E280636E-013D-473D-96D6-E9A09826B935}) of content type: 2
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')
Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains
'FDFE8200-9D98-44BA-A12A-772282BF60EF') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '7F44C2A7-BC36-470B-BE3B-C01B6DC5DD4E') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BA0AE9CC-5F01-40B4-AC3F-50192B5D6AAF')
OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BFE5B177-A086-47A0-B102-097E4FA1F807') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A105A108-7C9B-4518-BBBE-73F0FE30012B') OR (DeploymentAction=*
AND Type='Software' AND CategoryIDs contains '2EE2AD83-828C-4405-9479-544D767993FC') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4'))
Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains '7F44C2A7-BC36-470B-BE3B-C01B6DC5DD4E') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains
'DBF57A08-0D5A-46FF-B30C-7715EB9498E9'))
Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'FDFE8200-9D98-44BA-A12A-772282BF60EF') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains
'7F44C2A7-BC36-470B-BE3B-C01B6DC5DD4E') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BFE5B177-A086-47A0-B102-097E4FA1F807') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BA0AE9CC-5F01-40B4-AC3F-50192B5D6AAF')
OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'CB263E3F-6C5A-4B71-88FA-1706F9549F51') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '2EE2AD83-828C-4405-9479-544D767993FC') OR (DeploymentAction=*
AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '3B4B8621-726E-43A6-B43B-37D07EC7019F') OR (DeploymentAction=* AND Type='Software'
AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A105A108-7C9B-4518-BBBE-73F0FE30012B') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains
'DBF57A08-0D5A-46FF-B30C-7715EB9498E9') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '9B135DD5-FC75-4609-A6AE-FB5D22333EF0'))
Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.
UpdatesHandler.log (timestamps removed for readability)
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Method (Discover) called from SDM.
Starting job with id = {A007C151-234D-4EEF-9907-4E029C0FDBBD}
Initiating Scan. Forced = (0)
Successfully initiated scan for job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}).
Scan completion received for job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}).
Evaluating status of the updates for the job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}).
Successfully sent job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}) success completion to the SdmAgent
CompleteJob received from SDM.
Complete - Job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}) Cleanup.
CompleteJob - Job ({A007C151-234D-4EEF-9907-4E029C0FDBBD}) removed from job manager list.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Method (Download) called from SDM.
Starting job with id = {FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}
Initiating Scan. Forced = (0)
Successfully initiated scan for job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}).
Scan completion received for job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}).
Evaluating status of the updates for the job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}).
Initiating download for the job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}).
Bundle update (39d68759-cc66-4fa4-8907-096b610c9583) is requesting download from child updates for action (INSTALL)
Starting download on action (INSTALL) for Update (46201763-6bf4-47f9-8d9c-b6549bb32a3b)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (39d68759-cc66-4fa4-8907-096b610c9583) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (67c66c9f-bef4-4057-860f-0dbbd2fc25dd) is requesting download from child updates for action (INSTALL)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Starting download on action (INSTALL) for Update (8efab745-b428-4bab-9933-822857c11e03)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (67c66c9f-bef4-4057-860f-0dbbd2fc25dd) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (8263f7a7-6ed2-48a9-90bd-05a361e0a81f) is requesting download from child updates for action (INSTALL)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Starting download on action (INSTALL) for Update (ebb06d79-b446-432d-b26d-0bd168e58192)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (8263f7a7-6ed2-48a9-90bd-05a361e0a81f) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (8f7e4dbd-be3f-463b-bb5a-55b33039a023) is requesting download from child updates for action (INSTALL)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Starting download on action (INSTALL) for Update (8d7948a9-3fd9-4430-b790-0511a7cb4502)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (8f7e4dbd-be3f-463b-bb5a-55b33039a023) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (9550b374-112f-42ab-80a0-8caba8652e59) is requesting download from child updates for action (INSTALL)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Starting download on action (INSTALL) for Update (8a454fff-d319-4bb0-bb00-76a67f07c88f)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (9550b374-112f-42ab-80a0-8caba8652e59) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Download completed for the job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}).
Successfully sent job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}) success completion to the SdmAgent
CompleteJob received from SDM.
Complete - Job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}) Cleanup.
CompleteJob - Job ({FB0A56F7-0247-45C0-A4E2-D7A3CFF91BBD}) removed from job manager list.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Updates scan completion received, result = 0x0.
Method (Discover) called from SDM.
Starting job with id = {EB8A0FE5-B84E-471A-9658-3607767C7CCE}
Initiating Scan. Forced = (0)
Successfully initiated scan for job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}).
Scan completion received for job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}).
Evaluating status of the updates for the job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}).
Successfully sent job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}) success completion to the SdmAgent
Updates scan completion received, result = 0x0.
CompleteJob received from SDM.
Complete - Job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}) Cleanup.
CompleteJob - Job ({EB8A0FE5-B84E-471A-9658-3607767C7CCE}) removed from job manager list.
Initiating updates scan for checking applicability.
Successfully initiated scan.
Updates scan completion received, result = 0x0.
Method (Download) called from SDM.
Starting job with id = {CD1BC7C4-1BFF-44D1-B206-6BC650B4D54C}
Initiating Scan. Forced = (0)
Successfully initiated scan for job ({CD1BC7C4-1BFF-44D1-B206-6BC650B4D54C}).
Scan completion received for job ({CD1BC7C4-1BFF-44D1-B206-6BC650B4D54C}).
Evaluating status of the updates for the job ({CD1BC7C4-1BFF-44D1-B206-6BC650B4D54C}).
Initiating download for the job ({CD1BC7C4-1BFF-44D1-B206-6BC650B4D54C}).
Bundle update (39d68759-cc66-4fa4-8907-096b610c9583) is requesting download from child updates for action (INSTALL)
Starting download on action (INSTALL) for Update (46201763-6bf4-47f9-8d9c-b6549bb32a3b)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (39d68759-cc66-4fa4-8907-096b610c9583) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (67c66c9f-bef4-4057-860f-0dbbd2fc25dd) is requesting download from child updates for action (INSTALL)
Starting download on action (INSTALL) for Update (8efab745-b428-4bab-9933-822857c11e03)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Contents already available.
StateCore - bundle update (67c66c9f-bef4-4057-860f-0dbbd2fc25dd) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Bundle update (8263f7a7-6ed2-48a9-90bd-05a361e0a81f) is requesting download from child updates for action (INSTALL)
Starting download on action (INSTALL) for Update (ebb06d79-b446-432d-b26d-0bd168e58192)
Contents already available.
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2)
Ignoring update state (DOWNLOAD_READY) change in job state (2) -
Unknown Client Check passed Active after patching
I have just deployed an software update for my clients. It seems to me at first a lot of client where in the Progress tab stating "downloading updates". When I came back the next day, most of the clients are in the Unkown tab stating "Client
check passed / Active". How can I make the clients compliant?Just out of curiosity - this looks like an update deployment, have you checked the compliance in the reporting section (assuming you have one setup)? I have been noticing that our patch groups are showing similar behavior where more state "Client
check passed/Active" just like you're seeing, but our compliance reports are showing different numbers. -
Software Updates deployment remains at unknown status
I have a curious issue where the deployment summarization is showing all required clients as "Client check passed" but they never progress and further. If I drill down into the to updates with the software update group they appear to of deployed?
This is only effecting this one deployment there is nothing wrong with the clients it only appears to be the reporting mechanism?
Any help appreciated.
SCCM Deployment TechnicianUnknown means ,either that the client system did not complete the software update scan or the site server did not receive the software update scan status from the client .You should check the logs (wuahandler.log--scan status , ,updatesdeployment.log--deployment
,updatestore.log--what is missing and what is installed) for further troubleshooting. you may also required to refresh the compliance state ,script avilable here https://msdn.microsoft.com/en-us/library/cc146437.aspx?f=255&MSPPError=-2147217396
Eswar Koneti | Configmgr blog:
www.eskonr.com | Linkedin: Eswar Koneti
| Twitter: Eskonr -
Software Update Deployment Compliance Percentage
I deployed a Software Update group to a collection of computers at the beginning of the week. I've been monitoring the deployment in the SCCM console and yesterday the compliance % was up to around 25% give or take. Now today when I look the
compliance % has dropped back to 0%. I have tried running the summarization multiple times with no luck. How can I go about fixing this so I can see which machines have gotten the updates and which have not. I appreciate any help that anyone
can offer. Thanks...Those numbers are really only about the deployment and will change when it's reevaluated. To check the compliance of the devices don't use the console as the information might be misleading and/ or misinterpreted. Instead use the reports, more specifically
the compliance reports. For example Compliance 1 - Overall compliance can be a big help.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Software Updates Deployment Evaluation Cycle Enforcement state unknown
Hi All,
I have an issue were I deployed software updates to a collection that have a maintenance window of 5 hours. The next day when I checked the deployments tab it show the updates as 75% compliant with 3 Servers failed to install updates as no further maintenance
windows were planned.
I then check the deployments tab 2 days later and it still showed 75% compliant but all the servers were in the unknown Client
check passed/Active
Is this because I have no further maintenance windows please advise and if not how can I resolve this thanksYou should not use the deployments node in the console to check for software updates compliancy. The reason is because it shows the status of the deployment and not of the installation of the updates. For example if the updates are installed, the deployment
will show compliant, but when the next re-evaluation of the deployment fails, the deployment will show as failed, while the updates are actually still installed. So always use the reports to check for compliancy.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
How to calculate the compliance for an software update deployment
Hi All,
I am trying to find as how do we calculate the compliance for an software update deployment.
Scenario, We have about 4000 machine in the domain. but we have some stale records in the domain which is about 1200. The AD cleanup for the stale records is planned for sometime in March.
So total number of machines in a collection (including the stale machines) are 5200.
The current compliance of that deployment shows the following status:
Complaint : 1156
In Progress : 1724
Error : 38
Unknown : 2462
And in the unknown, we have :
Client check failed/Active: 2
Client check failed/Inactive: 6
Client check passed/Active: 732
Client check passed/Inactive: 1722
Can you please suggest in understanding the formula that should be followed to get the compliance.Your Compliancy, should be based solely off of the number of computers within CM12.
There are no “if”, “and” or “but” able it. This is the only way to truly and reliably provide numbers to management.
Again it should be very simple calculation:
(Total outstanding Security SU, Total outstanding
Critical SU, Total outstand Service packs, Total outstand Update Rollups, Total outstand Updates, Total outstand Definition Updates, Total outstand tools, Total outstand Feature packs) Vs Total applied SU (all Classifications)
Or
Total # of 100% patched PCs vs Total # of PCs as seen by CM12.
If you use any other calculation then you MUST include a disclaimer that you are filtering out computers because they might be invalid. Or you MUST define exactly how you are calculating the number. Therefore any compliancy rate that your calculate maybe
invalid too or at least it will change once you clean up AD.
I will never hide low compliancy numbers to management, I will always show it to them.
In many case I will ask to give a presentation to Management to explain why the numbers are so low.
Provide them with a list of action items that need to be done in order to bring up the number to more reasonable level. I also set their expectation on what a reasonable level is.
100% is unachievable; there is no exception to this!
95-99% Very excellent but expect to spend lots of $$$s to obtain these percentages.
90-95% is really, really, good; expect to spend $$s in this range.
85-89% is good; expect to set strict procedures
81-84 is ok but you could do better
Below 80% is bad
In your case, I would start by saying AD is dirty and need to be clean up, this has been schedule for March 2015. I would follow up this to say, in order to keep AD clean the follow procedures need to be define / updated / followed. You should also define
exactly what you are doing to ensure that all computers are management by CM12.
IMO these is no simple answer of this.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
Software Updates Deployment Evaluation.
Hi,
I would like to get some clarification around the Software Updates Deployment Eval. cycle. (SCCM R2 CU3)
Example scenario:
I have a Software Update Group that contains 200 updates. This SUG includes updates that are prerequisites for other updates in the same SUG. So, when scanning occurs. Only one of these updates are at that particular time considered applicable.
The software update deployment deadline is reached. The update is installed, as expected. The then agent reports compliance against the update deployment.
Then comes the Software Update Scan schedule, when a new scan is made against the SUP more updates are now detected as required because of the previously installed update - from the same SUG which are deployed.
This leaves me in a situation where the agent is compliant against the Software Update deployment and non-compliant in regards to the actual Software Update Group.
I can of course just hit the schedule for Software Update Deployment Evaluation manually on the agent or simply do something (adding an update or whatever) that modifies the actual software updates deployment policy. This would in turn cause a new evaluation
to occur at the client.
Bottom line. Is my conclusion correct or have i missed something here?
If i'm correct, a good thing would be to add scheduling options available for the actual "software update deployment evaluation".
That would really come in handy in situations like above scenario.
Br,
ChrisThe next scheduled scan cycle will pick up the newly applicable but non-compliant updates in the deployment.
However, note that update compliance at the client level is done against the entire update catalog as this is actually done by the Windows Update Agent (WUA) which knows nothing about ConfigMgr. Thus, the fact that an update is in a deployment or not is
completely irrelevant as far as compliance and compliance reporting goes (which is part of the reason why compliance reporting in ConfigMgr is tricky).
Updating the policy of an update deployment will kick off a scan cycle (just like creating a new deployment will) on the clients which is why you are probably seeing this behavior as addressing the scenario.
Jason | http://blog.configmgrftw.com | @jasonsandys
Thanks Jason,
What you are describing exactly matches the point I’m trying to make here. There is no correlation what so ever between update scans and actual software update deployments. The logic just isn't there. Which is a logic that is lacking
– in my opinion.
I really do think there is room for improvement here.
Case:
A customer wants to minimize the spread of reboots (a maint. window overnight should be sufficient for the agent to get the server fully up to date). The admin – who also wants to minimize effort in regards to worrying about MS bundling\prereq
requirements – simply wants it all to be taken care of by the updates deployment agent.
Example:
Software update deployment contains required updates as well as updates that will not be detected as required - until the deployment has been run – and a new update scan cycle has taken place.
The server reboots and updates deployment agent says all is fine – with regards to the deployment in it's current state, of course.
But it's not.
The server then issues a new scan (maybe 4 hours later and way behind the end of the maint. window) according to the software updates scan schedule, and suddenly 10 more updates are applicable, but still within the same deployment.
What happens? Nothing, sadly. Next maint. window? Nothing.
Not even a (client agent set – and scheduled) software update deployment re-eval takes care of this since – according to my findings – the deployment will never really be evaluated against again without administrative intervention.
Suggestion:
Whenever a software update deployment has been run, succeeded and passed the "after reboot" detectjob. Initiate a new evaluation of this deployment in full – of course including a pre-eval software updates scan. Just add
a few steps to the logic of updates deployment.
Evaluate.
Apply.
Initiate a new scan.
Re-Evaluate.
Apply again (if needed)
Reboot
Initiate a new scan.
Re-evaluate
Isn’t this the way WAUA has always worked? Why shouldn’t this method be adopted here as well? Why should ConfigMgr not honour the procedure?
Result:
Administrative relieve. Since I know that a software update deployment will always do the job, in full. No need for manual triggers or policy modifications.
Caveats:
I do realize the fact that – if this would be the scenario - the admin sometimes will not be aware of what might happen during the nightly maint. window since he cannot solely rely on compliance data.
Anyways:
This should at least be a deployment option in future releases.
"Force rescan and deployment re-evaluation after first run." Simple.
Would make life easier and keep the spread of reboots concentrated to one night and to a minimum. (Given the appropriate length of maint. windows of course)
Consider things like KB2919355 and how WUAU agent handles that against Windows Update.
Br,
Chris -
Software Updates Deployment Shows "Unknown" Computers, Previously Had Compliant
I'm not sure what is going on, but can anyone tell me why a software updates deployment would all of a sudden show all computers as having an "Unknown" status? Previously, most computers were "Compliant" and there were a couple
with errors. When I went to check it (about a week after the original deployment), I found it had reset all to "Unknown" status. This was yesterday, and now today there are a couple computers showing "Compliant" but most are
still "Unknown". It is not set up with ADR, so it's not (at least I don't think) looking for newer updates. Any ideas?A re-evaluation of the software update deployment, which you configure in the client settings, can cause this behavior. That's why you should always use the reports for compliance checks and not the deployments node.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Windows Update Agent rebooting systems after Software Update deployment
I have a software update deployment that is configured to install software updates on a collection of servers at 4:00 AM with a suppressed reboot. The updates get deployed and no reboot occurs as expected. Then ~8 hours later WUA starts up and the
servers get rebooted.
There is a maintenance window applied to the collection from 4:00 AM to 6:00 AM to allow the updates to install.
I've read a few forum and blog posts on this issue and have implemented some settings via GPO, but the reboots are still occurring. The settings that were applied are referenced in the link below.
https://support.microsoft.com/kb/2476479?wa=wsignin1.0
Here is a snippet from the WindowsUpdate.log:
2014-10-22 12:00:26:153 1428 8a88 AU Received AU Resume timeout
2014-10-22 12:00:26:153 1428 8a88 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:00:26:153 1428 8a88 AU Can not perform non-interactive scan if AU is interactive-only
2014-10-22 12:02:08:512 1428 8a88 AU AU received policy change subscription event
2014-10-22 12:16:43:463 1428 8a88 AU ########### AU: Uninitializing Automatic Updates ###########
2014-10-22 12:16:43:479 1428 8a88 WuTask Uninit WU Task Manager
2014-10-22 12:16:43:697 1428 8a88 Service *********
2014-10-22 12:16:43:697 1428 8a88 Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-10-22 12:16:43:697 1428 8a88 Service *************
2014-10-22 12:19:29:728 1428 e584 Misc =========== Logging initialized (build: 7.8.9200.16604, tz: -0400) ===========
2014-10-22 12:19:29:728 1428 e584 Misc = Process: C:\WINDOWS\system32\svchost.exe
2014-10-22 12:19:29:728 1428 e584 Misc = Module: c:\windows\system32\wuaueng.dll
2014-10-22 12:19:29:728 1428 e584 Service *************
2014-10-22 12:19:29:728 1428 e584 Service ** START ** Service: Service startup
2014-10-22 12:19:29:728 1428 e584 Service *********
2014-10-22 12:19:29:744 1428 e584 Agent * WU client version 7.8.9200.16604
2014-10-22 12:19:29:744 1428 e584 Agent * Base directory: C:\WINDOWS\SoftwareDistribution
2014-10-22 12:19:29:744 1428 e584 Agent * Access type: No proxy
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Agent * Network state: Connected
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 2.
2014-10-22 12:19:29:791 1428 e584 Agent *********** Agent: Initializing global settings cache ***********
2014-10-22 12:19:29:791 1428 e584 Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2014-10-22 12:19:29:791 1428 e584 Agent * WSUS server:
http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:791 1428 e584 Agent * WSUS status server:
http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:791 1428 e584 Agent * Target group: (Unassigned Computers)
2014-10-22 12:19:29:791 1428 e584 Agent * Windows Update access disabled: No
2014-10-22 12:19:29:791 1428 e584 Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
2014-10-22 12:19:29:806 1428 e584 WuTask WuTaskManager delay initialize completed successfully..
2014-10-22 12:19:29:822 1428 e584 Report CWERReporter::Init succeeded
2014-10-22 12:19:29:822 1428 e584 Agent *********** Agent: Initializing Windows Update Agent ***********
2014-10-22 12:19:29:822 1428 e584 DnldMgr Download manager restoring 0 downloads
2014-10-22 12:19:29:838 1428 e584 AU ########### AU: Initializing Automatic Updates ###########
2014-10-22 12:19:29:838 1428 e584 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:19:29:838 1428 e584 AU AIR Mode is disabled
2014-10-22 12:19:29:838 1428 e584 AU # Policy Driven Provider:
http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:838 1428 e584 AU # Detection frequency: 22
2014-10-22 12:19:29:838 1428 e584 AU # Approval type: Disabled (User preference)
2014-10-22 12:19:29:838 1428 e584 AU # Auto-install minor updates: No (User preference)
2014-10-22 12:19:29:838 1428 e584 AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Pre-install notify)
2014-10-22 12:19:29:838 1428 e584 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2014-10-22 12:19:29:838 1428 e584 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2014-10-22 12:19:29:853 1428 e584 AU AU finished delayed initialization
2014-10-22 12:19:29:884 1428 e584 AU #############
2014-10-22 12:19:29:884 1428 e584 AU ## START ## AU: Search for updates
2014-10-22 12:19:29:884 1428 e584 AU #########
2014-10-22 12:19:29:884 1428 e584 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2014-10-22 12:19:30:416 1428 e584 Report *********** Report: Initializing static reporting data ***********
2014-10-22 12:19:30:416 1428 e584 Report * OS Version = 6.2.9200.0.0.197008
2014-10-22 12:19:30:416 1428 e584 Report * OS Product Type = 0x00000008
2014-10-22 12:19:30:416 1428 e584 Report * Computer Brand = HP
2014-10-22 12:19:30:416 1428 e584 Report * Computer Model = ProLiant BL460c Gen8
2014-10-22 12:19:30:416 1428 e584 Report * Platform Role = 1
2014-10-22 12:19:30:416 1428 e584 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2014-10-22 12:19:30:431 1428 e584 Report * Bios Revision = I31
2014-10-22 12:19:30:431 1428 e584 Report * Bios Name = Default System BIOS
2014-10-22 12:19:30:431 1428 e584 Report * Bios Release Date = 2014-02-10T00:00:00
2014-10-22 12:19:30:431 1428 e584 Report * Bios Sku Number = 641016-B21
2014-10-22 12:19:30:431 1428 e584 Report * Bios Vendor = HP
2014-10-22 12:19:30:431 1428 e584 Report * Bios Family = ProLiant
2014-10-22 12:19:30:431 1428 e584 Report * Bios Major Release = 255
2014-10-22 12:19:30:431 1428 e584 Report * Bios Minor Release = 255
2014-10-22 12:19:30:431 1428 e584 Report * Locale ID = 1033
2014-10-22 12:19:30:431 1428 e584 AU <<## SUBMITTED ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:431 1428 dae0 Agent *************
2014-10-22 12:19:30:431 1428 dae0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:431 1428 dae0 Agent *********
2014-10-22 12:19:30:431 1428 dae0 Agent * Online = No; Ignore download priority = No
2014-10-22 12:19:30:431 1428 dae0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-10-22 12:19:30:431 1428 dae0 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-10-22 12:19:30:431 1428 dae0 Agent * Search Scope = {Machine & All Users}
2014-10-22 12:19:30:431 1428 dae0 Agent * Caller SID for Applicability: S-1-5-18
2014-10-22 12:19:30:494 1428 dae0 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2014-10-22 12:19:30:494 1428 dae0 Agent *********
2014-10-22 12:19:30:494 1428 dae0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:494 1428 dae0 Agent *************
2014-10-22 12:19:30:509 1428 d158 AU >>## RESUMED ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:509 1428 d158 AU # 0 updates detected
2014-10-22 12:19:30:509 1428 d158 AU #########
2014-10-22 12:19:30:509 1428 d158 AU ## END ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:509 1428 d158 AU #############
2014-10-22 12:19:30:509 1428 d158 AU All AU searches complete.
2014-10-22 12:19:30:525 1428 e584 AU #############
2014-10-22 12:19:30:525 1428 e584 AU ## START ## AU: Search for updates
2014-10-22 12:19:30:525 1428 e584 AU #########
2014-10-22 12:19:30:525 1428 e584 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:19:30:525 1428 e584 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2014-10-22 12:19:30:525 1428 e584 AU <<## SUBMITTED ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:525 1428 dae0 Agent *************
2014-10-22 12:19:30:525 1428 dae0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:525 1428 dae0 Agent *********
2014-10-22 12:19:30:525 1428 dae0 Agent * Online = Yes; Ignore download priority = No
2014-10-22 12:19:30:525 1428 dae0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-10-22 12:19:30:525 1428 dae0 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-10-22 12:19:30:525 1428 dae0 Agent * Search Scope = {Machine & All Users}
2014-10-22 12:19:30:525 1428 dae0 Agent * Caller SID for Applicability: S-1-5-18
2014-10-22 12:19:30:525 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2014-10-22 12:19:30:541 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:541 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:556 1428 dae0 EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe2.ws.microsoft.com/w81/2/redir/v2-storeauth.cab"
2014-10-22 12:19:30:588 1428 dae0 Agent Checking for updated auth cab for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 at
http://fe2.ws.microsoft.com/w81/2/redir/v2-storeauth.cab
2014-10-22 12:19:30:588 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\117cab2d-82b1-4b5a-a08c-4d62dbee7782.cab:
2014-10-22 12:19:30:603 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:603 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:775 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\117cab2d-82b1-4b5a-a08c-4d62dbee7782.cab:
2014-10-22 12:19:30:791 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:791 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:791 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
2014-10-22 12:19:30:806 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:806 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:822 1428 dae0 EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
2014-10-22 12:19:30:978 1428 dae0 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2014-10-22 12:19:30:978 1428 dae0 PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL =
https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
2014-10-22 12:19:31:025 1428 dae0 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2014-10-22 12:19:31:025 1428 dae0 Agent *********
2014-10-22 12:19:31:025 1428 dae0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:31:025 1428 dae0 Agent *************
2014-10-22 12:19:31:025 1428 d158 AU >>## RESUMED ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:31:025 1428 d158 AU # 0 updates detected
2014-10-22 12:19:31:025 1428 d158 AU #########
2014-10-22 12:19:31:025 1428 d158 AU ## END ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:31:025 1428 d158 AU #############
2014-10-22 12:19:31:025 1428 d158 AU All AU searches complete.
2014-10-22 12:19:31:025 1428 d158 AU AU setting next detection timeout to 2014-10-23 14:19:28
2014-10-22 12:19:36:025 1428 e214 Report REPORT EVENT: {E04012FD-8FFD-4259-96D5-A5A34127F0A0} 2014-10-22 12:19:31:025-0400 1 147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.
2014-10-22 12:19:36:025 1428 e214 Report CWERReporter finishing event handling. (00000000)
2014-10-22 12:29:29:914 1428 e584 AU AU invoking RebootSystem (OnRebootNow)
2014-10-22 12:29:30:055 1428 e584 AU Allowing auto firmware installs at next shutdown
2014-10-22 12:29:30:102 1428 e584 Misc WARNING: SUS Client is rebooting system.
2014-10-22 12:29:30:102 1428 e584 AU AU invoking RebootSystem (OnRebootRetry)
2014-10-22 12:29:30:367 1428 e584 Shutdwn Checking to see whether install at shutdown is appropriate
2014-10-22 12:29:30:367 1428 e584 Shutdwn user declined update at shutdown
2014-10-22 12:29:30:367 1428 e584 AU AU initiates service shutdown
2014-10-22 12:29:30:367 1428 e584 AU ########### AU: Uninitializing Automatic Updates ###########
2014-10-22 12:29:30:399 1428 e584 WuTask Uninit WU Task Manager
2014-10-22 12:29:30:445 1428 e584 Agent Sending shutdown notification to client
2014-10-22 12:29:30:445 5788 8084 COMAPI WARNING: Received service shutdown/self-update notification.
2014-10-22 12:29:30:461 1428 e584 Report CWERReporter finishing event handling. (00000000)
2014-10-22 12:29:30:539 1428 e584 Service *********
2014-10-22 12:29:30:539 1428 e584 Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-10-22 12:29:30:539 1428 e584 Service *************
Any assistance is appreciated.
-TimHi,
Any update?
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Collections based on Software Update Group compliance
Hi!
Is it possible to create a collection based on software update group compliance? This is for software update groups which are
not deployed, they are just monitor groups (for example, groups for yearly or quarterly software update compliance).
I would like to create a collection that lists all devices which are non-compliant in software update groups with names like "%Client Updates" - is this possible?
The reason for this is so I can impose some stricter Compliance Settings (among some other stuff) on devices that are not compliant.
I looked around a bit, but I could not find anything that I can use. Even Google couldn't solve my question :/you can try something like this:
This collection is basically sub selected query get list of computers that do not have specific assignment enabled.
select * from SMS_R_System where SMS_R_System.ResourceId not in (SELECT distinct SMS_UpdateComplianceStatus.MachineID FROM SMS_UpdateComplianceStatus JOIN SMS_UpdateDeploymentSummary ON SMS_UpdateComplianceStatus.CI_ID = SMS_UpdateDeploymentSummary.CI_ID
WHERE SMS_UpdateDeploymentSummary.AssignmentName like "%Client Updates%")
Eswar Koneti | Configmgr blog:
www.eskonr.com | Linkedin: Eswar Koneti
| Twitter: Eskonr -
How to troubleshoot Software Update Deployment Errors
Hi Guys,
Could you guys please help me to troubleshoot 'Software Update Deployment Errors'. I have been trying to troubleshoot the below mentioned errors but I am not sure what step should I take for each different errors.
Could you guys please help me stating what kind of troubleshooting steps should we take for such update deployment errors.
Many Thanks,
ChandanYou would have to examine client-side logs like UpdatesDeployment.log, U*.log in general, ScanAgent.log, WUAHandler.log, WindowsUpdate.log and CI*.log.
Torsten Meringer | http://www.mssccmfaq.de -
Change Software Updates deployment priority
Hi
We use SCCM 2012 R2 CU2.
whenever a new client is being installed and registered it gets its policies and deployments.
our problem is that there are many software updates that being deployed and it takes a very long time until they finish their installation.
while what is more important for us is the clients to get software deployments
before the software updates.
I know I can change packages priority but as I understand - it only changes the priority between the software packages.
is there any way to make the software deployments to be installed before the software updates for new clients?
even if there's no build-in solution, I'd be happy to get a friendly workaround.
I thought about auto-adding the clients to a software update deployment collection only after all the packages are being deployed, but maybe some of you can come up with something better
thanks!You can't prioritize in policy for a client. The first policy that arrives is the first that's being served..
If you're talking about the first thing after the OS deployment, then I would try to update my clients completely during the deployment already. That would solve your problem already. In that same scenario, you could also think about installing
computer or user targetted applications during the task sequence. For examples about both scenario's see:
Computer-targeted:
http://www.petervanderwoude.nl/post/install-computer-targeted-application-during-os-deployment-via-powershell-and-configmgr-2012/;
User-targeted:
http://www.petervanderwoude.nl/post/install-user-targeted-applications-during-os-deployment-via-powershell-and-configmgr-2012/.
If you're not talking about an OS deployment, your only option is indeed to add the clients later to the software update collection(s). In that case you could also try to automate it via PowerShell by using the
Add-CMDeviceCollectionDirectMembershipRule.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
SCCM - software updates deployment.
Hi All,
i have adobe acrobat version 10.1.10 installed on my mahcine, when ever i am trying to up deploy an Adobe acrobat 10.1.13 for my machine using but its not gettin updated. Also , one thing that i have seen is even after deployment it is not showing up under
deployment package.
Can anyone help on this, Iam using shavlik higher version of SCUP with SCCM to achieve this.
Rsg,Hi,
You could troubleshoot software updates deployment by checking logs.
UpdatesDeployment.log
UpdatesHandler.log
WUAHandler.log
%windir%\WindowsUpdate.log
For more information:https://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_SU_NAPLog
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Maybe you are looking for
-
Basically my sister updated her iPhone 5c to iOS 7.1, before this she has a passcode on it, She then took the passcode off, after the 7.1 update. Yesterday it randomly put a passcode back on so she tried the ones she had used before and the usual 1,2
-
India Localization eTRM Wanted
Hi, Can anybody provide the link to India Localization eTRM. Thanks, Angelica.
-
Appending XML Node to XMLTYPE Variable
Hi All, My Database Details, BANNER Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production PL/SQL Release 9.2.0.1.0 - Production CORE 9.2.0.1.0 Production TNS for 32-bit Windows: Version 9.2.0.1.0 - Production NLSRTL Version 9.2.0.1.0 - Productio
-
Why is it imposable for me to download the latest ipod touch update?
i am having trouble downloading the 3/20/12 ipod touch update softwhare on my laptop, i admit its a fairly old laptop cuz i'm still running on windows XP. i wanted to know if its possable to even download the update XP? i have free gigs of space & a
-
Can i use PXIe-1073 with an embedded PXIe controller PXIe-8108
I have a PXI express chassis PXIe-1073 with an integrated controller MXI-Express controller PCIe-8361. I now want to use the chassis as a standalone system with an embedded controller. (a)Can i use PXIe-1073 chassis with PXIe-8108 embedded controller