Software Update Group not created...?

Similar Messages

• All Software update groups expired

   Hi,
  Please see http://social.technet.microsoft.com/Forums/en-US/39b60e34-f30a-4963-a08b-6a8e13e44b91/software-update-groups-grey-icon-with-x-?forum=configmanagersecurity
  for reference.
  We created update lists for Windows 7 with Office, automatic updates for SCEP, they all are expired (Expired icon of “http://technet.microsoft.com/en-us/library/hh848254.aspx). I don’t want them to expire. I want to make sure every new
  OS will get the latest updates + antivirus updates.
  Not sure if this is by design, an error on SCCM (http://social.technet.microsoft.com/Forums/en-US/0c13c27d-55a9-4f56-8ac0-f9053301ab0c/all-updates-in-sccm-software-updates-are-set-to-expire?forum=configmgrsum=>
  my SCUP is there) or there is some misconfiguration.
  Please advise. J.
  Jan Hoedt

  Jan,
  > *Can you help me with this mechanism, I'm not familiar with it?
  While viewing the updates that are a member of the software updates group, either sort by the "Expired" column or filter by Expired = Yex.  Select all expired updates, right click, and select 'Edit Membership".  Uncheck the checkbox for the software
  update groups you are trying to remove them from.
  > *I seem to remember there was somewhere an option that mentioned expired
  This option has to do with how long 'superseded' updates will remain available for deployment.  You can set under Administration > Site Configuration > Sites.  Right click on your site and select Configure Site Components > Software Update
  Point.  The setting is on the "Supersedence Rules" tab.
  However, Microsoft will also directly expire updates from time to time as well.  In general, this is normal and something you shouldn't worry about managing.  When the update has been expired by Microsoft, it is something you couldn't install even
  by going to Windows Update, so you shouldn't worry trying to deploy them.  Instead, deploy the current updates instead of superseded ones.
  >How can I automate this (not automatically apply but using manually which updates to use and deploy at times I choose)?
  For organizations with very simple Software Update processes, you could use an Automatic Deployment Rule to select updates based on a criteria, download the content to a deployment package, add the updates to a software update group, and create a deployment
  to a collection.  That deployment can be 'available' and not required if you plan to hand install them later.
  This documentation gives you an overview of how all the Software Update Management features work:
  http://technet.microsoft.com/en-us/library/gg682168.aspx#BKMK_DeploymentWorkflows
  And this blog post gives an example of using an ADR:
  http://blogs.technet.com/b/configmgrdogs/archive/2012/05/08/configmgr-2012-automatic-deployment-rules.aspx
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• Automatic create Software Update Group and assign patches

  Does someone has a e.g. powershell/vbs script which does the following:
  - step 1: verify which patches are added to Windows 7 image using SCCM 2012 Offline Servicing
  - step 2: verify all downloaded and deployed patches in the SCCM 2012 environment
  - step 3: get the multi-reboot patches
  Then creates a Software Update Group and add all patches obtained in step 2 and exclude all patches obtained in step 1 and step 3..
  Then I can assign that software update group to my Reference Image task sequence and I will not ran in the currently available problems where lists are to big and software updates during the task sequence are failing :-)
  Does some likes this and want to help me with it ?
  I think it is a nice solution for the patch deployment problem during the reference image task sequence phase.

  1.  I've not written a script for that but to be plain:  why?  There's no reason you shouldnt have those patches downloaded and deployed anyway in case someone makes a computer "the old fashioned way" then joins it to the domain.
  2.  This is what ADR is for.  I've got a few runbooks to help with things like cleaning up expired patches, but you shouldn't need any script for this step specifically.
  3.  Getting multi-reboot patches someone already did for you :)  http://blogs.technet.com/b/deploymentguys/archive/2015/03/11/excluding-known-multi-reboot-updates-during-a-zti-deployment.aspx
  Basically for #3, you just replace the update task with the MDT version and put this script right in front.  Bam, done :)  As for the extra scripting to exclude downloading patches you injected with DISM (#1)... I honestly don't see a point ...
  but I could probably write something if you wanted.

• SCCM 2012 SP1 - PowerShell command to create a software update group deployment DISABLED by default

  Hello,
  I create deployment jobs using new Powershell cmdlet "Start-CMSoftwareUpdateDeployment". However it looks there is no way with this cmdlet to create a job which is disabled by default.
  Is it possible ? As an alternative, which cmdlet could I use to manage enable/disable job state ? I have not found anything so far.
  Regards.
  Sylvain

  hi, i tried the solution to create a deployment using  http://cm12sdk.net/?p=2014 link.
  it creates deployment but it is not downloaded so a red cross sign is shown in front of software update group. can you guide me on which command to use to download software update after which we can try the script mentioned in the link.
  thanks.
   

• Create software update group that only contains post service pack hotfixes?

  I'm creating software update groups for server and workstation OS.  Is there a way to exclude pre-service pack updates from an update group (or even the search itself)?  Example: all of our machines already have Windows 7 SP1 installed, therefore
  I don't need to include any updates that were included in SP1.  I know only required updates will be installed, but I'd rather not waste disk space downloading ones I don't need.  Thx

  The console shows you how many devices in your hierarchy require a given update. If you don't want to see updates that are not required by any devices, select Add Criteria > Required > Greater or Equal to 1 > Search. This assumes that the Software
  Updates Evaluation cycle is run on the devices...
  If you apply SP1 to all devices, the individual updates (pre-SP1), should not be required by the devices (they may even become superseded by SP1 - depends)... The count of Required in the console should be 0...
  I know this is not the exact answer you're looking for, but it's easy...

• Creating software update group for required updates ?

  Hello,
  I've been trying to find an easy way to create a software update group that contains required security updates for a specific device collection but no solution yet. It is easy to get which security updates are required for that collection via SQL query or
  by using built-in report in sccm2012. The problem is, there is no way to easily create a update group to deploy from those lists. You have to add them one by one and that takes so much time. So i would be glad if someone have an answer for me?
  Best Regards,

  Thanks for your quick response. I have hundreds of required updates in the software update section. So you say deploy all of them to that collection even most of are not required for those devices. At this point it seems unreasonable to deploy so much
  unnecessary file which will increase the burden on network and devices while it also increases the risk of failures. On the other hand it is also very time consuming to add approx. 50 update one by one to update group.

• I can not update a Windows Server 2008 R2 with Software Update Group in SCCM2012

  Hi all,
  I got some problems with update deployments these days.
  I try to configure SCCM2012 to update 1 Windows Server 2008 R2 (with Hyper-V / This server is in a cluster)
  Actually i've 4 other Hyper-V servers and i would like to add one more in the cluster called Hyper-V5. To do that i need that all Hyper-V servers use the same Windows Updates.
  I created a collection for my Hyper-V servers and then a Software Update Group with all needed updates (checked the list of another HV-Server).
  I did a deployment on this collection using this new Software Update Group.
  I checked the Sofwtare Center's logs on the Hyper-V5 server and i saw that synchronization has a successfull state.
  But there is no updates installed or displayed in Sofwtare Center.
  Here is some screenshots : Oh no i can't post image because ... "Body text cannot contain images or links until we are able to verify your account." waiting to be verified since months.
  Thanks for your help.

  Hi,
  Have you try to run Software Updates Scan Cycle and Software Updates Deployment Evaluation Cycle Actions on the client? Please check ScanAgent.log and PolicyAgent.log to see whether the client received the updates deployment policy.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Dots in Software Update Groups names

  Hello,
  Do you know any reason why is it impossible to put a dot (".") in a name of Software Update Group? I can use dots in SUG's name created via ADR but not when I create one manually, I receive an error: "Must specify a valid name for the software
  update group".
  How can I put dots in a names for manually created SUGs?
  SCCM 5.00.7958.1000
  http://about.me/exchange12rocks

  While you might be able to create it with an ADR or with PowerShell, if the User Interface specifically prevents it from being created, its a strong bet that it isn't tested and supported by the product team.
  You're best bet is to put in feedback on Microsoft Connect asking them to allow and support it. 
  http://myitforum.com/myitforumwp/2013/12/02/giving-feedback-on-microsoft-connect-for-configmgr-2012-help-yourself-help-the-community/
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you found a bug or want the product to work differently,
  share your feedback.
  <-- If this post was helpful, please click the up arrow or propose as answer.

• Collections based on Software Update Group compliance

  Hi!
  Is it possible to create a collection based on software update group compliance? This is for software update groups which are
  not deployed, they are just monitor groups (for example, groups for yearly or quarterly software update compliance).
  I would like to create a collection that lists all devices which are non-compliant in software update groups with names like "%Client Updates" - is this possible?
  The reason for this is so I can impose some stricter Compliance Settings (among some other stuff) on devices that are not compliant.
  I looked around a bit, but I could not find anything that I can use. Even Google couldn't solve my question :/

  you can try something like this:
  This collection is basically sub selected query get list of computers that do not have specific assignment enabled.
  select *  from  SMS_R_System where SMS_R_System.ResourceId not in (SELECT distinct SMS_UpdateComplianceStatus.MachineID  FROM SMS_UpdateComplianceStatus JOIN SMS_UpdateDeploymentSummary ON SMS_UpdateComplianceStatus.CI_ID = SMS_UpdateDeploymentSummary.CI_ID
  WHERE SMS_UpdateDeploymentSummary.AssignmentName like "%Client Updates%")
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: Eskonr

• Software update group problem on Primary SUP

  Hi All
  I hope someone can help me with the following issue it is related to SUP
  We have an environment of a CAS and a Primary Site ( I know not an ideal situation ;-))
  We have the SCCM 2012 Sp1 version with no CU update.
  We have two separate SUPS installed at separate servers one connected to the CAS site and one connected to the Primary site.
  The one connected to the CAS site connects to the internet and the one connected to primary sync’s with the other one.
  Everything works perfect but after the implementation of the new updates from the month April we have some problems.
  When I connect to the CAS site with the configuration manager console every update in the software update group have a green icon ( some are superseded and have an orange icon) and the updates all have the status of downloaded Yes and deployed Yes.
  When I connect to our primary site with the configuration manager console some updates in the same update group (as mentioned above) have a red icon and have the status of deployed yes and downloaded NO.
  Strange !!!
  I created a new update group and new package downloaded all updates again and the same thing happens as above.
  The updates KB2837579 , KB2553444 , KB973688 , KB2687567 are correct when I connect to the CAS but when I connect to the Primary they have status downloaded NO. Al other updates 150 are correct on both sites.
  There is no problem with the Sync between the SUPs when I check Software Update Point Sync status and wsyncmgr.log.
  I am lost in this one I hope someone can help me with this .or can help me where to troubleshoot
  regards
  Johan

  When I connect to the CAS site with the configuration manager console every update in the software update group have a green icon ( some are superseded and have an orange icon) and the updates all have the status of downloaded Yes and deployed Yes.
  When I connect to our primary site with the configuration manager console some updates in the same update group (as mentioned above) have a red icon and have the status of deployed yes and downloaded NO.
  Strange !!!
  Yes, even I've seen these kind of issues several times even after CM12 R2 upgrade. I had these issues normally (ONLY) with Windows XP and Windows Server 2003 server patches. It seems to me like when you DON'T have Win XP and Windows Server 2003 machines
  in Primary server DB then we're facing this issue. But I'm not very sure. This is just a thought.
  Primary server CM12 console - When you look at software update group or Package then in the “summary” there would one or more  patches show as “not downloaded” 
  But when you take a look at the properties of the patch and look at  “Content information”, it says downloaded = yes
  Anoop C Nair -
  @anoopmannur :: MY Site:
   www.AnoopCNair.com ::
  FaceBook:
   ConfigMgr(SCCM) Page ::
  Linkedin:
   Linkedin<

• Software Update Group SQL Info

  Hi
  I'm trying to create a notification using Orchestrator when a software update group (which is created by an ADR) is created. Can anyone tell me which view to look in to find the information. I've tried several so far to no avail. If I can get the updates
  contained in this group that would be even more useful.
  Reasons for needing a notification are that customer requires all software updates to go through change control but want's to cut down administrative overhead in deploying software updates so an ADR has been created to download but not deploy them so all
  an administrator has to do is deploy the group once approved, rather than create the group, wait etc.

  Sorry I don't think this is achieving what I've asked as the xml files contain multiple scope ID's so how am I supposed to work out what corresponds to what I need? How do I even get the scope ID out of an xml within the SQL database in the first place?
  I have tried that query with the scope ID's found in the XML's and it has returned no data so I'm convinced that this is not the correct way of doing this. If you can provide the query from start to finish on how to get this information based on the creation
  date of a software update group then perhaps we can get somewhere.
  This is an xml from one of the rules:
  <AutoDeploymentRule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <DeploymentId>{f327fd31-4530-4eed-8b75-8596f10f08d7}</DeploymentId>
    <DeploymentName>Windows Server 2012 Update Deployment</DeploymentName>
    <DeploymentDescription />
    <UpdateGroupId>ScopeId_8B27AA37-A165-4666-813B-0D79BF2692E5/AuthList_a4759bfe-e7d7-4643-bef2-8779248114b5</UpdateGroupId>
    <LocaleId>1033</LocaleId>
    <UseSameDeployment>false</UseSameDeployment>
    <EnableAfterCreate>false</EnableAfterCreate>
    <NoEULAUpdates>false</NoEULAUpdates>
    <AlignWithSyncSchedule>false</AlignWithSyncSchedule>
    <ScopeIDs>
      <ScopeID>P0100001</ScopeID>
      <ScopeID>P0100002</ScopeID>
      <ScopeID>P0100003</ScopeID>
      <ScopeID>P0100004</ScopeID>
      <ScopeID>P0100005</ScopeID>
      <ScopeID>P0100006</ScopeID>
      <ScopeID>SMS00UNA</ScopeID>
    </ScopeIDs>
  </AutoDeploymentRule>

• Added additional update to software update group, do I need to deploy it?

  Hi,
  I am fairly new to SCCM and I am not sure about this. Couple days ago I downloaded some windows updates and placed them into a software update group 2015Clients and created the required deployments. So today I found an additional update that needed
  to be added to this update group 2015clients. So I downloaded the additional update and it was placed into the 2015Clients deployment package. My first question is why is it in the deployment package 2015Clients and not in the software update group 2015Clients
  as well? Second question, the new update that is now in the deployment package group says that it is not deployed like the other updates do. Do I need to deploy this new update? I was confused because when I tried to deploy it using the same deployment name
  as the other updates it wants me to use a different name. TIA

  Downloading an additional update doesn't directly add an update to an update group. Those are two separate things and by that two separate actions. There is no direct link between an update group and a deployment package.
  The deployed update group tells the client which updates it should install and the deployment package is the method to make the content of the update available.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Deployment Package vs Right-Click, Deploy directly from Software Update Groups?

  I'm not sure I understand the difference between collecting updates into a group and then just using right-click to create a deployment from within Software Update Groups?
  One thing I did notice this morning, is that if I want to distribute that content to other DPS, I have to create deployment package first? Are there other reasons for not simply deploying from within Software Update Groups?
  Thank-you

  Update Groups *group* updates together. That's it, they have no additional functionality.
  Updates can be deployed individually or as groups (in the form of Update Groups) -- it would be pretty painful to manually deploy every update individually so that's why there are update groups.
  Update Packages (I don't like calling them deployment packages even though that's what they're labeled as in the console because they have nothing to do with deployments) make update binaries available to the clients.
  Update Groups have nothing to do with Update Packages. Update Groups contain references to updates, update packages contain binaries. Deploying an update or update group assigns those updates to the client within the collection specified. Clients that have
  an update assigned that is also applicable will download the binary for the update from any available update package and install it.
  You create an update package by right-clicking on an update or update group and choosing download. The wizard offers you a choice between using an existing package or creating a new one. You cannot directly create on.
  Secondary sites have nothing to do with this process whatsoever. Clients are clients are clients regardless of where they are located. As long as they are within t he collection targeted by the deployment and they have access to the assigned update binaries
  in an update package, they will download and install the updates properly.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Deploying one software update group to multiple collections.

  Good Afternoon,
  We are in the process of rolling out Windows updates to our server environment.  This will be the first rollout on a mass scale. Previously, we have rolled out to about 4 collections to test.
  In a prior life, I managed deploying Windows updates using SCCM 2007. You were able to target to a deployment to a parent collection and select the option to deploy to sub-collections.
  With CM2012, we have a parent folder and our collections live inside of this folder.  My question is this, how can deploy my software update group without having to create a deployment targeted to each individual collections.  Our structure looks
  like this
  Parent Folder (Production)
  Subfolder (Monthly)
  Monthly Collections
  We have 43 monthly collections for production.  I would prefer to not have to create 43 different deployments.  Can you target the parent folder and include the collections?  I read another article where CM2012 did away with the use SubCollections,
  but I have not been able to verify that.
  Any assistance would be appreciated.
  Thank You
  Brian Dougherty

  You can still do something similar as with a top collection in CM07. In CM12 you can use the include collection. So that would mean that one collection can include multiple collections, which allows you to target only one collections. Those separate collections
  can then be used for different maintenance windows (or whatever you want to do with it).
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Modifying a Software Update Group Deployment via PowerShell

  Good Morning Guys - 
  Recently, I created numerous Software Update Group (SUG) advertisements to a variety of collections using a PowerSHell script I wrote.  It used the cmdlet "Set-CMSoftwareUpdateDeployment" which is described by Microsoft as "Modifies a
  software update deployment in Configuration Manager."  Below is the command I used for the advertisement I'm using as an example here:
  Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "Workstation Related - Mar 2014 Deployment" -CollectionName "Workstation Patch Management - Window #5 - 3rd Monday - Auto Restart" -DeploymentName "Workstation Patch Management - Window #5 - 3rd Monday - Auto Restart" -DeploymentType Required -VerbosityLevel OnlySuccessAndErrorMessages -TimeBasedOn UTC -DeploymentAvailableDay 2014/3/17 -DeploymentAvailableTime 5:00 -DeploymentExpireDay 2014/3/17 -DeploymentExpireTime 5:00 -UserNotification DisplaySoftwareCenterOnly -SoftwareInstallation $False -AllowRestart $False -RestartServer $False -RestartWorkstation $False -ProtectedType NoInstall -UnprotectedType NoInstall
  What I'm needing to do, though, is change many of these advertisements from "Required" to "Available" using PowerSHell again.  Since it's described as "modifies," I assumed that I could run the exact same line used to create
  the advertisement, except only change the "Required" string to "Available."  The advertisement name is the same, so I thought it would work. 
  When I ran it,  it simply created another advertisement with the same name:
  Am I doing something incorrectly when trying to modify the advertisement or is what I've trying to do even possible with this cmdlet?  If not possible, any suggestions you have as to how I could do what I'm trying to do on a large scale would be appreciated!
  Thanks!
  Ben K.

  I just tried on a required deployment:
  set-cmsoftwareupdatedeployment -softwareupdategroupname "My Group Name" -deploymentname "My deploymentname" -collectionname "my collection name" -deploymenttype "available"
  And it changed to Available. Not sure why that isn't working for you.