Software update group - Superseded updates

Similar Messages

• All Software update groups expired

   Hi,
  Please see http://social.technet.microsoft.com/Forums/en-US/39b60e34-f30a-4963-a08b-6a8e13e44b91/software-update-groups-grey-icon-with-x-?forum=configmanagersecurity
  for reference.
  We created update lists for Windows 7 with Office, automatic updates for SCEP, they all are expired (Expired icon of “http://technet.microsoft.com/en-us/library/hh848254.aspx). I don’t want them to expire. I want to make sure every new
  OS will get the latest updates + antivirus updates.
  Not sure if this is by design, an error on SCCM (http://social.technet.microsoft.com/Forums/en-US/0c13c27d-55a9-4f56-8ac0-f9053301ab0c/all-updates-in-sccm-software-updates-are-set-to-expire?forum=configmgrsum=>
  my SCUP is there) or there is some misconfiguration.
  Please advise. J.
  Jan Hoedt

  Jan,
  > *Can you help me with this mechanism, I'm not familiar with it?
  While viewing the updates that are a member of the software updates group, either sort by the "Expired" column or filter by Expired = Yex.  Select all expired updates, right click, and select 'Edit Membership".  Uncheck the checkbox for the software
  update groups you are trying to remove them from.
  > *I seem to remember there was somewhere an option that mentioned expired
  This option has to do with how long 'superseded' updates will remain available for deployment.  You can set under Administration > Site Configuration > Sites.  Right click on your site and select Configure Site Components > Software Update
  Point.  The setting is on the "Supersedence Rules" tab.
  However, Microsoft will also directly expire updates from time to time as well.  In general, this is normal and something you shouldn't worry about managing.  When the update has been expired by Microsoft, it is something you couldn't install even
  by going to Windows Update, so you shouldn't worry trying to deploy them.  Instead, deploy the current updates instead of superseded ones.
  >How can I automate this (not automatically apply but using manually which updates to use and deploy at times I choose)?
  For organizations with very simple Software Update processes, you could use an Automatic Deployment Rule to select updates based on a criteria, download the content to a deployment package, add the updates to a software update group, and create a deployment
  to a collection.  That deployment can be 'available' and not required if you plan to hand install them later.
  This documentation gives you an overview of how all the Software Update Management features work:
  http://technet.microsoft.com/en-us/library/gg682168.aspx#BKMK_DeploymentWorkflows
  And this blog post gives an example of using an ADR:
  http://blogs.technet.com/b/configmgrdogs/archive/2012/05/08/configmgr-2012-automatic-deployment-rules.aspx
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• Software update group problem on Primary SUP

  Hi All
  I hope someone can help me with the following issue it is related to SUP
  We have an environment of a CAS and a Primary Site ( I know not an ideal situation ;-))
  We have the SCCM 2012 Sp1 version with no CU update.
  We have two separate SUPS installed at separate servers one connected to the CAS site and one connected to the Primary site.
  The one connected to the CAS site connects to the internet and the one connected to primary sync’s with the other one.
  Everything works perfect but after the implementation of the new updates from the month April we have some problems.
  When I connect to the CAS site with the configuration manager console every update in the software update group have a green icon ( some are superseded and have an orange icon) and the updates all have the status of downloaded Yes and deployed Yes.
  When I connect to our primary site with the configuration manager console some updates in the same update group (as mentioned above) have a red icon and have the status of deployed yes and downloaded NO.
  Strange !!!
  I created a new update group and new package downloaded all updates again and the same thing happens as above.
  The updates KB2837579 , KB2553444 , KB973688 , KB2687567 are correct when I connect to the CAS but when I connect to the Primary they have status downloaded NO. Al other updates 150 are correct on both sites.
  There is no problem with the Sync between the SUPs when I check Software Update Point Sync status and wsyncmgr.log.
  I am lost in this one I hope someone can help me with this .or can help me where to troubleshoot
  regards
  Johan

  When I connect to the CAS site with the configuration manager console every update in the software update group have a green icon ( some are superseded and have an orange icon) and the updates all have the status of downloaded Yes and deployed Yes.
  When I connect to our primary site with the configuration manager console some updates in the same update group (as mentioned above) have a red icon and have the status of deployed yes and downloaded NO.
  Strange !!!
  Yes, even I've seen these kind of issues several times even after CM12 R2 upgrade. I had these issues normally (ONLY) with Windows XP and Windows Server 2003 server patches. It seems to me like when you DON'T have Win XP and Windows Server 2003 machines
  in Primary server DB then we're facing this issue. But I'm not very sure. This is just a thought.
  Primary server CM12 console - When you look at software update group or Package then in the “summary” there would one or more  patches show as “not downloaded” 
  But when you take a look at the properties of the patch and look at  “Content information”, it says downloaded = yes
  Anoop C Nair -
  @anoopmannur :: MY Site:
   www.AnoopCNair.com ::
  FaceBook:
   ConfigMgr(SCCM) Page ::
  Linkedin:
   Linkedin<

• Create software update group that only contains post service pack hotfixes?

  I'm creating software update groups for server and workstation OS.  Is there a way to exclude pre-service pack updates from an update group (or even the search itself)?  Example: all of our machines already have Windows 7 SP1 installed, therefore
  I don't need to include any updates that were included in SP1.  I know only required updates will be installed, but I'd rather not waste disk space downloading ones I don't need.  Thx

  The console shows you how many devices in your hierarchy require a given update. If you don't want to see updates that are not required by any devices, select Add Criteria > Required > Greater or Equal to 1 > Search. This assumes that the Software
  Updates Evaluation cycle is run on the devices...
  If you apply SP1 to all devices, the individual updates (pre-SP1), should not be required by the devices (they may even become superseded by SP1 - depends)... The count of Required in the console should be 0...
  I know this is not the exact answer you're looking for, but it's easy...

• ADR Removes updates from existing Software Update Group

  I'm working on using SCCM for Software Updates, was previously only using WSUS. I think I've got everything configured and I can deploy updates successfully. So now I'm working on automating things with some ADRs. The problem I'm running into is that I'm
  trying to set the ADR to add updates to an existing group. Office 2007 updates in this example.  I have the search criteria in the ADR set to look for Office 2007 updates released in the last 30 days and it is set to run once a month. 
  So in my mind, each month it will run and add the necessary updates to the existing group, and the group will become a cumulative list.  The problem I'm having is that every time the rule runs, it seems to remove all the existing updates from that
  group and only add in the updates that were returned for that run.  For example, I can set the rule to search for updates released in the last 60 days and will see 15 updates in the group.  If I change the rule to search for updates released in the
  last 30 days and run it again, the group will only have 10 updates in it.  Or if I manually add updates to the group and then run the rule again, the updates I manually added are removed.  None of these are expired or superseded.  Any ideas?

  The spirit of the statement is more or less correct, but as it applies to this scenario it is not. To the clients, nothing has changed. The update is part of the update group before and after. Thus, the client only knows about the newly added updates thus
  there really is no client side processing churn except for the newly added updates. As for the SQL processing, that's what SQL does well -- that's the whole point of using a enterprise class RDBMS. Tip-toeing around SQL, particularly for a process that only
  happens once a month, is (sorry) silly. Now, if you were to do this everyday, then yes, that's bad. Once a month, it's trivial. Do of course make sure you have a good SQL maintenance plan in place that includes re-indexing and rebuilding statistics (not the
  built-in maintenance task). 
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Update showing up in "Compliance 5 - Specific Computer" Report even after removing the update from the Software Update before creating Group and Package

  So I've created a Software Update Group and I did NOT want anything in there dealing with Internet Explorer 11 since the organization is currently stuck at using 10 as the highest. So I made sure that Internet Explorer was NOT in the list and then I deployed
  the package. 
  After running my Overall Compliance report it shows that the systems are compliant, but when I view the "Compliance 5 - Specific Computer" I see that "Internet Explorer 11 for Windows 7 for x64-based Systems" is listed in the report. 
  This is just a testing phase right now and I have not created a WSUS like Domain level GPO. I understand that the SCCM client creates a local policy on the clients for the location of the Software Update Point (Specify
  Intranet Microsoft update service location), but the "Configure Automatic Updates" policy is set to Not Configured, which it looks like when this
  is set, the "Install updates automatically (recommended)" at 3AM is the default. 
  Is the reason why the "Internet Explorer 11 for Windows 7 for x64-based Systems" update is showing up in the list due to the fact that the "Configure
  Automatic Updates" policy is set to Not Configured
  and therefore it is still reaching out to check Windows Update online? 
  So, if I do create a Domain level GPO to Disable the "Configure
  Automatic Updates" policy, then the "Internet Explorer 11 for Windows 7 for x64-based Systems" update would not show up in the "Compliance 5 - Specific Computer" report?
  By the way, I have a Software Update Maintenance Window configured for the hours of 1AM-4AM so the 3AM default time falls within this time frame, therefore, I am assuming the SCCM 2012 client will not allow the Windows Update Agent to install the "Internet
  Explorer 11 for Windows 7 for x64-based Systems" update, even though it has detected it is "Required". 
  Thanks

  But, don't you need a Deployment Package in order to deploy the Software Update Group? The Software Update Group uses the downloaded updates contained in the Deployment Package located in, wherever the Package Source is, right?
  One more quick question that you will know right off hand, because, well, you just will I'm sure.
  No. The software update group really has nothing to do with any update packages. The update group assigns updates to clients and in turn clients use update packages to download assign and applicable updates from. There is no connection between the two though
  as the client can download an update from any available update package. Thus, it's more than possible to updates in an update package that are not in any update groups and it is also possible for an update to be in an update group without being in any update
  package.
  If the "Configure Automatic Updates" policy is set to "Not Configured" and since this keeps the 3AM Automatic Updates default, if I was to remove the Software Update Maintenance Window from being between 1AM-4AM, will the WUA agent install updates
  at 3AM, or no because the SCCM 2012 client still manages and oversees it and basically blocks that from occurring?
  No, ConfigMgr does not in any way block the WUA; however, the WUA can only autonomously install updates it downloads directly from WSUS. Thus, since there are no updates approved or downloaded in your WSUS instance, there's nothing for it to download and
  install. If you happen to actually be going into WSUS and approving updates (which you should not be doing as its unsupported), then yes, it actually would install updates -- this is outside of ConfigMgr's control though. Generally, disabling the WUA via a
  GPO is the recommended to prevent any accidental installations or reboots (as the WUA wil also check for initiate pending reboots outside of ConfigMgr).
  Lots more info in these two blog posts:
  - http://blog.configmgrftw.com/software-update-management-and-group-policy-for-configmgr-what-else/
  - http://blog.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/
  Jason | http://blog.configmgrftw.com

• I can not update a Windows Server 2008 R2 with Software Update Group in SCCM2012

  Hi all,
  I got some problems with update deployments these days.
  I try to configure SCCM2012 to update 1 Windows Server 2008 R2 (with Hyper-V / This server is in a cluster)
  Actually i've 4 other Hyper-V servers and i would like to add one more in the cluster called Hyper-V5. To do that i need that all Hyper-V servers use the same Windows Updates.
  I created a collection for my Hyper-V servers and then a Software Update Group with all needed updates (checked the list of another HV-Server).
  I did a deployment on this collection using this new Software Update Group.
  I checked the Sofwtare Center's logs on the Hyper-V5 server and i saw that synchronization has a successfull state.
  But there is no updates installed or displayed in Sofwtare Center.
  Here is some screenshots : Oh no i can't post image because ... "Body text cannot contain images or links until we are able to verify your account." waiting to be verified since months.
  Thanks for your help.

  Hi,
  Have you try to run Software Updates Scan Cycle and Software Updates Deployment Evaluation Cycle Actions on the client? Please check ScanAgent.log and PolicyAgent.log to see whether the client received the updates deployment policy.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How can I tell what Software Update Groups are members of Deployment Packages?

  I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012.
  I am trying to clean things up a little bit and I am curious:
  How can I tell which Software Update Groups use
  which Deployment Packages?  I don't see it on the Properties of either one.
  Thanks!

  Funny thing is that you can't see from the software update (in the software update group) in which deployment package(s) it exists. Your only options are manually comparing every single update (not really an option), or use PowerShell and do something
  like this:
  http://myitforum.com/myitforumwp/2014/05/12/matching-configmgr-software-updates-to-a-deployment-package-with-powershell/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Adding Software Updates to Software Groups After Deployment

  Hi all -
  I went through and created 3 software update groups (for 2013, 2014, and 2015), and then distributed all three of them to a certain collection (and to all DPs). After that point, I then realized I had forgotten a number of updates for each software
  update group. I downloaded the software updates and edited their membership so they would be a part of the existing software groups. When I did that their statuses said they were deployed. However, when I look at content distribution I don't see
  anything changing. Almost like the new updates didn't go out to the DPs.
  Do you need to redeploy the software update groups after adding new software updates? Or should this automatically distribute the new updates as part of the existing deployments.
  Kind of unrelated, and not really part of my main question. Is there a best practice on the maximum number of software updates for a group? My largest group has 632 updates. I realize the dependency on reporting and all that, I am purely speak from a performance
  or issues best practice.
  Thanks,
  --Julius

  A software update group and a deployment package are two different things. When you download the updates, you download them to your deployment package. To look at the status of that process you can look at
  Content Status node in the console or the distmgr.log
  file.
  The best-practice maximum number of updates per update group is a 1000, see also:
  https://technet.microsoft.com/en-us/library/hh692394.aspx.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Export and Import members of a Software Update Group

  Greetings,
  I am looking for a method I can use to Export a Software Update Group (or just it's members) to a file that I can then use to Import into another 2012 hierarchy. I can't use the built-in Migration process as it is already connected to a different Hierarchy.
  I have scripts that will pull Approvals from WSUS and then import into Update groups, but I also need something that I can use to copy update groups from "DEV" to "PROD" and back again.
  Any thought or suggestions most welcome.
  Scott.

  Hi
  You cannot export Software Update Groups in ConfigMgr 2012.
  One way of doing what you what is to use Powershell to "dump" all the settings of your Software Update Groups and then use that file as a basis for creating the Software Update Group in production. Or you could just create all Software Update Groups using
  a Powerscript which runs in dev and production.
  To get you started, you could look at the snippet of code below, which I use for creating Software Update Group automatically.
  import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1')
  $PSD = Get-PSDrive -PSProvider CMSite
  CD "$($PSD):"
  $DPDate = get-date "22-02-2011 19:00:00"
  $SUGName = "Workstaitions 2011 02 February"
  $SUGMembers = Get-CMSoftwareUpdate | Where-Object {$_.DatePosted -eq $DPDate -and $_.NumMissing -ge 1} | select CI_ID
  New-CMSoftwareUpdateGroup -Name $SUGName -UpdateId $SUGMembers.CI_ID

• Monthly Software Updates Merged to Main OS Group

  I was reading
  here but still am a little unclear.
  My Current Layout.
  OS Main Software Update Group... Example Windows 7 Software Updates.
  Then I have seperate Software update Groups by Month Example... September 2014, October 2014, November 2014.... Now that I am getting ready to created December 2014 I want to merge September 2014 into my Main Windows 7 Software Updates.
  My Question is What is the best way to do this?  Just edit the membership and change from September 2014 to Windows 7 Software Updates?  What about downloading and how does my Windows 7 Software Updates Package get updated?

  One important factoid here (that reinforces Torsten's correct answer) is that there is no relationship whatsoever between software update group and update deployment packages. Clients are assigned updates using update groups. If an update is applicable
  to a system then it will download the binary files for the update from *any* available update package. Thus, there's no reason to put update binaries in any specific package in the first place and certainly no reason to re-download them if they are already
  downloaded and in an update package already.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Problem trying to upbate ituns error masage the older version of apple software update  cannot be removed  contact your nearest spport group

  problem trying to update iTunes error massage the older version of apple software update  cannot be removed  contact your nearest support group how
  can i fix this problem i have tried many things but it still dose not work for me ????

  Download the Windows Installer CleanUp utility from the following page (use one of the links under the thingy on the Major Geeks page):
  http://majorgeeks.com/download.php?det=4459
  To install the utility, doubleclick the msicuu2.exe file you downloaded.
  Now run the utility ("Start > All Programs > Windows Install Clean Up"). In the list of programs that appears in CleanUp, select any Apple Software Update entries and click "Remove", as per the following screenshot:
  Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?

• Trying to download latest iTunes, but I keep getting "The older version of Apple Software Update cannot be removed.  Contact your technical support group."  Please help.

  Please help.  I am trying to download the latest version of iTunes so I can synch my new iPhone.  I keep getting "The older version of Apple Software Update cannot be removed.  Contact your technical support group."  Please help as I have absolutely no idea.  Thanks.

  Download the Windows Installer CleanUp utility from the following page (use one of the links under the thingy on the Major Geeks page):
  http://majorgeeks.com/download.php?det=4459
  To install the utility, doubleclick the msicuu2.exe file you downloaded.
  Now run the utility ("Start > All Programs > Windows Install Clean Up"). In the list of programs that appears in CleanUp, select any Apple Software Update entries and click "Remove", as per the following screenshot:
  Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?

• Dots in Software Update Groups names

  Hello,
  Do you know any reason why is it impossible to put a dot (".") in a name of Software Update Group? I can use dots in SUG's name created via ADR but not when I create one manually, I receive an error: "Must specify a valid name for the software
  update group".
  How can I put dots in a names for manually created SUGs?
  SCCM 5.00.7958.1000
  http://about.me/exchange12rocks

  While you might be able to create it with an ADR or with PowerShell, if the User Interface specifically prevents it from being created, its a strong bet that it isn't tested and supported by the product team.
  You're best bet is to put in feedback on Microsoft Connect asking them to allow and support it. 
  http://myitforum.com/myitforumwp/2013/12/02/giving-feedback-on-microsoft-connect-for-configmgr-2012-help-yourself-help-the-community/
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you found a bug or want the product to work differently,
  share your feedback.
  <-- If this post was helpful, please click the up arrow or propose as answer.

• SCCM 2012 R2 changing date and time for patching software update groups

  I recieve this error when changing date and time for software update group. worked fine yesterday before patches to the server were applied last night. we removed patches but still get error below. Any help would be great.
  ConfigMgr Error Object:
  instance of SMS_ExtendedStatus
  Description = "Property array AssignedCIs exceeded the max allowed";
  ErrorCode = 1078462259;
  File = "e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspupdatesassignment.cpp";
  Line = 94;
  Operation = "PutInstance";
  ParameterInfo = "";
  ProviderName = "ExtnProv";
  StatusCode = 2147749889;
  Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException
  The SMS Provider reported an error.
  Stack Trace:
  at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport)
  at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put()
  at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(IResultObject resultObject, List`1 resultObjectsPut, Boolean retainLock)
  at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock)
  at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger)
  System.Management.ManagementException
  Generic failure
  Stack Trace:
  at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport)
  at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put()
  at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(IResultObject resultObject, List`1 resultObjectsPut, Boolean retainLock)
  at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock)
  at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger

  no it is the final version... is working today after cleaning up database... is working now...thanks
  Hello Robert,
  would you please give some more informations, as I have the same issue and don't get what you mean bye "cleaning up databases".
  Regards ooGDoo
  ooGDoo