Hi, I'm trying to install WSUS for SCCM purposes for SUP role. Here are the steps I did:

1. Install SQL Server 2012 with instancename: SCCM

2. Installed Configuration Manager 2012 R2

3. Trying to install WSUS but it always says that it requires a restart.

Tried to restart the server but same results. In installing the WSUS, I followed based on this instructions:

http://social.technet.microsoft.com/wiki/contents/articles/10020.installing-wsus-server-role-on-windows-server-2012-with-microsoft-sql-database.aspx

Is there something I'm missing in this?

Thanks

Jeff

Hi,

I have one environment with about 15 scopes (one scope for public content and then one per branchoffice)

now I got the following question: is it possible somehow to automatically add all scopes when new content is added that is meant to be public?

this is currently an action that can only be done by the AD group that has the full administrators role who create new stuff that will be accessible for the whole environment.

once new content is added they have to manually modify the security scope, so we would like to automate this somehow.

Ok, I have a weird problem after restoring a SCCM server. Every thing seems to be working correctly except this one thing.

This is a single server site, wsus and sql are local on the machine. Since I restored updates "deployed" by automatic update rules don't show up on client machines.

I can deploy programs and applications, operating systems, and if I select updates and manually deploy them they work.

I see no errors, the automatic update rule runs without a problem, it creates a deployment package, downloads the updates and creates the deployment but the deployment doesn't show up on clients.

Any ideas what the problem might be? So far I've tried reinstalling the software update point role, creating a new folder and share for the deployment package and reinstall the sccm client on two test machines.

Thanks in advance,

Freyr

Hi,

I recently tried to deploy Windows 7 update to my client computers. I am able to download and distribute it to DP, but somehow it wouldn't install into my client computers. Can anyone help me? Below text is copied from my scanagent.log and updatesdeployment.log files from my client computer.

Any assistance is highly appreciated.

Scanagent.log

- - Calling back to client on Scan request complete... ScanAgent 4/10/2014 8:01:17 AM 77868 (0x1302C)
CScanAgent::ScanComplete- Scan completion received. ScanAgent 4/10/2014 8:01:17 AM 77868 (0x1302C)
- -Processing Scan Job TTL invalidity request ScanAgent 4/10/2014 8:04:34 AM 75864 (0x12858)
- -Processing Scan Job TTL invalidity request ScanAgent 4/10/2014 8:09:29 AM 80536 (0x13A98)
*****ScanByUpdates request received with ForceReScan=0, ScanOptions=0x00000008,  WSUSLocationTimeout = 604800 ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
- - -Evaluating Update Status... ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
Found CategoryID of :bfe5b177-a086-47a0-b102-097e4fa1f807 for Update:eaf2ae60-e6f3-4d39-a014-ae25e07361a6 ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
CScanAgent::ScanByUpdates - Found UpdateClassification 0fa1201d-4330-4fa8-8ae9-b877473b6441 for Update:eaf2ae60-e6f3-4d39-a014-ae25e07361a6 ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
Sources are current and valid. TTLs are however, invalid. ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
Sources are Valid, so converting to Offline Scan. ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): CScanJob::Scan- Requesting Offline Scan with last known location. ScanAgent 4/10/2014 8:50:32 AM 90080 (0x15FE0)
No CatScan history exists ScanAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
Sources are current and valid. TTLs are however, invalid. ScanAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): CScanJob::Execute- Requesting scan with CategoryIDs=BFE5B177-A086-47A0-B102-097E4FA1F807 ScanAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): Scan Succeeded, setting flag that performed scan was catscan ScanAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): CScanJob::OnScanComplete - Scan completed successfully, ScanType=2 ScanAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): CScanJobManager::OnScanComplete -ScanJob is completed. ScanAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
ScanJob({1B5BE021-EAEF-43E2-A7A2-329D803F2248}): CScanJobManager::OnScanComplete - Reporting Scan request complete to clients... ScanAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
- - -Evaluating Update Status... ScanAgent 4/10/2014 8:50:41 AM 90080 (0x15FE0)
- - Calling back to client on Scan request complete... ScanAgent 4/10/2014 8:50:41 AM 90080 (0x15FE0)

UpdatesDeployment.log

Message received: '<?xml version='1.0' ?><SoftwareUpdatesMessage MessageType='EvaluateAssignments'><UseCachedResults>False</UseCachedResults></SoftwareUpdatesMessage>' UpdatesDeploymentAgent 4/10/2014 8:04:34 AM 75864 (0x12858)
Removing scan history to force non cached results UpdatesDeploymentAgent 4/10/2014 8:04:34 AM 75864 (0x12858)
Evaluation initiated for (0) assignments. UpdatesDeploymentAgent 4/10/2014 8:04:34 AM 75864 (0x12858)
Message received: '<?xml version='1.0' ?><SoftwareUpdatesMessage MessageType='EvaluateAssignments'><UseCachedResults>False</UseCachedResults></SoftwareUpdatesMessage>' UpdatesDeploymentAgent 4/10/2014 8:09:29 AM 80536 (0x13A98)
Removing scan history to force non cached results UpdatesDeploymentAgent 4/10/2014 8:09:29 AM 80536 (0x13A98)
Evaluation initiated for (0) assignments. UpdatesDeploymentAgent 4/10/2014 8:09:29 AM 80536 (0x13A98)
Message received: '<?xml version='1.0' ?>
 <CIAssignmentMessage MessageType='EnforcementDeadline'>
     <AssignmentID>{85D3A208-0AE4-46F6-87C3-8A94CCA8361C}</AssignmentID>
 </CIAssignmentMessage>' UpdatesDeploymentAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
Assignment {85D3A208-0AE4-46F6-87C3-8A94CCA8361C} has total CI = 1 UpdatesDeploymentAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
Deadline received for assignment ({85D3A208-0AE4-46F6-87C3-8A94CCA8361C}) UpdatesDeploymentAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
Detection job ({D4D22069-E341-476B-9048-4C4FAFF7075D}) started for assignment ({85D3A208-0AE4-46F6-87C3-8A94CCA8361C}) UpdatesDeploymentAgent 4/10/2014 8:50:32 AM 94188 (0x16FEC)
DetectJob completion received for assignment ({85D3A208-0AE4-46F6-87C3-8A94CCA8361C}) UpdatesDeploymentAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
Raising client SDK event for class CCM_SoftwareUpdate, instance CCM_SoftwareUpdate.UpdateID="Site_95D1BDFA-B063-4820-8D5D-497ECA9F10BB/SUM_eaf2ae60-e6f3-4d39-a014-ae25e07361a6", actionType 12l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l UpdatesDeploymentAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
Update (Site_95D1BDFA-B063-4820-8D5D-497ECA9F10BB/SUM_eaf2ae60-e6f3-4d39-a014-ae25e07361a6) added to the targeted list of deployment ({85D3A208-0AE4-46F6-87C3-8A94CCA8361C}) UpdatesDeploymentAgent 4/10/2014 8:50:41 AM 94188 (0x16FEC)
Failed to attach update to the automation wrapper, error = 0x87d00215 UpdatesDeploymentAgent 4/10/2014 8:50:41 AM 83412 (0x145D4)

Is there one Software Update search/criteria I can make that

will ensure computers that maybe haven't had updates in over a year are updated?  

Updates would be for Windows 7 64 bit and Office 2010 32 bit 
Just curious what others are using or what I should try in my case..?
Which search/criteria/filter should I create in SCCM to deploy to the Windows 7 computers? 

And how could I also integrate that into an OSD Task Sequence if possible? 

Dear All

Which is better way to install any hotfix to users using SCCM.

Like i was making .Bat Script of wusa.exe to install any hotfix. But it failed on many users with ERROR: 10006 with Description : 2359302. How can i install by using Software Update by creating software update group.

Thanks

REGARDS DANISH DANIE

Hi,

Recently I noticed that some of ours Secondary SUP's have stopped syncing. Looking at the logs I found that they cannot found SUP parent. Name resolution was OK, no firewall blocking traffic flow, SUP at Primary Site working normally, all replica SUP services online.

Then I went to the Sync Settings at Site Components of the SUP replica and the value of the option "Synchronize from a upstream data source location (URL)" had been changed!

The URL of the upstream server has the correct server name, but the 8530 port is missing! The interesting fact is that I have other SUP replicas working normally with the correct upstream server name and port.

So, my question is: Since I've installed all the replicas SUP's with the same upstream SUP settings, they have been working normally until last week, how the settings are now wrong? The property is greyed out and I cannot change it back to the correct parameter.

Is there any way to correct it without having to reinstall all the replicas SUPs?

Thanks!! 

Hi, I'm trying to follow various documents but cannot find a single unified methodology for how WSUS updates are now supposed to work

I am creating software update Groups and trying to keep them under 1000 updates each as they take 2 hours or so.

So i have a Pre2103, All2013, 2014January to May, 2014 June to September and starting from this month i will do one monthly

My Client base is servers or workstations. I have 2 collections - Available (DCs SQl etc that need manual intervention) and Required (everything else)

So i now create a deployment package for each group - but now i have to do that twice? Once for available collection and once for required collection? Am i missing an easier/better way of doing this?

Once these have all been set up do i then have to deploy them with an ADR? Inject them into the Gold image of my workstations?

I would like the internal WSUS to work exactly like (or as near as can be) to the way microsoft's works. EG if i take a vanilla windows 7 or 8 build and connect it to my network, it gets the GPO, installs the client then goes to SCCM and gets alll the updates to bring itself up to date without me having to then go back into SCCM and create a specifc deployment of job or to manually send out anything.

Or will this only work when the collection gets updated and is aware of the new computer?

Thanks

Hi Guys

I have a SCCM 2012R2 in Windows 2008R2 box with a Secondary Site also in Windows 2008R2. Before proceeding with the upgrade to CU3 I took a snapshot, installed Windows Management Framework 4.0 to get PowerShell 4.0 in order to run a health Check, all fine until this point.

I installed CU3 and checked that the value in CULevel in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Setup is 3 and also check theversion that is displayed in the About System Center Configuration Manager dialog box is5.00.7958.1401

I checked the log file C:\Windows\Temp\cm12-r2cu3-kb2994331-x64-enu.log and all good in there as well. So it's fair to say the installation was successful..??

the next step was to upgrade my secondary site from the Primary site console, so I went to Administration / Site Configuration / Sites and when I right clicked my Primary Server to check its properties I realised that the Version number was still5.00.7958.1000 and the option to upgrade my secondary site is greyed out.

I haven't been able to find any information regarding this issue, in fact I am not sure if is a technical issue or human issue :)

the questions are, how do I upgrade my secondary site and why the difference in between version?

Regards

Jesus Gonzalez

I am looking for some help concerning patching new servers (95% VM) via SCCM 2012 R2. SCCM has recently been rolled out for the purpose of monthly patching of all Production servers (800+).  WSUS  has been used to patch servers and Windows Update have been used to update 'new servers' thus far as WSUS does not appear to offer "all" needed updates on new servers.

The VM images/templates (50+) are currently not consistent in the patch levels across the server platforms (2003-2012 R2) that are used in production.   They would like me to download all the patches to SCCM to make them available for new server
deployments.  As opposed to downloading hundreds of unnecessary patches, I have recommended getting all the images consistent in the current patch levels and maintaining a once a year cycle in patching images; thus making SCCM responsible for up to a year of patching for the new servers. 

I am looking for ways to keep this manageable for both the VM Team the SCCM Admin. I have considered ADRs but I would prefer not to bog down the Deployments.  I would like to see/maintain 1 Deployment for new servers if possible.  The ADR design for monthly patching is already complex in order to meet the requirements of server patching.  I am open to additional thoughts please.

I am looking for ways in which others have handled new server patching via SCCM.  I don't want to make more work for them in building/maintaining images but I am concerned about downloading and maintaining a large number of unnecessary patches for the 'what-if' scenarios. 

I would appreciate your thoughts and suggestions.

Thank you.

Hello All,

I've just inherited a SCCM 2012 Setup.

I was trying to use the Offline Servicing feature and noticed that all updates were failing.

After reading the forum, I read that this didn't work well in 2012 SP1 (the version the deployment had when I got here) and have upgraded in the mean time to 2012 R2 CU2.

Unfortunately, the behavior has not changed.

What I've tried so far:

- Updated the rights on the folder where the OSD image reside to Full Control for everyone ( to eliminate security issues)

- added exclusions in the SCEP client for the offline servicing folder and the dism processes.

- disabled the scep client all together to avoid it interfering

- Disabled UAC

The entries I'm seeing in the log are the following:

Failed to install update with ID 16817599 on the image. ErrorCode = 2096 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:20 PM 4384 (0x1120)
Checking if update (62 of 62) with ID 16817968 needs to be applied on the image. 1 content binarie(s) are associated with the update. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:20 PM 4384 (0x1120)
Applicability State = APPLICABLE, Update Binary = C:\ConfigMgr_OfflineImageServicing\a5bb0642-ac6f-4237-88c9-a0973a9ce22a\windows6.1-kb3001554-x64.cab. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:23 PM 4384 (0x1120)
Applying update with ID 16817968 on image at index 1. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:23 PM 4384 (0x1120)
Failed to install update with error code -2146498512 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
InstallUpdate returned code 0x800f0830 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
STATMSG: ID=7911 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=HQWSCMI1 SITE=RBG PID=2024 TID=4384 GMTDATE=Mon Oct 13 10:25:26.389 2014 ISTR0="16817968" ISTR1="RBG001C1" ISTR2="1" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
Failed to install update with ID 16817968 on the image. ErrorCode = 2096 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
UnMounting Image (Commit Changes = 0) ... SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
Failed processing image at index 1 as one or more updates failed to install. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
STATMSG: ID=7907 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=HQWSCMI1 SITE=RBG PID=2024 TID=4384 GMTDATE=Mon Oct 13 10:26:54.909 2014 ISTR0="RBG001C1" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
Completed processing image package RBG001C1. Status = Failed SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
Updated history for image package RBG001C1 in the database SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:55 PM 4384 (0x1120)
Schedule processing failed SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:55 PM 4384 (0x1120)

All Updates fail with the same errorcodes.

Can someone help me in finding out what is causing this?

Thanks!

Filip

The title speaks for itself here. If anyone can help me out with this, I would very much appreciate it. 

Thank you

I want to configure SCCM in our environment using are existing certificate creation infrastructure. I do not want to use Microsoft Certificate services. Instead I'd rather use our OpenSSL solution. However I cannot find good documentation to work with using 3rd party certificates. Everything is related around Microsoft's certificate services.

Has anyone had any luck implementing SCCM in this manor? Documentation available to aid?

Hi All

I have setup SCCM 2012 r2 in vmware workstation lab, now i want to test OSD functionality

can any one help me ,how i can acheive this in vmware workstation with all the prerequisite.

how can i acheive pxe boot with dhcp in LAB. if any step by step blog available where its define that how i should use ip address

NAT and host only fuctioon for OSD in Vmware workstation.

I have a known file that we identified as a threat. I have the MD5 and would like an automated way to identify this file as soon as it lands on a computer. Is it possible to add this MD5 hash to SCEP? It would be great if it would just pick up on this threat and isolate it automatically. This would also allow us to get ahead of threats as soon as they are identified. Anyone that can provide some insight it would be appreciated.

Thx Jeff

Anyone know how to do this?

Thanks

Hi All,

IS there a way to delete one software update from the software update group in SCCM 2012 R2.

Regards,

Hi,

I was deploying a single Windows patch via SCCM 2012. Now this seems to work fine (I can see the deployment status) BUT I cannot see it in monitoring.

When I add the patch to a "Software Update Groups", I CAN see it in monitoring.

My question: what's the logic behind this? Why would I use an individual deployment if there is no monitoring built in. I'd need to know the KB then look into the software updates, select it and select the deployment status. Then also nobody sees that this deployment exists since it doesn't appear anywhere else.

In other words fully useless(?)

Please advise.
J.

Jan Hoedt

I am trying to set up SCCM to rollout updates for MS Office, just like I already do for Windows XP and 7.

The problem I am having is that when I search for updates for any of the office applications it just says 'No items found'

Any ideas