Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all 6382 articles
Browse latest View live

SUP and WSUS

October 15, 2014, 10:22 am
$
0
0

Hi guys.

I have 2 questions about SUP:

1. I Install WSUS in CAS and I Install SUP in CAS. I need exclude the old GPO that points to the old WSUS?

2. If i have one WSUS in a stand-alone server, i can use that? I need install SUP in CAS and the SUP configuration is same the WSUS?

THANKS!!!

Atenciosamente Julio Araujo

Search

SSRS Account problems

October 15, 2014, 8:13 am
$
0
0

I am getting the following error when running SCCM Reports from the web interface.

  • An
    error has occurred during report processing. (rsProcessingAborted)

  • Cannot
    impersonate user for data source
    'AutoGen__5C6358F2_4BB6_4a1b_A16E_8D96795D8602_'. (rsErrorImpersonatingUser)
  • Log
    on failed. Ensure the user name and password are correct. (rsLogonFailed)
  • For
    more information about this error navigate to the report server on the local
    server machine, or enable remote errors

    Checked with DBA and the account it is trying to use is locked out, this account was incorrectly set, and now needs to be changed to the correct one.

    Will changing just the Reporting Services Point account fix this for me? I have changed it and still seem to be getting the same error?

Automatic Deployment Rules SCCM 2012 R2

October 15, 2014, 6:27 am
$
0
0

Hello,

i have the following Situation.

I created a ADR for my Key Users. This ADR dowloads the needed updates add them to a a existing Deployment Group and add them to a Deployment Package.

When the ADR is starting, the Deployment package is updated and the Deployment Package is distributing to my DPs.

I have a second ADR, which does the same but a bit later (one week) and for my "Production Clients".

If the second ADR is starting, and MS offers new updates they will be downloaded and pushed on my Production Clients without beeing tested by the key users.

Another effect is that the Deployment Package is redistributed to my DPs and the packe has a size of 15 GB.

Any ideas how i can deal this?

SCCM 2012 R2 - Remove ability to modify folders and retain create collection

October 16, 2014, 11:03 am
$
0
0

Hi All,

I am working through Role Based administration permissions and running into some hold ups.  I am currently attempting to segregate access for "Edge Administrators" in a way that they can only manage their own items.  essentially i would be setting up a lower level administrator role which has the ability to manage all functions excluding infrastructure items.  I have pretty well configured it exactly as i need however i am not able to remove the ability to create and modify folders within the tree.  In most cases this would not be a big deal but i am trying to remove all possibility for these "Edge Administrators" to modify anything outside of their assigned scopes and collections.

Has anyone had success with setting this sort of thing up?  i can remove the ability to manage folders however this removes the ability for the admins to create collections.  any suggestions would be very much appreciated.

Thanks,

JAK


KB2976897 is not expired?

October 16, 2014, 11:32 am
$
0
0

Hi All,

KB2976897 (MS14-045) had some issues back in August and Microsoft ended up pulling that update and expiring it.  At least I thought I did.  I remember checking my console back in August and it showing as expired (I have a screenshot that i sent my manager since he was concerned about it that shows it as expired).  When I look in my console now, the update is not expired.  Also, when I check my test environment, it is not expired there either, nor in one other SCCM environment that I have access to. From what I understand, MS14-045 should not be deployed/installed since an update was released later in August to replace it.  Unfortunately all my systems are showing KB2976897 as being required and since I'm not deploying it, my compliance numbers are off. 

Any ideas on this update.  Should it be deployed or should it be expired? 

SCUP 2011 support for multiple SCUP console users

October 16, 2014, 1:03 pm
$
0
0

Will Microsoft or does microsoft have a solution to allow for multiple users to upload catalogs and install and use the SCUP 2011 console on workstations? Will SCUP 2011 database support multiple users now or in the future and is it supported? thank you

Issue getting SCCM to show KB2998527 (Russia timezone patch) in all software updates

October 16, 2014, 1:28 pm
$
0
0

Hello,

We are having issues getting the September 2014 Russia timezone patch to show up in SCCM all software updates list.  My colleague did make sure to change WSUS to include it and he did manually get it.  When we go into SCCM, we are unable to still get it to show up in the list even after doing an update sync.

Please let us know how we can get this update to show up in the list as we would like to deploy it company-wide.

Thank you.

Justin


Deploying Windows 8.1 Update 1 - KB2919355

September 18, 2014, 6:07 am
$
0
0

Hi, I know "Update 2" is available now (KB2975719), but I'm still testing it. But I want to push "Update 1" (KB2919355) to all my Windows 8.1 machines.

This wasn't a problem in the past, you just had to ensure the pre-req KB2919442 was installed, and that "Update 1" is given a sufficient "Maximum Run Time" (more than the default 10 mins).

Then another pre-req came along, KB2939057. But it was still offered to the machines, and installed fine.

Now I notice that Update 1 (KB2919355) is no longer being offered to most of my machines. Does anyone know why this is?

You can still download it manually and install it. Or you can run a Windows Update and install various "Critical Updates" for 8.1 (these updates are not visible in SCCM Software Updates), and that seems to make it available then.

Any ideas why most machines are not requesting Update 1, and can't get SCCM to push it to them?

Thanks.


Search

SCUP - Cert verificataion failed

October 17, 2014, 7:46 am
$
0
0

Hi,

i do have an issue with our SCUP.

A month ago our code signing certificate was expired. So i created a new certificate an implemented it in our scup environment.

The publishing of new updates works like before with that certificate.

But now i want to republish updates that are expired, but scup fails to do that, and logs the following errors:

2014-10-17 14:14:36.361 UTC    Info    Scup2011.4    CabUtilities.CheckCertificateSignature    File cert verification failed for \\NTVMSM03\UpdateServicesPackages\763f2347-aff8-418d-994f-2976f0e37f6f\0f0d4a1d-83aa-4394-b253-60335c681629_1.cab with 2148204801   

2014-10-17 14:14:36.362 UTC    Error    Scup2011.4    Publisher.VerifyAndPublishPackage    VerifyAndPublishPackage(): Failed to Verify Signature for file: \\NTVMSM03\UpdateServicesPackages\763f2347-aff8-418d-994f-2976f0e37f6f\0f0d4a1d-83aa-4394-b253-60335c681629_1.cab       

I checked the .cab-Files and they are signed with the expired certificate.

In the Publish Software Update Wizard i already activated the option "Sign all software updates with a new publiishing certifcate...", but i'm still running in the errors.

Am i doing something wrong, or did i forgot something?

Every advice is appreciated.

Thanks,

Torben

wsyncmgr.log errors - Can't delete orphaned content folders

October 17, 2014, 1:13 pm
$
0
0
I obviously did something wrong when I dumped some Software Updates packages when learning this product.

My wsyncmgr.log is full of red errors like the following:

Failed to delete orphaned content folder \\servername\Packages$\SoftwareUpdate_Packages\Win7Win8-2011\0c88da7f-2df1-4618-9df4-7f353202ab0c, error 0x5

I read that 0x5 may be a permissions error. I looked at the folder permissions in this area and the server itself has full permissions. 

No luck finding this solution in the wide world yet.

Thanks for any advice.

Sync Failed: Login failed for user when trying to Synchronize updates

October 17, 2014, 9:33 am
$
0
0

Hello.  I've got my Primary site setup with WSUS and have to going to my existing SQL database on the same server.  I added the Software Update Point role to my primary server, but it doesn't seem to be working.  When I look in the wsyncmgr.log I see the following:

Sync failed: Login failed for user 'DOMAIN\MY-SERVER$'. Source: Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrowSMS_WSUS_SYNC_MANAGER10/17/2014 11:12:05 AM4700 (0x125C)

I'm not sure what it is trying to log in to, maybe the SQL server, but I'm not sure because its doesn't say anything about SQL.  Any help is greatly appreciated.  Thanks


How to monitor patches installing?

October 17, 2014, 1:01 pm
$
0
0

We are testing Automatic Deployment Rules (SCCM 2012 R2) this weekend with 15 or so machines.  Is there a way to monitor the machines to see that they are installing their updates and things like that?  Not sure if I just have to run a certain report and keep refreshing it or if there's some way to watch them tick off the needed updates as they install or anything like that.

Thanks.

Deploying Windows 7 and Office 2010 updates for both English and Japanese machines

October 17, 2014, 3:33 am
$
0
0

Hi

I am in the process of deploying Windows 7 and office 2010 updates.  i have downloaded and deployed only English language updates so far, however as we have now got a group of users in Japan using Japanese Windows 7 and Japanese Office 2010 I now need to deploy to them.  I have selected the Japanese (Japan) in the Software Update Point configuration but how do I now download and deploy the updates to japanese machines which I have already downloaded ?

From what I can tell, I have to download each update again and select Japanese as well as English and then choose to an existing deployment package to update (The update package will then contain both English and Japenese versions of the updates).  From there I just deploy the updates to all machines and the japanese machines will install the japanese version of the update and the English machines will install the English version.  Is that correct ?

I I redownload the updates with both Japenese and English language selected and deploy to all machines, what will happen ?  Will the English machines just install the English version and the Japanese the Japanese version.

The Japanese machines are reporting that the updates which are currently downloaded are required but as they are currently English Language only if I deploy them to Japanese machines, what will happen ?  Will the Japanese machines simply ignore the updates because they are English only, even though they are reporting that they need them ?

I will be using ADR in the future to make this a simpler process but at the moment it is still a manual process.

Thanks

G

Computers report "not required", but why ?

June 30, 2014, 7:04 am
$
0
0

I am trying to push out Windows 8.1 Update 1 (KB 2919355) to a collection, containing all my windows 8.1 computers.

However, if I check the SCCM report, most of the computers (that all contain Windows 8.1 Enterprise or Pro) have a state of "Update is not required".  A couple of machines got the update alright. 

The update has not been superseeded, by any other update, and the update is for the x64 OS, and the OS of all machines is x64. 

Does anyone have a clue with it's behaving this way, or what to do from here ? 

SUP: How to deploy superseded Software Updates?

February 14, 2014, 4:51 am
$
0
0

Hey,

so, we are deploying Security Updates via Software Update Point in a planned schedule and we have to "announce" the updates to be installed.

Now i accidently synchronized the update point and some of the updates have been superseded. Is there any way for us to deploy those superseded updates anyway?

Thank you!

Search

Offline Servicing failing (InstallUpdate returned code 0x800f0830)

October 13, 2014, 7:09 am
$
0
0

Hello All,

I've just inherited a SCCM 2012 Setup.

I was trying to use the Offline Servicing feature and noticed that all updates were failing.

After reading the forum, I read that this didn't work well in 2012 SP1 (the version the deployment had when I got here) and have upgraded in the mean time to 2012 R2 CU2.

Unfortunately, the behavior has not changed.

What I've tried so far:

- Updated the rights on the folder where the OSD image reside to Full Control for everyone ( to eliminate security issues)

- added exclusions in the SCEP client for the offline servicing folder and the dism processes.

- disabled the scep client all together to avoid it interfering

- Disabled UAC

The entries I'm seeing in the log are the following:

Failed to install update with ID 16817599 on the image. ErrorCode = 2096 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:20 PM 4384 (0x1120)
Checking if update (62 of 62) with ID 16817968 needs to be applied on the image. 1 content binarie(s) are associated with the update. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:20 PM 4384 (0x1120)
Applicability State = APPLICABLE, Update Binary = C:\ConfigMgr_OfflineImageServicing\a5bb0642-ac6f-4237-88c9-a0973a9ce22a\windows6.1-kb3001554-x64.cab. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:23 PM 4384 (0x1120)
Applying update with ID 16817968 on image at index 1. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:23 PM 4384 (0x1120)
Failed to install update with error code -2146498512 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
InstallUpdate returned code 0x800f0830 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
STATMSG: ID=7911 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=HQWSCMI1 SITE=RBG PID=2024 TID=4384 GMTDATE=Mon Oct 13 10:25:26.389 2014 ISTR0="16817968" ISTR1="RBG001C1" ISTR2="1" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
Failed to install update with ID 16817968 on the image. ErrorCode = 2096 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
UnMounting Image (Commit Changes = 0) ... SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:25:26 PM 4384 (0x1120)
Failed processing image at index 1 as one or more updates failed to install. SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
STATMSG: ID=7907 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=HQWSCMI1 SITE=RBG PID=2024 TID=4384 GMTDATE=Mon Oct 13 10:26:54.909 2014 ISTR0="RBG001C1" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
Completed processing image package RBG001C1. Status = Failed SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:54 PM 4384 (0x1120)
Updated history for image package RBG001C1 in the database SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:55 PM 4384 (0x1120)
Schedule processing failed SMS_OFFLINE_SERVICING_MANAGER 10/13/2014 12:26:55 PM 4384 (0x1120)

All Updates fail with the same errorcodes.

Can someone help me in finding out what is causing this?

Thanks!

Filip

Clients failing to install Microsoft updates

October 20, 2014, 3:40 am
$
0
0

Almost all of the ConfigMgr 2012 R2 Clients are failing to install software updates.

When I look updateshandler.log I see lot's of errors:


Deployment status shows:

SCCM 2012 software update point not sync with Microsoft Updat,

October 20, 2014, 1:25 am
$
0
0

Hi 

Recently my SCCM 2012 software update is not syncing with microsoft update, am getting below error.  can any one suggest/help me how to resolve this issue.

WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Systems restarting after resuming BitLocker when restarted by update.

October 2, 2014, 10:49 am
$
0
0

SCCM 2012 SP1 with the client setting "Suspend BitLocker PIN enrty on restart" problem is after suspending the PIN entry and the system is retarted by SCCM the bitlocker PIN protector is resumed followed by another reboot. From the rebootcoordinator.log

Reboot initiated RebootCoordinator 10/1/2014 10:12:00 AM 844 (0x034C)
Retry resuming bit-locker TPM PIN protector. Retry count 1 RebootCoordinator 10/1/2014 10:16:55 AM 4588 (0x11EC)
Attempting to resume TPM PIN protector. RebootCoordinator 10/1/2014 10:16:55 AM 4588 (0x11EC)
Resumed bit-locker protectors on system volume RebootCoordinator 10/1/2014 10:16:58 AM 4588 (0x11EC)
Retry resuming bit-locker TPM PIN protector. Retry count 1 RebootCoordinator 10/1/2014 10:21:08 AM 1108 (0x0454)
Didn't suspended bit-locker. Do nothing and return. RebootCoordinator 10/1/2014 10:21:08 AM 1108 (0x0454)
Entered ScheduleRebootImpl - requested from 'UpdatesDeploymentAgent'. Rebootby = 0. RebootCoordinator 10/1/2014 10:21:09 AM 4728 (0x1278)
Scheduled non mandatory reboot from agent UpdatesDeploymentAgent RebootCoordinator 10/1/2014 10:21:09 AM 4728 (0x1278)
Raising client SDK event for class NULL, instance NULL, actionType 3l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l RebootCoordinator 10/1/2014 10:21:09 AM 4728 (0x1278)

So when you log on the prompt for restart ballon starts showing up

Thanks.

Deploy software update to a single device in sccm 2012 r2

October 20, 2014, 1:49 pm
$
0
0

How can I deploy updates to a single device that is part of a larger collections group? The only option I see when running the deployment Software Update Wizard is to select the whole device collections, but i only want to deploy it to one server.

Thanks,

Eric

Viewing all 6382 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>