Hi Everyone,
I'm having a strange issue in my SCCM2012 environment.
We deploy updates via WSUS and SCUP.
Actually we have two infrastructure, one with SCCM2007 and one with SCCM2012.
We are planning to migrate the 100% of the infrastructure on SCCM2012.
The problem is that when I deploy an OSD Task from SCCM2012 the updates on the client are installed (java & Apple).
If I upgrade a SCCM2007 Client on 2012, the Java & Apple updates fail.
Any suggestion?
Cheers
Software Updates Groups for Windows 7 were created on a monthly basis from November 2013 to June 2014. Each of these deployments are having issues reporting any data in the "Deployments" Section of SCCM.
Patch groups created prior to November 2013, and Past June 2014 appear to be fine, and are distributing content and installing updates with ANY issue.
Upon recreating the "broken" patch groups - nothing appears to change. I've went as far as to deleting the content, and renaming everything, recreating all the groups, and still no luck.
Any suggestions regarding why these groups may fail to provide any deployment status?
I am working in a server environment and we have SCCM 2012 setup recently. Looks like we have all the ports opened in one direction (SCCM clients - SCCM server), we do not have any ports opened in the opposite direction(SCCM server - SCCM clients). Because of this I am unable to communicate any new updates (Example - a new Maintenance Window created for a collection), I have to create a Maintenance Window 3 days before the patching time so that clients pull the update from SCCM else I have to end up running ACTIONS on each server manually in case of emergency.
I am unable to use the feature "Client Notification - Download User Policy and Download Machine Policy" as 10123 and 80 (fallback port) both are blocked.
I am asked to put in an ACL request by my manager on the ports I need to get opened from SCCM server to client servers. Do i just need 10123 and 80? Or am I missing anything?
Your help is appreciated. Thanks!
Hi All,
I've got 3 test systems with SCEP installed. They all receive definitions just fine. Unfortunately they are not receiving the custom antimalware policies i've created. I found this blog that tells me a command i can run against the registry to see what policies are applied:
reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d
http://www.niallbrady.com/2013/02/17/how-can-i-determine-what-antimalware-policy-is-applied-to-my-scep-2012-sp1-client/
and it returns the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy
All Windows SCEP Clients Policy (Scan Schedule) REG_DWORD 0x2
All Windows SCEP Clients Policy (Threat Default Action) REG_DWORD 0x2
Windows Server Scanning Exclusions (Excluded) REG_DWORD 0x2
Default Client Antimalware Policy (Excluded) REG_DWORD 0x2
All Windows SCEP Clients Policy (Realtime Config) REG_DWORD 0x2
All Windows SCEP Clients Policy (Advance Setting) REG_DWORD 0x2
All Windows SCEP Clients Policy (Spynet) REG_DWORD 0x2
All Windows SCEP Clients Policy (Signature Update) REG_DWORD 0x2
All Windows SCEP Clients Policy (Scan) REG_DWORD 0x2
End of search: 9 match(es) found.
The way I read that means that the "All Windows SCEP Clients Policy" settings are all applied. The "Windows Server Exclusions" policy is excluded for some reason.
My custom policies set scan times different than the default and i have some exclusions. When I launch the SCEP client on the local computer, i don't see the set scan times, just the default scan times. I also don't see the exclusions. I see in that req query command that the Exclusions are (Excluded), but the scan schedule should apply. The priorities on the applied AMP (antimalware policies) are:
Default Client AntimMalware Policy 10000
All Windows SCEP Clients Policy 21
Windows Server Scanning Exclusions 5
These policies are applied to appropriate collections. When I click on the system in question in the console and look at the antimalware policies, it lists those three.
I cannot for the life of me get these policies to apply even though they have what i think are the right priorities. The way i understand it, the policies stack for most of the settings. So the default settings get set by the default policy. Then the "All Windows SCEP Policy" settings would override or merge with any settings in the default policy. Then the "Windows Server Scanning Exclusions" policy would override or merge with any of the previous two policies. Am I misinterpreting things here?
I have deployed a set of Office 2013 updates to client workstations, however all of them are sitting at the status "Downloading (0% complete)". We previously deployed normal Windows Updates which went through fine, so I'm trying to figure out why this particular deployment is failing to download.
Any ideas?
Hi,
We get many report with same computer in the SCEP alerts.
I have an email sent to support desk for "Malware detection", but same computer ends upp severaltimes long time after it have been cleand with success. I dont have "repeated malware detection" alerts enable.
So why same alerts reported several times even if it have been removed?
/SaiTech
Hi,
I am trying to install the CU2 update for SCCM 2012 R2 and I am getting the following error during prerequisite checks:
Server update status: This update applies to product version 5.0.7958. The installed version on this computer is 5.0.7804.1000. This update is not applicable to this computer.
Console update status: No serviceable configuration manager role was found on the local system.
Can anyone provide me some guidance or thoughts on how to get to the correct version to install this update?
Thank you
SCCM 2012 R2
So I'm working on patching up our servers and am not sure how the Software Update Group gets created.
I created an Automatic Deployment Rule for the group of machines I want to patch and chose to Add to an existing Software Update Group. However, it never prompted me for what group to update. I checked under Software Update Groups and only have ones from our workstations that have been in there for a while.
Do I have to manually create the Software Update Group for the servers to use and if so, where do I do that in the Confir Manager program?
Also, on a side note, when I view my ADRs, a couple of them say: Auto Deployment Rule results exceeded maximum number of updates. Not sure if that's when I need to somehow break them up into Monthly groups or something like that? I know there's a hard limit of updates per something but this was all originalyl configured by an external consultant so no one here is fully up to speed on all the nuances yet.
Thanks!
hi,
i've installed system center 2012 R2 in my lab in order to test endpoint protection.
I am trying to deploy endpoint protection client on some windows 2012 R2 servers i got ( the server role is already installed on the system center server)
system center didn't installed to clients for me so i've installed them manually but now they are un-managed ( the is their state in the system center monitor). how can i sync the clients with system center?
I have a software update deployment that is configured to install software updates on a collection of servers at 4:00 AM with a suppressed reboot. The updates get deployed and no reboot occurs as expected. Then ~8 hours later WUA starts up and the servers get rebooted.
There is a maintenance window applied to the collection from 4:00 AM to 6:00 AM to allow the updates to install.
I've read a few forum and blog posts on this issue and have implemented some settings via GPO, but the reboots are still occurring. The settings that were applied are referenced in the link below.
https://support.microsoft.com/kb/2476479?wa=wsignin1.0
Here is a snippet from the WindowsUpdate.log:
2014-10-22 12:00:26:153 1428 8a88 AU Received AU Resume timeout
2014-10-22 12:00:26:153 1428 8a88 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:00:26:153 1428 8a88 AU Can not perform non-interactive scan if AU is interactive-only
2014-10-22 12:02:08:512 1428 8a88 AU AU received policy change subscription event
2014-10-22 12:16:43:463 1428 8a88 AU ########### AU: Uninitializing Automatic Updates ###########
2014-10-22 12:16:43:479 1428 8a88 WuTask Uninit WU Task Manager
2014-10-22 12:16:43:697 1428 8a88 Service *********
2014-10-22 12:16:43:697 1428 8a88 Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-10-22 12:16:43:697 1428 8a88 Service *************
2014-10-22 12:19:29:728 1428 e584 Misc =========== Logging initialized (build: 7.8.9200.16604, tz: -0400) ===========
2014-10-22 12:19:29:728 1428 e584 Misc = Process: C:\WINDOWS\system32\svchost.exe
2014-10-22 12:19:29:728 1428 e584 Misc = Module: c:\windows\system32\wuaueng.dll
2014-10-22 12:19:29:728 1428 e584 Service *************
2014-10-22 12:19:29:728 1428 e584 Service ** START ** Service: Service startup
2014-10-22 12:19:29:728 1428 e584 Service *********
2014-10-22 12:19:29:744 1428 e584 Agent * WU client version 7.8.9200.16604
2014-10-22 12:19:29:744 1428 e584 Agent * Base directory: C:\WINDOWS\SoftwareDistribution
2014-10-22 12:19:29:744 1428 e584 Agent * Access type: No proxy
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Agent * Network state: Connected
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 2.
2014-10-22 12:19:29:744 1428 e584 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 2.
2014-10-22 12:19:29:791 1428 e584 Agent *********** Agent: Initializing global settings cache ***********
2014-10-22 12:19:29:791 1428 e584 Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2014-10-22 12:19:29:791 1428 e584 Agent * WSUS server:http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:791 1428 e584 Agent * WSUS status server:http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:791 1428 e584 Agent * Target group: (Unassigned Computers)
2014-10-22 12:19:29:791 1428 e584 Agent * Windows Update access disabled: No
2014-10-22 12:19:29:791 1428 e584 Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
2014-10-22 12:19:29:806 1428 e584 WuTask WuTaskManager delay initialize completed successfully..
2014-10-22 12:19:29:822 1428 e584 Report CWERReporter::Init succeeded
2014-10-22 12:19:29:822 1428 e584 Agent *********** Agent: Initializing Windows Update Agent ***********
2014-10-22 12:19:29:822 1428 e584 DnldMgr Download manager restoring 0 downloads
2014-10-22 12:19:29:838 1428 e584 AU ########### AU: Initializing Automatic Updates ###########
2014-10-22 12:19:29:838 1428 e584 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:19:29:838 1428 e584 AU AIR Mode is disabled
2014-10-22 12:19:29:838 1428 e584 AU # Policy Driven Provider:http://Internal-WSUS.Domain:8530
2014-10-22 12:19:29:838 1428 e584 AU # Detection frequency: 22
2014-10-22 12:19:29:838 1428 e584 AU # Approval type: Disabled (User preference)
2014-10-22 12:19:29:838 1428 e584 AU # Auto-install minor updates: No (User preference)
2014-10-22 12:19:29:838 1428 e584 AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Pre-install notify)
2014-10-22 12:19:29:838 1428 e584 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2014-10-22 12:19:29:838 1428 e584 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2014-10-22 12:19:29:853 1428 e584 AU AU finished delayed initialization
2014-10-22 12:19:29:884 1428 e584 AU #############
2014-10-22 12:19:29:884 1428 e584 AU ## START ## AU: Search for updates
2014-10-22 12:19:29:884 1428 e584 AU #########
2014-10-22 12:19:29:884 1428 e584 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2014-10-22 12:19:30:416 1428 e584 Report *********** Report: Initializing static reporting data ***********
2014-10-22 12:19:30:416 1428 e584 Report * OS Version = 6.2.9200.0.0.197008
2014-10-22 12:19:30:416 1428 e584 Report * OS Product Type = 0x00000008
2014-10-22 12:19:30:416 1428 e584 Report * Computer Brand = HP
2014-10-22 12:19:30:416 1428 e584 Report * Computer Model = ProLiant BL460c Gen8
2014-10-22 12:19:30:416 1428 e584 Report * Platform Role = 1
2014-10-22 12:19:30:416 1428 e584 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2014-10-22 12:19:30:431 1428 e584 Report * Bios Revision = I31
2014-10-22 12:19:30:431 1428 e584 Report * Bios Name = Default System BIOS
2014-10-22 12:19:30:431 1428 e584 Report * Bios Release Date = 2014-02-10T00:00:00
2014-10-22 12:19:30:431 1428 e584 Report * Bios Sku Number = 641016-B21
2014-10-22 12:19:30:431 1428 e584 Report * Bios Vendor = HP
2014-10-22 12:19:30:431 1428 e584 Report * Bios Family = ProLiant
2014-10-22 12:19:30:431 1428 e584 Report * Bios Major Release = 255
2014-10-22 12:19:30:431 1428 e584 Report * Bios Minor Release = 255
2014-10-22 12:19:30:431 1428 e584 Report * Locale ID = 1033
2014-10-22 12:19:30:431 1428 e584 AU <<## SUBMITTED ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:431 1428 dae0 Agent *************
2014-10-22 12:19:30:431 1428 dae0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:431 1428 dae0 Agent *********
2014-10-22 12:19:30:431 1428 dae0 Agent * Online = No; Ignore download priority = No
2014-10-22 12:19:30:431 1428 dae0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-10-22 12:19:30:431 1428 dae0 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-10-22 12:19:30:431 1428 dae0 Agent * Search Scope = {Machine & All Users}
2014-10-22 12:19:30:431 1428 dae0 Agent * Caller SID for Applicability: S-1-5-18
2014-10-22 12:19:30:494 1428 dae0 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2014-10-22 12:19:30:494 1428 dae0 Agent *********
2014-10-22 12:19:30:494 1428 dae0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:494 1428 dae0 Agent *************
2014-10-22 12:19:30:509 1428 d158 AU >>## RESUMED ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:509 1428 d158 AU # 0 updates detected
2014-10-22 12:19:30:509 1428 d158 AU #########
2014-10-22 12:19:30:509 1428 d158 AU ## END ## AU: Search for updates [CallId = {2787252C-D4B8-46B5-BB42-0C616042113C} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:509 1428 d158 AU #############
2014-10-22 12:19:30:509 1428 d158 AU All AU searches complete.
2014-10-22 12:19:30:525 1428 e584 AU #############
2014-10-22 12:19:30:525 1428 e584 AU ## START ## AU: Search for updates
2014-10-22 12:19:30:525 1428 e584 AU #########
2014-10-22 12:19:30:525 1428 e584 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list
2014-10-22 12:19:30:525 1428 e584 Agent SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2014-10-22 12:19:30:525 1428 e584 AU <<## SUBMITTED ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:30:525 1428 dae0 Agent *************
2014-10-22 12:19:30:525 1428 dae0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:30:525 1428 dae0 Agent *********
2014-10-22 12:19:30:525 1428 dae0 Agent * Online = Yes; Ignore download priority = No
2014-10-22 12:19:30:525 1428 dae0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-10-22 12:19:30:525 1428 dae0 Agent * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
2014-10-22 12:19:30:525 1428 dae0 Agent * Search Scope = {Machine & All Users}
2014-10-22 12:19:30:525 1428 dae0 Agent * Caller SID for Applicability: S-1-5-18
2014-10-22 12:19:30:525 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2014-10-22 12:19:30:541 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:541 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:556 1428 dae0 EP Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe2.ws.microsoft.com/w81/2/redir/v2-storeauth.cab"
2014-10-22 12:19:30:588 1428 dae0 Agent Checking for updated auth cab for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 athttp://fe2.ws.microsoft.com/w81/2/redir/v2-storeauth.cab
2014-10-22 12:19:30:588 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\117cab2d-82b1-4b5a-a08c-4d62dbee7782.cab:
2014-10-22 12:19:30:603 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:603 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:775 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\117cab2d-82b1-4b5a-a08c-4d62dbee7782.cab:
2014-10-22 12:19:30:791 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:791 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:791 1428 dae0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
2014-10-22 12:19:30:806 1428 dae0 Misc Microsoft signed: Yes
2014-10-22 12:19:30:806 1428 dae0 Misc Infrastructure signed: Yes
2014-10-22 12:19:30:822 1428 dae0 EP Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
2014-10-22 12:19:30:978 1428 dae0 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2014-10-22 12:19:30:978 1428 dae0 PT + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL =https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
2014-10-22 12:19:31:025 1428 dae0 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2014-10-22 12:19:31:025 1428 dae0 Agent *********
2014-10-22 12:19:31:025 1428 dae0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-22 12:19:31:025 1428 dae0 Agent *************
2014-10-22 12:19:31:025 1428 d158 AU >>## RESUMED ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:31:025 1428 d158 AU # 0 updates detected
2014-10-22 12:19:31:025 1428 d158 AU #########
2014-10-22 12:19:31:025 1428 d158 AU ## END ## AU: Search for updates [CallId = {A3E41A4C-E9CB-4172-B6B0-99D556FB9102} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
2014-10-22 12:19:31:025 1428 d158 AU #############
2014-10-22 12:19:31:025 1428 d158 AU All AU searches complete.
2014-10-22 12:19:31:025 1428 d158 AU AU setting next detection timeout to 2014-10-23 14:19:28
2014-10-22 12:19:36:025 1428 e214 Report REPORT EVENT: {E04012FD-8FFD-4259-96D5-A5A34127F0A0} 2014-10-22 12:19:31:025-0400 1 147 [AGENT_DETECTION_FINISHED] 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.
2014-10-22 12:19:36:025 1428 e214 Report CWERReporter finishing event handling. (00000000)
2014-10-22 12:29:29:914 1428 e584 AU AU invoking RebootSystem (OnRebootNow)
2014-10-22 12:29:30:055 1428 e584 AU Allowing auto firmware installs at next shutdown
2014-10-22 12:29:30:102 1428 e584 Misc WARNING: SUS Client is rebooting system.
2014-10-22 12:29:30:102 1428 e584 AU AU invoking RebootSystem (OnRebootRetry)
2014-10-22 12:29:30:367 1428 e584 Shutdwn Checking to see whether install at shutdown is appropriate
2014-10-22 12:29:30:367 1428 e584 Shutdwn user declined update at shutdown
2014-10-22 12:29:30:367 1428 e584 AU AU initiates service shutdown
2014-10-22 12:29:30:367 1428 e584 AU ########### AU: Uninitializing Automatic Updates ###########
2014-10-22 12:29:30:399 1428 e584 WuTask Uninit WU Task Manager
2014-10-22 12:29:30:445 1428 e584 Agent Sending shutdown notification to client
2014-10-22 12:29:30:445 5788 8084 COMAPI WARNING: Received service shutdown/self-update notification.
2014-10-22 12:29:30:461 1428 e584 Report CWERReporter finishing event handling. (00000000)
2014-10-22 12:29:30:539 1428 e584 Service *********
2014-10-22 12:29:30:539 1428 e584 Service ** END ** Service: Service exit [Exit code = 0x240001]
2014-10-22 12:29:30:539 1428 e584 Service *************
Any assistance is appreciated.
-Tim
Is it possible to customize SCEP alerts?
Is it possible to send an e-mail for only one active alert and close it after issue has been resolved?
Thanks
I have deployed the SCCM 2012 NAP Agent on a few clients and it goes in and out of compliance approx every 2 min.
So its compliant for 2 min then uncompliant for about 30 sec then compliant again. If I uninstall the single software update I have enforced with NAP on SCCM the update is remediated properly by NAP/SCCM but the cycling in and out of compliance continues.
I did have the agent in sccm set to 2 min evaluation cycle for testing purposes but have now reverted it back to one day. The Health Validation Point is set to 26hrs.
tconners
Hello,
I am trying to deploy Office 2010 updates to a group of PC's. I am doing everything my normal way, the same how I rollout Windows 7 updates in SCCM. But I just don't get why 2 of my 10 test machines will not download the updates. They go straight to Not-compliant - I have checked the CCMCache and they are not downloading the updates. This is what is logged in UpdatesStore.log:
<![LOG[Queried Update (fadb5ac1-8a92-441e-b520-0241c887c1c3): Status=Missing, Title=Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition, BulletinID=, QNumbers=2878252, LocaleID=, ProductID=e6cf1350-c01b-414d-a61f-263d14d133b4, UpdateClassification = e6cf1350-c01b-414d-a61f-263d14d133b4, ExcludeForStateReporting=FALSE.]LOG]!><time="09:17:05.920-60" date="10-24-2014" component="UpdatesStore" context="" type="1" thread="3096" file="cupdatesstore.cpp:1313">Every update's status=missing...
Can anyone help me out with this?
Hi, I'm trying to follow various documents but cannot find a single unified methodology for how WSUS updates are now supposed to work
I am creating software update Groups and trying to keep them under 1000 updates each as they take 2 hours or so.
So i have a Pre2103, All2013, 2014January to May, 2014 June to September and starting from this month i will do one monthly
My Client base is servers or workstations. I have 2 collections - Available (DCs SQl etc that need manual intervention) and Required (everything else)
So i now create a deployment package for each group - but now i have to do that twice? Once for available collection and once for required collection? Am i missing an easier/better way of doing this?
Once these have all been set up do i then have to deploy them with an ADR? Inject them into the Gold image of my workstations?
I would like the internal WSUS to work exactly like (or as near as can be) to the way microsoft's works. EG if i take a vanilla windows 7 or 8 build and connect it to my network, it gets the GPO, installs the client then goes to SCCM and gets alll the updates to bring itself up to date without me having to then go back into SCCM and create a specifc deployment of job or to manually send out anything.
Or will this only work when the collection gets updated and is aware of the new computer?
Thanks
Hi,
Recently I noticed that some of ours Secondary SUP's have stopped syncing. Looking at the logs I found that they cannot found SUP parent. Name resolution was OK, no firewall blocking traffic flow, SUP at Primary Site working normally, all replica SUP services online.
Then I went to the Sync Settings at Site Components of the SUP replica and the value of the option "Synchronize from a upstream data source location (URL)" had been changed!
The URL of the upstream server has the correct server name, but the 8530 port is missing! The interesting fact is that I have other SUP replicas working normally with the correct upstream server name and port.
So, my question is: Since I've installed all the replicas SUP's with the same upstream SUP settings, they have been working normally until last week, how the settings are now wrong? The property is greyed out and I cannot change it back to the correct parameter.
Is there any way to correct it without having to reinstall all the replicas SUPs?
Thanks!!
We have several Windows 7 laptops - all encrypted with Bitlocker. We have seen a huge wave of Cryptowall variants lately in our organization.
The Windows 7 desktop PCs (not encrypted) alert immediately from System Center when a Crytpowall infection is encountered, allowing techs to act quickly. Unfortunately, our Windows 7 laptops do not alert when Cryptowall infections are encountered. Cryptowall does not write the files to the Hard Drive (which is good) however it writes to anywhere the end user has access to on shared network drives.
Network servers are also covered by EndPoint Protection and those servers with file shares are using the Real-time scan option just as the workstations do.
Has anyone else experienced this anomoly? Besides using a secondary protection software on the workstations, any thoughts or suggestions?
These infections are painful. :(
Thanks, Karen Spoon at State of Washington
Karen S
I have some systems that were offline and missed their software update maintenance windows. I have maintenance windows configured to run once per month for patching. How would I ensure that systems that have missed their software update maintenance windows are patched, but do not have to wait an entire month for the next maintenance window to arrive?
Would I just setup a weekly software update maintenance window?
Is there some strategy that can be used where if a system misses a maintenance window then it can be automatically dropped into another maintenance window collection?
Thanks