I am trying to push out Windows 8.1 Update 1 (KB 2919355) to a collection, containing all my windows 8.1 computers.

However, if I check the SCCM report, most of the computers (that all contain Windows 8.1 Enterprise or Pro) have a state of "Update is not required".  A couple of machines got the update alright. 

The update has not been superseeded, by any other update, and the update is for the x64 OS, and the OS of all machines is x64. 

Does anyone have a clue with it's behaving this way, or what to do from here ? 

Hi,

We have SCCM 2012 R2 deployed in an environment with both workgroup and domain joined machines. Currently only the domained joined machines have the SCCM client installed. We were thinking of bringing patching into SCCM rather than WSUS but were wondering if we install the SCCM client on workgroup machines do they need to be domain mebers to work or do they just need to be able to resolve the SCCM server?BAsically, I'm looking for confimation that we can patch non-domain joined machines via SCCM.

Thanks,

Simon

A few others and myself have begun discussing our problems with security permissions on Antimalware Policies in a previous thread: http://social.technet.microsoft.com/Forums/en-US/ee5baed5-095b-4a02-8e60-cbe3e32b5b3c/security-scopes-and-antimalware-policies?forum=configmanagersecurity

We require the ability to limit administrators permission "by policy". As it currently stands, the only option is to grant Administrators Full permissions which gives them the ability to modify every Antimalware Policy.

This is a request to enable the ability to use Security Scopes for Antimalware Policies.

Thank you.

I deployed the SCEP client to test systems at my remote site which is over a very slow WAN link. After I deployed them, their status was "Potentially Unprotected" and in the SCCM 2012 Admin Console, they were listed in the "Active Clients at risk" container. The status showed that the definitions were out of date.

So I attempted to force the definitions down to the clients by right clicking the collection they are in and selecting the "Download Definition" from the Endpoint Protection drop down in the menu within the SCCM 2012 Admin console, but this did not seem to do anything. I then RDP'ed into one of the systems where the SCEP client was having issues and I manually ran the definition update and it installed just fine and then showed a status of "Up to Date". 

I have 3 questions:

1. How soon do the SCEP clients automatically download definitions from the server (DP) after the SCEP client has been installed?

2. What are the ways that I can monitor the definition downloads to the clients either within the SCCM 2012 Admin Console, or using logs?

3. After I manually ran a definition update on the client, I ran a "Machine Policy Retrieval and Evaluation Cycle" on it from the Configuration Manager Control Panel applet and also from the Right Click Tools in the SCCM 2012 Admin Console, but this system still shows up under the "Active Clients at risk" container. If the AV is now up to date, why is it not picking this up on the Site Server yet?

Thanks for your help

Hi.

I have a server that I am trying to get the updates to install through software center. I have verified that the correct boundary is created and that the packages are at the DP. In software center all the updates just say downloading (0% complete). I read about checking IIS and I verified that all the correct settings are in place. I have checked the ContentTransferManager.log file it just states that CTM job {E376AB38-8BAE-41CC-8CDD-6C29A7AF3C37} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA

Does anyone know what else I can check?

Thank you.

Most of our clients do NOT have the ability to just head out to the internet to get things (via proxy or otherwise) and as such, I have configured my Malware policy to use "Updates distributed from Configuration Manager" ONLY

I do NOT want it trying to get updates from ANYWHERE ELSE.

Some aren't behaving. :(

I am seeing log entries that indicate that the client is trying to go out to the Internet to get the updates.

Here is a cycle of the machine's more recent attempt:

2014-01-27 19:51:43:096 3616 e38 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0000)  ===========
2014-01-27 19:51:43:096 3616 e38 Misc   = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
2014-01-27 19:51:43:096 3616 e38 Misc   = Module: C:\Windows\system32\wuapi.dll
2014-01-27 19:51:43:096 3616 e38 COMAPI -------------
2014-01-27 19:51:43:096 3616 e38 COMAPI -- START --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 3616 e38 COMAPI ---------
2014-01-27 19:51:43:096 3616 e38 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 1032 e7c Agent *************
2014-01-27 19:51:43:096 1032 e7c Agent ** START **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:51:43:096 1032 e7c Agent *********
2014-01-27 19:51:43:096 1032 e7c Agent   * Online = Yes; Ignore download priority = No
2014-01-27 19:51:43:112 1032 e7c Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2014-01-27 19:51:43:112 1032 e7c Agent   * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2014-01-27 19:51:43:112 1032 e7c Agent   * Search Scope = {Machine}
2014-01-27 19:51:43:112 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:51:43:128 1032 e7c Misc  Microsoft signed: Yes
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:54:40:342 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:54:40:358 1032 e7c Misc  Microsoft signed: Yes
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:57:37:603 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-01-27 19:57:37:619 1032 e7c Misc  Microsoft signed: Yes
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Misc WARNING: DownloadFileInternal failed for http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee2
2014-01-27 19:59:10:844 1032 e7c Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
2014-01-27 19:59:10:891 1032 e7c Agent   * WARNING: Exit code = 0x80072EE2
2014-01-27 19:59:10:891 1032 e7c Agent *********
2014-01-27 19:59:10:891 1032 e7c Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:891 1032 e7c Agent *************
2014-01-27 19:59:10:891 1032 e7c Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2014-01-27 19:59:10:906 3616 458 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:922 3616 458 COMAPI   - Updates found = 0
2014-01-27 19:59:10:922 3616 458 COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
2014-01-27 19:59:10:922 3616 458 COMAPI ---------
2014-01-27 19:59:10:922 3616 458 COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-01-27 19:59:10:922 3616 458 COMAPI -------------
2014-01-27 19:59:10:922 3616 5d0 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
2014-01-27 19:59:10:922 3616 5d0 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
2014-01-27 19:59:15:891 1032 e7c Report REPORT EVENT: {45AA9823-28E9-4632-92BE-AF48B4BB8710} 2014-01-27 19:59:10:891-0000 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 System Center Endpoint Protecti Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
2014-01-27 19:59:15:969 1032 e7c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2014-01-27 19:59:15:969 1032 e7c Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
2014-01-27 19:59:15:969 1032 e7c Report CWERReporter finishing event handling. (00000000)

Anyone have any suggestions?  I don't want the machines to EVER try to go out to the internet when they are trying to update their SCEP defs.

Hi,

I did the delta sync and created a software update package yesterday. Today I noticed the following in wsyncmgr.log

Deleted 1 orphaned content folders in package AAA (November2014)

I haven't enabled the scheduled WSUS sync, what could be the reason that it did this.

I believe this is changed only when full sync is done but not when delta sync is done.

What could be the reason for this please.

Hi

I am deploying Windows 7 and Office 2010 updates via SCCM 2012 sp1 and have a couple of questions

Question 1)

The updates are made available to clients at 9am on a Tuesday morning.  The users get notification that updates are available to install.  If the user doesn't install the updates, the client will wait 24hrs and then install the updates automatically.  We have set the restart behaviour to 24hrs, so again, the user will get a pop up saying that their machine will restart in 24hours.  In my testing I have seen no more pop ups appear until 15 minutes before a restart is due and then a window appears with a count down of 15 minutes but I think this might be standard behaviour.  I am not sure why there are options in the client settings to remind users frequently about the impending installation of update but not of impending restarts.  The reason we delay the restart by 24hrs is to give the users the chance to restart their machines over night.  Is there a way of providing more notifications of computer restarts ?  The User Experience in the deployment of the updates is set toDisplay in software center and show all notifications.  We have Group Policy set to Not Configured for Windows Updates apart from the user policyRemove Access To All Windows Update Features which is set to 0 - Do not show any notifications.

Question 2)

Another issue we have is that we have client machines restarting without any warning at all.  I have tested setting the user experience to suppress restarts but have the issue regardless.  It appears that this happens if the client is off when the deployment schedule reaches its deadline and the restart time is missed.  I had one user who did restart her machine because she was prompted to restart.  When the machine came back up it looked like it installed another update and then just resarted without any warning.  This hasn't happened often but a one user was on a Lync call when the restart occured and she was not happy.

Any help would be much appreciated.

Thanks

Am on SCCM 2012 SP2 and have EndPoint protection client deployed to computers during the Task Sequence, and they get the update.

The next day I will try an update from the client's GUI and will get the error "Virus and spyware definitions couldn't be updated". 

In the antimalway policy applied to the collection the device is a member of, I indeed have its definition update source set to "Updates from UNC file shares", then in the server path for the UNC, it is set to "\\server.domain.com\D$\sources\Packages\Apps\Microsoft\EP_Definitions\Updates\x86" which is where the "mpam-fe.exe" and "nis_full/exe" files are. 

I have no maintenance windows set on the device collection that this antimalware policy is applied to. 

Hi

I'm having a bit of a nightmare trying to get a client to update from Systems Center when using WSUS.

I've installed and downloaded on Systems Center the necessary updates etc but the test PC had difficulty downloading the updates. 

Upon research I had put in the group policy the name and port of the server in the "Specify intranet Microsoft Update service location" but apparently this was wrong as it uses the configuration manager and software update point, so the group policy intranet entry is now disabled.

The PC then updated and I thought that it was working.   However upon looking further, I believe that all that is happening is the PC is going direct out to the internet for the updates instead!   There is no status change in the configuration management console (in Deployments it is saying Unknown) and there were far more updates being applied than I'd configured in the Software Update Group.

My sanity is close to breaking as this seems far more complex than it should be.   

What should I have in the Group Policy?   What logs are most useful in helping me figure out what I'm doing wrong?

Thanks for any help.

Hi,

We have some machines that were imaged and the Appv 5.0 client was not installed so I would like to query these machines so that I can deploy the package. Is there a query available for SCCM 2012 that will get the computer that don't have App v 5.0 installed? TIA

It is well documented that offline servicing/patching of the operating system can only be performed with CBS (Component Based Servicing) updates.  What does not seem to be well documented is what updates are CBS compliant.  Does anyone have guidance on obtaining a list of CBS or non-CBS updates?  It would be preferable that this not require downloading the update to make the distinction.

Thanks!

This is using SCCM 2012 SP1.

Registry key, value and property remediation. The case is forcing tvsu.exe to run as admin, which prompts users for permissions that they dont have. Its a way to stop the end user from installing software through Think Vantage tool. The need is that these exist in the HKLM.

Key Path: HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

Value name: C:\Program Files\Lenovo\System Update\tvsu.exe

Data Type : REG_SZ

Value Data: RUNASADMIN

There are 2 parts to this, first the key Layers doesnt exist (Problem 1), then the Name and Properties don't exist under Layers (Problem 2)

To resolve this I am using 2 Configuration Items:

First checks if "Layers" exists, if it doesnt it should remediate by creating it, which it isnt.

Second checks if the Value and Data are correct, which dont exist and again is not creating it.

The settings for compliance on both are "Registry key must exist on client devices" but under the Compliance Rules it is showing "Remediate:No", and I cannot find a place to change that. I know the evaluations work since I can create the items manually and compliance will show compliant for both, and if they dont exist it tells me non-compliant. Under the Baseline deployment I do have the 2 check boxes checked for remediation as well.

What am I missing? Is this only able to report compliance status and not able to actually remediate when using the methods for registry?

EDIT: I realize I shouldnt need both CI's but I created the one for the Key path to validate if that was the cause of the non-remediation.

I need to piece together a workflow that accounts for servers requiring additional patches/reboots after the first install/reboot. The environment I am working in has a few months of backdated patches that need to get installed within a short timeframe. I ran a few tests and found that after the first batch of updates installs and reboots there are more updates waiting at next bring up.

I'm thinking something similar to the following, but I'm not sure how to forcefully trigger an update scan after the automated reboot.

1. Deploy updates.
2. Force install.
3. Force reboot.
4. Immediately scan for more updates.
5. Force install.
6. Force reboot.

Hi,

Has anyone come across a list of prerequisite updates that Windows 8.1 Update 1 (KB2919355) requires ?  According to the link below, it particularly needs KB2919442, but doing some testing & manual installing, it looks like it needs more updates than just that one.  Currently we only deploy updates that have a severity level (eg. Critical, Important, etc.).  KB2919442 has a severity level of None, so it doesn't get deployed.  Windows 8.1 Update 1 (KB2919355) has a severity level of Critical.

http://windows.microsoft.com/en-ca/windows-8/install-latest-update-windows-8-1

Thanks

I have created a few CI's that check for a value in the registry. The key I'm using in the setting is the 32 bit HKLM\Software key. I have checked the box "This registry value is associated with a 64-bit application". What I'm looking for is a 32-bit application installed on both 32 and 64 bit operating systems. With that box checked, according to this article (http://technet.microsoft.com/en-us/library/gg712331.aspx) it will search in both the 32 and 64 bit registry locations, meaning it should check in HKLM\Software as I have in the setting and also in HKLM\Software\Wow6432Node. Is this correct?

I'm asking because it isn't doing this and reporting that the 64 bit computers are non-compliant instead, when they are compliant. How do I get it to check the 64 bit registry path without building separate CI's and adding them to a separate 64 bit baseline?

There multible versions of client deployed at same time. I'm using stadard software updates deployment process to keep clients up to date. NOT talking about definitions, but client version!

I have FEP and SCEP clients out there. When I go to All software updates and search for "endpoint protection client" I will have four FEP (4.1.552.0, 4.3.215.0, 4.5.236.0, 4.6.305.0) updates and three SCEP updates (4.3.215.0, 4.5.216.0, 4.6.305.0) to client deployed in the same update packages! All of them with various number of Required and Installed status.

The obious reason for this is that older client update packages are not marked as superseeded updates. Any thoughts on why? I am going to exclude old ones with custom severity method, but is there a automatic method available?

.Marko

Hi If Sccm 2012 R2 is monitored by some other tool other then SCOM then which services needs to be monitored

and what requiremnts to be given to that third part admin, so that he can monitor SCCM properly.