Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all 6382 articles
Browse latest View live

SCCM 2012 - Maintenance Windows Issue with Update Deployment using Task Sequence

March 24, 2015, 5:29 am
$
0
0

Hi Guys,

I have a question for you!!

We use a Task Sequence to deploy "Patch Tuesday" security fix; we use the integrated step "Install Software Update" and the Task Sequence run during Maintenance Windows (1 hour).

We notice that the time remaining is not recalculated on every software update installation occur (http://blogs.technet.com/b/csloyan/archive/2010/10/24/maintenance-window-calculations-explained.aspx); it's correct?

The formula indicated in the link above is not considered in this type of software update deployment (Install Software Update task sequence step)?

Thanks a lot.

David

Search

Unable to download XP and 2003 server updates

March 30, 2015, 11:05 pm
$
0
0

When i tried to download XP and 2003 update, it completed the download process without error. But when i checked in the software update group it still shows me for all XP and 2003 server update as NO, I have also tried to download the updates with all languages but still the same. Does any one experience this issue.



Best Practices to do software Patching and Software Deployment for bigger environment like 300 K computers

March 25, 2015, 9:54 pm
$
0
0

Hi Friends,

i am looking for low level suggestions and a ppt/document etc too  , The client base is 300 k users and spread globally ( major in three different regions), the requirement is

1) methodology to do software patching, can we patch all in one go or do we have to divide as per region etc

2) How many clients can be targeted for software patching in one go ( ex : can we target 20K clients in one go ?), i know there are other factors too will play key role here like band width etc , but i am looking answers out of real time experience

3) What Methodology to follow when it comes to critical/emergency updates ?

Regards

Tanoj

OSLM ENGINEER - SCCM 2007 & 2012

In SCCM 2012, how to know the updates are expired.. for automatical deployment rule updates

March 31, 2015, 4:56 am
$
0
0
In SCCM 2012, how to know the updates are expired..   for automatical deployment rule updates

Patches failing on some clients but working on others, GetEulaText Failed, hr=80240033

February 12, 2014, 3:43 am
$
0
0

Hi

I have been using ADR for several months now and its been working great, deploying patches for Windows, Office etc without any issue.

Today, the ADR kicked in and has deployed patches which have worked on the majority of my PCs, however a few of them are failing. After refreshing policy, there are no patches attempted on the PC.

LocationServices is correctly seeing the SUPP, when I look in WindowsUpdate.log I see:

COMAPI Warning: ISusInternal::GetEulaText failed, hr=80240033

If I look in WUAHandler.log I can see the following:

HResult: 0x80240033 Context: uecGeneral Msg: The license terms of one more updates are unavailable..

Now, most of the client PCs are identical builds, Windows 7 with Office and I have two PCs I am looking at, one has applied the patches and one has not with the above errors. I've checked through the software updates group and there are no declined, expired or other patches that shouldn't be there. I don't understand how one PC can patch ok, presumably EULA is fine for them and another identical PC is getting errors saying its not available?

Any pointers on troubleshooting this further?

Thanks

Jonathan



How Do I Change The Active WSUS Server?

March 31, 2015, 4:13 am
$
0
0

Our primary has been having issues around performance and insufficient space. It has WSUS and an SUP installed.

I have created a new server to act as a DP, WSUS and SUP.  All those roles are installed and functioning correctly.

I can see both the old and the new WSUS server mentioned in the WCM.log

How do i 'switch over' to using the new WSUS as the "Active WSUS Server"?  I am happy to move to the new DB on the new server and lose the data from the old DB.

Is there a way i can test some devices using the SCCM agent to scan to the new server, without switching over big bang?

Thanks.

No Updates In Windows Update

March 31, 2015, 8:08 am
$
0
0
Just checking to see if this is still the way it is supposed to be. When we go to Windows Update on a machine managed by configmgr and scan it says "Windows Is Up To Date" and "There are no available updates for your computer". It does say updates are managed by your system administrator. It will say this even if I have an active SCCM deployment with required updates sitting on that machine waiting to be installed. Should it return these updates in Windows Updates like what WSUS used to do?

Office 2013 Updates Error - Mapped Drive

March 31, 2015, 5:04 pm
$
0
0

Event ID 11327

Product: Microsoft Office Professional Plus 2013 -- Error 1327. Invalid Drive: V:\

Event ID 1023:

Product: Microsoft Office Professional Plus 2013 - Update 'Update for Microsoft Office 2013 (KB2956177) 32-Bit Edition' could not be installed. Error code 1603

Error within Software Center: The software change returned error code 0x80070643.

These errors only occur while updating through SCCM 2012 R2 automatic software updates. I can download the update directly from the Microsoft site and install without any errors. I am a new to SCCM, but was able to push out updates for Windows 7 and Office 2010 without errors. After further testing I found that editing the Office 2013 install with the customization tool would allow the update to run. My MSP file custom install has "Remove Files" set to delete links on a mapped network drive (V:\). I am not sure how Office 2013 updates through SCCM (only) would care about a custom install portion that should be unrelated.

I plan to exclude the V drive file removals from the custom install and just do it from a script. However, I am not sure what to do about updating the machines which currently have 2013 installed and constantly error while updating through SCCM.

Search

Can't get Windows Updates to work through SCCM 2012 R2

March 25, 2015, 10:51 am
$
0
0
I'll apologize up front since I know I'm not going to include all the information I need to so please let me know what logs I can provide or other information I can add in as I'm desperate to get this figured out.

Anyway, we have SCCM 2012 R2 running and WSUS installed on the same server.  We have some ADRs setup to push out updates to our Laptops which works just fine.

The problem we're having is updating our servers.  I have created things the same way as we did for our Laptops (as far as I know) and setup a test group to deploy the updates to but they just don't pick anything up.

So here's all the detail I can think to provide for our setup.

Device Collection called Software Updates: Pilot which contains a dozen or so servers.
Automatic Deployment Rule called Servers 1 - Pilot which uses the Collection above.
ADR is set to evaluate the 1st Saturday of each month and to be made available and deadline ASAP.

When I open the Software Update Group there are tons of patches in there so it seems that this part is working.

When I run WindowsUpdate from one of the Pilot machines, it comes back and says it needs 0 patches.  When I click the link to tell it to go check online for patches, it comes back needed 70+.

I'm at a loss as to what to check, what logs to post, etc.  I have the WindowsUpdate.log files (online check vs local system check) from the client I'm focusing on to test with which I've uploaded here:
http://goo.gl/IrP3Ll

What other information or logs can I provide for someone to possibly be able to help me figure out what's not working?

Thanks in advance!

Update deployment remains at unknown status

March 31, 2015, 6:28 pm
$
0
0

I have a curious issue where the deployment summarization is showing all required clients as "Client check passed" but they never progress and further. If I drill down into the to updates with the software update group they appear to of deployed?

This is only effecting this one deployment there is nothing wrong with the clients it only appears to be the reporting mechanism?

Any help appreciated.

SCCM Deployment Technician

UpdatesDeployment.Log CUpdatesJob XYZ: Reconnect to the exiting Job failed, error 0x87d00200

March 24, 2015, 1:31 am
$
0
0

Hi can anyone please help out?

I have several clients that are not downloading a patch 0% Downloading. The download of the Update can't be cancelled.

the Log says UpdatesDeployment.Log CUpdatesJob XYZ: Reconnect to the exiting Job failed, error 0x87d00200.

ooGDoo

Enable Windos updates from other source then WSUS/SCCM for certain clients only?

April 1, 2015, 1:40 am
$
0
0

Hi,

Is there a way to enable some SCCM clients to scan for their Windows updates to ALSO Microsoft Update (and not ONLY SCCM/WSUS)? Don't find that option in client settings.

J.

Jan Hoedt

Software Updates deployment remains at unknown status

March 31, 2015, 6:28 pm
$
0
0

I have a curious issue where the deployment summarization is showing all required clients as "Client check passed" but they never progress and further. If I drill down into the to updates with the software update group they appear to of deployed?

This is only effecting this one deployment there is nothing wrong with the clients it only appears to be the reporting mechanism?

Any help appreciated.

SCCM Deployment Technician


Is it recommended practice to add SCCM service accounts to the Domain Admins group?

April 1, 2015, 8:06 am
$
0
0
I am working with an external consultant that is recommending that all of the SCCM service accounts be added to the Domain Admins group.  I am not the SCCM engineer, I am the AD guy, this is the reason I am questioning this methodology.  I have read several articles that seem to provide the appropriate configuration options for all of the SCCM accounts so I see no need to allow these accounts to have Domain Admin level access to the environment.  I don't see a reason for ANY of the service accounts to have Domain Admin, let alone all of them.  I have referenced several TechNet articles but there does not seem to be definitive guidance around this.  Could anyone assist with settling this?  Thanks in advance.

SCCM coudn't connect to database after recovering SQL server

March 31, 2015, 10:47 pm
$
0
0

Hello.

Please help to solve a problem. After crashing data storage, i have lost my SCCM and SQL server. I have restored SCCM server as virtual machine and re-install SQL server. I restored old databases to the new SQL server. Same instances and names. 

And now i have logs smsexec.log : 

*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.SMS_EXECUTIVE27.03.2015 10:34:193268 (0x0CC4)

*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connectionSMS_EXECUTIVE27.03.2015 10:34:193268 (0x0CC4)

*** Failed to connect to the SQL Server, connection type: SMS ACCESS.SMS_EXECUTIVE27.03.2015 10:34:193268 (0x0CC4)

CSiteControlEx::GetCurrentSiteInfo: Failed to get SQL connectionSMS_EXECUTIVE27.03.2015 10:34:193268 (0x0CC4)

I found that i lost my certificate 

i found article Certificate drop down menu empty when trying to select SSL certificate to enable SQL Server 2008 client encryption

but i get an error when trying to execute certificate request.

ERROR TRANSLATE ---  no information about certificate template

I don't know what to do. Plz help. This problem sticks me. :(

Search

Scheduling Baseline evaluations

April 1, 2015, 12:29 pm
$
0
0

Hi
I am created a configuration Baselines with remediation scheduled every 5 minutes. The schedule work not correctly . The compliance evaluation task is not execute every 5 minutes but randomly. it is possible to force the task at execute every 5 minutes.
Have you a idea at the problem ?
Version : SCCM R2 CU4

Regards

SharePoint Server 2013 farm software updates not available in SCCM

March 23, 2015, 1:59 am
$
0
0

At my current customer, we are currently switching over to SCCM for all Software Update Management.

For now, the only issue we are experiencing is that we do not receive SharePoint updates on our SharePoint Server 2013 farm. With WSUS we can detect these, but they are not listed in SCCM. We sync directly with Windows Update.

It are specifically the updates that are marked as "farm-deployment", as you can see in example in this image.:
http://2.bp.blogspot.com/-gI8Ew7RlY0g/VPqM0QUn6oI/AAAAAAAAIDQ/S1Ufp0x-mSU/s1600/windows%2Bupdate%2Bincludes%2Bsharepoint%2B2013%2Bpatches.png

In the SUP properties, we have enabled the Office 2013 product and all classifications besides "Tools".

Am I missing something?

Automatic create Software Update Group and assign patches

April 1, 2015, 8:38 am
$
0
0

Does someone has a e.g. powershell/vbs script which does the following:

- step 1: verify which patches are added to Windows 7 image using SCCM 2012 Offline Servicing

- step 2: verify all downloaded and deployed patches in the SCCM 2012 environment

- step 3: get the multi-reboot patches

Then creates a Software Update Group and add all patches obtained in step 2 and exclude all patches obtained in step 1 and step 3..

Then I can assign that software update group to my Reference Image task sequence and I will not ran in the currently available problems where lists are to big and software updates during the task sequence are failing :-)

Does some likes this and want to help me with it ?

I think it is a nice solution for the patch deployment problem during the reference image task sequence phase.


SCCM 2012 - Software Updates

June 23, 2014, 9:59 am
$
0
0

Hi All,

I need some advice on the below KB's hot fixes, i have synced the software updates in which i am unable to find the below KB hot fixes in the SCCM console. Please help why its not displaying since i chosed all the options in product and classification

KB2775511
KB2732673
KB2728738
KB2878378

Regards, Pratap

SCEP Definition Updates from WSUS

April 2, 2015, 7:47 am
$
0
0

I am currently using ConfigMgr (SUP) for all update patching including SCEP definitions (the 3 times a day scenario) but I was wondering if I can configure the clients so they just get their SCEP definitions from a stand-alone WSUS yet continue to receive all other updates from ConfigMgr (SUP)? I've been successful with pointing the clients to Microsoft Update, Microsoft Malware Protection Center and UNC file shares by changing the Definition Update Source using a custom Antimalware Policy but I haven't figured out how to point the SCEP client to a WSUS server? There is a setting in the Antimalware policy to set the UNC path so I was expecting to see a setting to set the WSUS URL. It's hard for me to believe the SCEP client can't be independaly re-directed to a local WSUS since you can configure the SCEP client it to go directly to Microsoft or the Protection Center which is basically the WSUS mothership.   

  
Viewing all 6382 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>