Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all 6382 articles
Browse latest View live

cenario separate update list like monthly wise but single pack location

April 6, 2015, 4:02 pm
$
0
0

please assist me if i add patches to existing software update list and download central location what is behavior in terms of deployment e.g i have single update list and single package so i am keep adding patches to single update and same download to single package so after updating source  version of package patches will deploy automatically? or need to select each month patches then deploy? reason is we already deployed last month patches so once source version is updated it may start deploying new or available patches? please be specific about this scenario

again one more scenario separate update list like monthly wise but single pack location so what is deployment behavior?

Search

Server Autorestart after software updates at a specific time - advice needed please

April 7, 2015, 3:39 am
$
0
0

Hi

I am implementing server software updates.  I want them to install updates and restart on the 2nd Thursday of the month.

so in theory:

collection 1 restarts between 1am and 2am
collection 2 restarts between 3am and 4am

Collections 1 and 2 will look at the same software update groups of baseline and production and the updates will be manually put into these groups before the restart date.  There will be a test server group that will use a automatic deployment rule and install and restart on patch Tuesday as well which is where the updates will come from.  Days will vary but I cant quite grasp the initial implementation of the timed install and restarts.

How can I best accomplish this?

Thank You


Scan failed with error = 0x80240438

March 25, 2015, 5:03 am
$
0
0
Scan failed with error = 0x80240438. This is the error msg I am getting, upon doing some google, I found out that there is some forefront tmg which might have caused this, but I do not have anything like this installed on my client server?

ADR Removes updates from existing Software Update Group

April 7, 2015, 10:49 am
$
0
0
I'm working on using SCCM for Software Updates, was previously only using WSUS. I think I've got everything configured and I can deploy updates successfully. So now I'm working on automating things with some ADRs. The problem I'm running into is that I'm trying to set the ADR to add updates to an existing group. Office 2007 updates in this example.  I have the search criteria in the ADR set to look for Office 2007 updates released in the last 30 days and it is set to run once a month.  So in my mind, each month it will run and add the necessary updates to the existing group, and the group will become a cumulative list.  The problem I'm having is that every time the rule runs, it seems to remove all the existing updates from that group and only add in the updates that were returned for that run.  For example, I can set the rule to search for updates released in the last 60 days and will see 15 updates in the group.  If I change the rule to search for updates released in the last 30 days and run it again, the group will only have 10 updates in it.  Or if I manually add updates to the group and then run the rule again, the updates I manually added are removed.  None of these are expired or superseded.  Any ideas?

Endpoint Protection status is Unknown for another domain

April 7, 2015, 11:15 am
$
0
0

I have a Windows 2012 server running SCCM 2012 SP1 that I use for Windows Updates and Endpoint Protection.

I have two domains that get the Endpoint Protection updates.  On the domain that my SCCM server is on, I can see the client status just fine.  However, on the second domain, all client status items show up as "Unknown."

Is there a way that I can get the client status on the second domain to show up?

Thanks

Screen-shot:

Methods to install updates days before restart

April 7, 2015, 7:08 pm
$
0
0

Firstly, my apologies if this has been answered elsewhere, however I have been unable to find anything solid.

I am implementing software updates via SCCM and my management is requiring me to use the following timing for update:

  1. Catalog is synchronized and updates downloaded Thursday.
  2. Updates are made available and required to be installed on Thursday night.
  3. A restart is not required until the following Monday night, when there is a countdown and then is forced.

I have been trying to make this work however have as yet been unsuccessful, so I was hoping someone could help sort out exactly how this is supposed to work.  

From what I have read there are a couple of ways this could be achieved. 

  • Create a deployment with an installation deadline of ASAP, do not allow forced restarts outside a maintenance window, and then create a MW for the Monday night. 
  • Create a deployment with an installation deadline of ASAP, do not allow restarts. Then create another deployment of a restart script (batch or something like Coretech Shutdowntool) scheduled to deploy Monday night to handle the rebooting side of things.

I have attempted the first one however I have had no luck getting the restart to actually occur.  The installation works, but the restart just never happens.  I fear I am doing something wrong, however I am not familiar enough with aspects of the software to say for certain what is and isn't possible.  

Any help or information I could get would be very much appreciated.  

Many thanks.

Clients cannot download updates from DP

April 7, 2015, 11:07 am
$
0
0

Dear Friends,

I need your help,

After I configured everything and I am ready to patch my first cycle I have problem with my clients.

I download all the updates and create my deployment package. I sent it to the DP. 

The clients cannot download the updates from their DP. I checked the boundary and everything is ok.

I noticed that all pcs have the following error in the FSPstatemessage.log.

Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7 FSPStateMessage 4/5/2015 1:53:36 AM 4844 (0x12EC)

[CCMHTTP] ERROR: URL=HTTP://SCCM01.XXX.YYYYY/SMS_FSP/.sms_fsp, Port=80, Options=224, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED FSPStateMessage 4/5/2015 1:53:36 AM 4844 (0x12EC)

Successfully sent location services HTTP failure message.

Does the error above have to do with the client when tries to download the updates from the dp ?

How to solve the problem above ?

I forgot to mention that I have only one Site.

Please help

Nikkoscy

How are configuration baseline deployment collections updated?

March 30, 2015, 6:29 am
$
0
0

I created a configuration baseline for a critical update, have a monitor action deployed against the baseline, and created 4 collections against the deployment: compliant, error, non-compliant, unknown.  So far so good....

I then created a fresh deployment against the non-compliant collection to push the update and when I run report ' compliance 6 - -specific software update states (secondary)' for the updates against the non compliant collection I get the rather odd 'update is installed'=2.

How is the non-compliant collection meant to be updated by the baseline monitor deployment?  If I update the collection manually it makes no changes to membership

Thanks

David

Search

potentially unwanted software in SCEP

March 25, 2015, 1:22 pm
$
0
0

Hi, we've recently setup to quarantine potentially unwanted software (low level alert) in SCEP,

but it seems that even if we install any bunch of crap on the machine, SCEP doesn't even acknowledge it and looking at the built-in report, we only see high/severe/medium alerts.

Is there something special that's needed to have scep notify us about those kinds of alerts (specific définitions?) or another setting to enable?

Thks in advance and don't hesitate if you have any questions.

joeblow

UpdatesDeployment.Log CUpdatesJob XYZ: Reconnect to the exiting Job failed, error 0x87d00200

March 24, 2015, 1:31 am
$
0
0

Hi can anyone please help out?

I have several clients that are not downloading a patch 0% Downloading. The download of the Update can't be cancelled.

the Log says UpdatesDeployment.Log CUpdatesJob XYZ: Reconnect to the exiting Job failed, error 0x87d00200.

ooGDoo

Windows 8 clients not updating via SCCM?

April 8, 2015, 2:52 am
$
0
0

I am running Windows Server 2012 R2 and SCCM 2012 R2 (v5.0.7958.1000) and am trying to deploy updates to a Windows 8.1 client but am not having any joy, I keep getting errors within the WindowsUpdate.log.   

Can deploy updates to Windows 7 machines okay but not Windows 8.1. 

An extract of the log can be found here http://1drv.ms/1aJm3VO 

www.techielass.com


System Center 2012 in a WORKGROUP (non dc)?

April 8, 2015, 10:10 am
$
0
0

Can System Center 2012 be setup in a non active directory workgroup?


SCCM 2012 R2 WSUS Configuration

April 8, 2015, 1:57 pm
$
0
0

Hello,

I have a SCCM 2012 R2 installation on a client where we have installed WSUS following the instructions in the setup guide.

According to SCCM 2012 R2 licensing the customer has bought, only SCCM clients must be installed on the workstations, SCCM client should not be installed on any server.

WSUS configured as Update Point is working perfectly to distribute updates to workstations.

Now the client is asking me to configure the WSUS used by SCCM to download and distribute updates to the servers using a GPO, as is normally done in WSUS.

From my point of view, if we configure WSUS used as Update Point in SCCM, I think it could affect the stability of WSUS settings in SCCM.

I have recommended the customer to best install a new WSUS and that this new server should be responsible for downloading updates for servers and use it via GPO, since servers SCCM client will not be installed.

I would like to confirm whether this is the most recommended, just install a new WSUS to manage updates for servers.

Or if it is possible to make settings on the WSUS server that is used as Update Point in SCCM without affecting the current configuration of distribution of updates to workstations.

I will appreciate your advice very much.

Best regards,

Manuel

Manuel´s Microsoft Forums Threads

Deploying updates to servers via maintenance windows

April 8, 2015, 3:34 pm
$
0
0

Hi,

We've set up maintenance windows for our servers, different servers apply updates on different days.  These are 2 hour maintenance windows.

The issue we are having is that the client installs a certain amount of the deployed updates, then restarts, when the server comes back up it does not resume installation of the patches, it waits for the next maintenance window the following month.

Am I missing something in the setup to allow the server to continue on with the patching once it has restarted?

Thanks,


Travis

so need not to deploy new or added patches?

April 8, 2015, 8:25 pm
$
0
0
i have added software updates to existing update group and download to central location (previously downloaded location) it start deployment automatically? it is expected behavior?  so need not to deploy new or added patches?
Search

WSUS not Syncing with SCCM

April 8, 2015, 3:37 am
$
0
0

Hi,

My WSUS is not syncing with SCCM Server.

WCM.log

System.Security.SecurityException: Request for principal permission failed.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)~~The Zone of the assembly that failed was:~~MyComputer

------------------

Failed to refresh categories from WSUS server

------------------

Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error

wsyncmgr.log

Wakeup by SCF change

---------------

Wakeup for a polling cycle

***********************************************************************************************

WSUS and SCCM running on the same server.

Many thanks in advance.

Regards, Hari Prasad.D

SCCM 2012- Security updates issue

November 7, 2013, 7:09 am
$
0
0

We are unable to find MS13-053 bulletin ID in our SCCM 2012 meta data list while we have already selected Critical updates and Security updates in classification list for Windows 7 and Windows 8 from products list of Software update point component properties. Please let me know if i have missed something.

Please help.

Thanks

Mohit Kumar 

post-deployment configuration failed error in windows 2012 server

April 9, 2015, 4:02 am
$
0
0

HI,

After complete install WSUS I am getting  post-deployment configuration failed error

WSUS files are not installed in given path even folder also not created 

kindly suggest to me 

Device Collection of Non Complaint Machines SCCM 2012 R2

April 9, 2015, 10:28 am
$
0
0

Hi,

Is any way to create a Device collection of Non complaint Machines  from Query in SCCM 2012 R2 ??

Shailendra Dev

Generating Alerts in SCOM 2012 R2 for Failed Updates from SCCM 2012

April 9, 2015, 9:12 am
$
0
0

Hello,

My current management environment uses SCCM 2012 and SCOM 2012 R2 to update and monitor our servers.  We would like our deployments to generate alerts when an update installation fails.  I have checked our deployments and the alert box under Operations Manager Alerts ("Generate System Center Operations Manager alerts when a software installation fails")IS checked, but yet we receive no alerts in our SCOM console.

Our SCOM 2012 R2 has all current Configuration Manager MPs.

Do I need to change the settings for our ADRs?  I looked to see if there was a connector option in SCCM, but couldn't find one.  How do I ensure SCOM will generate alerts based on failed updates in our servers from SCCM and Software Center?

Viewing all 6382 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>