Background is that we are experiencing performance issues on workstations during the software updates scan cycle of the SCCM agent...

We already found some blogs related to clients that fail to report their compliancy, they point to the cleanup of the WSUS database. So even if you use SCCM to manage patches, you need to go into WSUS to cleanup the unnecessary patches. See http://blogs.technet.com/b/configurationmgr/archive/2015/04/15/support-tip-configmgr-2012-update-scan-fails-and-causes-incorrect-compliance-status.aspx

Now a few questions about this:
-None of the updates in WSUS are approved, I guess thats normal when managed by SCCM?
-What will following option in the Cleanup wizard do in case of management by SCCM?

• 5th option: Superseded updates -> declines updates that have not been approved for 30 d or more, are not needed by clients and are superseded by anapproved update: I guess option this will not decline a single update as none of the updates are approved? (and thats why we need to script it?)

-What happens with the Declined updates, which option will remove those?

-Is the way to cleanup WSUS via the script or manually as described in above link? Or should the cleanupwizard be sufficient?

- is there a flowchart available for Software updates scan cycle? What is the role of WSUS in this? Why is every non-declined patch evaluated to check compliancy of a machine? Shouldn't it run a check agains the members of all update groups to check compliancy?

-Quote from the blog mentioned above, can somebody clarify?

Because Configuration Manager does compliance reporting, it has extremely broad scan criteria to determine what is applicable. This is different from a typical scan performed by the Windows Update agent which requires a smaller subset of criteria. If an update is on WSUS and in a non-declined state, the Configuration Manager scan criteria will cause the Windows Update agent to try to evaluate it.

Thanks in advance,

WiM

Hi All,

I have a requirement to run a powershell script  on each machine weekly to collect the client certificates and store the information in WMI for collection with hardware inventory.

I could set up a recurring advert for this but was wondering if anyone had thought about doing this with compliance by having the powershell script as the detection of a compliance base line and then a remediation script that just deletes the WMI class (in case I have issues). I can then use the compliance schedule to set how ofter this runs.

Not sure if this would create any issues but thought I'd stick it out there and see if anyone else had any thoughts.

Howdy all!

I'm currently in the process of deploying the Client install on multiple servers across multiple forests. I'm currently running into an issue where the servers I've installed the SCCM Client on aren't reporting compliance to the SCCM Console.
If I open WSUS on the SUP, the machines are showing the need X amount of Updates and Y aren't required. However, in the SCCM Console itself, these machines are showing "Unknown" on Software Updates for compliance. What is causing the SCCM Console not to see the compliance yet its SUP WSUS Console sees them?

Buildout:
Forest 1:
1. SCCM Standalone Primary Site with SUP installed
2. Separate server for SCCM Database (Database site for Primary Site). Reporting Service not installed.

Forest 2:
1. 40 Servers, same subnet mix of 2003/2008/2012.
2. Oneway trust = Forest 1 -> Forest 2
3. GPOs for Windows Update set to Not Configured

Forest 3:
1. 2 Servers, separate Subnets, 2008 R2
2. No Trust to/from Forest 1
3. GPOs for Windows Update set to Not Configured

Forest 2&3 used to be attached to old WSUS prior to having SCCM Client installed. These servers are sending update information successful to WSUS Console on Primary Site with SUP but not the actual SCCM Console.

Production environment is SCCM 2012 R2 CU4 and just noticed that when creating a CI for compliance windows 8.1 and windows server 2012 R2 are not available under supported platforms. 

Checked our lab environment, same SCCM 2012 R2 CU4 and when creating a CI in the lab, Windows 8.1 and Windows Server 2012 R2 are listed as supported platforms. 

I've looked through settings and compared ms updates in case we missed something in production, but my understanding is SCCM 2012 R2 comes out of the box with windows 8.1 and server 2012 R2 support?

Any help on this matter is greatly appreciated. 

Thank you!

Hey guys, 

For the most part my automated updates through SCCM 2012 seem to deploy very well to our workstation infrastructure. Although there is one aspect that I don't quite understand.

My automated updates are scheduled to check for Windows 7 / Office 2013 critical updates the second Thursday of each month - checking only for updates released in the last month. These updates are then sent a software updates group and then added to a deployed, updates deployment package monthly. The clients run both the software update scan and deployment re-evaluation on the fourth Thursday of each month - upon when the updates are deployed to our workstation infrastructure... and it works quite well! 

Here's my issue... when I look within the deployed updates deployment package at the compliance status of specific updates, I can see in some cases (although not a great deal) some updates that are "Required" but have not been installed. I understand that there might be a period of time wherein the deployment status has not yet been reported back to the database however a lot of these "Required" updates are months old an longer. Therefore - a lot of time has passed in which the status could have been updated and a number of further opportunities (4th Thursday of each month) have passed wherein the client could have installed the outstanding update(s) but hasn't? There might be anywhere between 1-30 client systems that report they haven't installed the update? These are active and functional SCCM clients and so I'm struggling to understand why these outstanding "Required" updates are not being installed on the 4th Thursday of each month - some (although very few) have been available for over a year. They are all "Deployable", are not "Superseded" and have not expired. 

Thank you to anyone that takes the time to read and respond to this post.

M Tipler

Hi,

I recently setup a Windows 7 ADR and I set it to install a bunch of Windows 7 updates. I've found that why some users get a reboot notification, asking them whether they want to postpone or restart - some of my user's PCs just went ahead and rebooted themselves without user intervention.

Does anyone know why this happens? I set the deployment to supress reboots.

Thanks,

Dave

Hello!

I am trying to understand the behavior of the "Enable the deployment after this rule is run" - setting, in the automatic deployment rule. If I disable this (so that the deployment is created but not enabled), everything seems to be working logically when I have selected "Create a new Software Update Group" for every time the rule is run. 

However, if I select "Add to an existing Software Update Group" with the "enable the deployment.." disabled, it is created and disabled the first time the rule is run,but if I enable it, it is not disabled after the rule has been run again. 

Is this by design, or is it something I have missed? Wouldn't it be logical for it to be disabled when the rule updates the Software update group?

Recently, we had to recover our lab environment because of a server crash. The primary site was rebuild using the SCCM backup.

All seemed to be fine, but after a few days we saw that the SUP on the secondary site was not syncing. The link status is active, also no errors are in primary/secondary site wsus logs (wsusctrl.log, wsyncmgr.log,wcm.log). In console, the last sync date was from before the crash.

Troubleshooting I already did:
On the primary site's WSUS server, I could not see any downstreamservers available  -> this was fixed by triggering a sync on the wsusserver on the secondary site S01.  Now, after a full sync, I can see in the P01 logfiles that a notification is sent to S01. On the secondary site logs, nothing moved at that time. I don't see anything appearing in wsyncmgr.box.

I also tried to drop a P01.SYN file in the wsyncmgr.box, but then I get this nasty error:
Wakeup by inbox drop SMS_WSUS_SYNC_MANAGER 5/06/2015 12:25:13 4904 (0x1328)
Wakeup by inbox drop SMS_WSUS_SYNC_MANAGER 5/06/2015 12:25:22 4904 (0x1328)
Found parent sync notification file P01.SYN. SMS_WSUS_SYNC_MANAGER 5/06/2015 12:25:27 4904 (0x1328)
Error: CVarFile::SeekFirstRecord failed. CVarFile error: Record not found. Source: CWSyncMgr::CheckForSyncRequest SMS_WSUS_SYNC_MANAGER 5/06/2015 12:25:27 4904 (0x1328)
STATMSG: ID=6700 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=SVW8RC62.rese-admin.colruyt.int SITE=S01 PID=3456 TID=4904 GMTDATE=vr jun 05 10:25:27.869 2015 ISTR0="CWSyncMgr::CheckForSyncRequest" ISTR1="CVarFile::SeekFirstRecord failed. CVarFile error: Record not found" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 5/06/2015 12:25:27 4904 (0x1328)

I already removed the SUP from S01, rebooted and reinstalled the SUP -> still no luck...

Any advice is welcome.

Thanks,

WiM

Good Afternoon,

We Setup the May Security Updates for deployment to our main device collection. The deployment seemed to go well after a few days 50+% of the devices showed compliant and most of the remaining devices showed In Progress Pending System Restart.

Then all of the sudden all devices changed to unknown status Client check Passed/Active.

Over the last couple of days 60% of the devices slowly again have changed to show Compliant. The rest are still Unknown Client check passed/Active. They really should show In Progress I think since the devices did download and install the updates and were pending a system restart until the strange sudden status change to unknown.

It appears a couple of machines per hour change to compliant, but what we are wondering is what caused all these machines to move into the Unknown status all at once? And why do they remain Unknown instead of In Progress or Compliant?

Has anyone seen this odd behavior or have any suggestions?

Thanks.

1. Update: 8bc7a4f8-5b85-4c95-ab3e-132c4eba5e2a, 200   BundledUpdates: 1WUAHandler05/06/2015 18:00:497048 (0x1B88)
       Update: 8c25fb43-0873-4c2e-a7da-f3249fb188d4, 200   BundledUpdates: 0WUAHandler05/06/2015 18:00:497048 (0x1B88)
2. Update: bd0efcf5-25fc-4d0a-8c57-c967c0b70a54, 201   BundledUpdates: 1WUAHandler05/06/2015 18:00:497048 (0x1B88)
       Update: f6621eec-c951-43cf-be8f-e4fd6310ba2c, 201   BundledUpdates: 0WUAHandler05/06/2015 18:00:497048 (0x1B88)
1. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3061518) (8bc7a4f8-5b85-4c95-ab3e-132c4eba5e2a, 200)WUAHandler05/06/2015 18:00:497048 (0x1B88)
2. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3055642) (bd0efcf5-25fc-4d0a-8c57-c967c0b70a54, 201)WUAHandler05/06/2015 18:00:527048 (0x1B88)
Async installation of updates started.WUAHandler05/06/2015 18:00:587048 (0x1B88)
Update 1 (8bc7a4f8-5b85-4c95-ab3e-132c4eba5e2a) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:04:098144 (0x1FD0)
Update 2 (bd0efcf5-25fc-4d0a-8c57-c967c0b70a54) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:04:128144 (0x1FD0)
Async install completed.WUAHandler05/06/2015 18:04:128144 (0x1FD0)
Installation job encountered some failures. Error = 0x80240022.WUAHandler05/06/2015 18:04:129128 (0x23A8)
Installation of updates completed.WUAHandler05/06/2015 18:04:129128 (0x23A8)
Going to search using WSUS update source.WUAHandler05/06/2015 18:04:298928 (0x22E0)
Synchronous searching of all updates started... WUAHandler05/06/2015 18:04:298928 (0x22E0)
Successfully completed synchronous searching of updates.WUAHandler05/06/2015 18:12:328928 (0x22E0)
Could not find update (2334143f-7af9-4da7-a7f4-1ad5f30a33e0:200) in any of the registered update sources, skipping.WUAHandler05/06/2015 18:12:328928 (0x22E0)
Could not find update (eaa88b5a-5252-4b04-aa62-358473e56fab:200) in any of the registered update sources, skipping.WUAHandler05/06/2015 18:12:328928 (0x22E0)
Could not find update (f3cf461b-8147-4b73-9819-9f045e63c08e:202) in any of the registered update sources, skipping.WUAHandler05/06/2015 18:12:328928 (0x22E0)
Could not find update (fec8d1b2-82a9-49df-85d6-bca2fb6fa908:201) in any of the registered update sources, skipping.WUAHandler05/06/2015 18:12:328928 (0x22E0)
1. Update: 1072c136-fabd-435a-a032-10996626e444, 201   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: 11aad9c6-8aeb-4cd5-be76-b26732c859d8, 201   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
3. Update: 899fc219-c630-44d4-9090-1f1a98519a45, 203   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: e4351b8d-f78b-45d9-8aff-e36bf026445c, 203   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
4. Update: 931652f3-8861-4bef-92dd-bbb0e4ed3498, 203   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: bf238ab9-5020-4e45-a4fb-fd5f1ae62723, 202   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
5. Update: a228db91-8c7a-4327-a6ae-556a64ed7b45, 200   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: ec2ba45d-a05b-4aff-a4e7-d5fef972a40d, 200   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
6. Update: a5ca050d-9c70-4b9e-ba03-bc23c4264f8c, 204   BundledUpdates: 3WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: 8c888b1f-fc05-4faf-9ae9-7125e6ef9bdf, 204   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: 47d10ef2-91ee-43ef-82a6-0028d26e4768, 204   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: 6c38b06e-9c2a-4871-8468-f6be62bcb0a1, 202   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
7. Update: c00a51ba-6501-4c74-96b6-f266ec3a5722, 201   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: e73080a5-6831-42b6-a818-bfff4d0b9158, 201   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
10. Update: fc71042c-f577-42ca-9a82-e358d0750ccb, 201   BundledUpdates: 1WUAHandler05/06/2015 18:12:328928 (0x22E0)
       Update: 9df0e4b2-9e94-4acc-b7f7-288a329395d6, 201   BundledUpdates: 0WUAHandler05/06/2015 18:12:328928 (0x22E0)
1. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3033889) (1072c136-fabd-435a-a032-10996626e444, 201)WUAHandler05/06/2015 18:12:328928 (0x22E0)
2. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3004361) (899fc219-c630-44d4-9090-1f1a98519a45, 203)WUAHandler05/06/2015 18:12:368928 (0x22E0)
3. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3032323) (931652f3-8861-4bef-92dd-bbb0e4ed3498, 203)WUAHandler05/06/2015 18:12:368928 (0x22E0)
4. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3039066) (a228db91-8c7a-4327-a6ae-556a64ed7b45, 200)WUAHandler05/06/2015 18:12:368928 (0x22E0)
5. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3031432) (a5ca050d-9c70-4b9e-ba03-bc23c4264f8c, 204)WUAHandler05/06/2015 18:12:368928 (0x22E0)
6. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3036493) (c00a51ba-6501-4c74-96b6-f266ec3a5722, 201)WUAHandler05/06/2015 18:12:368928 (0x22E0)
7. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3035132) (fc71042c-f577-42ca-9a82-e358d0750ccb, 201)WUAHandler05/06/2015 18:12:368928 (0x22E0)
Async installation of updates started.WUAHandler05/06/2015 18:12:448928 (0x22E0)
Update 1 (1072c136-fabd-435a-a032-10996626e444) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:15:024540 (0x11BC)
Update 2 (899fc219-c630-44d4-9090-1f1a98519a45) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:15:457996 (0x1F3C)
Update 3 (931652f3-8861-4bef-92dd-bbb0e4ed3498) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:15:596588 (0x19BC)
Update 4 (a228db91-8c7a-4327-a6ae-556a64ed7b45) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:16:198588 (0x218C)
Update 5 (a5ca050d-9c70-4b9e-ba03-bc23c4264f8c) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:17:279164 (0x23CC)
Update 6 (c00a51ba-6501-4c74-96b6-f266ec3a5722) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:17:391132 (0x046C)
Update 7 (fc71042c-f577-42ca-9a82-e358d0750ccb) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:18:033388 (0x0D3C)
Async install completed.WUAHandler05/06/2015 18:18:033388 (0x0D3C)
Installation job encountered some failures. Error = 0x80240022.WUAHandler05/06/2015 18:18:032912 (0x0B60)
Installation of updates completed.WUAHandler05/06/2015 18:18:032912 (0x0B60)
Scan results will include all superseded updates. WUAHandler05/06/2015 18:18:088744 (0x2228)
Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441'))WUAHandler05/06/2015 18:18:088744 (0x2228)
Async searching of updates using WUAgent started. WUAHandler05/06/2015 18:18:088744 (0x2228)
Async searching completed.WUAHandler05/06/2015 18:20:357872 (0x1EC0)
Successfully completed scan.WUAHandler05/06/2015 18:20:391224 (0x04C8)
Going to search using WSUS update source.WUAHandler05/06/2015 18:20:537724 (0x1E2C)
Synchronous searching of all updates started... WUAHandler05/06/2015 18:20:537724 (0x1E2C)
Successfully completed synchronous searching of updates.WUAHandler05/06/2015 18:22:317724 (0x1E2C)
1. Update: 9a3a9b37-d93d-4982-93fb-a9271dbdfac9, 203   BundledUpdates: 1WUAHandler05/06/2015 18:22:317724 (0x1E2C)
       Update: cd5965c6-2dc0-4504-967c-d16a64798024, 200   BundledUpdates: 0WUAHandler05/06/2015 18:22:317724 (0x1E2C)
2. Update: baef37d7-b53b-4cba-b8ef-10a37c41fa4f, 201   BundledUpdates: 1WUAHandler05/06/2015 18:22:317724 (0x1E2C)
       Update: a5e73bd4-8046-46e1-94ff-7e052d4a300a, 201   BundledUpdates: 0WUAHandler05/06/2015 18:22:317724 (0x1E2C)
3. Update: cadda5d8-5e52-403e-8d40-8352536cfd72, 201   BundledUpdates: 1WUAHandler05/06/2015 18:22:317724 (0x1E2C)
       Update: 16229617-6b17-4bc5-b15d-9754f2357729, 201   BundledUpdates: 0WUAHandler05/06/2015 18:22:317724 (0x1E2C)
4. Update: e37c75b8-901f-4114-981f-b88ad1e95c4e, 201   BundledUpdates: 1WUAHandler05/06/2015 18:22:317724 (0x1E2C)
       Update: 211231b3-372b-46f3-ba01-59d9e351b0ca, 201   BundledUpdates: 0WUAHandler05/06/2015 18:22:317724 (0x1E2C)
1. Update (Missing): Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3048070) (9a3a9b37-d93d-4982-93fb-a9271dbdfac9, 203)WUAHandler05/06/2015 18:22:317724 (0x1E2C)
2. Update (Missing): Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB3049563) (baef37d7-b53b-4cba-b8ef-10a37c41fa4f, 201)WUAHandler05/06/2015 18:22:347724 (0x1E2C)
3. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3045171) (cadda5d8-5e52-403e-8d40-8352536cfd72, 201)WUAHandler05/06/2015 18:22:347724 (0x1E2C)
4. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3046002) (e37c75b8-901f-4114-981f-b88ad1e95c4e, 201)WUAHandler05/06/2015 18:22:347724 (0x1E2C)
Async installation of updates started.WUAHandler05/06/2015 18:22:397724 (0x1E2C)
Update 1 (9a3a9b37-d93d-4982-93fb-a9271dbdfac9) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:26:019192 (0x23E8)
Update 2 (baef37d7-b53b-4cba-b8ef-10a37c41fa4f) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:28:118812 (0x226C)
Update 3 (cadda5d8-5e52-403e-8d40-8352536cfd72) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:28:308988 (0x231C)
Update 4 (e37c75b8-901f-4114-981f-b88ad1e95c4e) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:28:558808 (0x2268)
Async install completed.WUAHandler05/06/2015 18:28:558808 (0x2268)
Installation job encountered some failures. Error = 0x80240022.WUAHandler05/06/2015 18:28:553420 (0x0D5C)
Installation of updates completed.WUAHandler05/06/2015 18:28:553420 (0x0D5C)
Going to search using WSUS update source.WUAHandler05/06/2015 18:29:099196 (0x23EC)
Synchronous searching of all updates started... WUAHandler05/06/2015 18:29:099196 (0x23EC)
Successfully completed synchronous searching of updates.WUAHandler05/06/2015 18:35:129196 (0x23EC)
1. Update: 05411874-4d1f-44c4-8aad-dc84726878c9, 204   BundledUpdates: 1WUAHandler05/06/2015 18:35:129196 (0x23EC)
       Update: 786cfb6d-04f3-4f26-8f89-d66204fe3610, 204   BundledUpdates: 0WUAHandler05/06/2015 18:35:129196 (0x23EC)
2. Update: 7f60743f-a8ec-427a-8b2e-274374fdbc1f, 202   BundledUpdates: 1WUAHandler05/06/2015 18:35:129196 (0x23EC)
       Update: cbc43b9a-77ce-4287-b209-6ac9043b7063, 200   BundledUpdates: 0WUAHandler05/06/2015 18:35:129196 (0x23EC)
1. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3046306) (05411874-4d1f-44c4-8aad-dc84726878c9, 204)WUAHandler05/06/2015 18:35:129196 (0x23EC)
2. Update (Missing): Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB3038314) (7f60743f-a8ec-427a-8b2e-274374fdbc1f, 202)WUAHandler05/06/2015 18:35:159196 (0x23EC)
Async installation of updates started.WUAHandler05/06/2015 18:35:199196 (0x23EC)
Update 1 (05411874-4d1f-44c4-8aad-dc84726878c9) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:37:387344 (0x1CB0)
Update 2 (7f60743f-a8ec-427a-8b2e-274374fdbc1f) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:38:394276 (0x10B4)
Async install completed.WUAHandler05/06/2015 18:38:394276 (0x10B4)
Installation job encountered some failures. Error = 0x80240022.WUAHandler05/06/2015 18:38:398108 (0x1FAC)
Installation of updates completed.WUAHandler05/06/2015 18:38:398108 (0x1FAC)
Going to search using WSUS update source.WUAHandler05/06/2015 18:39:038732 (0x221C)
Synchronous searching started using filter: 'UpdateID = '3f4b33e1-ee77-4965-99ba-358ee501e822' AND DeploymentAction = *'...WUAHandler05/06/2015 18:39:038732 (0x221C)
Successfully completed synchronous searching of updates.WUAHandler05/06/2015 18:40:128732 (0x221C)
1. Update: 3f4b33e1-ee77-4965-99ba-358ee501e822, 204   BundledUpdates: 3WUAHandler05/06/2015 18:40:128732 (0x221C)
       Update: 79860803-d615-4e9e-b099-45d7f074d7a6, 204   BundledUpdates: 0WUAHandler05/06/2015 18:40:128732 (0x221C)
       Update: 36207c65-2b2a-4242-8dc9-e1592760f956, 204   BundledUpdates: 0WUAHandler05/06/2015 18:40:128732 (0x221C)
       Update: 6ace9531-f6b8-4db3-9cef-d28973870b28, 202   BundledUpdates: 0WUAHandler05/06/2015 18:40:128732 (0x221C)
1. Update (Missing): Security Update for Windows 7 for x64-based Systems (KB3000483) (3f4b33e1-ee77-4965-99ba-358ee501e822, 204)WUAHandler05/06/2015 18:40:128732 (0x221C)
Async installation of updates started.WUAHandler05/06/2015 18:46:138732 (0x221C)
Update 1 (3f4b33e1-ee77-4965-99ba-358ee501e822) finished installing (0x8e5e03fa), Reboot Required? NoWUAHandler05/06/2015 18:50:152476 (0x09AC)
Async install completed.WUAHandler05/06/2015 18:50:215552 (0x15B0)
Installation job encountered some failures. Error = 0x80240022.WUAHandler05/06/2015 18:50:213208 (0x0C88)
Installation of updates completed.WUAHandler05/06/2015 18:50:213208 (0x0C88)
Its a WSUS Update Source type ({45CDA72A-76F8-4466-873A-25482F5AEA3E}), adding it.WUAHandler06/06/2015 10:06:133712 (0x0E80)
Existing WUA Managed server was already set (http://SCCM-STANDALONE.gtbank.com:8530), skipping Group Policy registration.WUAHandler06/06/2015 10:06:133712 (0x0E80)
Added Update Source ({45CDA72A-76F8-4466-873A-25482F5AEA3E}) of content type: 2WUAHandler06/06/2015 10:06:133712 (0x0E80)
Scan results will include all superseded updates. WUAHandler06/06/2015 10:06:143712 (0x0E80)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')WUAHandler06/06/2015 10:06:143712 (0x0E80)
Async searching of updates using WUAgent started. WUAHandler06/06/2015 10:06:143712 (0x0E80)
Async searching completed.WUAHandler06/06/2015 10:08:224172 (0x104C)
Successfully completed scan.WUAHandler06/06/2015 10:08:273712 (0x0E80)

Hi

I have SCCM 2012 R2 installed on server 2008 r2 (offline domain- no internet connection..)

we installed WSUS 3.2 on this server and it is working fine.

when I tried connecting WSUS to SCCM, it seems to fail with errors.

Event Viewer shows the following errors\warnings:

 error id 364 - windows server update service (content file download faild. reason: HTTP status 404)

error id 10032

warning id 10021

error id 1016 sms_wsus_control_manager

error id 1016 sms_notification_server

IIS is working, I am able to go to page, WSUS also working fine as itself.

all services are running, and SQL also OK :)

I can also see on sms_wsus_control_manager log:

Sync failed. will retry in 60 minutes $$<SMS_WSUS_SYNC_MANAGER><"DATE"><thread=4900 (0x1324)> Setting sync alert to active state on site "site_name".....

can anyone help me solving this problem?

Thank you

Hi,

In confmgr console, it is possible to run deployment summarization. Is there a way to force content distribution status summarization? There are no such option in context menu

Hi Guys,

I need to deploy the Lync 2013 version update KB2880474. Was unable to find this on Windows Update via SCCM ,so downloaded the version for 32bit from below link.

https://support.microsoft.com/en-us/kb/2880474

1. Could you confirm if this patch wasn’t released on Windows Update to be deployed via SCCM or if I could be missing, but it doesn’t come up in the Software scan, but just need to be sure. 

Along with it, Office 2013 is also selected since the lync products started coming up with MS Office.

In Classifications, apart from Critical and Security updates, I have service packs. Do I need to select any other classification category for getting this update under SCCM database ?

   2.  I tried to deploy this as a program package. The exe deployment works manually using the /quiet switch but when done via SCCM, it works on few systems and doesn’t work on others. It fails with below error message :

Script for Package:ABC, Program: Lync Update failed with exit code 17022 OR Script for Package:ABC, Program: Lync Update failed with exit code 17025 OR Script for Package:ABC, Program: Lync Update failed with exit code 17028

As was checked, the error codes points to the following description but none of them is true.

• 17022 = Patch not required
• 17025 = Patch already installed
• 17028 = No product installed for contained patch

MS Office’s required version was installed on the system, post which the patch installation was tried but it fails with the above message.

The systems on which it failed included the ones with the same OS and OS bit version where it actually succeeded. 

Hi All,

I am looking for some solution where SCCM can sense Whether Trend Micro anti-virus is patched with latest definition update or not.

Please guide how can we achieve this from compliance in SCCM

Thanks Rahul$

Starting some time this past weekend I've noticed that System Center Endpoint Protection is now flagging the Ask Tool bar and other Ask related applications as malware and is automatically removing them as a remediation step. This is working fine in Windows 7, however I have found on three separate Windows 8.1 systems that after the user is prompted to reboot the computer never comes back up. You get the light blue Automatic Repair screen saying "automatic repair couldn't repair your PC".

I'm going to open up a case with Microsoft Support, but I was wondering if others out there are seeing the same behavior?

Hi,

I'm trying to get an ADR setup to do some patching on a couple Test machines running 2012.  I created the ADR and it seems to be at least partially working.

However, when I view the Deployment in SCCM it says: In Progress and status is Pending System Restart

When I setup the deployment I checked the two boxes under Deadline Behavior that says:
Allow the following activities to be performed outside the maintenance Window.

I checked both boxes (Updates Installation and System Restart) which I thought would make them install and reboot right away.

As I'm typing this I remoted into 1 of the boxes and as soon as I did it came up and said it would reboot in 2 minutes.  I don't know if I triggered that by remoting in or if twas on some sort of delay timer.

Can anyone tell me what might be going on and why it didn't reboot right when it was done installing?

Thanks!

I create a VPN profile according to https://technet.microsoft.com/en-us/library/dn261200.aspx?f=255&MSPPError=-2147217396

It is an L2TP VPN connected to a single server based on IP address.

When deploying to (test) clients, I see that instead of a VPN connection, a dial-up connection is created. The phonenumber is set to the IP-address of the VPN endpoint. 

What can be wrong?

Regards,

Stephan van der Plas

You know you're an engineer when you have no life and can prove it mathematically