Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all 6382 articles
Browse latest View live

Configuration Manager 2012 R2 CU4 (SUP) Classifications not Syncing with WSUS Server

August 4, 2015, 1:43 am
$
0
0

Hi,

We are in the process of deploying a new Configuration Manager infrastructure in a DEV / QA / Prod environment. The installation of the CM Site Servers are scripted as well as the installation of the pre-requisites. In our DEV and QA environment the SUP Syncs successfully but on our PROD server the Classifications are not syncing? I need help troubleshooting this.

We have a CAS Server with 2 Primaries. There are no errors in the following log files (On the CAS): WCM.log, WSUSCTRL.log and WSyncMgr.log. There is also no errors in the Site Status or Component Status.

Here is a screen capture of the SUP Point in QA that is working:

SUP Classifications Working

Here is a screen capture of the SUP Point in PROD NOT syncing its Classifications:

SUP Not Working

I am at a loss at this stage and don't know what else to check. All pointers would be appreciated.

Thanks,

Jacques.


Search

SUP with WSUS settings?

August 4, 2015, 6:30 am
$
0
0

Hi.

Haven't been here for quite long since ConfigMgr 2007. Now I have ConfigMgr 2012 R2 in hands just recently.

Question:

1. Do you configure WSUS for SUP role now?

(Previously on ConfigMgr 2007 WSUS is just installed to get the binaries but it was left to ConfigMgr 2007 do do the configuration. Which means, there is no need to configure WSUS at all) So, how was it done with ConfigMgr 2012 R2 now?


2. Any special GPO settings needs to be enforced or we just let it unconfigured still?

regards,

Pat

---Pat

How to configure Windows Update For Business?

August 4, 2015, 6:58 am
$
0
0
Here in the company have integrated WSUS with SCCM, however it does not download updates from the Windows 10 My doubt is:

Configuring the new Windows Update For Business and integrate with the SCCM?

Lucas Rezende Esse conteúdo e fornecido sem garantias de qualquer tipo, seja expressa ou implícita. Por favor, lembre-se de Marcar como Resposta as respostas que resolveram o seu problema. Essa e uma maneira comum de reconhecer aqueles que o ajudaram e fazer com que seja mais fácil para os outros visitantes encontrarem a resolução mais tarde.

Windows 10 WindowsUpdate.log

August 4, 2015, 7:33 am
$
0
0

Now that Windows 10 is released, I see that WindowsUpdate.log is still requiring that we run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log. I've long used  CMTrace for this file and wonder if any thought has been given to making it a bit easier to read the file for folks like us.

Orange County District Attorney

SCEP on Windows 10 via SCCM 2012 R2 SP1

August 4, 2015, 10:27 am
$
0
0

Hello all,

I upgraded our CM build to R2 SP1 last night and am now trying to get SCEP to install on a managed W10 client - nothing has installed so far, and attempted to run the SCEPInstall.exe results in "already installed error." Windows Defender is still active, but the version is the latest that SCEP should be (4.8.204 I believe) System Center Endpoint Protection DOES show in Programs and Features, but I have no green icon in the notification tray, only the Defender icon.

My question is- Is Defender now treated as SCEP/are they interchangeable? Defender is getting my Antimalware Policy deployed via CM2012, and acting as SCEP should, I'm just not sure if the GUI should say "Endpoint Protection" or continue to say"Windows Defender."

I have attempted to uninstall/reinstall, and disabled defender, thinking SCEP would "take over," but that just disabled antivirus in general apparently.

Deploying Net Framework 4

August 4, 2015, 7:37 am
$
0
0

I will deploy a new software for Synergix ADCE which need .NET Framework 4.0 installed.  Im not able to find the exact name of this Software update to Run a report of compliance to see who of my clients need it. 

Also i want to know if .NET framewok 4.0 can be deployed as a Package or Application.  

Thanks!

System Center 2012 Cfg Mgr SP1 CU3 - Some Reports show blank box with no results (perhaps where a graphic would be)

February 25, 2014, 5:51 am
$
0
0

Just migrated from SCCM 2007 to SCCM 2012 SP1 CU3.  All seems to be working fairly well but when I run certain reports (especially in the EndPoint Protection) I get blank reports with a box where possibly a graphic should be shown.  No error given.  An example would be the report named "Antimalware overall status and history".  It just shows several boxes with perhaps a small picture icon in the top left of the box.    This occurs on several different reports.  But I do have results with other reports.  Any ideas?

I am on sql server 2012 (64 bit) on windows 2012 std.


KB2530678 Broke SCCM WSUS Integration?

July 23, 2015, 1:42 am
$
0
0

We have SCCM 2012 R2 on Server 2012 running a local WSUS instance (6.2), which points to an upstream WSUS server running WSUS 3.0 SP2 (due to controls over internet access).

We were not able to publish the CCM agent to the WSUS due to an error message which corresponds with KB2530678

So in response we installed kb2530678 on the upstream WSUS 3.0 server, but now we are seeing an error message of "Publishing operation failed because the console and remote server versions do not match" when trying to publish the CCM agent to WSUS.

The KB2530678 update will not install onto the WSUS 6.2 on the SCCM server.


How do we get back to a supported and integrated setup?


Search

Single Primary site with IBCM MP/DP and WSUS Question

August 5, 2015, 5:24 am
$
0
0

I currently have a singe site configured as :

1 Primary 2012R2 HTTP/HTTPS + WSUS/SUP/SCUP role configured with intranet only on port 8530/8531, this means that clients currently have to VPN in to get WSUS catalogue and then they can download from the IBCM server for content, works fine ATM using this process

1 server with other roles HTTPS only

1 server in DMZ with DP/MP/FSP roles installed

1 secondary site server installed with downstream SUP/WSUS role

12 DP's

6000 clients , 75% roaming clients into internet

What would be the best (least effort) to get my internet only based clients using the our WSUS infrastructure without having to VPN in. Our clients do not use VPN often enough and I am trying to enhance the security of the SCCM managed clients

Can I change the Primary WSUS/SUP server to intranet/internet and change port numbers to 80/443 (as requested by colleague) and use a reverse proxy for Internet based clients to access the internal WSUS/SUP server through the firewall OR do I add another WSUS/SUP in the DMZ for internet clients, change the port to 443 and allow that through the firewall (port 443 is the requirement from network team) for the WSUS upstream server catalogue synchronisation.

I am aware that we can copy across the update catalogue every month, but trying to automate as much as possible as simply as possible 

I don't want to reinstall clients due to issues with our network/client base , and I am not keen on adding another primary as a failover due to time for clients to change the WSUS/SUP server(30 minutes) for clients that connect to the network on a regular basis.

Any suggestion greatly appreciated,

regards

many thanks


Basic Question SCCM

August 5, 2015, 6:32 am
$
0
0

Hi guys ,

First of all Thank you very much about your supporting ,

i have a a small question about my SCCM , 

my WSUS server installed in same SCCM server ( All in one ) 

in Update Source what need be configure ?

Sync From Microsoft or Sync From another Windows Server Update Services Server ? 

my opinion is that the Wsus need to be configured as "Sync from Microsoft Updates "but this case  it configured as "Sync from another Windows server updates server" , once i change the check box to Sync from Microsoft Updates after 30 min the check box return automatically to Sync from another Windows server updates...

i as understood  as best practices  that in WSUS need to be configured against Microsoft and in SCCM against SCCM , that's right 

someone can assist  me ? Thanks a lot .

My Website:www.Pelegit.co.il Mcitp /Mcsa 2012

Windows Defender on Windows 10

August 4, 2015, 3:56 pm
$
0
0
Will my EndPoint Protection policies apply to Windows Defender on Windows 10?

Orange County District Attorney

Failed to create assembly name object for Microsoft.UpdateServices.Administration. Error = 0x80131701.

June 3, 2015, 2:55 am
$
0
0

Hi

I originally posted in the WSUS forum but was advised to post here as CM2012 related.

I am getting the above error appearing in my WSUSCtrol.log. I wondered if anyone had come across this?

I am using CM2012 R2 SP1 with WSUS 3 SP2 and WSUS-KB2720211-x64 & WSUS-KB2734608-x64 patches.  WSUS is on a separate box and SQL is on another box. The WSUS console is installed with the aforementioned patches on the CM2012 primary site.

This error reappears approx every 30 mins or so (but occasionally longer).

Thanks

Updates are not being displayed to implement in SUP

June 23, 2015, 12:07 pm
$
0
0

I am setting up SCCM 2012 R2 and testing the Win 7 updates. I have configured the SUP Products to Sync for Windows 7, performed a sync successfully followed the steps through deploying the package (my Windows 7 update group currently has 457 items).  Once a test client has all of the updates installed, I had the machine sync with MS update site and it found 61 additional important updates and more 11 that are optional.

 

A search under All Software Updates does not find the missing updates.

 

I have plugged about 20 of these Updates into the WSUS Update Catalog and per the Package Details, none of them have been replaced by newer updates or request user input.  I have also searched my wsyncmgr.log and none of them are found in the log file (which does list many updates that were skipped because they were superseded).  

 

Per a Blog I found describing the differences between Windows Update Catalog and Windows Update (Windows-update-what-is-it-good-for), I looked up the updates and all of the updates from 2012 and 2013 show, “Locale: All” and, “Deployment: Recommended/Automatic Updates, WSUS, and Catalog .“  Half of the ones from 2014 show the same while others are just listed under a non-descript,“Changes to existing non-security content.”

 

So why are these not identified as updates my server should download?

 

Here are some of the updates I am looking at:

 

KB2719857          KB2726535          KB2729094          KB2732059        

KB2732487          KB2750841          KB2761217          KB2763523

KB2773072          KB2791765          KB2800095          KB2808679

KB2820331          KB2834140          KB2843630          KB2852386

KB2853952          KB2882822         

 

Thanks for any help

Best Practice for Updating BASELINE SUGs - SCCM 2012 R2

August 5, 2015, 11:13 am
$
0
0

As the title states I am looking for the Best Practice for updating BASELINE SUGs in SCCM2012R2.

The first time I did this I deleted all my SUGs and created a new BASELINE, for each OS, but that was very time consuming. This time around I am considering only deleting the Monthly SUGs and then re-deploying those patches to their respective current BASELINE. Of course I will stay within the 1000 patch limit and also exclude EXPIRED and SUPERCEDED patches.

Is this the best way to do this? No matter how I rethink this process I know the clients are going to re-evaluate the patches. My biggest concern is to not have it happen during nornal business hours, should this trigger some clients to get patched.

We have recently deployed the latest Windows Update Client and SCCM Agent.

Thank you in advanced for any feedback.

Error trying to upgrade to R2 SP1

August 5, 2015, 12:04 pm
$
0
0

Guys,

Take a look at the screen shot attached.  I am running R2 with CU5 (1) .  I downloaded the installer for r2 sp1 (2) .  (3) I get a message that I need to be running a none r2 version with sp2 ?

Am I missing something here ?

The file I downloaded is SC2012_R2_SP1_Configmgr.exe


Search

Issue with integer registry compliance settings

October 8, 2012, 3:54 am
$
0
0

Hello,

I want to use compliance settings to make sure a registry key has a specific value. I successfully created the configuration item and configuration baseline, tested the deployment on a test collection and verified the setting is enforced.

My issue is with the way the registry value gets created if it doesn't exist. I configured a data type of 'Integer' and the value gets created as a REG_QWORD on 64-bits machines. What I want is a REG_DWORD otherwise the software using this value doesn't work as expected. I don't know if the issue is the same on 32-bits machines (I don't have one to test at the moment).

I played with the various data types available for registry values but I can't seem to find how to achieve my goal.

Thank you for your help.

SCCM 2012 Compliance user folder

July 23, 2015, 5:22 am
$
0
0
Hello, I'm trying to create a configuration item in Compliance to report on the existence of a folder in %userprofile% but I seem to be getting nowhere.  The situation is that I'm piloting folder redirection using GPO of the users documents folder. I'm redirecting this folder into the %userprofile%\OneDrive - companyname- folder. But I need to know who has the one drive folder in their user profile.  Is Compliance the way to go with this? 

Not seeing Windows 10 Updates

July 30, 2015, 1:27 pm
$
0
0
We have Windows 10 selected as a product on our CAS/parent SUP but no updates are coming in for Windows 10. Syncs are completing without any issues I can see. I know at least a few updates for Windows 10 have been released—is this a common issue or localized to just us?

Weird Software Update Deployment Issue?

August 6, 2015, 6:34 am
$
0
0

Hi all,

I manually ran an ADR which was supposed to be a Windows 7 Baseline for our client devices. 
Now in Monitoring - Deployments, every single update has its own deployment (750!), their status is unknown, and I cant delete them, even with right click tools!

Any ideas?

http://s15.postimg.org/kgh3yzde3/sccm.png


Web Catalog & Software Center

August 6, 2015, 7:00 am
$
0
0

Web Catalog & Software Center | SCCM 2012


Hi All SCCM Experts ,
I have a small/big problem with my SCCM .
I noticed that there are Application & Packages that existing in application catalog Web aren't appear in Software Center
all my Applications & Packages are configured as available option
so why it happening ? how it's possible that only 1 application appear in software center and in application catalog web appears all Application & Packages?

Important to know that it's not a new problem just now I am starting fix it , if users tried to download/install the application from Website its working well but I really don't understand why all application aren't appears also in Software center I just want to tell you sometimes more that one of our Helpdesk claimed that sometimes several application are appears in software center and sometimes not , but as I checked always they

THANKS FOR HELP

My Website:www.Pelegit.co.il Mcitp /Mcsa 2012



Viewing all 6382 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>