Hi everyone,

as I tried to deploy some applications I got an Acces Denied Error in the dataTransferlog.log

"Error sending DAV request. HTTP code 401, status 'Unauthorized' DataTransferService 21.06.2013 16:21:01 5308 (0x14BC)"

I solved this problem by allowing anonymous Client Connections in the DP-Properties: 

I don´t think this is the best solution for this problem.

What permissions have to be set to get application deployment running without this anonymous connections?

Thanks in advance

Christian

With the conventional windows update uproach: you could tell group policy "download the updates but not install"

How do you accomplisyh this in sccm 2012?  

We want them to download to SERVERS but not install.  We want to go into software center and pick and choose the updates we want and just want them to say 'available'

How do we accomplish this?

We never want servers to automatically install windows updates.

Thanks,

Chad

So I already have SCCM SP1 rolled out everywhere and I have just found out there is a SCEP SP1 which we dont have installed yet.

http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/announcement-microsoft-anti-malware-platform-update.aspx

Is it only available as a windows update?

are there any server side changes?

is it applicable to an SCCM sp1 managed client? the above link seems to suggest its only applicable to standalone clients

My workstations are detecting it as applicable when I run windows update however my SCCM SP1 infrastructure servers are not is that weird?

Thanks

Hi everybody,
I have very unusual request: I NEED HELP ;) I worked unsuccessfully with this problem for two weeks already.
My goal is: functioning SCCM 2012 SP1 (yesterday installed CU1).

OS Platform: Windows Server 2008 R2 Enterprise SP1
Client OS: Windows7 Enterprise
SCCM client version: 5.00.7804.1000, yesterday upgraded to 5.00.7804.1202 with CU1
SCEP (Antimalware Client) Version: 4.2.223.0

History. What I did:
 - Installed SCCM 2012 (single site, three servers);
 - Configured it;
 - Upgraded to SP1 (SCCM client also changed theirs versions to 5.00.7804.1000 ) ;

Two important / problematic things for me is:
 - SCEP: antimalware policy doesn't work
 - SCCM client: WMI subsystem periodically broke.

I don't think that these two problems are related to each other so I separate them to two different threads. Here I'll describe SCEP problem.

---------------------
SCEP.
It was successfully installed (through SCCM policy) and it is working - scanning client, reporting to  server. Problem is that SCEP "Default Client Antimalware Policy" doesn't affect SCEP client.

What I found:

 - I changed "Default Client Antimalware Policy" (e.g. changed scanning time to: full scan on Friday 1PM and "Microsoft Active Protection Service" - to "Basic membership")

 - I see that C:\Windows\CCM\EPAMPolicy.xml is regenerated. I compared it to previous version and I see that settings from Antimalware policy came here. IT WORKS.

 - Registry: HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastApplietPolicy: all values are set to "2". In this case I have only default antimalware policy, but if I setup additional custom antimalware policy, I see it here also. So, IT WORKS.

 - Client log file "EndpointProtectionAgent.log". I see command "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml" and later there is status "applied … successfully". I even tried to launch this command manually (both - with double slash and without it). IT WORKS. I inserted excerpt from this log file in the bottom.

 - I look at SCEP client interface. Settings are not changed. Before reboot, after reboot. In one minute, in one hour, in one day..  IT DOESN'T WORK

What do I miss??

What I did additionally:
 - I found that after upgrade to SP1 Antimalware policies should be recreated. I recreated them.
 - I changed  "custom device settings" in SCCM: "Manage Endpoint protection client on client computers" to No, uninstalled SCEP clients manually, and changed this setting to "YES" and waited for SCEP reinstallation
 - I installed all Windows citical and security updates, all Office critical and security updates;
 - I installed:
 - -SCCM server: KB2828233
 - - SCCM server: SCCM SP1 cumulative update (KB2817245) (including database upgrade, SCCM clients upgrade); It was yesterday, but it doesn't seem to me that it helps.

What Is a little bit strange for me - that EndpointProtectionAgent.Log writes:
State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed
 
I would mind that if AntimalvarePolicy is changed also hash should be changed.. But I'm not sure..

----------------

Additional info:
Excerpt from EndpointProtectionAgent.Log exactly after changing Antimalware policy (setting Microsoft Active Protection Service" = "Basic membership" was changed)

<![LOG[Endpoint is triggered by WMI notification.]LOG]!><time="12:42:39.804-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:154">
<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:519">
<![LOG[EP version 4.2.223.1 is already installed.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:232">
<![LOG[EP 4.2.223.1 is installed, version is higher than expected installer version 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:265">
<![LOG[Handle EP AM policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:183">
<![LOG[Apply AM Policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:1192">
<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:42:40.036-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:607">
<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="12:42:43.672-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:659">
<![LOG[Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:267">
<![LOG[State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed.]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:339">
<![LOG[Skip sending state message due to same state message already exists.]LOG]!><time="12:42:43.788-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:1239">
<![LOG[Firewall provider is installed.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:779">
<![LOG[Installed firewall provider meet the requirements.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:800">

Hi all. After a recent monthly patching cycle, I had almost 100% of my servers reporting a known and accurate status (Compliant & Pending System Restart). I thought things were going great.

After a week I had another look at the enforcement states report and nearly 25% of my servers have jumped to "Enforcement State Unknown". On closer investigation,all of these servers are correctly prompting for a post-update installation reboot via the software centre.

Why does my reports claim they're all "Enforcement State Unknown" when I can see no issues at all with the clients? I've run the state message resend VBScript and that makes no difference.The status correctly changes to "Compliant" after a restart, but does not change under any other circumstances

Basically, I've got no confidence that the reports in 2012 are showing accurate information. All these servers should be at the state "Pending System Restart", not "Enforcement State Unknown" in my reports and its making life difficult for me in actually proving an accurate picture of my true patching states without physically logging onto each server to see the reboot prompt.

Summary - the reports are inaccurate and the clients are working correctly.

Any ideas?

Hi Folks,

New SCCM 2012 SP1 install.  I have created a COnfiguration Baseline with two Configuration Items in it.  I have this deployed to 39 Servers.  Here's the deployment status:

 7 Compliant
2 Non-Compliant
1 Client check failed/Active
29 Client check passed/Active

If you go to the clients who are Passed/Active, you'll see that the baseline is assigned properly, however Last Evaluation is listed as N/A and Compliance is "Unknown"

I've look through a bunch of logs, but can't seem to find anything wrong.

I can click Evaluate manually in the client and it immediately evaluates properly and returns data to the MP.

The Baseline was deployed over a week ago, and the schedule was set to 4 days, so we went past two evaluation cycles for the deployment.

Any ideas or places I can check?  Thanks!

Max

Hi,

I've got a single CCM 2012 server in a stand-alone primary site.

It was working well but it stopped updating the update catalog.

I went to the wsyncmgr.log and the last six entries are about no being able to connect to the SQL Server. 

I've restarted the server and this is the only component not working.

What can I do to solve this?

*** [08001][2][Microsoft][SQL Server Native Client 11.0]Named Pipes Provider: Could not open a connection to SQL Server [2].

*** [HYT00][0][Microsoft][SQL Server Native Client 11.0]Login timeout expired

*** [08001][2][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.

*** Failed to connect to the SQL Server, connection type: SMS ACCESS.

Error: Failed to get SQL connection. Source: CSafeSqlEx::CSafeSqlEx

STATMSG: ID=6700 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=MYSERVER SITE=ISE PID=2772 TID=5292 GMTDATE=dom Mai 19 09:05:02.425 2013 ISTR0="CSafeSqlEx::CSafeSqlEx" ISTR1="Failed to get SQL connection" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

My servers in the DMZ recently stopped receiving SCEP definition updates. I implemented SCCM 2012 at the beginning of the year and worked with my network team to allow SCCM\SCEP communication through my firewall. My primary site server is also my SUP and EPP. My boundaries are defined via AD Sites. My Default-First-Site and DMZ sites are both looking at the same distribution point. The DMZ boxes also receive all other updates successfully, it appears to just be SCEP that won’t update. I have went back and worked with my network engineers and see the traffic from the client passing through the firewall and reaching my primary site. The content is not being downloaded to the clients.

Note:

1. My DMZ servers receive the same policy as the rest of my server environment. The policy is configured to fall back to Windows Updates if the Configuration Manager is not available, however our firewall limits the external traffic, so I would expect the Windows Update portion to fail.
2. I have changed the FQDN’s to be generic (they were correct).

CAS.log:

Location update from CTM for content a0698318-6d79-4861-891d-d50eb9dab3e6.1 and request {F09BDA29-8550-4BE4-B67B-B2BD34394988}         6/13/2013 8:01:55 AM    3040 (0x0BE0)

Download location found 0 - http://server.domain.com/SMS_DP_SMSPKG$/a0698318-6d79-4861-891d-d50eb9dab3e6 6/13/2013 8:01:55 AM    3040 (0x0BE0)

Download location found 1 - net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/defu/2013/06/am_delta_fca05dcd2b7fbc9326926ec67db6e4c00732e3a3.exe               6/13/2013 8:01:55 AM    3040 (0x0BE0)

Download request only, ignoring location update            6/13/2013 8:01:55 AM    3040 (0x0BE0)

ContentTransferManager.log

Persisted locations for CTM job {AB6B89D4-D090-4130-B1FD-5F357724C71B}:

               (LOCAL) http://server.domain.com/SMS_DP_SMSPKG$/70e770ca-3779-4ebb-b26a-bff7f2270317               6/13/2013 11:01:55 AM  2508 (0x09CC)

Persisted locations for CTM job {95FADE5E-A877-4E61-B8E4-6276018E3A22}:

               (LOCAL) http://server.domain.com/SMS_DP_SMSPKG$/a0698318-6d79-4861-891d-d50eb9dab3e6               6/13/2013 11:01:55 AM  3908 (0x0F44)

Persisted locations for CTM job {C346A8CE-3D12-49DD-A141-6E90AFD2AFC3}:

               (LOCAL) http://server.domain.com/SMS_DP_SMSPKG$/36829869-ee7d-434d-bebf-60e0b051c805               6/13/2013 11:01:55 AM  2508 (0x09CC)

Raising event:

instance of CCM_CcmHttp_Status

{

               ClientID = "GUID:03A5B9AA-D320-4C9A-BBC2-B64A2C64EA9F";

               DateTime = "20130613171626.194000+000";

               HostName = "server.domain.com";

               HRESULT = "0x00000000";

               ProcessID = 1568;

               StatusCode = 0;

               ThreadID = 3484;

};

               6/13/2013 11:16:26 AM  3484 (0x0D9C)

Raising event:

instance of CCM_CcmHttp_Status

{

               ClientID = "GUID:03A5B9AA-D320-4C9A-BBC2-B64A2C64EA9F";

               DateTime = "20130613171626.194000+000";

               HostName = "server.domain.com";

               HRESULT = "0x00000000";

               ProcessID = 1568;

               StatusCode = 0;

               ThreadID = 3372;

};

               6/13/2013 11:16:26 AM  3372 (0x0D2C)

Raising event:

instance of CCM_CcmHttp_Status

{

               ClientID = "GUID:03A5B9AA-D320-4C9A-BBC2-B64A2C64EA9F";

               DateTime = "20130613171626.194000+000";

               HostName = "server.domain.com";

               HRESULT = "0x00000000";

               ProcessID = 1568;

               StatusCode = 0;

               ThreadID = 5028;

};

               6/13/2013 11:16:26 AM  5028 (0x13A4)

DataTransferService.log

UpdateURLWithTransportSettings(): OLD URL - http://server.domain.com/SMS_MP     6/13/2013 11:11:50 AM  3092 (0x0C14)

UpdateURLWithTransportSettings(): NEW URL - http://server.domain.com:80/SMS_MP             6/13/2013 11:11:50 AM        3092 (0x0C14)

Added (source=.sms_pol?{8a81b524-f9ef-4419-93c6-f5b00fe8f6a1}.458_00,dest={BF31E2A9-3F3D-4E51-B1B5-DABFAA0171E7}.tmp) pair from manifest.           6/13/2013 11:11:50 AM  3092 (0x0C14)

Added (source=.sms_pol?{e893eba0-4c0c-40f8-86c2-01526f25716e}.SHA256:5B82A33340585BF43FBEAE79B2C4E02571C6EC89365EACCA473A6CBB044D4888,dest={23ED3DB2-9349-4A6A-8B4B-20D76E898BB3}.tmp) pair from manifest.          6/13/2013 11:11:50 AM  3092 (0x0C14)

Added (source=.sms_pol?ScopeId_4FCE57AC-7D2C-40D0-8633-1C57DB11669C/AuthList_d78295ae-b4b6-4bae-bbef-647c461501cf/VI.SHA256:FA0604D281D9BE4B999B4AA3D84A196AAA8D005154BF1C4A3A2B5536A57688EC,dest={2DFF3895-EBCF-4857-8D1B-5E8A1FB31DDE}.tmp) pair from manifest.         6/13/2013 11:11:50 AM  3092 (0x0C14)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} created to download from 'http://server.domain.com:80/SMS_MP' to 'C:\Windows\CCM\Temp'. 6/13/2013 11:11:50 AM  3092 (0x0C14)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} in state 'PendingDownload'.          6/13/2013 11:11:50 AM  3548 (0x0DDC)

DTSFlag is 0x0000bc8a    6/13/2013 11:11:50 AM 3548 (0x0DDC)

Exclude file list:                6/13/2013 11:11:50 AM  3548 (0x0DDC)

Using branch cache option          6/13/2013 11:11:50 AM  3548 (0x0DDC)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} in state 'DownloadingData'.           6/13/2013 11:11:50 AM  3548 (0x0DDC)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} in state 'RetrievedData'.  6/13/2013 11:11:50 AM  4516 (0x11A4)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} successfully completed download.             6/13/2013 11:11:50 AM        4516 (0x11A4)

DTSJob {A630DA0A-C98A-4B9F-9472-51ADDD2453FA} in state 'NotifiedComplete'.          6/13/2013 11:11:50 AM  3548 (0x0DDC)

QUEUE: Error restarting queued DTS job {4A4620AE-A2BF-4180-AC42-2AE552F38E60}. Code 0x87d00215               6/13/2013 11:11:50 AM  3548 (0x0DDC)

QUEUE: Error evaluating DTS job queue.  Code 0x87d00215         6/13/2013 11:11:50 AM  3548 (0x0DDC)

Error sending callback notification for DTS job {A630DA0A-C98A-4B9F-9472-51ADDD2453FA}       6/13/2013 11:11:50 AM        3548 (0x0DDC)

LocationServices.log

Executing Task LSRefreshLocationsTask6/13/2013 11:01:55 AM 2508 (0x09CC)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  2508 (0x09CC)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  2508 (0x09CC)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  2508 (0x09CC)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  2508 (0x09CC)

Calling back with the following distribution points            6/13/2013 11:01:55 AM  2508 (0x09CC)

Distribution Point='http://server.domain.com/SMS_DP_SMSPKG$/70e770ca-3779-4ebb-b26a-bff7f2270317', Locality='LOCAL', DPType='SERVER', Version='7804', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://server.domain.com/SMS_DP_SMSSIG$/70e770ca-3779-4ebb-b26a-bff7f2270317.1.tar', ForestTrust='TRUE',            6/13/2013 11:01:55 AM  2508 (0x09CC)

Distribution Point='net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/defu/2013/06/am_delta_689a1002f3c8d8ba89f056c90e50fffa42d8910d.exe', Locality='REMOTE', DPType='WUMU', Version='0', Capabilities='<Capabilities/>', Signature='', ForestTrust='FALSE',               6/13/2013 11:01:55 AM  2508 (0x09CC)

Calling back with locations for location request {CF2DC93A-E51C-417A-BAAB-DEABE5AB46D5}    6/13/2013 11:01:55 AM        2508 (0x09CC)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  3908 (0x0F44)

Calling back with the following distribution points            6/13/2013 11:01:55 AM  3908 (0x0F44)

Distribution Point='http://server.domain.com/SMS_DP_SMSPKG$/a0698318-6d79-4861-891d-d50eb9dab3e6', Locality='LOCAL', DPType='SERVER', Version='7804', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://server.domain.com/SMS_DP_SMSSIG$/a0698318-6d79-4861-891d-d50eb9dab3e6.1.tar', ForestTrust='TRUE',         6/13/2013 11:01:55 AM  3908 (0x0F44)

Distribution Point='net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/defu/2013/06/am_delta_fca05dcd2b7fbc9326926ec67db6e4c00732e3a3.exe', Locality='REMOTE', DPType='WUMU', Version='0', Capabilities='<Capabilities/>', Signature='', ForestTrust='FALSE',               6/13/2013 11:01:55 AM  3908 (0x0F44)

Calling back with locations for location request {7DAEADEA-2534-4A18-9686-58642CC236DE}       6/13/2013 11:01:55 AM        3908 (0x0F44)

Current AD site of machine is DMZ          6/13/2013 11:01:55 AM  2508 (0x09CC)

Calling back with the following distribution points            6/13/2013 11:01:55 AM  2508 (0x09CC)

Distribution Point='http://server.domain.com/SMS_DP_SMSPKG$/36829869-ee7d-434d-bebf-60e0b051c805', Locality='LOCAL', DPType='SERVER', Version='7804', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://server.domain.com/SMS_DP_SMSSIG$/36829869-ee7d-434d-bebf-60e0b051c805.1.tar', ForestTrust='TRUE',          6/13/2013 11:01:55 AM  2508 (0x09CC)

Distribution Point='net:http://wsus.ds.download.windowsupdate.com/msdownload/update/software/defu/2013/06/am_delta_9f50bbb8a98ec92d1335a3b178b892ab91d156ea.exe', Locality='REMOTE', DPType='WUMU', Version='0', Capabilities='<Capabilities/>', Signature='', ForestTrust='FALSE',               6/13/2013 11:01:55 AM  2508 (0x09CC)

Calling back with locations for location request {930453B6-8F7B-47A6-B1B6-9782673C6E0F}          6/13/2013 11:01:55 AM        2508 (0x09CC)

Hello,

I have created an Antimalware policy and exported it with the ConfigMgr 2012 console.

When I import this xml file with the ConfigMgr 2012 console in another environment, the Realtime protection in the policy is enabled.

When I import the same xml file with the Import-CMAntimalwarePolicy cmdlet, the Realtime protection in the policy is NOT enabled.

ConfigMgr 2012 version is: 5.0.7804.1202

Does anyone have any idea?

Grtz,

Sven

Today I tried to publish some Adobe Flash updates in SCUP 2011 and kept getting an error in the SCUP.log

PublishPackage(): Operation Failed with Error: CreateDirectory failed

I checked the C:\WSUS\UpdateServicesPackages directory and found the permissions were correct but the directory was empty. The share for UpdateServicesPackages was missing too. My guess is that the directory and share were corrupted from a power failure we had a few days back. At this point, Publishing and / or expiring is hit or miss. I've noticed that items that do get published disappear after a few minutes from the UpdateServicesPackages directory.

What are my options here? Should I reinstall SCUP from scratch?

Orange County District Attorney

My WSUS sync is not completing...the sync stops becasue of consecutive failures.

Here is information from the wsysmgr.log file...

Failed to sync update 58e9eaca-4cc8-429d-9d0f-3e2d47c1cfbc. Error: Failed to save update d5e943ee-de45-441f-b912-00218cb4a567. CCISource error: -1. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:08 PM 5312 (0x14C0)
*** insert into CI_DocumentStore (DocumentIdentifier, Body, IsVersionLatest, DocumentType) values ('a62a5492-fc25-461e-bbc6-3a96692f7d60', '', 0, 0)~;select SCOPE_IDENTITY() SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:09 PM 5312 (0x14C0)
*** [23000][2627][Microsoft][SQL Server Native Client 10.0][SQL Server]Violation of UNIQUE KEY constraint 'CI_DocumentStore_AK'. Cannot insert duplicate key in object 'dbo.CI_DocumentStore'. The duplicate key value is (a62a5492-fc25-461e-bbc6-3a96692f7d60). SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:09 PM 5312 (0x14C0)
Failed to sync update 31a3efac-f66d-47bc-90f3-71d7c0443be4. Error: Failed to save update a62a5492-fc25-461e-bbc6-3a96692f7d60. CCISource error: -1. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:09 PM 5312 (0x14C0)
*** insert into CI_DocumentStore (DocumentIdentifier, Body, IsVersionLatest, DocumentType) values ('54c677cf-6f9c-45fe-b2f2-06c9d64d825c', '', 0, 0)~;select SCOPE_IDENTITY() SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:11 PM 5312 (0x14C0)
*** [23000][2627][Microsoft][SQL Server Native Client 10.0][SQL Server]Violation of UNIQUE KEY constraint 'CI_DocumentStore_AK'. Cannot insert duplicate key in object 'dbo.CI_DocumentStore'. The duplicate key value is (54c677cf-6f9c-45fe-b2f2-06c9d64d825c). SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:11 PM 5312 (0x14C0)
Failed to sync update 180d1373-0470-4043-a197-890e5c546397. Error: Failed to save update 54c677cf-6f9c-45fe-b2f2-06c9d64d825c. CCISource error: -1. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:11 PM 5312 (0x14C0)
*** insert into CI_DocumentStore (DocumentIdentifier, Body, IsVersionLatest, DocumentType) values ('20580fd2-ff6a-456f-8b6f-47965f700599', '', 0, 0)~;select SCOPE_IDENTITY() SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:12 PM 5312 (0x14C0)
*** [23000][2627][Microsoft][SQL Server Native Client 10.0][SQL Server]Violation of UNIQUE KEY constraint 'CI_DocumentStore_AK'. Cannot insert duplicate key in object 'dbo.CI_DocumentStore'. The duplicate key value is (20580fd2-ff6a-456f-8b6f-47965f700599). SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:12 PM 5312 (0x14C0)
Failed to sync update 5a120a57-f5cf-449a-9c64-8f859470f340. Error: Failed to save update 20580fd2-ff6a-456f-8b6f-47965f700599. CCISource error: -1. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:12 PM 5312 (0x14C0)
Too many consecutive failures. Aborting sync. SMS_WSUS_SYNC_MANAGER 4/19/2012 1:17:12 PM 5312 (0x14C0)

Any thoughts?  I have tried uninstalled the software update points and WSUS on the servers.

We have a CAS and 1 primary. The CAS is the Active SUP and syncing with Microsoft, this is where the errors are occuring.

Thanks in advance!

I migrated our 2007 environment to 2012 and everything seemed to go as expected.  I installed the 2012 client on a collection of servers that we use for testing the monthly updates. 

I created a software update group for the September patches and deployed them using the template that was migrated from the 2007 environment.  I then created a one time maintenance window to run from 8:00 am to 12:00 pm, so I re-scheduled another maintenance window for the following Sunday (the 30th) with the window being from 8:00 am to 3:00 pm.

On the Friday before the maintenance was scheduled to occur, I glanced at the report for evaluating the state of the deployment.  It reported that 8 servers had downloaded the updates and that 34 were unknown.  I ran a machine poilcy retrieval on the collection and went home.

Came in on Sunday around 9:00 am, and at that point out of 42 servers only about 4 had installed the updates.  I loooked at the report for evaluation again and it said all the servers had downloaded the updates.  I gave it about a half hour and ran the Enforcement states of a deployment report.  It said 2 servers were compliant and 40 were unknown.  I manually checked a couple servers from the collection and found some weird stuff.  First off, I noticed that many of them had installed one or two updates on the 28th.  There was no maintenance window open on the 28th (we are not allowed maintenance during the work week), so how those updates happened is beyond me.  I also noticed that there didn't seem to be any current activity in regards to installin gthe upates I had set up for deployment.

By 11:00 am that day there were no installations happening beyond those two initial servers.  I disabled the deployment I had made, and created a new one with installation to begin immediately (the maintennace window was still open, in fact I had extended it to 6:00 pm, and started another machine policy retrieval).  Still, by 1:00PM there were no installations happening and the enforcement report for the new deployment showed all 42 servers in an unknown state.

Since our servers are supposed to be ready for use by 12pm on Sunday, I decided to disable this new deployment, close the maintenance window and I sent our another machine policy retrieval cycle.

I went home and came in on Monday and started looking at logs.  At 5:00pm on Monday I went home and shortly after that I got a call from work that a couple of our servers were installing updates and rebooting.  So Monday night it appears that 5 more servers installed updates and rebooted without a maintenance window being open.

Some background....one 2008 r2 server is MP and DP and site server and software update point and a few other things.  back end is a 2008 sql server.  I have a couple of other DP's set up at our outlying facilties around the country.  It's the same basic layout I had for 2007, which never really gave us any problems.

I never had any formal training at SCCM, but I did install the original environment and had a MS contractor come in afterwards and tweak and verify things.  So I am not by any means an expert at pouring through all the right logs to figure out what the heck is wrong with our new environment.

Hoping for a few tips, suggestions fo what to check.

At this point there is no open maintennace windows set up or scheduled, and there have been no further install sor reboots outside of maintetance windows.

Hi,

This is my test setup:

0. CAS with Remote SQL, AIS and Reporting

1. Primary site with Remote SQL, MP, SUP, DP, FSP and few clients attached to it

2. Secondary Site with SQL, MP, SUP and DP with few clients

3. Seperate boundary for primary site and seconadry site (Boundary defination is based on IP Range); and each boundary is in its own boundary group. (i.e seperate boundary group) There is no active directory site defined inside Config Manager 2012. 

4. There is a Active Directory DC but no group policy to force WSUS setting

5. I have checked the replication b/w primary and secondary and OK

6. Secondary site SUP is set as Active Software Point (checked from CAS console by selecting seconadry site and going through site components - SUP

Problem:

I have a client within secondary site boundary but not getting the SUP of secondary site.

Tested so far:

a. Client is getting MP of secondary site (checked in Locationservices.log of client)

b. Client is getting DP of secondary site (checked in Locationservices.log of client)

c. But client is getting the SUP of Primary site ????? :(  {not the SUP of secondary site as expected}

d. I have run rsop in client and found the WSUS setting is coming from local policy (i.e not from group policy)

e. WUAHandler shows the entry of primary site server [ not the seconadry server SUP]

The above log is something like this;

WSUS Path='http://primarysiteSUP:8083

WSUS Path='http://SECONDARYsiteSUP:8083

WSUS Path='http://primarysiteSUP:8083

and finally client gets WSUS Path='http://primarysiteSUP:8083. How this election happens? any logic or algorithm or rule?

Please tell me why the client is not getting the SUP server of secondary server?

saravanan rajappa

Hello,

I have been following the steps to setup SCCM 2012.  I beleive something I did is now pinning our internet traffic to maximum capacity and everyone is yelling at me becaus ethe internet is so slow.  I assume it is something I did with WSUS.  I wish I could give more info but I am so new to SCCM that I am not sure what I did.  I have reviewed steps 1-6 and deleted/recreated the Software Update Groups, Auto Deployment packages, and Deployment packages.  Can anyone suggest the quickest way to troubleshoot?
Thanks!!

me

I have read, read, read many forums/posts about this issue however I cannot find one that solves my issue.

Setup:

1 Server running 2008 R2 with SCCM installed. We will call it SRV1.

2nd Server running 2008 R2 running our WSUS. We will call it SRV2.

I pointed my Software Update Point role to the 2nd server, when I try to sync all updates I get the following error:

On 7/11/2012 7:38:58 AM, component SMS_WSUS_SYNC_MANAGER on computer SRV1.domain reported:   WSUS Synchronization failed.

 Message: WSUS server not configured. Please refer to WCM.log for configuration error details..

 Source: CWSyncMgr::DoSync.

  The operating system reported error 2147500037: Unspecified error

Log Name: Application
Source: SMS Server
Event ID 6703
Level: Error
User N/A
Task Category: SMS_WSUS_SYNC_MANAGER

SRV1 Domain functional level is 2008 Native mode so I saw that SSL needed to be enabled on SRV2 for WSUS to work with SRV1.
I created my Certificate and enabled SSL but now I cannot even open WSUS console on SRV1 or my PC.

I imported the certificate to SRV1 but that still fails.

I confirmed BITS was set to automatic and service has started.

On SRV1 (SCCM 2012) I added the Application Catalog Web Service Point and App Catalog Website Point.

Should those 2 services be on SRV2 since it has the SUP role?

The reason I ask this is because I get 2 other errors in my Event Log pertaining to those services:

I have been trying to fix this issue for 4 days now and no luck, any help would be greatly appreciated!

We applied a series of updates to servers last night and were doing do diligence on them to verify that everything updated properly.  The majority of the systems updated with no problems.  A small percentage (about 1%) didn't report any status back at all.  As if they hadn't even started.

On further investigation of one of the computers we discovered some interesting observations:

• The computer had been updated and even went through two reboot cycles automatically in the maintenance window as expected.  As part of troubleshooting, we did two additional reboots to no effect.
• The software update scan inventory shows the updates were applied, as does the computers Software Updates list.
• The Sofware Center Installation Status shows 5 updates requiring restart (2829530, 2847204, 2804579, 2829361, 2830290).
• The UpdatesDeployment.log is showing there is a pending restart.  Nothing else looks like it's having any problem.  It is still showing total actionable updates = 5.
• We have tried initiating actions for "Software Update Scan Cycle" and "Software Updates Deployment Evaluation Cycle" to no effect.
• The computer is communicating with the MP, and status is being reported for other things.
• The deployment status in the SCCM console shows the status as unknown for this deployment.  The category is "Client check passed/Active".
• The OS is WS 2008 R2, the server and agent are SCCM 2012 SP1.

Basically the software update compliance operation does not appear to be working, and neither do any of the status messages get reported back.  I haven't gone and looked at the status messages yet since it appears to be something at the source causing the issue.

Bob

I'm attempting to get the Configuration Manager 2012 Console to connect to our site server through our firewall. I went through the pertinent documentation and allowed the standard ports that are needed. The console is attempting to connect on TCP port 1027 and I cannot find a reference to this port in any of the documentation. Can anyone tell my why the console is trying to make this connection? I have to justify all port requests with our security team.

Thanks

I have an error that one of the update source locations in an update package can't be found.  The path in the content status even shows what it should be, and sure enough it doesn't exist. The path is the location designated for the package plus a GUID.  My problem is I can't find a way to translate that GUID into which update I'm having a problem with.  The console doesn't show any information and the GUID doesn't match any of the updates.  I went poking around in the database but couldn't find anything obvious.  The log files unfortunately weren't any help either.

Does anyone know a way to figure out what update this is.  My only other alternative is to delete the package and start over from scratch.

Bob

Hi,

I migrated our SCCM 2012 SP1 server from a 2008 R2 box onto a 2012 box. I did this using a backup and restore method. My database is on a seperate database and was not touched. All went well apart from software updates no longer seem to install apart from a handful of machines. out of 700 computers software updates have worked on 10. We use Endpoint Protection so would like to get this working soon if possible. The problem is happening for old and new updates.

I have reinstalled the DP and the SUP and it hasn't helped.

In WUAhander.log on a broken client i am getting these errors:

OnSearchComplete - Failed to end search job. Error = 0x80244007. WUAHandler 11/06/2013 10:52:04 1040 (0x0410)
Scan failed with error = 0x80244007. WUAHandler 11/06/2013 10:52:04 1040 (0x0410)

I found this on the internet but i don't have any target groups, so that didn't help.

Does anyone have any suggestions please?

Thanks