Need to use SCCM to search my network for instances of CBS.log files over 50MB.

January 26, 2016, 7:49 am

≪ Previous: WSUS trying to delete content folders

Hello,

It became apparent to us today that we had CBS.log files that were far over the standard 50MB size. Some were in the tens of Gigabytes. So I got the idea to run a report in SCCM that would search for instances of this log file that was over the standard 50 MB. For those of you who don't know the behaviour of this log file, when it reaches 50MB it is supposed to be archived into a .cab file for space. As my researched showed, this is a pretty regular problem for some people where the service stops doing this. We have a workaround that we can use in order to fix this on an individual basis, however we want a means of identifying these machines before it becomes a problem. I did some research and found some people doing very similar things here:

https://social.technet.microsoft.com/Forums/en-US/b055165a-6387-4502-9b2b-9babef6fe7f4/report-query-for-file-size-of-specific-file-in-sccm?forum=configmgrgeneral

I tried to follow steps mentioned in that article in our Test environment. I created a software inventory client setting to search for the CBS.log file under the directory C:\Windows\Logs\CBS\. I used the right click tools to run the software inventory cycle on the local machines. Then I created a report that would display all cbs.log files on the machines that are over 50MB, waited awhile and nothing was showing up in the report. So I adjusted the report to display all cbs.log files that are over 1MB. Nothing yet.

So I am unsure if the software inventory is just taking awhile to gather this, or if I have done something wrong in the process. Am I missing something?

This is the query I created for the report that I got from the above link:

SELECT SYS.NetBIOS_Name0, SYS.User_name0, v_GS_CollectedFile.FileName, v_GS_CollectedFile.FileSize, v_GS_CollectedFile.FilePath
FROM v_R_System SYS
LEFT OUTER JOIN v_GS_CollectedFile on SYS.ResourceID= v_GS_CollectedFile.ResourceID
Where v_GS_CollectedFile.FileName like '<CBS.log>' and v_GS_CollectedFile.FileSize >1

↧

radenko

February 11, 2016, 2:46 pm

≫ Next: radenko

≪ Previous: Need to use SCCM to search my network for instances of CBS.log files over 50MB.

60000

↧

radenko

February 11, 2016, 2:50 pm

≫ Next: "Updates were installed" is not updated when machines updates through SUP

≪ Previous: radenko

60000

↧

"Updates were installed" is not updated when machines updates through SUP

February 11, 2016, 11:55 pm

≫ Next: How additional software update point (SUP) works

≪ Previous: radenko

In the pc settings the line where it says what the last time was that updates were installed is not correct. The updates are done with SUP so I think there might be a problem between what the computer thinks and what is really on it.

And hereunder the printscreen of the updates that are dated after 24/07/2015

↧

How additional software update point (SUP) works

February 11, 2016, 6:34 pm

≫ Next: SCCM compliance report showing updates not included in the Software Update Group

≪ Previous: "Updates were installed" is not updated when machines updates through SUP

Hello,

Need to understand from the perspective of minimizing network b/w utilization-

I am having SCCM 2012 primary site running with all required roles including SUP and DP at remote branches.

Suppose later on if we install the SUP role on DP at remote branches then the clients of remote branches will pick up the local SUP by default or remain connected to primary SUP only until the scan failed at primary SUP.

If remain connected to primary SUP then please suggest how to configure client to use local SUP.

Regards

Parag

↧

SCCM compliance report showing updates not included in the Software Update Group

February 12, 2016, 1:56 am

≫ Next: SMS NOTIFICATION SERVER failed to initialize msg ID 9800, error 2147654730

≪ Previous: How additional software update point (SUP) works

In SCCM 2012 r2 I'm running the "Compliance 1 - Overall compliance" report. This report returns the overall compliance data for a software update group.

I had a software update group with all the updates for Server 2008R2 up until the end of December 2015. I applied this group to my collection early in January - ran the report and got 100% compliance. I ran it again today as I needed the report for a meeting and it's only 45% compliant. It's failing on a number of updates - all MS16 bulletin ID's, that don't appear in my group. I've checked the membership of the group - there's no MS16 bulletin ID's in it so why is the compliance report looking for them?

Any ideas?

Thanks

↧

SMS NOTIFICATION SERVER failed to initialize msg ID 9800, error 2147654730

February 9, 2016, 11:54 am

≫ Next: How really WSUS (with SCCM) is working inside?

≪ Previous: SCCM compliance report showing updates not included in the Software Update Group

On one of my SCCM suites the SMS_NOTFICATION_SERVER is having trouble. The message ID in monitoring is 9800 and the message says "Notification Server on <server fqdn> failed to initialize. The operating system reported error 2147654730: Error loading type library/DLL." My BGSERVER.LOG is almost solid red. It keeps repeating "Failed to create bgbservercontroller instance 800029c4a." I can't find anything to tell me which library/DLL this is nor how to fix it. The closest thing I can find is a thread on failed to initialize but the error code is different so it didn't help. The other BGB logs look clean. I can't find anything in the Server 2012 event viewer that corresponds to this.

Any help appreciated.

Ben JohnsonWY

↧

How really WSUS (with SCCM) is working inside?

February 12, 2016, 7:30 am

≫ Next: SCCM 2012 R2 SP1 CU1(2) - Windows 10 ADK fails to offline service Windows 8.1

≪ Previous: SMS NOTIFICATION SERVER failed to initialize msg ID 9800, error 2147654730

I was investigating an issue with false vulnerabilities like certain host is reported as requiring certain MSXX-XXX to be installed whereas it is not a subject to such vulnerability and similar false positives.

And the way out to address/control/remediate such situations lies in the WSUS/SCCM way of work I believe.

Could someone explain which entity and by which algorithm finds certain host vulnerable to a list of security updated?

Where is it happening? On the host where SCCM/WSUS client is running by trying to apply the whole list of possible vulnerabilities (thousands of them) or on WSUS/SCCM server by matching list of known assets with their descriptions against list of vulnerabilities (Security updates).

Is there a mechanism to control this behavior, other then selecting product type (e.g. Windows 7) and category (e.g. Security updates).

I tried to search internet and TechNet on this topic but found no mentioning of how it is happening inside and if it can be managed.

Could someone advise an explanation?

Monday, February 01, 2016 12:09 PM

All replies

Vote

Hi Kuba.pl,

If you are talking about SCCM with WSUS, you need to turn to SCCM forum for better help, since SCCM/WSUS works different from WSUS alone.

SCCM forum:

url

>Is there a mechanism to control this behavior, other then selecting product type (e.g. Windows 7) and category (e.g. Security updates).

As for WSUS, it seems we couldn't control the behavior of how server and client evaluate the updates. Here is an article about the feature of wsus, we may learn a little about how wsus works from the article. For more detailed process, it seems we need to turn to the deployment team.

url

Best Regards,

Anne

Unfortunately I wasn't able to find the other way to move the question than copy and paste.

↧

SCCM 2012 R2 SP1 CU1(2) - Windows 10 ADK fails to offline service Windows 8.1

November 12, 2015, 12:02 pm

≫ Next: Software Center 0x8024402 Errors

≪ Previous: How really WSUS (with SCCM) is working inside?

Hey, we upgraded to the Windows 10 ADK on our System Center Configuration Manager 2012 R2 SP1 CU1 (now CU2) servers. Since we did this upgrade, offline servicing no longer works for our Windows 8.1 images. Our Windows 10 and Windows 7 images offline service just fine. Anyone else see this or have any ideas on how to fix this? Thanks!

Here is the error from the OfflineServicingMgr log file:

Checking if update (2 of 20) with ID 16890813 needs to be applied on the image. 1 content binarie(s) are associated with the update. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:28 AM 10080 (0x2760)
dism.exe tool info: version=10.0.10240.16384, architecture=9 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:28 AM 10080 (0x2760)
Update applicability check is not supported. Dism.exe command line is below: SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
"C:\Windows\system32\cmd.exe" /q /c ""C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" /Image:"C:\ConfigMgr_OfflineImageServicing\01A000D1\ImageMountDir" /LogPath:%WINDIR%\Logs\Dism\dism_sccmAMD64.log /English /Get-PackageInfo /Packagepath:"C:\ConfigMgr_OfflineImageServicing\84cb9010-b27c-4962-ad44-9f5180f1fe3c\windows8.1-kb3074232-x64.cab">>C:\ConfigMgr_OfflineImageServicing\01A000D1\_@7DA8.tmp" SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
GetUpdateApplicability returned code 0x80070057 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Applicability State = APPLICABILITY_CHECK_NOT_SUPPORTED, Update Binary = C:\ConfigMgr_OfflineImageServicing\84cb9010-b27c-4962-ad44-9f5180f1fe3c\windows8.1-kb3074232-x64.cab. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Applying update with ID 16890813 on image at index 1. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
dism.exe tool info: version=10.0.10240.16384, architecture=9 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Failed to install update with error code 87 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)
STATMSG: ID=7909 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=server.mydomain.comSITE=01A PID=3480 TID=10080 GMTDATE=Thu Nov 05 16:03:54.969 2015 ISTR0="16890813" ISTR1="01A000D1" ISTR2="1" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)
No need to apply this update binary since it's not required on the mounted image. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)

↧

Software Center 0x8024402 Errors

February 12, 2016, 3:38 pm

≫ Next: software updates reports below category or types

≪ Previous: SCCM 2012 R2 SP1 CU1(2) - Windows 10 ADK fails to offline service Windows 8.1

I kept getting the 0x8024402 error in Software Center when updating some of my servers today and after some research, I found that it had to do with the WSUS Application Pool in IIS on my Primary Site Server had stopped. After restarting it, all was well for a brief time and it kept stopping. After researching this further, I discovered that I had to increase the memory on "Private memory in usage (in KB)" setting in the "Recycling Conditions" properties. This setting was initially using around 1GB before I had modified it. I then increased this to 5GB and then I stopped and restarted the WSUS Application Pool. When trying to restart the WSUS Application Pool I received the error below.

Can someone please explain why this occurs?

Thank you all very much for your help.

↧

software updates reports below category or types

February 14, 2016, 4:02 am

≫ Next: How Do I Execute .ps1 scripts which are in different drive (SCCM Installation in C: Drive , Scrips are in D: Drive)

≪ Previous: Software Center 0x8024402 Errors

Hi All Kindly let me software updates reports below category or types of report means which scenario will be used

software Updates -A compliance
software Updates -B deployment management
software Updates-C deployment states
Software updates -D Scan

↧

How Do I Execute .ps1 scripts which are in different drive (SCCM Installation in C: Drive , Scrips are in D: Drive)

February 14, 2016, 5:53 am

≫ Next: it is right method?

≪ Previous: software updates reports below category or types

When I Set-Location for site, I cant see scripts to Run

SCCM Installation files in Drive C, All My Scripts are in Drive D. When I Set my Location for Site Code I m not able to pick my ps1 scripts which are in Drive D: below is PS prompt

PS PRD:\>

From this prompt I m try to pick "test.ps1" which is in D:\

Microsoft TechNet Forum Bandara

↧

it is right method?

February 14, 2016, 4:30 am

≫ Next: antivirus

≪ Previous: How Do I Execute .ps1 scripts which are in different drive (SCCM Installation in C: Drive , Scrips are in D: Drive)

I have created Deployment Package called Windows7 and keep creating Monthly patches (software groups) and adding to windows7 packages once we added it automatically update to DP's finally we will deploy software updates group to workstation it is right method?

↧

antivirus

February 14, 2016, 8:03 pm

≫ Next: Internet-Based Clients via Azure Web Application Proxy

≪ Previous: it is right method?

For windows server 2012 , Which antivirus is good?

Installed System center Endpoint protection(Antimalware Client Version: 4.7.214.0 Engine Version: 1.1.12400.0) in our production server which is windows server 2012 . Will it be enough for protection?

↧

Internet-Based Clients via Azure Web Application Proxy

January 29, 2016, 3:33 pm

≫ Next: SCCM 2012 - Update Query

≪ Previous: antivirus

I know my question is related to 2 different technologies but it's still an SCCM question.

I have a customer who want to continue manage his SCCM client of the internet for application deployment and compliance.

he has EMS licenses for all of the users. using Intune, well... I understood it won't work as those client are already managed by SCCM and you can't have one device managed with both of them, so we figured our only option is Internet Based clients.

so, I understand the prerequisites but I was wondering if instead of publishing the MP+DP via a traditional TMG\UAG or F5 etc.. do you know if it's possible to take advantage of the Azure Web Application Proxy? as he doesn't use SUP, I figured all of the client communication with the server is IIS on 443 port, so it's kinda answers the prerequisites if I publish the website with passthru authentication.

has anyone tried it before? any related document that might help with the setup?

or even more in general- is that the right solution to manage domain joined clients over the internet?

thanks

↧

SCCM 2012 - Update Query

February 5, 2016, 2:42 am

≫ Next: Servers are not installing Security patches deployed by SCCM

≪ Previous: Internet-Based Clients via Azure Web Application Proxy

Hi All,

Need an advice. I have security patch report given by security team stating those are not applied and this is released in 2014.

1. I did sync recently and When i verified in SCCM console those security vulnerability patches are not available. BUt when i verified in WSUS it is there but says "Not Approved". Is it superseded. Is there a specific reason
2. Can we approve those patches manually in wsus and make it publish in SCCM

Regards, Pratap

↧

Servers are not installing Security patches deployed by SCCM

February 15, 2016, 1:43 am

≫ Next: When are new software updates deployments active?

≪ Previous: SCCM 2012 - Update Query

Hi,

As part of quarterly server patching, we deployed Security updates released by MS on our servers.

These patches were installed on most of the servers successfully, but few servers are showing as "Update not Required" in SCCM reporting. However, these servers are showing asCompliant.

We are not sure, if this is a regular thing or there is something wrong due to which these servers are unable to download and install the patches.

Can anyone advise us here. Thanks in Advance..!

Aakash Saxena

↧

When are new software updates deployments active?

February 15, 2016, 3:19 am

≫ Next: SCCM Client failed to get windows update - Error 0x8024401b

≪ Previous: Servers are not installing Security patches deployed by SCCM

Hello!

I would be glad if someone could help me with this ...

I want to know which settings define the maximum interval after that a new software updates deployment becomes visible (available) on a sccm client since it was configured on the sccm server.

In my tests I configured a deployment for a software updates group (required, available as soon as possible, display in software center and show all notifications) and triggered a "machine policy retrieval & evaluation cycle". Nothing happens. I thought that a new Software Updates Deployment would be recognised on a client when a "machine policy retrieval & evaluation cycle" runs (which is defined in "Client Policy" (Client Settings)). Instead I have to trigger a "Software Updates Deployment evaluation cycle" on the client so that the deployment becomes available on the client.

Where do I have to configure (which setting) in order to specify this "Software Updates Deployment evaluation cycle" interval? Which settings define the maximum time till a software updates deployment will be visible (available) on a client since it is activated / configured on the sccm server?

↧

SCCM Client failed to get windows update - Error 0x8024401b

February 2, 2016, 12:17 pm

≫ Next: How can I get compliance report for update that is already expired?

≪ Previous: When are new software updates deployments active?

SERVER Version 2012 R2

SCCM Version 2012 R2

Problem description: We use SCCM Software Update to deploy month patching, when doing January patching, all clients completed patching except one client (client is server 2012r2).

Please see attached log files screenshot on client:WindowsUpdate.log, WUAhandler.log, UpdatesDeployment.log, UpdateHandler.log

Also attached client activity status screenshot.

As you can see on WindowsUpdate.log, client is trying to use a proxy server but there is non setup for the environment, my Internet Options Proxy server checkbox is unchecked, Automatically detect settings is ticked, I tried unticking it, made no difference.

I searched the Proxy Server address in registry key, found only two matches, please see registry screenshots.

on other normal clients, registry key CachedProxy is not set, CachedProxyAccessType, CachedProxyBypass and LastKnownGoodProxy are all set to value "1" , I manually set the problem client registry key same as health client, but it will get reset again.

I have checked SCCM and GPO and cannot see what is resetting this registry key. any help would be appreciated.

↧

How can I get compliance report for update that is already expired?

February 16, 2016, 6:10 am

≫ Next: Windows 10 1511

≪ Previous: SCCM Client failed to get windows update - Error 0x8024401b

Hello all,

please look at scenario:

Security Dept ordered deploying of for example Cumulative Update for January. Next month for February, and next for March. Our flavor of Cumulative Updates are expiring month by month, so January's update disappears from January's update group, as well as from whole db (of updates). Suddenly, out of nowhere, security dept claims that there was a security breach based on vulnerabilities from January CU.

My question is: is there a way to show that we had really deployed January CU, despite of it's lack in db because January CU is expired and has gone from db?

Thanks

Michał

↧

Latest Images