Hi,
We have a SCCM environment (CAS and 4 Primary site servers) all Primary SUPs are in remote Box.
We are going to migrate the Server operating system starting from CAS server, so after i migrated the Server CAS OS from 2008 R2 to Server 2012 R2, will it work with the Primary SUPs which are on Server 2008 R2 boxes.
Hi All,
In our environment we have SCCM 2012 R2 SP1. We do server patch management using the same. We have noticed that some servers are showing patch complaint without even installing the patches. On one server last patches were installed in Nov 2015 after that no
new patches have been installed.
I have tried to run software update cycles and checked log files but it shows 0 required patches.
Please suggest.
Dear All,
I am observing a strange behavior in a couple of Windows 2012 R2 and Windows 08 R2 servers.
Problem : When pushing out applicable updates on the said servers, the compliance report says the servers are compliant, however when i manually login to those servers and check, none of the applicable updates have installed.
I have SCCM 2012 R2 SP1.
Strangely, even the logs says nothing about it....All i find in the updatesdeployment.log is "Total actionable updates is 0" where infact there are many "actionable\applicable" updates present in the Update group i am pushing.
I also checked content versions using the below query..
select * from CI_UpdateCIs order by MinSourceVersion desc --> running this gives minsourceversion as 80
select * from wsusserverlocations--> running this gives sourceversion as 81
Any help would be highly appreciated. Thank you.
I have implemented SCCM 2012 r2 Server (Primary Server) and enabled SCEP with configured ADR (automatic deployment rule). ADR deployed on client collection. recently I found lots of machines showing "Active Client risk 1490" in SCEP dashboard and client SCEP showing unprotected mode. Can someone please help on this....
Thanks,
Prakash KumarHi,
After setting up SCCM 2012 R2 SP1 we are now moving the first clients to the new WSUS on SCCM instead of the old WSUS.
SCCM is configured to use https.
if I look at the windowsupdate.log on a 2008 client is see the client is connecting to wsus https (port 8531) but a few lines further its trying to download the eula file true http (port8530) which is blocked.
any guidance in why the client is trying over http instead of https?
part of the windowsupdate.log:
2016-06-2310:47:51:0061020a1cPT+++++++++++ PT: Synchronizing server updates +++++++++++Hi, hope someone can help us with the following enquiry:
We have an SCCM 2012 environment with a Single Primary Site containing multiple Software Update Points (SUPs).
These SUPs are all sharing a single SUDSB database (as recommended by Microsoft), and this database is being synchronized from the external "Microsoft Update" location.
We have seen the anticipated behaviour that the first installed SUP becomes the "Master SUP", and is automatically configured to be the SUP which downloads changes from Microsoft. Any additional SUPs that we install configure themselves to Synchronize from the Master SUP - so what we see in the SCCM Console under Monitoring, Software Update Point Synchronization is:
- The first (Master) SUP has a Synchronization Source of "Microsoft Update".
- Any other SUPs have a Synchronization Source of the Master SUP.
Now, what we're trying to work out is what can happen from a recovery perspective if the Master SUP fails... I guess that could happen in a number of ways, but let's consider someone accidentally destroys the Virtual Machine on which it runs - with no backup of the disk images.. Here's a few questions -
1. As the Master SUP is no longer present, the other SUPs can't connect to it when they try to synchronize.. So what do they do? Do they just fail and continue failing forever, or does one of them somehow take over the role of the Master SUP and start synchronizing from Microsoft for the others?
2. (I guess this will change depending on the answer to 1), but how can we recover from this situation - i.e. if we build another Site Server (with or without the same name as the failed Master SUP, not sure?...), then can we force it to take over the activities of the previous Master SUP and carry on doing the synchronization? I guess this could depend on which (if any) of the other SUPs are acting as the Master SUP during the outage, as in that case we'd need to somehow re-point the synchronization activity from Microsoft to the newly built replacement machine, but I'm not sure how we'd do this - I don't believe there is anything in the SCCM Console allowing this to be configured...
We would be very grateful for any help and advice you could offer.
Many Thanks
I recently had to rebuild the Software Update Point in our primary site. I installed the WSUS and IIS server roles and then added the SUP role through the SCCM console. The server was acting sluggish and I found that the w3wp.exe process associated with the WSUSPool application pool is constantly at 100% CPU and will eat memory until it gets to the recycle limit value. I saw numerous threads about changing the recycle limit to higher than the default value but that just gives it more time until it recycles as it eats all that memory too. Has anyone else seen this issue?
Good Day,
I am looking for a why to automate Software Updates in our environment utilizing CM12.
Our environment only approves, downloads, and deploys the updates that show as Required by client workstations.
When I search all software updates in the CM Admin Console I can create a saved search that uses the Required field being greater than 1.
When I use PowerShell a field that shows the Required data are not part of the returned object(s) when you use the Get-CMSoftwareUpdate cmdlet.
Is the required available through PowerShell?
Hey, we upgraded to the Windows 10 ADK on our System Center Configuration Manager 2012 R2 SP1 CU1 (now CU2) servers. Since we did this upgrade, offline servicing no longer works for our Windows 8.1 images. Our Windows 10 and Windows 7 images offline service just fine. Anyone else see this or have any ideas on how to fix this? Thanks!
Here is the error from the OfflineServicingMgr log file:
Checking if update (2 of 20) with ID 16890813 needs to be applied on the image. 1 content binarie(s) are associated with the update. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:28 AM 10080 (0x2760)
dism.exe tool info: version=10.0.10240.16384, architecture=9 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:28 AM 10080 (0x2760)
Update applicability check is not supported. Dism.exe command line is below: SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
"C:\Windows\system32\cmd.exe" /q /c ""C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" /Image:"C:\ConfigMgr_OfflineImageServicing\01A000D1\ImageMountDir" /LogPath:%WINDIR%\Logs\Dism\dism_sccmAMD64.log
/English /Get-PackageInfo /Packagepath:"C:\ConfigMgr_OfflineImageServicing\84cb9010-b27c-4962-ad44-9f5180f1fe3c\windows8.1-kb3074232-x64.cab">>C:\ConfigMgr_OfflineImageServicing\01A000D1\_@7DA8.tmp" SMS_OFFLINE_SERVICING_MANAGER 11/5/2015
10:03:41 AM 10080 (0x2760)
GetUpdateApplicability returned code 0x80070057 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Applicability State = APPLICABILITY_CHECK_NOT_SUPPORTED, Update Binary = C:\ConfigMgr_OfflineImageServicing\84cb9010-b27c-4962-ad44-9f5180f1fe3c\windows8.1-kb3074232-x64.cab. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Applying update with ID 16890813 on image at index 1. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
dism.exe tool info: version=10.0.10240.16384, architecture=9 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:41 AM 10080 (0x2760)
Failed to install update with error code 87 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)
STATMSG: ID=7909 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=server.mydomain.comSITE=01A PID=3480 TID=10080 GMTDATE=Thu Nov 05 16:03:54.969 2015 ISTR0="16890813" ISTR1="01A000D1" ISTR2="1"
ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)
No need to apply this update binary since it's not required on the mounted image. SMS_OFFLINE_SERVICING_MANAGER 11/5/2015 10:03:54 AM 10080 (0x2760)
Hello all,
As part of my operational compliance policy definition, I want to create a policy and deploy it to a set of servers. for ex:
I want to create a policy for a collection of windows servers to disable SMTP service on all of them but create an exception within the policy to identify the 'SMTP server' itself so the mail server can send emails while others shouldn't (perhaps a poor example to explain my scenario but I hope you understood where I want to go)
But while creating my compliance policy in sccm 2012, I did not find an option to create any kind of exception. I did some research and all I came across was firewall exceptions or something similar but even then, it was not done within the 'compliance settings' but rather in a GPO policy or other places.
Any help here? thanks
Hopefully I'm in the right place.
I've applied CU5 to my 2012R2 Primary Site server successfully. THe question is what do I do to update my separate distribution point? It is listed in the console under \Administration\overview\site configuration \Servers and Site System Roles as a Site system server.
Do I run CM12-R2CU5-KB3054451-x64-ENU.exe on it OR Push the server update and console update packages, built by the CU5 wizard, to it?
# When I wrote this script only God and I knew what I was doing. # Now, only God Knows!
Hi Team,
I am setting up WSUS on different machine that configuration manager 2012 R2. While installing WSUS services from role and features on Windows server 2012 R2. I have few queries:
- What is the recommended practice for WSUS database with configuration manger 2012 R2? SQL Database or WID?
- What generally should be the criteria to choose between these 2 options WID or database ?
- Does WSUS supports SQL 2014 Express as its Database?
- What is the recommended database size for WSUS?
- What is the recommended database size for configuration manager 2012 R2 for around 1000 users/client machines?
- Does Configuration manager 2012 R2 supports 'Always On' with SQL failover cluster ?
Any pointers will be appreciated. Thanks
Regards,
Hello,
In attempts to improve compliance with Microsoft Software Updates being deployed with ConfigMgr 2012 R2, I am looking to see if it is possible to enable Windows Updates reminder\notifications for Windows 7 machines. Currently GPOs disable Windows Updates. Thanks
Hello, guys
We have two WSUS servers with Software Update Point, which are generating a lot of traffic.
TCP 10.132.0.28:8530 10.24.5.137:60926 ESTABLISHED
TCP 10.132.1.28:8530 10.24.12.76:57092 ESTABLISHED
TCP 10.132.0.28:8530 10.24.146.35:54271 ESTABLISHED
TCP 10.132.0.28:8530 10.32.131.12:54671 ESTABLISHED
TCP 10.132.0.28:8530 10.32.132.240:56278 ESTABLISHED
TCP 10.132.0.28:8530 10.32.134.59:52543 ESTABLISHED
TCP 10.132.0.28:8530 10.32.194.74:58692 ESTABLISHED
TCP 10.132.0.28:8530 10.32.196.108:53820 ESTABLISHED
For example we have 2Mbps network line to branch office and during synchronization clients hitting ~90% every working day and users are complaining about slow network.
Is it posible to reschedule updates after business hours?
Hi,
We are using SCCM 2012 R2, and Windows 7 sp1 for the workstations.
We discovered a windows update has caused a problem for a couple of workstations that access a https website, and if I manually uninstall it, the website logon page is displayed again.
Rather than exclude the update from being deployed to all workstations, I would rather remove it from the couple of PCs and then update a flag on those workstations to say it has been installed, so SCCM will not make them available for installation again on those workstations.
Is this possible? I know you can do this with packages, but I guess with windows updates the PC will just do a wmi scan again and say it is not installed?
Thanks
Jaz