Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all 6382 articles
Browse latest View live

Pilot Group for Windows updates.

July 6, 2016, 8:05 am
$
0
0

I have been assigned a task of installing windows security updates via sccm instead of our prefered method of WSUS.

One of my many questions is can I create a device collection for the Pilot group from a random selection of devices from the estate, or will they need to be a member of a specific group within AD?

My usual wsus method would be to download all critical and security updates, then approve them to a test group for 7 days, then if no problems arise approve the updates to the live estate.

I am new to SCCM so any other tips would be greatly appreciated.

Thanks

Search

Where is my Edge Icon?

July 6, 2016, 2:23 pm
$
0
0
Where oh where is my little Edge Icon?

SQL query for Software Update Groups

June 23, 2014, 2:03 am
$
0
0

Hello.

I need create SQL query - request all Software Updates on selected Software Update Group.

It is possible?

I find SQL table CI_LocalizedProperties where store Name, ID Software Update Group, but nothing referals on Software Updates.

Bitlocker - Startup PIN

May 24, 2016, 1:51 am
$
0
0

Hey Guys,

i have to start encrypting our notebooks with Bitlocker.

I looked into several Guides (MBAM,...), but in every Guide i have to set the startup pin manually.

Is there any way to set an default pin silently for all users?

Regards!

Cumulative Update deployed to "All Systems" Collection

July 6, 2016, 11:44 pm
$
0
0

Good day,

a Cumulative update was deployed in our environment to the "All Systems" collection as required by accident and managed to target the Call Centre first where the workstations installed the update and then REBOOTED. This had a major impact on the Business and roughly 50 workstations were targeted.

Any advice would be much appreciated on how to manage the "All Systems" collection and limitations to prevent this from happening in the future.

Retry Failed Software Updates

July 6, 2016, 8:28 pm
$
0
0

Hi All

I have seen some threads about this in the forums.

I am in the same boat, where an automated software updates deployment kicks in overnight on number of servers.

It then encounters an update that failed to install. Upon reboot of the server, the failed update does not get retried during the Maintenance window period.

From various workarounds suggested to get the failed update installed during the maintenance window period, these two are what I like so far.

Has anyone tried them, and wondering which would be the favourable method?

1. Setup a package that kicks off a script which will kick off the "Update SCCM Scan Agent" and "Update SCCM Updates Deployment Agent". This package can be scheduled to run every week at specific time, or few hours after the software updates deployment is scheduled.

2. Create a custom Client Setting for the targeted servers. Configure "Software Update Scan Schedule" to run every day. The timing is the importance here. I need to time this so that it runs, few hours after when the software updates deployment was scheduled, and estimate time of when the servers are rebooted. So in theory, lets say patching is scheduled to kick off at 8pm on Friday night, and expect that the patching to be complete and server rebooted by 10pm. I would schedule the "Software Update Scan Schedule" to kick off at midnight everynight. So in theory, if my maintenance window is till 6am in the morning, the failed update should kick off again after the scan.

Your thoughts?

Thanks, DM.

2016 windows 10 update Microsoft edge problems

July 7, 2016, 6:11 am
$
0
0
Microsoft edge not responding not starting long running script messages . Problem after problem I'd like a fix if possible .

Can't track down WCM.Log

July 7, 2016, 7:04 am
$
0
0

My SCCM server has been having problems with updates for the last two weeks.  Updates are no longer appearing.  My most recent updates listed in All Software updates are from 6/14/16.  I went in to start looking for issues, and the SMS_WSUS_SYNC_MANAGER component shows this error:

-------
WSUS Synchronization failed.
 Message: WSUS update source not found on site XXXX. Please refer to WCM.log for configuration error details..
 Source: getSiteUpdateSource.
  The operating system reported error 2147500037: Unspecified error
-------

The weird thing, though, is that I simply cannot track down that log file.  The WCM.log file is not in any of the places that I would expect it to be, and a search of the local drive does not find it.  Has anyone else ran into a situation like this?  Any ideas on what could cause this?

Search

Synchronisation behaviour and configuration of SUP on Secondary Site Server

July 7, 2016, 9:29 am
$
0
0

We have an SCCM 2012 environment with a Single Primary Site containing multiple Software Update Points (SUPs).

These SUPs are located in the same Central Site, are all sharing a single SUDSB database (as recommended by Microsoft), and this database is being synchronized from the external "Microsoft Update" location by the Master SUP (the first one that we installed).

We have some large remote locations however, and we plan to install Secondary Site Servers in these sites. These Secondary Site Servers will have the SUP role installed on them, so all of the clients in each of these sites will use this SUP rather than one of those at the Central Site.

We've set up one of these as a test, but have questions around the configuration...

We installed the WSUS role on this Secondary Site Server, configuring it to point to the single SUSDB database Server in the Central Site that all of the other SUPs share... We weren't certain whether this was correct, but it seemed the most sensible option..?  

Then when we configured the SUP in the Secondary Site, the options of where to synchronise from were greyed out, with the "Synchronize from an upstream data location (URL)" selected. This was reasonable we thought, as being a Child Site that's what you'd expect it to do - and there seemed to be no option to change it in any case.

The question then is how this Secondary Site SUP will synchronise - if it does (which we're not sure of). Looking at the "Software Update Point Synchronization Status" window in the Monitoring workspace, the SUP on the Secondary Site Server has a different icon to the others (a box with a green arrow and a blue circle with an exclamation mark in it, rather than a green circle with a tick in it for the Primary Site SUPs), and so far it doesn't seem to have attempted to synchronise, and has no catalog version... This panel also indicates that it's Synchronisation Source is "Microsoft Update" - the only other SUP that has this is the Master SUP (which is reasonable as it is connecting to Microsoft Updates site); the other SUPs in the Primary Site have the Master SUP as their Synchronisation Source, which is what I would have expected to see for the Secondary Site SUP as well..

Can anyone clarify how the Secondary Site SUP configuration should look, and where it should synchronise from? I've seen a couple of other items that suggest that a Secondary Site Server gets a replicated copy of the SUSDB Database from the Primary Site and synchronises from this, but I can see no evidence of one in the Database instance on the Secondary Site Server - only the Replicated Site Database subset. 

Thanks & Regards,

Alex Line

ConfigMgr 1602 error 0x87D00666(-2016410010) while installing Update

June 22, 2016, 9:06 pm
$
0
0

Dear Folks,

As i have recently upgraded to Config Mgr 1602 and it went very smooth upgrade. But after a few days found annoying issue regarding updates. PC's esp with Windows 10 are not installing updates. Every time trying to manual install it prompts this error as shown in snapshot  

As per error description, 

2016410010 2278557286 0x87D00666 Software updates cannot be install outside service window

But i have not configured any service windows on any collection. Then which service window is preventing from updates to instal. Furthermore, no error found in any logs file. Almost gone through all files.

I hope raised concern is clear. Waiting for your help and suggestion

Thank You

REGARDS DANISH DANIE


System Center 2012 - Software Compliance Data

July 8, 2016, 7:06 am
$
0
0

I have my SCCM 2012 installation connected to a WSUS server.

All updates have synced through to SCCM perfectly, however none of the compliance data has been populated. 

Compliance evaluation is enabled in the default client settings.

I have tried to force the retrieval of this data by downloading the computer policy of the required device collections, still no luck.

Can anybody shed some light on this for me?

Thanks

KB2687455 Office 2010 SP2 not showing as required in SCCM 2012 on some machines

June 21, 2016, 6:49 am
$
0
0

Hi

I have a machine that has Office 2010 SP1 installed.

SCCM does not think this machine requires (KB2687455) Office 2010 Sp2.

However, if i do a MSBA scan, then this says it does need KB2687455.

Anyone have any ideas why SCCM is not picking this up?

Thanks

DM

Update Scan not scanning all the updates

June 27, 2016, 4:51 am
$
0
0

Hi,

We are using SCCM 2012 R2 SP1 CU2 . We are patching our Windows servers with latest updates using SCCM.

We have taken outage of 8 hours to update critical servers.

below is problem description:

At first time maximum updates are downloaded and installed and server restarted and servers are showing compliant. We ran manual scan /evaluation cycle but no update, all servers are showing compliant in SCCM report "Update enforcement history"

Now suddenly after 1 or 2 day , machine are showing 1-2 updates  are installed and pending for restart and compliant status changed to pending restart.

Now this is the problem , Application Owner escalated it why it is showing pending restart now , it should have been updated in given 8 hours outage window.

It should scan and update all required updates immediately. I also noticed there was not error while agent scanning /evaluating updates. Can someone help to get rid of the update scan issue.? what can be the fix?

Regards

Pankaj

MS Forum, PankajR

Windows Updates not showing in Software Center

July 11, 2016, 9:18 am
$
0
0
I recently took over SCCM for our network and am quite the noob.  Windows updates was already configured to run through SCCM  and the first month of updates I have no issues.  Now suddenly on this latest updates they do not show in Software center however I can run updates through windows updates.  Previously in updates it wouldn't even let me do a search now it says its managed by the admin but lets me go out and search for updates.  I have beat my head trying to find a solution, nothing has changed on my end.  Any help would be greatly appreciated.

SCUP 2011 - Unable to import PKI-generated cert

July 11, 2016, 10:36 am
$
0
0

I'm unable to import a .pfx export of a PKI-generated certificate into the SCUP console.

 

Environment:

  • Server 2008 R2
  • SCCM 2012 R2, v1511
  • SCUP 2011
  • Enterprise CA running on Server 2012 R2
  • SCEP AV

When I attempt to import the certificate, the "OK" button is greyed out as shown below. (still greyed out after I "test connection"). I can sometimes get the "OK" button to be available, but when I select the cert it won't ever display it in the console, or stay applied when the console is re-opened.

 

I've tried using the blogs here and later here to generate and export the cert, to no avail.

Here are the template settings in the CA:

After publishing the template, I log into the SCCM/SCUP server and request a certificate from my user certificate store as per the Microsoft blog. The certificate is successfully added to my personal store, then I export both a private key copy and a public key copy. Below is the certificate received from the enterprise CA.

Nothing is logged to scup.log when I browse to the certificate. I've tried exporting it outside my user profile, to a directory on the machine that everything should have access to. I am running SCUP as administrator, and have rebooted the server.


Search

WSUS and SCCM 2012 R2 - Approvals in WSUS Not Good

July 11, 2016, 1:39 am
$
0
0

Hi Everyone,

I've been struggling with an issue with SCEP client updates for a number of days, and not being SCCM knowledgeable, I approved the Definition Updates in WSUS, before of course I read that doing that was a bad thing, and now my update issue is worse. Of course I reverted the approval to unapproved, but error 0x80244007 persists. I was thinking of resetting the WSUS Database, but someone wiser than me suggested that asking advice might be a very good idea at this point.

I'd be very grateful for any information from anyone who's seen this issue before or knows how the approvals in WSUS affect the SCCM updates!

Thanks
Ian

Windows & Endpoint Updates Failed To Update

July 10, 2016, 2:06 am
$
0
0

Dears,

Recently I have installed SCCM 2012 R2 SP1 and deployed Windows Updates to all Windows 7 and 8 machines with Endpoint Updates. Some of the machines couldn't install the updates and some of the computers successes.

The Endpoint Error code is 0x80240022

I have checked SCCM side I couldn't find any errors, but I checked errors in the user machines I found below Snapshot errors


Software Update "Roll back"

July 12, 2016, 8:20 am
$
0
0
May I suggest that you add a feature that would allow CM administrator to configure/schedule a "roll back" of a defined Software Update Group for a given device collection.

Updates Stuck at 0% Downloading

July 12, 2016, 7:58 am
$
0
0
I am having problems with a brand new SCCM 2012 R2 SP1 deployment on a Server 2012 Enterprise server.  When I attempt to deploy updates either manually or via ADR software center shows the update in the correct state (available or required) but when I attempt to install it, the installation hangs at 0%.  I have let this sit for 3 days with no change.  I have checked every log that I can think of to check and none of them are proving helpful.  I have been monitoring the ccmcache folder and the folder that would contain the update file is created but always remains empty.  I have been trying to figure this out for over 1 month and have tried almost every suggestion I can find online with negative results.  I cannot post full log files however I can post snippets of these files where possible if requested.  I am downloading my updates from an upstream WSUS server on a closed network (not connected to the WWW) and my server successfully synchronizes.  I have checked all of the requisite folders associated with the ADR and there are files (.cab and/or .exe extensions) in them located on my server.  I cannot figure out why these files will not download and install on the client systems.  Can someone please provide assistance?

Deploy Security updates for Microsoft edge using sccm 2012

July 13, 2016, 6:51 am
$
0
0
Microsoft security updates for Edge are not listed  after WSUS sync. Windows 10 option is selected under security update product classification. environment is running with SCCM 2012 R2 SP1. does this environment required any upgrade or configuration for bringing the security updates for Edge? 
Viewing all 6382 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>