We have a couple of Win 10 Enterprise systems that were just newly imaged and for some reason they keep trying to pull from the Akamai CDN servers for updates rather than from the SCCM DPs and I have no idea why.
These two systems are killing the circuits when I connect them to the network, so I really need to understand why these are the ONLY systems doing this when other systems are just fine.
Can someone please offer some guidance here?
Thank you
Hi,
Can you anyone help me to get a vb script to check the below security policy using DCM.
Network Security: Force logoff when logon hours expire
I have a powershell script to check the compliance of the server however our environment there are many servers doesn't have powershell version 2.0 and dotnet 3.5 hence we got discovery error on this particular policy. To fix the below error msg we need to install powershell engine v2.0 on the server.
Can you please share the vbscript if anyone have it.
Thanks,
VJ
I'm trying to test out a new SCCM environment I created, SCCM 2012. Some software updates will be sent to the client computer, whereas other updates will not. Applications for the most part send to the client a few hours after they are supposed to.
I am able to send Google Chrome to a client, as well as some MS Windows 7 software updates. However, when I try to send a whole update package it doesn't receive on the client end.
When I look at LocationServices.log I receive the following errors:
<![LOG[Could not load logging configuration for component ClientLocation. Using default values.]LOG]!><time="16:30:56.310+420" date="09-19-2016" component="LocationServices" context="" type="2"
thread="3556" file="stdlogging.cpp:480">
<![LOG[Current AD forest name is sftc.ccctest.org, domain name is sftc.ccctest.org]LOG]!><time="16:31:02.933+420" date="09-19-2016" component="LocationServices" context="" type="1" thread="5868"
file="lsad.cpp:860">
<![LOG[Domain joined client is in Intranet]LOG]!><time="16:31:02.934+420" date="09-19-2016" component="LocationServices" context="" type="1" thread="5868" file="lsad.cpp:1071">
<![LOG[Could not load logging configuration for component ClientLocation. Using default values.]LOG]!><time="10:39:19.638+420" date="09-20-2016" component="LocationServices" context="" type="2"
thread="2236" file="stdlogging.cpp:480">
<![LOG[Could not load logging configuration for component ClientLocation. Using default values.]LOG]!><time="14:00:42.801+420" date="09-26-2016" component="LocationServices" context="" type="2"
thread="2276" file="stdlogging.cpp:480">
Anyone know where I should start looking to resolve this issue?
Created a CB service plan and ran it. It populated the Package and created the Software update group. The contents of the SUG is "Feature update to Windows 10 Enterprise, version 1607, en-us". It shows downloaded and deployed.
On the client side, the client sees the update and downloads it. The contents of the ccmcache folder are these two files:
"WindowsUpdateBox.exe" and a rather long filename ending in "CLIENTENTERPRISE_VOL_x64fre_en-us.esd"
Client is 1511. SCCM is 1606.
When in software center, it begins to install but will fail almost immediately. The software change returned error code "0x8000FFFF" (which seems to be a catastrophic failure).
The WUAHandler.log shows this:
Going to search using WSUS update source.
Synchronous searching started using filter: 'UpdateID = 'af57b397-b222-494e-ab73-17ddddd6e44e' AND DeploymentAction = *'...
Successfully completed synchronous searching of updates.
1. Update: af57b397-b222-494e-ab73-17ddddd6e44e, 200 BundledUpdates: 1
Update: 08b35ebf-a5f1-416f-8785-ae2ed3feb8e7, 200 BundledUpdates: 0
1. Update (Missing): Feature update to Windows 10 Enterprise, version 1607, en-us (af57b397-b222-494e-ab73-17ddddd6e44e, 200)
Async installation of updates started. WUAHandler 8/29/2016 8:18:04 AM 1700 (0x06A4)
Update 1 (af57b397-b222-494e-ab73-17ddddd6e44e) finished installing (0x8000ffff), Reboot Required? No
Async install completed.
Upgrade installation result indicates that commit cannot be done.
Installation job encountered some failures. Error = 0x80240022. Commit Result = 0x00000001.
Installation of updates completed.
Things I have tried:
Removed the update group, package and Service Plan and then re-created them and re-downloaded the Win10 feature update.
Disabled Upgrade classification, removed feature upgrades related to 1607, enabled Upgrade classification, re-sync. Same issues.
Hi All,
Can anybody suggest me how do we identify the creator name of any SU deployment package.?
Thanks,
Tushar
Tushar
I currently updated to Current Branch and have installed all updates on my server (Server 2012 R2 and SCCM CB 1607) In WSUS I can finally see the options for Windows 10 and Office 2016 products in the products and clasifications tab however when I am in SCCM under Sites Roles- Component Settings- SUP those checkboxes are nowhere to be found. I am sure I am missing something simple but I've tried just about everything I can think of. I have even uninstalled and reinstalled my SUP and WSUS to no avail. Any assistance would be helpful.
Hi All
I need a bit of guidance on the new patching model from MS
I am running SCCM2012 R2
I have read this article from Michael Niehaus - thank you
I am however a bit confused about what KB's should be installed and what not - you go from one set of pre-requisites to the next ending up downloading a whole lot of updates
so my question is
what updates do I need and what are the order in which to install them -apologies if this seems like a real daft question but I think there are a lot of confusion out there
thx Mike
Is there a way to know what the progress is when I run the following command on my SUP?
Get-WsusServer | Invoke-WsusServerCleanup –CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates
When I run it, it just sits there with a blinking cursor which tells me I must have quite a bit of obsolete updates that need to get cleaned out.
It has not timed out, but it appears that it is running.
BTW, it has been running for the last 6 hours.
I got this from Kent Agerlund's blog post here: http://blog.coretech.dk/kea/house-of-cardsthe-configmgr-software-update-point-and-wsus/.
I also ran exec spGetObsoleteUpdatesToCleanup in SSMS on my SUP and it showed that there were over 9,000 obsolete update - YIKES!!
So this probably explains why the command is taking so long to run, but I just would like to know if there is any way I can follow its progress?
Thanks
Hi,
I was wondering if it is best practice or at least feasible to have only one deployment package for all software updates? Example, for year 2016, would it be ok to have 1 deployment package for Jan to Dec software releases? We don't do specific deployment per OS or application here in our environment. What we do is whatever release there is in a month, we package it as one and deploy it per collection (Server, Desktop, Custom, etc.)
If having one deployment package for all release is possible, would it have any significant effect on the clients or distribution points?
Thanks!
Hello, We are having issue's on some of our clients not getting windows updates.
We are using sccm 2012 R2 to deploy updates with wsus.
Done so far
Resetted bits, reinstalled client, uninstalled all recent updates except on that couldn't. ran sfc /scannow succesfully, resetted wmi, directly connecting to windows update server works fine. wsus settings are correct. And most machines (99%) do get updates with exact same setup.
Does anyone have any idea what could be done to resolve this?
Example of windowsupdate.log
2015-09-15 10:15:10:276 224 1900 Agent *************
2015-09-15 10:15:10:276 224 1900 Agent ** START ** Agent: Finding updates [CallerId = CcmExec Id = 166]
2015-09-15 10:15:10:276 224 1900 Agent *********
2015-09-15 10:15:10:276 224 1900 Agent * Include potentially superseded updates
2015-09-15 10:15:10:276 224 1900 Agent * Online = Yes; Ignore download priority = Yes
2015-09-15 10:15:10:276 224 1900 Agent * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2015-09-15 10:15:10:276 224 1900 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-09-15 10:15:10:276 224 1900 Agent * Search Scope = {Machine}
2015-09-15 10:15:10:276 224 1900 Agent * Caller SID for Applicability: S-1-5-18
2015-09-15 10:15:10:276 224 1900 Agent * RegisterService is set
2015-09-15 10:15:10:277 224 1900 EP Got WSUS Client/Server URL: "WSUSSERVERFQSN:443/ClientWebService/client.asmx"
2015-09-15 10:15:12:894 224 1900 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2015-09-15 10:15:12:894 224 1900 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://fqdnwsus:443/ClientWebService/client.asmx
2015-09-15 10:15:12:908 224 1900 Agent Reading cached app categories using lifetime 604800 seconds
2015-09-15 10:15:12:908 224 1900 Agent Read 0 cached app categories
2015-09-15 10:15:12:908 224 1900 Agent SyncUpdates adding 0 visited app categories
2015-09-15 10:15:15:166 224 1040 Report REPORT EVENT: {4A56AA03-B777-4175-B6C9-482744B4515F} 2015-09-15 10:15:10:166+0200 1 148 [AGENT_DETECTION_FAILED] 101 {00000000-0000-0000-0000-000000000000} 0 80244007 CcmExec Failure Software
Synchronization Windows Update Client failed to detect with error 0x80244007.
2015-09-15 10:15:15:190 224 1040 Report CWERReporter::HandleEvents - WER report upload completed with WER status 0x8 (hr=0)
2015-09-15 10:15:15:190 224 1040 Report WER Report sent: 7.9.9600.17959 0x80244007(0) 00000000-0000-0000-0000-000000000000 Scan 0 1 CcmExec {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 0
2015-09-15 10:15:15:190 224 1040 Report CWERReporter finished handling 1 events. (00000000)
2015-09-15 10:15:19:692 224 1900 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 1338; does use network; is at background priority
2015-09-15 10:15:19:775 224 1900 WS WARNING: Nws Failure: errorCode=0x803d0013
2015-09-15 10:15:19:775 224 1900 WS WARNING: The body of the received message contained a fault.
2015-09-15 10:15:19:775 224 1900 WS WARNING: Soap fault info:
2015-09-15 10:15:19:775 224 1900 WS WARNING: reason: Fault occurred
2015-09-15 10:15:19:775 224 1900 WS WARNING: code: Client
2015-09-15 10:15:19:775 224 1900 WS WARNING: detail: <detail><ErrorCode>InvalidParameters</ErrorCode><Message>parameters.OtherCachedUpdateIDs</Message><ID>2e2aaedd-b355-4848-9bcc-c44d24800d0f</ID><Method>"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"</Method></detail>
2015-09-15 10:15:19:775 224 1900 WS WARNING: Soap fault detail: errorCode='InvalidParameters', message='parameters.OtherCachedUpdateIDs', id='2e2aaedd-b355-4848-9bcc-c44d24800d0f', method='"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"'
2015-09-15 10:15:19:775 224 1900 WS FATAL: OnCallFailure failed with hr=0X80244007
2015-09-15 10:15:19:775 224 1900 PT WARNING: PTError: 0x80244007
2015-09-15 10:15:19:775 224 1900 PT WARNING: SyncUpdates_WithRecovery failed.: 0x80244007
2015-09-15 10:15:19:775 224 1900 IdleTmr WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 1338) stopped; does use network; is at background priority
2015-09-15 10:15:19:775 224 1900 PT + SyncUpdates round trips: 1
2015-09-15 10:15:19:775 224 1900 PT WARNING: Sync of Updates: 0x80244007
2015-09-15 10:15:19:775 224 1900 PT WARNING: SyncServerUpdatesInternal failed: 0x80244007
2015-09-15 10:15:19:775 224 1900 Agent * WARNING: Failed to synchronize, error = 0x80244007
2015-09-15 10:15:19:776 224 1900 Agent * WARNING: Exit code = 0x80244007
2015-09-15 10:15:19:776 224 1900 Agent *********
2015-09-15 10:15:19:776 224 1900 Agent ** END ** Agent: Finding updates [CallerId = CcmExec Id = 166]
2015-09-15 10:15:19:776 224 1900 Agent *************
Hi,
Is there any good blog/recommendation for Monthly rollups install, Oct 2016 onwards via SCCM 2012?
Should the same patch management process to be followed even for monthly rollups October onwards that we have been following till September 2016? Or any other special catch is there?
Regards,
Sourav Datta
Hi All,
I`m currently experiencing a strange issue where I can see internet based clients on my SCCM primary console connected and reporting Policy Requests, Hardware Scans etc. which has DMZ site server as a assigned management point.
I can deploy applications to these devices and I have previously been able to deploy Windows updates from the DMZ Site system which has MP, DP and SUP roles installed. Reviewing the logs on the DMZ site system everything appears to be fine.
The problem is I have multiple 401 entries in my IIS logs on port 443 from all the clients attempting to authenticate to the server, I have a PKI infrastructure and all these devices have enrolled successfully, the DMZ site system has the correct certificate enrolled and assigned in IIS (mpcontrol confirms this).
Due to the above my clients are now struggling to find a MP and is assigning the SCCM primary (internal) server for WSUS according to the following logs and errors;
LocationServices:
DMZ Site System FQDN - ERROR_WINHTTP_SECURE_FAILURE
ClientLocation:
Current internet management point is the only internet management point.
IIS Logs:
"Client", -, 10/14/2016, 11:25:40, W3SVC1, "SCCM Site server hostname", "SCCM Site Server IP" 484, 129, 282, 401, 5, HEAD, /ccm_system_AltAuth/request, -,
Any assistance would be greatly appreciated.
Thanks,
Scott.
So what are other folks doing with their ADRs for Windows Updates? You definitely don't want to install both per this post;
https:// blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/
I've figured out how to exclude either, but I'm still on the fence a bit on which way to go.
Add the Title parameter to your ADR and configure it with either a -Security and Quality Rollup or -Security Only Quality Update depending on which way you decide to go.
I think the .NET rollup needs to be treated the same way.
-Security and Quality Rollup or -Security Only Update
What are you guys doing? Thanks.
HI
Recently we have deployed the software update. after fetching the states-5 "States for an Update in Deployment" we have listed out the "update is not required" status clients and we checked the machines manually but we can install the
same updates without any issue. Please let us know what could be the issue.
Hi,
We have SCEP clients in SCCM 2012 and if I look for details they seem ok (below).
However, the engine update mechanism, how is that handled (also via Windows updates)?
Now we deploy definition updates, does that include engine updates?
Jan Hoedt
I have plans to upgrade my SCCM 2012 R2 SP1 site server O/S from server 2008 R2 to server 2012 R2. My question is related to windows updates that have already been deployed to my workstations cache and are waiting for their installation deadline to occur before they are installed.
If my site server is not available during the installation deadline will that prevent the workstations from installing their windows updates from their cache folder?
Howdy,
SCCM 2012 R2, Windows 10, Server 2012 R2.
All of a sudden, starting in August, all of our machines in SCCM are showing as Client check passed/Active when I check my software update groups for Windows Patches. Prior to this we were always around 80% compliance and for August and September it
shows 0% because everything is Unknown. This is happening for our servers and laptops.
What's the best way to figure out what the problem is here as this just seemed to come out of no where.
Let me know what other information I can provide and I'll post it right away.
Thanks
Dear Experts
I looking for input. I Have SCCM 2012 working environment and trying to implement IBCM For one of the location management point is working fine but SUP is not working. Below are the environments
Upstream Server [CAS] : Windows Server 2008
New site system [Downstream Server 2012] created for IBCM with SUP Role. Here MP and DP is working without any issue but SUP is not getting sync with upstream server.
Action taken:
Step 1: Ports Validation has been done. Below are the require ports are open.
Step 2: Sync is getting below error:
Windowsupdate.log
Softwaredistribution.log error:
I have tried to force sync manually via wsus console but sync failed with below error:
sync is failed with below error, SUSDB size is 4.24 GB
SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception: The wait operation timed out
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryReadInternal(Boolean setTimeout, Boolean& more)
at System.Data.SqlClient.SqlDataReader.Read()
at Microsoft.UpdateServices.Internal.DataAccess.HideUpdatesForReplicaSync(String xmlHiddenUpdateIds, String xmlAllUpdatesIds)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ProcessHiddenUpdates(Guid[] hiddenUpdates, UpdateIdentity[] allUpdates)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ReplicaSync()
at Microsoft.UpdateServi
Regards,
Haresh
