In our SCCM 2012 R2 implementation the software updates are configured to synchronize updates for all products available from Microsoft Updates. I have been developing reporting on a per server basis to detect updates that the client shows as missing. I've run into a problem where many clients are listing an update as missing but the update doesn't exist in WSUS:

Article                  : 2760631
Bulletin                 :
ExcludeForStateReporting : False
Language                 :
ProductID                : e6cf1350-c01b-414d-a61f-263d14d133b4
RevisionNumber           : 200
ScanTime                 : 20161129204453.000000+000
Sources                  : {{7ABE2526-ED91-47AE-A989-275B4B2924FE}}
SourceType               : 2
SourceUniqueId           : {7ABE2526-ED91-47AE-A989-275B4B2924FE}
SourceVersion            : 197
Status                   : Missing
Title                    : Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
UniqueId                 : 83d68c4a-c93d-4566-90dd-56f3972003ee
UpdateClassification     : e6cf1350-c01b-414d-a61f-263d14d133b4
PSComputerName           : server1

Get-WsusUpdate : The specified item could not be found in the database.
At C:\powershell\Get-Missing-Updates.ps1:74 char:29
+     $row.UserInteractive = (Get-WsusUpdate -UpdateId $update.UniqueId).MayReques ...+                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : ObjectNotFound: (Microsoft.Updat...usUpdateCommand:GetWsusUpdateCommand) [Get-WsusUpdate], WsusObjectNotFoundException+ FullyQualifiedErrorId : ObjectNotFound,Microsoft.UpdateServices.Commands.GetWsusUpdateCommand

Searching the Microsoft Update Catalog by the article ID, I find the update. It appears that the update has been replaced by Office 2010 Service Pack 2, but the update is listed. So why is it unavailable in WSUS on the SCCM server (since we sync all products)? Although the SCCM client via 

Get-WmiObject -Class CCM_UpdateStatus -Namespace ROOT\ccm\SoftwareUpdates\UpdatesStore -ComputerName $Computer

I have no idea why the SCEP definitions keep failing, but this apparently has been occurring for the last two years and I have not even realized it until one my Systems Admins pointed it out to me yesterday. I do have these definitions being deployed via ADR if that means anything. 

I keep seeing the following errors in the System Log:

Why is this happening?

Thanks 

Hello,

I am trying to find missing update on a machine X. If I look into software center it is showing me 106 missing updates.

select * from CCM_SoftwareUpdate where ComplianceState=0  (root\ccm\clientSDK) returns 106 as well

--------------------------------------------------------------------------------------------------------------------------------

However, if I run a SQL query for missing\required update for same computer  it is returning different number ( 43).

select   
v_R_System.Name0 as 'Computername',   
Count(v_StateNames.Statename) as 'Required Updates'   
from   
v_StateNames,   
v_Update_ComplianceStatusAll   
Inner Join v_R_System On (v_R_System.ResourceID = v_Update_ComplianceStatusAll.ResourceID)   
Inner Join v_UpdateInfo On (v_UpdateInfo.CI_ID = v_Update_ComplianceStatusAll.CI_ID)   
where   
v_StateNames.TopicType = 500 and   
v_StateNames.StateID = v_Update_ComplianceStatusAll.Status and   
v_StateNames.Statename = 'Update is required'   
Group By v_R_System.Name0 

------------------------------------------------------------------------------------------------------------

I have force SCAN and Update evaluation on machine as well. This 2 should return the same number of missing update. Is my understanding correct ? if not, someone please explain.

Thanks

I have this query which returns the list of Products available from Software Update Point Component Properties---Products... in the SCCM console. I want to modify it to also include whether the Product has been selected. I'm a pretend DBA and hoping someone has done this or can help figure it out.

Family.DefaultTitleas FamilyTitle, Family.DefaultDescriptionas FamilyDescription,

.DefaultTitleas ProductTitle, Product.DefaultDescriptionas ProductDescription

[SUSDB].[PUBLIC_VIEWS].[vCategory]AS FamilyFULLOUTERJOIN

SELECT*

FROM [SUSDB].[PUBLIC_VIEWS].[vCategory]

WHERE CategoryType='Product'

AS Product

ON Family.CategoryId= Product.ParentCategoryId

WHERE Family.CategoryType='ProductFamily'

Can anyone tell me what this event ID is trying to say?

Event ID 1001 – Windows Error Reporting

Fault bucket , type 0

Event Name: MpTelemetry

Response: Not available

Cab Id: 0

Problem signature:

P1: System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)

P2: 4.10.207.0

P3: Passthrough

P4: 1.1.13303.0

P5: fixed

P6: 4 / 2049+

P7: 5 / not boot

P8:

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_System Center En_f81759332f19c8885dbeac83ced2314c8c8e58b_00aefed7

Analysis symbol:

Rechecking for solution: 0

Report Id: ad483ba0-ae56-11e6-b4c1-415645000030

Report Status: 2

Hi dear colleagues,

Recently I have added Updates for product Windows Server 2016 in my SCCM Software Update point and created Automatic deployment rule to download and install relevant updates on my Windows Server 2016 machine. It successfully synchronized, downloaded and pushed updates for the first time. After second time the rule run, it brought out an error: Auto Deployment Rule download failed. After digging through logs I found these errors in PatchDownloader.log file:

Authentication of file C:\Windows\TEMP\CABABB9.tmp failed, error 0x800b0004

ERROR: DownloadContentFiles() failed with hr=0x80073633

All other Automatic Deployment Rules for other products work fine. The issue is ONLY with Updates for Windows Server 2016 product.

Any idea?

Hi,

I have one query that if we have created SUG with 100 updates and now we want to remove/ uncheck 10 updates from that group by doing Edit membership, so the deployment package which is already created for this has to be created again or if we go to download and select existing package and select that old package, will that get modified.

Neeraj

Does anyone have some recent real world experience with any of the following 3rd party patch add-ons? What features set them apart from the others?

PatchMyPC.NET - Cheapest

Shavlik Patch

Heat Software Patchlink

Flexera Corporate Software Inspector - Quoted price is very expensive and seems like overkill for what I need.

Hi,

We deployed Security updates through SCCM 2012 to the servers, unfortunately  Windows Sever 2008 SP2 servers are falling under Compliance State in Reports. But When I log-in to the servers the the patches are not installed on them. There is no errors in SCCM Client logs. When I ran windows Updates, the same updates are listed as applicable what i deployed through SCCM. can Someone please help me on this. 

Thanks!

JC

Jaya Chandra

Where is link for Offline installer, scepinstall.exe for latest version, currently 4.7.209 ???????

I have looked for a link in the past for the scepinstall.exe file and it is always a MAJOR PAIN, if not impossible to find!!!!!!

Microsoft NO LONGER HAS AN EXCUSE FOR THIS LINK NOT EXISTING!!!!!!!!!

They have been told that it needs to exist and the logic for it is without error.

The ANSWER WILL NOT BE IT DOES NOT EXIST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

There is NO EXCUSE FOR THIS NOT TO BE AN EASY TO FIND DOWNLOAD MICROSOFT, NO EXCUSE, except maybe laziness or greed, but no technical or legal reason for it not being made available, obviously!!!!!!!!!!!!!!!!!!!!!!!!!!

There MUST BE A PERMANENT LINK MAINTAINED BY MICROSOFT WHERE I CAN AT ALL TIMES GO TO DOWNLOAD THE LATEST GREATEST STANDALONE SCEP CLIENT AT ALL TIMES!!!!!!!

Today it would contain version 4.7.209. When the next version is release I will click on the same link and it will down load that new version EVERY TIME, NO EXCEPTIONS!!!!!!!!!!!!!!!

I have been able to capture, during an update the epplauncher.exe file and its accompanying folders etc, but that installer does not support any command line switches like the scepinstall.exe version for the client installer does. Needless to say that is ridiculous and stupid and incompetent of Microsoft to do, but that is what they did so needless to say I need the SCEPINSTAL.EXE version of the client installer that supports the command line switches, x64 and x86 in one file, no need to program in a check for that. And of course a link is absolutely required so that I can always find the latest version and I will never have to re-write my install script every time the install files changes, or a new version comes out, nor spend time trying to capture the file during an update etc. etc. etc.

Also don't tell me to go to the SCCM administrator, because he doesn't have a clue as to where this can be found or even that it exist. (The link given in the forums for finding it on the SCCM server DOES not maintain the latest greatest version at all times so that is also not the answer.)

I should also NEVER have to extract it from the SCCM updates such as "Cumulative Update 4 for ConfigMgr 2012 R2" which is where I found the 4.6.305 version a few months ago.

Thanks for the help, get your act in gear MS,

Ralph

After upgrading SCCM 2012 to SCCM 1606, WSUS/Software Update point are failing to report current requirements from clients. On the Site server for November as well as other updates including Endpoint protection I am receiving 0 required computers and 0 percent compliance.  I have removed and added back the software update role and WSUS from the server and the same results appear. 

I am also receiving the following errors from all clients:

Clients (windows 7 and Windows 10)

are failing to scan and I am receiving the following error:  OnSearchComplete - Failed to end search job. Error = 0x8024000f.

WUAHANDLER.LOG

OnSearchComplete - Failed to end search job. Error = 0x8024000f. WUAHandler 12/1/2016 7:26:38 AM 5836 (0x16CC)
Scan failed with error = 0x8024000f. WUAHandler 12/1/2016 7:26:38 AM 5836 (0x16CC)
Its a WSUS Update Source type ({A064A436-B9D7-4241-91AE-61316442D08C}), adding it. WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Existing WUA Managed server was already set (http://w-sccm-1.win.ebmud:8530), skipping Group Policy registration. WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Added Update Source ({A064A436-B9D7-4241-91AE-61316442D08C}) of content type: 2 WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Async searching of updates using WUAgent started. WUAHandler 12/1/2016 7:54:13 AM 5796 (0x16A4)
Async searching completed. WUAHandler 12/1/2016 7:54:27 AM 3896 (0x0F38)
OnSearchComplete - Failed to end search job. Error = 0x8024000f. WUAHandler 12/1/2016 7:54:27 AM 5556 (0x15B4)
Scan failed with error = 0x8024000f. WUAHandler 12/1/2016 7:54:27 AM 5556 (0x15B4)
Its a WSUS Update Source type ({A064A436-B9D7-4241-91AE-61316442D08C}), adding it. WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Existing WUA Managed server was already set (http://w-sccm-1.win.ebmud:8530), skipping Group Policy registration. WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Added Update Source ({A064A436-B9D7-4241-91AE-61316442D08C}) of content type: 2 WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Async searching of updates using WUAgent started. WUAHandler 12/1/2016 7:54:27 AM 1616 (0x0650)
Async searching completed. WUAHandler 12/1/2016 7:54:39 AM 1564 (0x061C)

ReportingEvent.log

{27E99F2C-FCCA-424C-B1BB-9E5B24EB1C1E} 2016-12-01 07:26:38:694-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.
{AD25BAAA-5EA8-45FD-9212-9CABAF2D6247} 2016-12-01 07:54:27:314-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.
{2FD7FBB1-254C-4280-BE66-3D97A1F6690A} 2016-12-01 07:54:39:101-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.
{28D06A91-39C3-4C59-BCBC-3D26B60B9267} 2016-12-01 07:54:50:847-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.
{BE82D16A-40DF-4BC9-BC67-0EC3F8F48752} 2016-12-01 07:55:02:620-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.
{0F197ED9-E327-4E74-8C2C-756A64F947F8} 2016-12-01 07:55:14:397-0800 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024000f CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x8024000f.

SERVER SIDE:

No errors in both WCM.log and wsyncmgr.log

Hi guys,

Our servers keep rebooting each month. We have maintenance windows set far into the future for the collections which are receiving deployments.

The packages being deployed are set not to reboot.

Is there a specific log on an example server which might help in identifying the problem?

Thanks, Travis

Last week I started working with software updates at a customer. They are using SCCM 2012 SP1 CU5.

Selected software updates, created software update group, deployed it to a collection and downloaded to a new deployment packages distributed to the distribution points.

Everything looks good.

A couple of days later a got error "package source directory is missing" (distmgr.log) in distributing the deployment package.

Opened explorer where I have my package source.

All of the directories for software deployment packages except for the Endpoint Definition package created by an ADR every day where gone!?

Of cause none of the deployment packages for software updates could be updated when the pkg source is gone.

The only thing I can see is that some process running with security ID SYSTEM deleted the files and folders.

I aware of the clean up process of expired updates and I've read the log file wsyncmgr.log but this will not delete the package source root folder containing all of my software updates!?

Is there some known bug in SP1 (I'm using R2 CU3 at other customers)?

WSUS Stop Working after install the update KB3159706

Good day everybody, I have a WSUS in Windows Server 2012 as a Software Update point of a SCCM 2012 R2.
I need to deploy Windows 10 Anniversary Update. I understand that i need to install the Update KB3159706 in my WSUS. I followed these This article for the installation:  https://support.microsoft.com/es-sv/kb/3159706.

I install the update  and i did the postinstallation of this update:

1- When i run the command "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing in a elevated Command Prompt window show me this error:

Error of the statement ALTER DATABASE failed because a lock could not be placed on database SUSDB . Try again later.

2- I dont have problem enabling HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard & Restart the WSUS service.

After that my WSUS stop working

I will appreciate any help

Guys

How can i accomplish this need,  I have collections for app deployments, so helpdesk just usually go to the Collection and ADD the needed device.   I have them set in them set an Administrative users with some security roles,  what we want to avoid its for them to add a Collection of computers to the Apps collection (to avoid multiple computer deployments, or worst, for the to deploy it to a Servers) .  Can i block them to see collections? Or how is the best way to approach this need. Thanks.

Hi Guys,

Would like to know do SCCM required the following rights on user rights assignment.

Impersonate a client after authentication

 Log on as a batch job

Remotely accessible registry paths and sub-paths

If yes, why? is there any technet link to it?

I can't seems to find the required user rights permission for the whole SCCM solution. e.g DP, MP, SUP

Can anybody explain "What is WSUSPool"?

Thanks,

Chandan

I'm getting this error from component "SMS_WSUS_SYNC_MANAGER".

WSUS Synchronization failed.
 Message: UssInternalError: SoapException: Fault occurred
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall).
 Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS.