Good Afternoon Guys -

I need everyone's input and / or help with something.  For this month's server patching, I started a new process which I implemented at a previous job for more control and easier configuration on update advertisements.  It's much faster and easier than making new advertisements frequently as we patch monthly.  Basically, it's structured as such:

What's Used

• x56 Collections - Each a different group of servers
• x1 Collection - Contains all members from 56 Collections above via dynamic rule
• x1 Task Sequence - 1 step - "Install Updates"
• x1 Task Sequence - 2 steps - "Install Updates" & "Restart System"
• x1 Software Update Group with updates to deploy 

The Setup

1. I advertise the Software Update Group to the single collection containing all as "Available"
2. I advertise one of the two task sequences to each of the 56 collections depending on if the group in charge wants them to auto reboot after updating or not

The Issue / Questions

Today was the first window which included 3 of the server groups.  The task sequences advertised was the one which had the single "Install Updates" step only.  Each received the advertisements properly and started working as they should. 

Once the updates were installed (26 on average), the servers automatically restarted instead of just sitting there pending a restart.  I went back and verified that they received the correct task sequence as well as that the task sequence was set up correctly, but all was good there.  I've used this same process before, but haven't had this issue.

1. How can I prevent automatic restarting for servers receiving this task sequence in the future?

2. Is the issue that it performed "Install Updates" too thoroughly therefore restarted the server to finish the process?

Logs

I copied all of the SCCM & OS logs from one of the servers right after this happened.  The reboot took place at 2:16:02PM CST on 1/9/14 (today).  I tried to try to format the data below for easier reading.  Here are some of the things I found...

Windows System Event Log

Occurred on 2:16:02 PM

The process C:\Windows\CCM\TSManager.exe (SERVERHOSTNAME) has initiated the restart of computer SERVERHOSTNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
 Reason Code: 0x80030002
 Shutdown Type: restart
 Comment: The task sequence execution engine initiated a system restart

execmgr.log

• 2:12:00 - Script for  Package:A0000136, Program: * succeeded with exit code 0
• 2:12:01 - Execution is complete for program *. The exit code is 0, the execution status is Success
• 2:12:01 - The task sequence A0000136 was successfully started. See TSAgent.log and SMSTS.LOG for more details.
• 2:12:01 - Execution Request for advert A0020168 package A0000136 program * state change from Running to Completed
• 2:12:01 - Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="A0000136",ProgramID="*", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l
• 2:12:01 - Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="A0000136",ProgramID="*", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l
• 2:12:49 - MTC task with id {6114120F-726F-419E-8ABE-F745727E135B}, changed state from 5 to 5
• 2:16:02 - (Windows Event above this one took place)
• 2:16:03 - The user has logged off.
• 2:16:23 - CServiceWindowEventHandler::Execute - Received SERVICEWINDOWEVENT : END Event
• 2:22:32 - A user has logged on.

smsts.log

Here's a link to the entire "smsts.log" file referenced below

• 2:12:48 - Waiting for installation job to complete
• 2:13:48 - Waiting for job status notification ...
• 2:15:31 - NotifyComplete received
• 2:15:31 - Received job completion notification from Updates Deployment Agent 
• 2:15:31 - Reboot Required
• 2:15:31 - Installation is not yet complete, action needs to be re-run after reboot
• 2:15:31 - Process completed with exit code 0
• 2:15:31 - !--------------------------------------------------------------------------------------------!
• 2:15:31 - Successfully completed the action (Install Software Updates) with the exit win32 code 0
• 2:15:31 - Set authenticator in transport
• 2:15:31 - Set a global environment variable _SMSTSLastActionRetCode=0
• 2:15:31 - Set a global environment variable _SMSTSLastActionSucceeded=true
• 2:15:31 - Clear local default environment
• 2:15:31 - The action (Install Software Updates) requested a retry
• 2:15:31 - Executing command line: "bcdedit.exe"
• 2:15:31 - Process completed with exit code 0
• 2:15:31 - Updated security on object C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca.
• 2:15:31 - Updated security on object D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca.
• 2:15:31 - Updated security on object E:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca.
• 2:15:31 - Updated security on object F:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca.
• 2:15:31 - Updated security on object D:\_SMSTaskSequence.
• 2:15:31 - Set a global environment variable _SMSTSNextInstructionPointer=0
• 2:15:31 - Set a TS execution environment variable _SMSTSNextInstructionPointer=0
• 2:15:31 - Set a global environment variable _SMSTSInstructionStackString=
• 2:15:31 - Set a TS execution environment variable _SMSTSInstructionStackString=
• 2:15:31 - Save the current environment block
• 2:15:32 - Expand a string: %_SMSTSMDataPath%\Logs
• 2:19:05 - Successfully restored logs from cache
• 2:19:05 - Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912}
• 2:19:05 - Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03}
• 2:19:05 - Loading the Task Sequencing Environment from "D:\_SMSTaskSequence\TSEnv.dat".
• 2:19:14 - Deleting volume ID file C:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ...
• 2:19:14 - Deleting volume ID file D:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ...
• 2:19:14 - Deleting volume ID file E:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ...
• 2:19:14 - Deleting volume ID file F:\_SMSTSVolumeID.7159644d-f741-45d5-ab29-0ad8aa4771ca ...
• 2:19:14 - Compiling Config policy
• 2:19:14 - Start to compile TS policy
• 2:19:14 - Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace
• 2:19:14 - End TS policy compilation
• 2:19:14 - Start to compile TS policy

The last 4 lines repeat a few times...

• 2:19:30 - RequestedConfig policy instance(s) : 0
• 2:19:30 - Total RequestedConfig policy instance(s) : 9086
• 2:19:33 - New/Changed ActualConfig policy instance(s) : 8
• 2:19:33 - [1] Added/updated setting 'ccm_networkaccessaccount:sitesettingskey=1'.
• 2:19:33 - [2] Added/updated setting 'ccm_rebootsettings:sitesettingskey=1'.
• 2:19:33 - [3] Added/updated setting 'inventorydataitem:dataitemid={061daeaa-a5d2-463c-84fd-7c1e278b83e0}:itemclass=filesystemfile:namespace=\\.\root\ccm\invagt'.
• 2:19:33 - [4] Added/updated setting 'inventorydataitem:dataitemid={0d46166f-067a-48f2-bbd3-b0c2d5c27a0b}:itemclass=win32reg_addremoveprograms64:namespace=\\localhost\root\cimv2'.
• 2:19:33 - [5] Added/updated setting 'inventorydataitem:dataitemid={35a43166-a50f-4bfa-92f3-cded58d4c37f}:itemclass=win32reg_smsguestvirtualmachine:namespace=\\.\root\cimv2'.
• 2:19:33 - [6] Added/updated setting 'inventorydataitem:dataitemid={5cc87e68-b642-409e-8675-7ba8a0837ef1}:itemclass=win32reg_addremoveprograms:namespace=\\localhost\root\cimv2'.
• 2:19:33 - [7] Added/updated setting 'inventorydataitem:dataitemid={df2d8de5-6057-460f-a313-37c7f9bb7f33}:itemclass=win32reg_smsguestvirtualmachine64:namespace=\\.\root\cimv2'.
• 2:19:33 - [8] Added/updated setting 'inventorydataitem:dataitemid={f9cc2849-3c27-4528-9adb-4ad8c9eb8aae}:itemclass=filesystemfile:namespace=\\.\root\ccm\invagt'.
• 2:19:33 - 

• 2:19:33 - Failed to submit event to the Status Agent. Attempting to create pending event.
• 2:19:33 - 

• 2:19:33 - Successfully submitted pending event to WMI.
• 2:19:33 - End TS policy evaluation
• 2:19:33 - Policy evaluation initiated
• 2:19:33 - Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace 
• 2:19:33 - Policy verification done
• 2:19:33 - Config policies compiled successfully
• 2:19:33 - Waiting for CcmExec service to be fully operational
• 2:22:31 - CcmExec service is up and fully operational

Here's a link to the entire "smsts.log" file referenced above.

Any suggestions you can offer would be awesome - Thank You!

Ben K.

Thanks and best regards, -- KF

Thanks and best regards, -- KF

Hi,

I am planning to build tool to manage Windows Updates. I download the Windows updates at my end and then distribute the updates to the clients.

My question is,  Is it legal to download the updates at my end and then redistribute it to my clients. Are there some licence terms and conditions I need to follow.

Thanks
Sunil.

We have been running this configuration since April of last year and haven't had any problems. 

The problem is a majority of the window/security updates files in the WSUSContent folder are missing.  I have ran wsusutil /reset and it takes a day or so but it will successfully download the 80GB of missing files.  But after a few days they are once again missing.  We do run our EPP updates through WSUS and we have no problems with those.

I have searched endlessly through the log files, I can see where it goes through and skips them due to being superseded. 

Do not see any database or communication issues between SCCM and WSUS, per the wsyncmgr.log it sees the thousands of that are available from our WSUS server. 

So, any suggestions as to what might be causing the update files to be deleted from the WSUSContent folder?

We are running this on:

Server 2012 / SCCM 2012 CU3 / WSUS for 2012

Hey there smart people!  I am in the process of bringing 40+ laptops out of workgroup mode onto the domain, and want to design a security solution for them other than named AV accounts.  I've worked with SC products before but in a Dev environment, not production.  I'm concerned with the cost of a full-blown system center deployment to manage 40+ roaming laptops and a dozen servers.  

Security Essentials, however, is not licensed for businesses with more than 10 machines, so I need to figure out the best way to manage these things.  Windows In-Tune has been brought up as a solution as well.

If I go with a self-managed solution like SCCM Endpoint Production, what products do I need to license and manage?

Thanks,

Joe

MCITP Exchange 2010 | MCTS Exchange 2007 | MCITP Lync Server 2010 | MCTS Windows 2008 | MCSE 2003

Good Afternoon Guys - 

I've got a quick, simple question.  I'm setting up a custom method of installing software updates for workstations using SCCM 2012 which provides each user with a few options post update installation.  It works perfectly except for one issue.  

When using the "Install Updates" step in a task sequence, sometimes the system will automatically restart even though there is no separate instruction / step to do so.

I know that this is by design as per this post, but surely there must be a way to suppress / prevent it - even if an extra step needs to be added before or after the "Install Software Updates" one.  I have used a similar procedure before so know that I must had found out a way.  I just can't remember it (which is why I document everything now) :)

Any Ideas?  Thanks!

Ben K.

Thank you for taking the time to answer this. We recently upgraded all our workstations to Win 7 & have upgraded to SCCM from WSUS. we have aGPO that points all workstations to SCCM for windows updates. All workstations have this registry key pointing to our respected SCCM servers. Yet for some reason our firewall logs show that about 800 machines in one of our branches are attempting to go out to windowsupdate. Should we disbale windows update? Any information would be most helpful.

Kindest Regards

Good Morning:

For the better part of 5 days I have been trying to get ADR deployed in my lab to install and automatically reboot machines.  I have gotten everything set up and the rule is working and downloading the update, just never making it to the clients to install the updates and or reboot.  For simplicity sake, I created a device collection, "domain controllers" and this finds my two DCs just fine.  I then created a ADR

Collection - Domain Controllers, Add to Existing Software Update Group - Software Updates (date released - 2 months, Product - 2008 R2) as both of my DCs are 2008 R2 - Evaluation Schedule (Run on schedule - once a week at 11:30 pm) - Deployment Schedule (software/specific time 1 hour) (installation/2 hours) - User Experience Software Installation Checked - Then I create a new deployment package and then run it.

It created the deployment packages, and the software update group, I checked the logs and it downloads the files just fine and shows 42 updates needed.  However I cannot get those two servers to install updates and reboot for the life of me.  I have google and read everything possible.  I checked the permissions of the package source, I created a maintenance window for that time, I attempted to change the work information via powershell in case it was overlapping.

Can anyone please give me a little push in the right direction on what I could possibly be missing? 

I did see this in the log, 

Any assistance would be greatly appreciated as this is just making me spin in circles.

We have a Windows 2008 R2 server.  I added the WSUS role to this server and downloaded a bunch of patches to E:\WSUS

Then, in the CM2012 console I added the software update point role.   I've tried choosing "Synchronize with Microsoft Update", "Synchronize from an upstream data source"  and "do not Synchronize"

No matter what I pick when I go to Software Library\Software Updates\All Software Updates and run "Synchronize software updates"   Nothing ever happens.   I see no updates at all show up in the console. 

I see this in the wcm.log

remote configuration failed for wsus server. 

I've tried both ports 80 and 8530 and still nothing works.  

any ideas?

mqh7

Hi

My setup is a single  SCCM 2012 SP1 cu3 site server with WSUS (Version 6.2.9200.16384) and SQL 2012 SP1 on the same box.

I've scheduled the SUP to sync 3 times a day and it seems to do so without any errors. The question I have is to do with the entry in the wsyncmgr.log in the title. What I have noticed is that at 14:00 every day the SUP does a Full sync instead of a regular sync which can take a couple of hours is this normal? Why does the wsyncngr log state that the WSUS server location has changed.

Thanks

Simon

Update- so it didn't do it at 14:00 today just did a regular sync ! I wonder what triggers a full sync and why it thinks the WSUS location has changed when it does?

wsyncmgr.log

Wakeup for a polling cycle	SMS_WSUS_SYNC_MANAGER	04/01/2014 13:07	8180 (0x1FF4)
Next scheduled sync is a regular sync at 04/01/2014 14:00:00	SMS_WSUS_SYNC_MANAGER	04/01/2014 13:07	8180 (0x1FF4)
Wakeup for scheduled regular sync	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Starting Sync	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Performing sync on regular schedule	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Full sync required due to changes in main WSUS server location.	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Read SUPs from SCF for MSSCCM12.IISLtd.com	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Found 1 SUPs	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Found active SUP MSSCCM12.IISLtd.com from SCF File.	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
STATMSG: ID=6701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=MSSCCM12.IISLtd.com SITE=SC9 PID=16164 TID=8180 GMTDATE=Sat Jan 04 14:00:00.194 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Synchronizing WSUS server MSSCCM12.IISLtd.com	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=MSSCCM12.IISLtd.com SITE=SC9 PID=16164 TID=8180 GMTDATE=Sat Jan 04 14:00:01.256 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	8180 (0x1FF4)
Synchronizing WSUS server mssccm12.iisltd.com ...	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
sync: Starting WSUS synchronization	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
sync: WSUS synchronizing categories	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
sync: WSUS synchronizing updates	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
sync: WSUS synchronizing updates, processed 406 out of 406 items (100%)	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
Done synchronizing WSUS Server mssccm12.iisltd.com	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
Sleeping 2 more minutes for WSUS server sync results to become available	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:00	4892 (0x131C)
Set content version of update source {F382A19D-AE3A-43B0-8AEE-E5AA3E31BF9B} for site SC9 to 823	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	8180 (0x1FF4)
Synchronizing SMS database with WSUS server MSSCCM12.IISLtd.com	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	8180 (0x1FF4)
STATMSG: ID=6705 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=MSSCCM12.IISLtd.com SITE=SC9 PID=16164 TID=8180 GMTDATE=Sat Jan 04 14:02:50.836 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	8180 (0x1FF4)
Synchronizing SMS database with WSUS server mssccm12.iisltd.com ...	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: Starting SMS database synchronization	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
requested localization languages: en	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
Syncing all updates	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
Requested categories: ProductFamily=Office Live, ProductFamily=Internet Security and Acceleration Server, ProductFamily=SQL Server, ProductFamily=Microsoft Dynamics CRM, ProductFamily=Microsoft Research AutoCollage, ProductFamily=Skype, ProductFamily=System Center Online, ProductFamily=System Center, ProductFamily=Microsoft Lync Server and Microsoft Lync, ProductFamily=Bing, ProductFamily=Exchange, ProductFamily=Network Monitor, ProductFamily=Windows Essential Business Server, ProductFamily=Office, ProductFamily=Developer Tools, Runtimes, and Redistributables, ProductFamily=Microsoft StreamInsight, ProductFamily=HPC Pack, ProductFamily=Office Communications Server And Office Communicator, ProductFamily=Microsoft Application Virtualization, ProductFamily=Active Directory, ProductFamily=Microsoft System Center Data Protection Manager, ProductFamily=Windows, ProductFamily=Virtual Server, ProductFamily=Microsoft Online Services, ProductFamily=System Center Virtual Machine Manager, ProductFamily=SDK Components, ProductFamily=Windows Embedded, ProductFamily=Windows Live, ProductFamily=Microsoft Security Essentials, ProductFamily=Microsoft BitLocker Administration and Monitoring, ProductFamily=Expression, ProductFamily=Microsoft HealthVault, ProductFamily=BizTalk Server, ProductFamily=Forefront, ProductFamily=Microsoft SQL Server PowerPivot for Excel, ProductFamily=Silverlight, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Service Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: SMS synchronizing categories	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: SMS synchronizing categories, processed 0 out of 224 items (0%)	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: SMS synchronizing categories, processed 224 out of 224 items (100%)	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: SMS synchronizing categories, processed 224 out of 224 items (100%)	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
sync: SMS synchronizing updates	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:02	4356 (0x1104)
Collecting existing updates...	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:04	4356 (0x1104)
sync: SMS synchronizing updates, processed 0 out of 12012 items (0%)	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:04	4356 (0x1104)
Skipped update fd4edc28-9cdd-4f8f-a5ec-b806b1d7dd7d - Security Update for Windows 7 Beta (KB958690) because it is up to date.	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:04	4356 (0x1104)
Skipped update 830597be-c102-4175-9b97-debcaea2f683 - Security Update for Windows 7 Beta for x64-based Systems (KB958690) because it is up to date.	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:04	4356 (0x1104)
Skipped update 93070d5b-d745-4f57-ab96-59d4cf527334 - Security Update for Forefront Threat Management Gateway, Medium Business Edition (KB 968075) because it is up to date.	SMS_WSUS_SYNC_MANAGER	04/01/2014 14:04	4356 (0x1104)

Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Checking runtime v2.0.50727...	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Did not find supported version of assembly Microsoft.UpdateServices.Administration.	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Checking runtime v4.0.30319...	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.9200.16384	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.9200.16384	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Supported WSUS version found	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Attempting connection to WSUS server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Successfully connected to server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Verify Upstream Server settings on the Active WSUS Server	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
No changes - WSUS Server settings are correctly configured and Upstream Server is set to Microsoft Update	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Refreshing categories from WSUS server	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Attempting connection to WSUS server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Successfully connected to server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Successfully refreshed categories from WSUS server	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Attempting connection to WSUS server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Successfully connected to server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Attempting connection to WSUS server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Successfully connected to server: MSSCCM12.IISLtd.com, port: 8530, useSSL: False	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)
Waiting for changes for 60 minutes	SMS_WSUS_CONFIGURATION_MANAGER	04/01/2014 14:06	4204 (0x106C)

Orange County District Attorney

Is it possible to use SCCM 2012 Compliance feature to check if a AD GPO settings applied to a Device / User collection or not?

If Yes, then how?

Hi, I need some advice from you  regarding SCCM 2012. It's on win2008r2 Ent 64bit. SQL server is seperate SQL2008r2 server for DB. I have pushed clients out. I need to use SUP feature. I installed wsus 3.0 sp2 from server-add role (2nd rould I download it from MS and installed directly), on the local sccm server, using windows internal DB. I cancled the wizard for configuration of WSUS at the end.  then I add SUP role. configured the proxy server and port number accordingly. The SCCM server is ok to connect to internet via proxy server.Then I ran sync for windows update. From componet monitoring, I foud some error messages.thanks! I configured :\wsus for everone read only.I removed SUP and WSUS and re-install both with SCCM server reboot, but still failed.the status is offline or unknown fo the wsus_configuration_manager,sync_manager, , control_manager.   any advice please? Here are the errors

Thanks and best regards, -- KF

I have a SCCM 2012 SP1 CU3 environment and want to build and capture an image with Windows 7 and all deployed patches.

I create a task sequence and Windows 7 and additional packages (.Net, C++ runtimes etc) are installed perfectly.

But patches are not. I see in WUAhandler.log that patches are detected but never will be downloaded or installed.

The error i get in Windowsupdate.log is:

The task sequence execution engine failed executing the action (Install Software Updates) in the group (Install Updates) with the error code 2147943860
Action output: ... y evaluation
Policy evaluation initiated
GetIPriviledgedInstallInterface successful
Refreshing Updates
Successfully initiated RefreshUpdates operation
Waiting for RefreshUpdates complete notification from Updates Deployment Agent
FALSE, HRESULT=800705b4 (e:\nts_sccm_release\sms\client\osdeployment\installswupdate\installswupdate.cpp,1273)
WaitForRefreshUpdatesComplete(spInstall), HRESULT=800705b4 (e:\nts_sccm_release\sms\client\osdeployment\installswupdate\installswupdate.cpp,1331)
RefreshUpdates(), HRESULT=800705b4 (e:\nts_sccm_release\sms\client\osdeployment\installswupdate\installswupdate.cpp,923)
InstallUpdates(pInstallUpdate, tType, sJobID, sActiveRequestHandle), HRESULT=800705b4 (e:\nts_sccm_release\sms\client\osdeployment\installswupdate\main.cpp,248)
Setting TSEnv variable SMSTSInstallUpdateJobGUID=
Process(pInstallUpdate, tType), HRESULT=800705b4 (e:\nts_sccm_release\sms\client\osdeployment\installswupdate\main.cpp,304)
Timedout waiting for updates refresh complete notification. The operating system reported error 2147943860: This operation returned because the timeout period expired. 

Method to Deploy KB2907566!!

Enviornment: SCCM 2012 R2 on Windows Server 2012 R2 single primary site with remote sql server.

SCCM Client and Endpoint installed on SCCM server and few test machines running Windows 7.

The current anti malware client version is shown as 4.3.220.0. 

I downloaded the hotfix 2907591 and  it extracts as FEP2010SU1-KB2907566-I386-ENU.exe. Then I double click on FEP2010SU1-KB2907566-I386-ENU.exe and it further created the fep2010su1-fepext-kb2907566-x86-enu.msp. When i double click on fep2010su1-fepext-kb2907566-x86-enu.msp I get following error:

The upgrade patch cannot be installed by the Windows Installer service bacause the program to be upgraded may be missing or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have correct upgrade patch.

How do I upgrade the Endpoint using this hotfix on SCCM server and client machines.

Hello,

I am looking at a TechNet article for SCCM 2007 on how to deploy IE9 as a package. Seems the process is the same for SCCM 2012. Is there a reason I cannot just use SUP in order to deploy the update since it could be deployed from WSUS? The reason I am asking is because I cannot find "Microsoft Internet Explorer 9 for <fill in blank>" published in the Software Updates. I can find Internet Explorer 9 Language Packs for Windows 7, which doesn't seem to be right.

So I guess the question, is there a reason I cannot see it in SUP, or is that not the preferred way of deploying it to the clients? If I need to create a package that is fine, I can do that.

I am reading this : http://technet.microsoft.com/en-us/library/gg699427.aspx

Thanks!

I have been trying to find any official statement from Microsoft on whether or not SCEP is considered to be a "Cluster Aware" AV product. (Please see this link for more info on what I mean by that http://support.microsoft.com/kb/250355 )

Does anyone here know if it is for sure or can you link to an official statement from Ms?

Hi,

I need to permission IT Support staff so they are able to add computers to certain collections in SCCM 2012. I created a new Role and assigned the following permissions under "Collection"

Read, Modify, Modify Resource, delete resource, read resource, Modify Collection setting, read AMT.

Also allowed read at site level.

Users are still unable to add computers to a collection ? Any ideas why ?

I did read a previous post which said something about also having to permission users to the limiting collection but this doesnt make sense, and sounds insecure.

Thanks