How To Deploy Software Updates Using SCCM 2012 R2

How To Deploy Software Updates Using SCCM 2012 R2 In this post we will look at the steps on how to deploy software updates using SCCM 2012 R2. Deploying the software updates for the computers is essential, the software updates are released by major software vendors to address security vulnerabilities in their existing products. To stay protected against cyber-attacks and malicious threats it is very important that you keep the computers patched with latest software updates. Software updates in System Center 2012 R2 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Talking about software updates, in SCCM 2012 R2 there are few new features added which includes a new maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window. A new feature called Software updates preview lets you review the software updates before you create the deployment.

How To Deploy Software Updates Using SCCM 2012 R2

In this post we will see the steps on how to deploy software updates using SCCM 2012 R2, if you are looking for SCCM 2012 R2 step by step guides click here. There are 2 ways to deploy software updates using SCCM 2012 R2, Manual and Automatic. In Manual software updates deployment, a set of software updates is selected the Configuration Manager console and these updates are deployed to the target collection whereas Automatic software updates deployment is configured by using automatic deployment rules. This method is used for deploying monthly software updates and for managing definition updates. When the rule runs, the software updates that meet a specified criteria (for example, all security software updates released in the last week) are added to a software update group, the content files for the software updates are downloaded and copied to distribution points, and the software updates are deployed to client computers in the target collection. In this post we will see the steps to deploy the software updates manually and for automatic software updates deployment, there will be a separate post.

To start with, install the Software Update Point role first. Launch the Configuration Manager Console, click on Administration, expand Overview, click Site Configuration, click on Sites. At the top ribbon click on Add Site System Roles.

From the Add Site System Roles Wizard, click on Software Update Point and click Next.

For WSUS Configuration, select WSUS is configured to use ports 8530 and 8531 for client communications and click Next.

Note

When you install WSUS, you can specify whether to use the default Internet Information Services (IIS) website or create a new custom WSUS website. As a best practice, select Create a Windows Server Update Services 3.0 Web site so that IIS hosts the WSUS 3.0 services in a dedicated website instead of sharing the same website with other Configuration Manager site systems or other software applications. When you use a custom website for WSUS 3.0, WSUS configures port 8530 for HTTP and port 8531 for HTTPS. You must specify these port settings when you create the software update point for the site.

For WSUS Server Connection Account, click Use credentials to connect to the WSUS server, click on Set and choose the account. The account provides authenticated access from the site to WSUS server. Click Next.

Click Synchronize from Microsoft Update and click Next.

Click Enable synchronization on a schedule and let the schedule be set to default (simple schedule). You may also click Alert when sync fails on any site in hierarchy. Click Next.

For Supersedence behavior, select Immediately expire a superseded software update. Click Next.

Select Critical Updates, Definition Updates and Security Updates. Note that you can do this after installation of SUP. Click Next.

Choose the products that you want to synchronize, in this step I have selected Windows 7, Forefront Endpoint Protection 2010. Click Next.

Choose the desired language, click Next.

The Software Update Point role has been installed. Click Close.

In the configuration manager console, click Software Library, expand Overview, click Software Updates, click All Software Updates and at the top ribbon click Synchronize Software Updates.

To see what’s happening at the background, you need to have 2 files opened wsyncmgr.log and WCM.log file. Below is the screenshot of the wsyncmgr.log file and we can see that the WSUS is synchronizing the categories and updates.

The synchronization is completed. The software updates can now be seen when you click All Software Updates option in CM Console. Note that the updates are yet to be downloaded.

Out of all the updates we will not deploy all of them rather we will filter the updates by adding criteria. Click on Add criteria. Select Expired, Product, Superseded, Bulletin ID. Click Add. Choose the product as Windows 7, Bulletin ID as MS, Expired as NO, Superseded as NO.

Now select all the updates (hold Shift+page Down), right click on the updates and click Create Software Update Group.

Provide the name to the software update group as Windows 7 Update group. Click Create.

Click on Software Update Group and you will find the software update group that was created in the previous step. Right click on the Windows 7 Update Group and click Deploy.

On the Deploy Software Updates Wizard, provide a Deployment Name, description and choose the collection for which this software update deployment must be deployed. Click Next.

Set the Type of deployment as Required and detail level can be set to Only success and error messages. Click Next.

Configure the schedule for this deployment, set the Time based on to Client local time. Choose Software available time to specific time and set the Installation deadline to as soon as possible. Click Next.

On the User Experience page, you can choose to suppress the restart for Server or Workstations. Click Next.

For Deployment options, if a client is within a slow or unreliable network boundary then select Download software updates from distribution point and install. If the updates are not available with preferred DPs then select Download and install software updates from the fallback content source location. Click Next.

Create a new deployment package by providing a name, location for the Package source and Sending priority. Click Next.

Add the Distribution Point and click Next.

For Download Location choose Download software updates from the Internet. Click Next.

Choose the language and click Next. The wizard will now download the updates and deploy them to the collection as per the schedule defined. Click on Close to close the wizard.

After few minutes we see that the updates are installed on one the client machines in the collection and there is a notification that system needs to be restarted.

You can choose to restart the computer by choosing Restart now or you can choose Snooze and remind me again in hours.

Tags:SCCM 2012 R2 Software Updates

About The Author

Prajwal Desai

I am Prajwal Desai and I have been working in the IT for over 5 years with a strong focus on Microsoft Server Technologies. For the last five years, as a System Administrator I have been working on Lync, SCCM, Vmware, VDI, Exchange, Windows Servers etc. I’m currently very interested in everything related to Configuration Manager 2012, Lync, Windows Server and Exchange.

Create Report Viewer Role in SCCM 2012 R2

December 13, 2014
Remove Distribution Point In SCCM 2012 R2

December 12, 2014
How to Setup Distribution Point in SCCM 2012 R2

December 12, 2014
Cumulative Update 3 for System Center 2012 R2 Configuration Manager

October 01, 2014
Deploy Silverlight using SCCM 2012 R2

October 01, 2014
How to Uninstall SCEP Client using SCCM 2012 R2

September 30, 2014

Hardik Shah

i am working in IT field since last 10 years as a desktop support engineer, I want to be a system engineer what i have to do next to became system engineer. Pl. guide me on same. I had taken academic training on Windows Server2008 R2 but nothing happen in knowledge.
- http://prajwaldesai.com Prajwal Desai
  
  Hi Hardhik, I will be happy to help you.. lets discuss here :- http://prajwaldesai.com/support.
Marcelo

Hi, very good your manual, but I have a question, How do you configure the package source? could you explain more detailed, may be I missed an step or link because I dont see how create the repository (in your example package source \\server\sources\update\windows 7) snap24.jpg
Thank for you help.
- http://prajwaldesai.com Prajwal Desai
  
  The folder windows 7 is created for storing the updates. The Package source is the folder where the updates are downloaded to and deployed from. You can create a shared folder and provide that folder as package source. It is recommended to create folders for different products.
Marcelo

Hi Prajwal
Thanks for you answer, I am a little confused, the task to download the updates is or is not made by WSUS? this step was configured (only the steps for activate the rol, not the full configuration) when WSUS rol was installed, before to install and configrue SCCM, and this folder was, in my case, e:\wsus.
WSUS creates own folders to shared, this folders are differents to SCCM folders?, I am talking about the same update downloads.

If you dont create any package and only makes deployments from all update software view, then ¿where the update are located or downloaded?. Maybe the software (SCCM) always ask the folder destination where the software update will be downloaded

Thanks again, I am new in SCCM and I am to trying to know how this software works, and the english is not my native language is spanish.
=)
- http://prajwaldesai.com Prajwal Desai
  
  The task to download the updates is or is not made by WSUS? – WSUS works in the background while SCCM takes the charge of downloading the updates and deploying them. If you are using SCCM to deploy the updates then you should not open the WSUS administration console.
  When you create a software update group you basically group the updates for a product and download the updates to a folder, this folder is the package source location. This is not one of the folders inside the WSUS.
  
  If you dont create any package and only makes deployments from all update software view, then ¿where the update are located or downloaded?. – This cannot be done because when you choose to deploy the updates they must be downloaded to a folder and then deployed. You can see the screenshot in my post where in I have defined the package source.
Ilya

Hi, Prajwal!
Your SCCM blogpost series very informative for me! Thanks a lot!
What do you think about updating Windows 2008 R2 Itanium-based servers by SCCM? There is no SCCM agents. What should I do to include these servers into SCCM updating process?
Please, let me know if you have some tips&tricks about Itanium servers.
With best regards, Ilya.
- http://prajwaldesai.com Prajwal Desai
  
  Yes the SCCM clients must be installed so that you can update servers. You need to check if the agents can be installed on Itanium based servers. For configMgr 2007 it was supported(http://technet.microsoft.com/en-us/library/cc161860.aspx#ClientSystemRequirements), but for SCCM 2012 R2 i don’t see the support for Itanium based servers (http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientOS)
arshad

Hi Prajwal,

i would like to konw on sccm 2012 sp1, for updats logs for (sup) i can see only wsyncmgr.log.

But unable to find the log file as Mentioned some forums WSUSsyncmgr.log ( will Available after the Client windows updates with SCCM 2012 SP1 server…?) . Kinldy let me know it.

Best Regards,
Arshad
- http://prajwaldesai.com Prajwal Desai
  
  here is the technical reference for CM2012 log files :- http://technet.microsoft.com/en-us/library/hh427342.aspx
  There is no such log file called WSUSsyncmgr.log
arshad

Fine. Actually even once you also sent me blow link for all log files & WSUSsyncmgr.log Mentioned here.

Some details of log file of this link & might be sccm 2007 Log file…?

WSUSsyncmgr.log

Performing sync on local request SMS_WSUS_SYNC_MANAGER 4/27/2010 11:59:54 PM 6112 (0x17E0)

STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=SCCM SITE=LAB PID=3040 TID=6112 GMTDATE=Tue Apr 27 18:29:54.530 2010 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 4/27/2010 11:59:54 PM 6112 (0x17E0)

STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=SCCM SITE=LAB PID=3040 TID=6112 GMTDATE=Tue Apr 27 18:30:18.547 2010 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 4/28/2010 12:00:18 AM 6112 (0x17E0)

Synchronizing WSUS server SCCM SMS_WSUS_SYNC_MANAGER 4/28/2010 12:00:18 AM 6112 (0x17E0)

Synchronizing WSUS server sccm.mylab.in … SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:16 AM 5220 (0x1464)

sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:16 AM 5220 (0x1464)

sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:44 AM 5220 (0x1464)

http://blogs.technet.com/b/sudheesn/archive/2010/11/10/troubleshooting-sccm-part-iii-software-updates.aspx

Best Regards,
Arshad
Sayeed

Hi Prajwal,

I have started working on SCCM recently and found your posts are very helpful.
Now I am trying to put those information which I found very helpful when someone would be trying to solve them.

For example, if somebody using Windows 2008 R2 + SCCM 2012 SP1 (as per my experience), he may find these errors on ccm.log –

Looking for WSUS SP2 + KB2734608 + KB2720211

What happens here even WUS SP2 console already been installed, the other patches (KB2734608 & KB2720211) also need to be installed first. There are processes also some procedures for installing them. The IIS and WSUS services need to be stopped before attempting to install them. Once they are installed, those services can be started. Details can be found in the Microsoft KB article

– http://support.microsoft.com/kb/2734608

Hope this could be helpful for somebody..

Thanks
- http://prajwaldesai.com Prajwal Desai
  
  Thank you Sakib
Umesh

Hi Prajwal,
Thanks for nice posts. After deploying software updates(followed above steps). I was unable to see updates on client machines. checked WUAHandler.log files on client machines getting “Error – 87d00692″ I hope it is related to group policy.
what could be the reason for above error ?
Regards
Umesh
- http://prajwaldesai.com Prajwal Desai
  
  have you configured the GPO for WSUS pointing to SCCM server ?
Karemo

i install sccm 2012 SP1 to have a primary site – i need to deploy a remote branch distribution points to be working instead of adding a child SCCm in those remote sites i need your step by step to do that ? also what other sccm roles recommended this Distribution point will have ??

i have an compatibility issue between sccm 2012 sp1 and windows 8.1 client to deploying EP protection 2012 – does i need migration to sccm 2012 R2 if this is the solution please i need your full steps to migrate from sp1 to R2 – MY OS is windows server enterprise 2008 R2
thank you
Kwan

Hi Prajwal, thanks your post. it’s very good.
I have a question.
I deployed SUS feature reference this guide.
It’s successful distributed Windows Update group for collection.
but don’t view Windows Update list on client software center.
and distributed result is unknown collection.
i have to 8530 port telnet succeed from client to server and disable firewall to all server and client.
Where can i look for this issue?
- http://prajwaldesai.com Prajwal Desai
  
  You mean to say that updates are not getting installed to client machines ?
  - Kwan
    
    Thank you for quick reply.
    Yes. same issue server. not getting anymore.
    i test to CM 2012. Consisting of private Internet environment.
    When Windows Update while connected to the public Internet.
    When the update is complete, disabled the public Internet.
    - http://prajwaldesai.com Prajwal Desai
      
      Hi, can you tell me more about what exactly the issue is ? You are trying to deploy using SCCM to client computers and as per you the client systems are not getting updates from SCCM.. Is that true ? You need to check WCM.log file and WSyncmgr.log file on SCCM server and WUAHandler.log file on client machine to troubleshoot the updates related issues.
Kwan

My English is a little low. Please note that.
below is red line in log file.
Repeat to error log.

wsyncmgr.log
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync
STATMSG: ID=6703 SEV=E LEV=M SOURCE=”SMS_WSUS_SYNC_MANAGER” SYS=CM-WSUS.sc2012.local SITE=SYS PID =768 TID=3976 GMTDATE=FRI 3 20 23:45:10.454 2014 ISTRO=”CWSyncMgr::DoSync” ISTR1=”WSUS server not configured. Please refer to WCM.log for configuration error details.”ISTR2=””ISTR3=””ISTR4=””ISTR5=””ISTR6=””ISTR7=””ISTR8=””ISTR9=”” NUMATTRS=0
Sync failed. Will retry in 60 minutes

WCM.log
System.Data.SqlClient.SqlException (0x80131904): Can’t connect SQL Server to Network or Instance error. Can’t search for Server or can’t Access.
Done using SC2012\Administrator credentials.
Remote configuration failed on WSUS Server.

WUAHandler.log
ONSearchComplete – Failed to end search job Error = 0x8024401c.
Scan failed with error = 0x8024401c.

But I success ping test from SQL Server to SCCM Server.
And disable public on SCCM Server after Partly successful Windows Update list display on client.
However, does not display all Windows Update list on client and server.

In my opinion, I Deployment SCCM with private and public ethernet.
It results setting public on SQL Server TCP/IP and SCCM Server.
After disable public and change SQL Server TCP/IP from private to public and disable to SCCM Server.
May be It seems IP is twisted.
- http://prajwaldesai.com Prajwal Desai
  
  can you create a ticket here :- http://prajwaldesai.com/support and attach the complete log files in the ticket ?
Earthcooder

Hello Testing this out but i get a Scan report saying Group Policy Conflict
is there away of doing updates on machines with out Group Policy as we already have a Wsus Server deploying Windows updates, but want to test using SCCM instead we dont want to turn off Current wsus at the moment.
- http://prajwaldesai.com Prajwal Desai
  
  If you are using SCCM 2012 to eploy updates then there is no need of group policy, you can turn off. But keeping the WSUS group policy it won’t work properly.
Earthcooder

So if our Current Group Policy set up is for our current WSUS server (WsusServer1.xxx.local) then we cant use SCCM (SCCM2012.xxx.local) to deploy Windows updates until we remove current server and remove from group policy?
- http://prajwaldesai.com Prajwal Desai
  
  @EarthCoder – Good Question, When SCCM is installed it creates a local policy and those are always overwritten by GPO. I mean to say that GPO will take precedence over SCCM local policies. So you have to disable or delete the WSUS GPO settings if you are going to use SCCM 2012 to deploy windows updates. you must also set Configure Automatic Updates = Disabled, let SCCM take complete control over updates deployment.
  - Arshad Husain
    
    @ Prajwal
    Thanks, After disable the GP of AD, I am able to deploy the windows 7 clients updates. But other end windows 8 & windows 8.1 updates I am not able to deploy so far… on sccm 2012 R2. Any Inputs …
    - http://PrajwalDesai.com/ Prajwal Desai
      
      @Arshad – What is the problem ? Why are you not able to deploy windows 8 updates ?
      - Arshad Husain
        
        Thanks for your reply & always Support.
        I hope found the Solution ,
        As some of the M/s WINDOWS 7 Stand for detection state unknown means log file(wuahandler.log) stand for GP Error.
        then i dsable & enable My system , gppdate.exe/force , now win7 updates working fine.
        
        Same issue with some windows 8 (only 10) clients also detection state unknown with same error we need to try Gp Enable & disable
        so i will try the same & i get back to you
        Best Regards
        Arshad
      - Arshad Husain
        
        Hi Prajwal,
        As application deployment as we add DP,
        I deployed windows 7 updates, or server updates fine without add DP (Distribution group name).
        is it recommended to add DP because I am not able push WINDOWS 8.1 updated. ..?
        
        wuahandler.log : err0r=0x8024401c ..(stand for GP error..?)
        (2) some windows 7 client error status id (11423) & last error code (-2147012894)
        Error description: : Network connection: windows update agent encountered Transient network connection-related error.
        client system need to update any windows update agent ..? or SCCM client agent issue….?
        My SCCM 2012 r2 agent are updated with R2 agent.
        Kindly give the inputs.
        Regards,
        Arshad
      - Arshad Husain
        
        Hi Prajwal,
        for windows 8.1 updated ( for WSUS 3.0 SP2 OR WSUS 3.2), need KB2919355 update. client side …?
        Regards,
        Arshad
      - http://PrajwalDesai.com/ Prajwal Desai
        
        Hi Arshad, I read about the update KB2919355. “Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers. You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue.”
      - Arshad Husain
        
        @prajwaldesai:disqus
        Thanks for your Valuable Support.
        Fine. Aapart from this update, i am unabale to deploy any windows 8 or windows 8.1 updates from sccm R2 .
        (But windows 7 no issue. ) shall i send log file text of windows 8 system. Even After disabel the GP of domain
        Best Regards,
        Arshad
      - http://PrajwalDesai.com/ Prajwal Desai
        
        Yes Arshad log files will be helpful to understand where exactly the issue.
      - Arshad Husain
        
        Prajwal Desai
        
        Wuahandler.log text details:(dated 10-04-2014) , os windows 8.1
        
        ![LOG[Async searching completed.]LOG]!>
        
        so this error stand for GP correct (Code= 0x8024410c)….? If yes
        
        after admin disable th GP from Domain Controller ……
        
        After changed the “ Configure Automatic Update” from GPO to Not Configurewe are lost the control of windows update now , many machine get the update (windows 8) from Internet .
        
        if required i will send the text of new current update log file tommorrow
        Best Regards,
        Arshad
      - http://PrajwalDesai.com/ Prajwal Desai
        
        @Arshad – If the client machines are downloading the updates from internet then you can block it with the help of WSUS GPO setting. Check this link http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx and check for the last section. I will reply to your ticket soon in the ticketing tool.
      - Arshad Husain
        
        Fine. Thank You for your Support.
      - Arshad Husain
        
        @prajwaldesai:disqus
        open My ticket…..
        Regards,
        Arshad
- Arshad Husain
  
  @Earthcooder
  
  Thanks, After disable the GP of AD, I am able to deploy the windows 7 clients updates. But other end windows 8 & windows 8.1 updates I am not able to deploy so far… on sccm 2012 R2. Any Inputs
ARSHAD

Hi Prajwal,

As My sccm 2012 R2 Server. now i checked your above comments on GPO. (sccm 2012 local policy) & AD GP policy. My case also all client not able reach the deploy updates, later discover the GPO issue according to the client Log & also sccm log file files , sccm Reports (scan reports , deploy reports)

Now i completely disabele the GP of AD. so SCCM 2012 R2 having client local polices Exist , so i hope wehn i test as deploy updates for clients it will work fine….?.

(2) Sccm 2012 R2 all Kind of (exchange connector) Mobile deviss it support…. My Exchange 2013 & Present i am able to see only 36 Mob Devices. If having any Ms article for all type of Mob device support , Please share the Link or steps.

(3) I would like to install Managment pack for Exchange 2013 & Lync 2013 on SCOM 2012 R2. Please provide me download link & steps for installtion Guide.

(3) after upgrade sccm 2012 sp1 to sccm 2012 R2 Some of My clients shows as inactive, If I try i to manually lnstall the Cleint SCCM R2 & Refesh the service , configration policy it will be fine…?

(4)some of the clients i am not able to connect remotely (remote client option) from sccm 2012 R2… what could be the reason
..(no firewall but Kaspers 10.2 issue..?

Thanking You in Advance.

Arshad
Arshad

Hi,

Prajwal,

option (3) Management Pack installation done & no issue (exchange & LYNC 2013 ). other above My query Kindly let me know it

Best Regards,
Arshad
Dinesh Jadavh

Hello this is a nice post .. Thanks Prajwal..
Shawn

Hi Prajwal,

Been using the site for a few weeks now, great tools. Thank you.

I want to setup an automatic deployment rule for the updates. In your post here you say it is covered in a separate article. Can you tell me where or is it still in the works? Any help is greatly appreciated.

Kindly,
Shawn
- http://PrajwalDesai.com/ Prajwal Desai
  
  Hi Shawn, I am yet to create a post on that. This would take sometime..
  
  Thanks,
  
  Prajwal Desai
Curt

Hello Prajwal

Software Updates are not installing for me. I am using SCCM 2012 R2 but I see different steps in the wizard than what you show here. I have no place to create a deployment package or specify a distribution point. Have you seen this before?
- http://PrajwalDesai.com/ Prajwal Desai
  
  @Curt – This looks strange.. Can you give me little info about your SCCM setup ..
  
  Thanks,
  
  Prajwal Desai
  - Curt
    
    I’m using 2012 R2 with everything except the database on one server.
    
    It looks like they have separated the missing steps into a second wizard. Now you have to right click on the SUG and choose “Download”. Then you get this wizard:
Naveen Punj

Want to know about Automatic deployment rules in SCCM 2012 and best practices related to it

Next – What is your opinion on having WIN 7 ,8 and XP machines put in one collection and applying patches ?
What are the draw back and advantages ?

Patches will be packaged and then will be deployed .

Your quick response will be appreciated.
Sandeep Suda

Hi Prajwal,

In this example you have shown the synchronized updates i.e., security updates for the windows 7. And how we can determine the selected updates will be suitable for the Windows machines in the environment. Please provide me the details how this can be done.
http://PrajwalDesai.com/ Prajwal Desai

You need to deploy the updates first to one of the test machine before you deploy it to systems in your organization. You should not directly deploy it to production systems. The same applies even if you are using WSUS. Because if an update(s) causes an issue rolling back is a big task.
http://PrajwalDesai.com/ Prajwal Desai

It is recommended to create separate collections for each of the OS and then deploy the updates.
- Naveen Punj
  
  Any advantage of this? Bcoz clients will download only those patches which are required to them and this information is stored in client’s wmi itself during wsus sync.
  So a xp machine will not try to download and install any patch which is related to win 7 only.
Sandeep Suda

I am trying it in the Virtual Labs as per the steps given by you .

I have choosen the Synchronize From Microsoft Update. After the process selection, Language and clicked on close. But when i go to Monitoring and Component status in this Clicked on the Wsus_sync_manager it was started and showing the message at Wsus sync has been failed.

Please suggest me regarding to the issue.
- http://PrajwalDesai.com/ Prajwal Desai
  
  Check wsyncmgr.log and WCM.log files. In the component status window, right click on WSUS_SYNC_Manager component and check for errors/warnings.
Rahman

Hi Prajwal,

I am having a problem with updates, it says downloading (0% Complete) but its doing nothing since 4days any idea?
- http://PrajwalDesai.com/ Prajwal Desai
  
  This indicates that the client is not able to find a DP to download content from. Is the content distributed to the DP ? Check the status and also check if the DP is correctly assigned to the boundary group where the boundary belongs to?
  - Rahman
    
    Hi prajwal there is no boundary group as i have only 1 boundary do i need to create boundary group even I have 1 boundary?
    and content is already distributed to DP. the error I am getting on status is 0x800705B4. and there are only 28 machines which failed to download this update.
  - Rahman
    
    Hi Prajawal,
    
    The error I am getting the operation return because the time out period has expired 0x800705B4. content is already distributed to DP & I have only 1 boundary so I have’t created boundary group. Is that compulsory to create boundary group as I have only 1 boundary? please let me know.
    note:- it says in status that complaint 57 ans error 19 computers.
    
    Thanks,
    Rahman
http://PrajwalDesai.com/ Prajwal Desai

@Rahman – You must create a boundary group. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.
http://PrajwalDesai.com/ Prajwal Desai

Yes you must create a boundary group. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.
Bahram maleki

Hello Prajwal,
I created a software group with 75 patches for windows 8.1.
but clients only receive 11 patches and in sccm console shown 100% compliance.
please help me.
Thanks in advance
Bojan Zivkovic

I added WSUS role on SCCM server, installed SUP role, configured it and did synchronize software updates (security, critical and definition updates for Windows 7). I have chosen all non-expired and no-superseded and put them into new software update group, and, finally deployed it to target collection with one Windows 7 machine. However nothing happened on machine – I noticed in WU in CP info Windows is up to date and in installed updates list I saw many updates installed on November 10th, however not using SCCM but probably online from MS since I installed SUP yesterday. Also I can manually change update settings – they are not grayed-out as it was the case when “normal” WSUS server is deployed. Logs are here: https://onedrive.live.com/redir?resid=670BDDFCE8F2477A!466&authkey=!AMJeRV46bRz7ilk&ithint=folder%2clog
- http://PrajwalDesai.com/ Prajwal Desai
  
  Do you have WSUS servers in your setup ?
Bojan Zivkovic

Prajwal, I solved my problem – updates were successfully deployed to my test collection. However two things bother me. First why update settings in Control Panel – Windows Update on client machines are not grayed-out. Secondly in Software Center user can follow update progress but if user clicks on installed update that requires restart in lower-right corner there is a button RESTART – I did not try but it probably would have restarted machine regardless of installation process of other updates that was in progress. I did not find any settings in SCCM client related to this “weird” behaviour. I assume this is not normal situation on clients.

Answer to your question – I do not have dedicated WSUS server, WSUS is on SCCM server itself.
Slevin_Kelevra

Hi Prajwal, I have always had the most problems with software updates and SCCM. I have followed each step of the guide without issue thus far. I’m not sure that updates are getting to my 2008 R2 servers. I have created a software update group for deployment of critical updates to my 2012 R2 servers, and it appears that these updates showed up on the 2012 servers in the software center. I had to reboot each of them individually to finish the updates because I misconfigured the restart option I believe, but minor inconvenience. I can not seem to see any updates being deployed to the 2008 R2 servers? I didn’t have windows update setup on any of the servers, they have all never accessed windows update.

Can you give some advice as to how to check that the updates are making it to the 2008 servers or are not making it there. Also, I saw the updates in the Software Center of the 2012 servers waiting for reboot, but once they rebooted and completed the installation of the updates, I didn’t see anything in Installed Software tab of the Software Center.

I’d appreciate any help with the software updates as it’s always been the hardest thing to administer for me. Thanks.

-SK
- http://PrajwalDesai.com/ Prajwal Desai
  
  There are lot of things that we need to check here. I am sure you would have filtered the expired updates using the search criteria from list of updates. Login to any of the client which has 2008 R2 OS and check the windows update group policy, can you tell me what is the intranet update server info there ?
  - Slevin_Kelevra
    
    Hi Prajwal,
    I did filter the expired updates using the search criteria. The update group I created for the 2008 R2 servers contained just critical, not expired, and not superceeded updates. I didn’t make a specific GPO for the update server to point to my SCCM server. Is this necessary for the 2008 servers? If so I can create one and link it to the 2008 Servers OU. Thanks.

How To Deploy Software Updates Using SCCM 2012 R2

share

How To Deploy Software Updates Using SCCM 2012 R2

Note

share