How To Deploy Software Updates Using SCCM 2012 R2

308390

How To Deploy Software Updates Using SCCM 2012 R2 In this post we will look at the steps on how to deploy software updates using SCCM 2012 R2. Deploying the software updates for the computers is essential, the software updates are released by major software vendors to address security vulnerabilities in their existing products. To stay protected against cyber-attacks and malicious threats it is very important that you keep the computers patched with latest software updates. Software updates in System Center 2012 R2 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Talking about software updates, in SCCM 2012 R2 there are few new features added which includes a new maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window. A new feature called Software updates preview lets you review the software updates before you create the deployment.

How To Deploy Software Updates Using SCCM 2012 R2

In this post we will see the steps on how to deploy software updates using SCCM 2012 R2, if you are looking for SCCM 2012 R2 step by step guides click here. There are 2 ways to deploy software updates using SCCM 2012 R2, Manual and Automatic. In Manual software updates deployment, a set of software updates is selected the Configuration Manager console and these updates are deployed to the target collection whereas Automatic software updates deployment is configured by using automatic deployment rules. This method is used for deploying monthly software updates and for managing definition updates. When the rule runs, the software updates that meet a specified criteria (for example, all security software updates released in the last week) are added to a software update group, the content files for the software updates are downloaded and copied to distribution points, and the software updates are deployed to client computers in the target collection. In this post we will see the steps to deploy the software updates manually and for automatic software updates deployment, there will be a separate post.

To start with, install the Software Update Point role first. Launch the Configuration Manager Console, click on Administration, expand Overview, click Site Configuration, click on Sites. At the top ribbon click on Add Site System Roles.

Deploy Software Updates Using SCCM 2012 R2 Snap1From the Add Site System Roles Wizard, click on Software Update Point and click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap2For WSUS Configuration, select WSUS is configured to use ports 8530 and 8531 for client communications and click Next.

When you install WSUS, you can specify whether to use the default Internet Information Services (IIS) website or create a new custom WSUS website. As a best practice, select Create a Windows Server Update Services 3.0 Web site so that IIS hosts the WSUS 3.0 services in a dedicated website instead of sharing the same website with other Configuration Manager site systems or other software applications. When you use a custom website for WSUS 3.0, WSUS configures port 8530 for HTTP and port 8531 for HTTPS. You must specify these port settings when you create the software update point for the site.

Deploy Software Updates Using SCCM 2012 R2 Snap3For WSUS Server Connection Account, click Use credentials to connect to the WSUS server, click on Set and choose the account. The account provides authenticated access from the site to WSUS server. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap4Click Synchronize from Microsoft Update and click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap5Click Enable synchronization on a schedule and let the schedule be set to default (simple schedule). You may also click Alert when sync fails on any site in hierarchy. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap6For Supersedence behavior, select Immediately expire a superseded software update. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap7Select Critical Updates, Definition Updates and Security Updates. Note that you can do this after installation of SUP. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap8Choose the products that you want to synchronize, in this step I have selected Windows 7, Forefront Endpoint Protection 2010. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap9Choose the desired language, click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap10The Software Update Point role has been installed. Click Close.

Deploy Software Updates Using SCCM 2012 R2 Snap11In the configuration manager console, click Software Library, expand Overview, click Software Updates, click All Software Updates and at the top ribbon click Synchronize Software Updates.

Deploy Software Updates Using SCCM 2012 R2 Snap12To see what’s happening at the background, you need to have 2 files opened wsyncmgr.log and WCM.log file. Below is the screenshot of the wsyncmgr.log file and we can see that the WSUS is synchronizing the categories and updates.

Deploy Software Updates Using SCCM 2012 R2 Snap13The synchronization is completed. The software updates can now be seen when you click All Software Updates option in CM Console. Note that the updates are yet to be downloaded.

Deploy Software Updates Using SCCM 2012 R2 Snap14Out of all the updates we will not deploy all of them rather we will filter the updates by adding criteria. Click on Add criteria. Select Expired, Product, Superseded, Bulletin ID. Click Add. Choose the product as Windows 7, Bulletin ID as MS, Expired as NO, Superseded as NO.

Deploy Software Updates Using SCCM 2012 R2 Snap15Now select all the updates (hold Shift+page Down), right click on the updates and click Create Software Update Group.

Deploy Software Updates Using SCCM 2012 R2 Snap16Provide the name to the software update group as Windows 7 Update group. Click Create.

Deploy Software Updates Using SCCM 2012 R2 Snap17Click on Software Update Group and you will find the software update group that was created in the previous step. Right click on the Windows 7 Update Group and click Deploy.

Deploy Software Updates Using SCCM 2012 R2 Snap18On the Deploy Software Updates Wizard, provide a Deployment Name, description and choose the collection for which this software update deployment must be deployed. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap19Set the Type of deployment as Required and detail level can be set to Only success and error messages. Click Next.Deploy Software Updates Using SCCM 2012 R2 Snap20Configure the schedule for this deployment, set the Time based on to Client local time. Choose Software available time to specific time and set the Installation deadline to as soon as possible. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap21On the User Experience page, you can choose to suppress the restart for Server or Workstations. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap22For Deployment options, if a client is within a slow or unreliable network boundary then select Download software updates from distribution point and install. If the updates are not available with preferred DPs then select Download and install software updates from the fallback content source location. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap23 Create a new deployment package by providing a name, location for the Package source and Sending priority. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap24Add the Distribution Point and click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap25For Download Location choose Download software updates from the Internet. Click Next.

Deploy Software Updates Using SCCM 2012 R2 Snap26Choose the language and click Next. The wizard will now download the updates and deploy them to the collection as per the schedule defined. Click on Close to close the wizard.

Deploy Software Updates Using SCCM 2012 R2 Snap27After few minutes we see that the updates are installed on one the client machines in the collection and there is a notification that system needs to be restarted.

Deploy Software Updates Using SCCM 2012 R2 Snap28You can choose to restart the computer by choosing Restart now or you can choose Snooze and remind me again in hours.

Deploy Software Updates Using SCCM 2012 R2 Snap29

166 COMMENTS

  1. i am working in IT field since last 10 years as a desktop support engineer, I want to be a system engineer what i have to do next to became system engineer. Pl. guide me on same. I had taken academic training on Windows Server2008 R2 but nothing happen in knowledge.

  2. Hi, very good your manual, but I have a question, How do you configure the package source? could you explain more detailed, may be I missed an step or link because I dont see how create the repository (in your example package source \\server\sources\update\windows 7) snap24.jpg
    Thank for you help.

    • The folder windows 7 is created for storing the updates. The Package source is the folder where the updates are downloaded to and deployed from. You can create a shared folder and provide that folder as package source. It is recommended to create folders for different products.

  3. Hi Prajwal
    Thanks for you answer, I am a little confused, the task to download the updates is or is not made by WSUS? this step was configured (only the steps for activate the rol, not the full configuration) when WSUS rol was installed, before to install and configrue SCCM, and this folder was, in my case, e:\wsus.
    WSUS creates own folders to shared, this folders are differents to SCCM folders?, I am talking about the same update downloads.

    If you dont create any package and only makes deployments from all update software view, then ¿where the update are located or downloaded?. Maybe the software (SCCM) always ask the folder destination where the software update will be downloaded

    Thanks again, I am new in SCCM and I am to trying to know how this software works, and the english is not my native language is spanish.
    =)

    • The task to download the updates is or is not made by WSUS? – WSUS works in the background while SCCM takes the charge of downloading the updates and deploying them. If you are using SCCM to deploy the updates then you should not open the WSUS administration console.
      When you create a software update group you basically group the updates for a product and download the updates to a folder, this folder is the package source location. This is not one of the folders inside the WSUS.


      If you dont create any package and only makes deployments from all update software view, then ¿where the update are located or downloaded?.
      – This cannot be done because when you choose to deploy the updates they must be downloaded to a folder and then deployed. You can see the screenshot in my post where in I have defined the package source.

  4. Hi, Prajwal!
    Your SCCM blogpost series very informative for me! Thanks a lot!
    What do you think about updating Windows 2008 R2 Itanium-based servers by SCCM? There is no SCCM agents. What should I do to include these servers into SCCM updating process?
    Please, let me know if you have some tips&tricks about Itanium servers.
    With best regards, Ilya.

  5. Hi Prajwal,

    i would like to konw on sccm 2012 sp1, for updats logs for (sup) i can see only wsyncmgr.log.

    But unable to find the log file as Mentioned some forums WSUSsyncmgr.log ( will Available after the Client windows updates with SCCM 2012 SP1 server…?) . Kinldy let me know it.

    Best Regards,
    Arshad

  6. Fine. Actually even once you also sent me blow link for all log files & WSUSsyncmgr.log Mentioned here.

    Some details of log file of this link & might be sccm 2007 Log file…?

    WSUSsyncmgr.log

    Performing sync on local request SMS_WSUS_SYNC_MANAGER 4/27/2010 11:59:54 PM 6112 (0x17E0)

    STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=SCCM SITE=LAB PID=3040 TID=6112 GMTDATE=Tue Apr 27 18:29:54.530 2010 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 4/27/2010 11:59:54 PM 6112 (0x17E0)

    STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=SCCM SITE=LAB PID=3040 TID=6112 GMTDATE=Tue Apr 27 18:30:18.547 2010 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 4/28/2010 12:00:18 AM 6112 (0x17E0)

    Synchronizing WSUS server SCCM SMS_WSUS_SYNC_MANAGER 4/28/2010 12:00:18 AM 6112 (0x17E0)

    Synchronizing WSUS server sccm.mylab.in … SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:16 AM 5220 (0x1464)

    sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:16 AM 5220 (0x1464)

    sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 4/28/2010 12:02:44 AM 5220 (0x1464)

    http://blogs.technet.com/b/sudheesn/archive/2010/11/10/troubleshooting-sccm-part-iii-software-updates.aspx

    Best Regards,
    Arshad

  7. Hi Prajwal,

    I have started working on SCCM recently and found your posts are very helpful.
    Now I am trying to put those information which I found very helpful when someone would be trying to solve them.

    For example, if somebody using Windows 2008 R2 + SCCM 2012 SP1 (as per my experience), he may find these errors on ccm.log –

    Looking for WSUS SP2 + KB2734608 + KB2720211

    What happens here even WUS SP2 console already been installed, the other patches (KB2734608 & KB2720211) also need to be installed first. There are processes also some procedures for installing them. The IIS and WSUS services need to be stopped before attempting to install them. Once they are installed, those services can be started. Details can be found in the Microsoft KB article

    http://support.microsoft.com/kb/2734608

    Hope this could be helpful for somebody..

    Thanks

  8. Hi Prajwal,
    Thanks for nice posts. After deploying software updates(followed above steps). I was unable to see updates on client machines. checked WUAHandler.log files on client machines getting “Error – 87d00692” I hope it is related to group policy.
    what could be the reason for above error ?
    Regards
    Umesh

  9. i install sccm 2012 SP1 to have a primary site – i need to deploy a remote branch distribution points to be working instead of adding a child SCCm in those remote sites i need your step by step to do that ? also what other sccm roles recommended this Distribution point will have ??

    i have an compatibility issue between sccm 2012 sp1 and windows 8.1 client to deploying EP protection 2012 – does i need migration to sccm 2012 R2 if this is the solution please i need your full steps to migrate from sp1 to R2 – MY OS is windows server enterprise 2008 R2
    thank you

  10. Hi Prajwal, thanks your post. it’s very good.
    I have a question.
    I deployed SUS feature reference this guide.
    It’s successful distributed Windows Update group for collection.
    but don’t view Windows Update list on client software center.
    and distributed result is unknown collection.
    i have to 8530 port telnet succeed from client to server and disable firewall to all server and client.
    Where can i look for this issue?

      • Thank you for quick reply.
        Yes. same issue server. not getting anymore.
        i test to CM 2012. Consisting of private Internet environment.
        When Windows Update while connected to the public Internet.
        When the update is complete, disabled the public Internet.

        • Hi, can you tell me more about what exactly the issue is ? You are trying to deploy using SCCM to client computers and as per you the client systems are not getting updates from SCCM.. Is that true ? You need to check WCM.log file and WSyncmgr.log file on SCCM server and WUAHandler.log file on client machine to troubleshoot the updates related issues.

  11. My English is a little low. Please note that.
    below is red line in log file.
    Repeat to error log.

    wsyncmgr.log
    Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync
    STATMSG: ID=6703 SEV=E LEV=M SOURCE=”SMS_WSUS_SYNC_MANAGER” SYS=CM-WSUS.sc2012.local SITE=SYS PID =768 TID=3976 GMTDATE=FRI 3 20 23:45:10.454 2014 ISTRO=”CWSyncMgr::DoSync” ISTR1=”WSUS server not configured. Please refer to WCM.log for configuration error details.”ISTR2=””ISTR3=””ISTR4=””ISTR5=””ISTR6=””ISTR7=””ISTR8=””ISTR9=”” NUMATTRS=0
    Sync failed. Will retry in 60 minutes

    WCM.log
    System.Data.SqlClient.SqlException (0x80131904): Can’t connect SQL Server to Network or Instance error. Can’t search for Server or can’t Access.
    Done using SC2012\Administrator credentials.
    Remote configuration failed on WSUS Server.

    WUAHandler.log
    ONSearchComplete – Failed to end search job Error = 0x8024401c.
    Scan failed with error = 0x8024401c.

    But I success ping test from SQL Server to SCCM Server.
    And disable public on SCCM Server after Partly successful Windows Update list display on client.
    However, does not display all Windows Update list on client and server.

    In my opinion, I Deployment SCCM with private and public ethernet.
    It results setting public on SQL Server TCP/IP and SCCM Server.
    After disable public and change SQL Server TCP/IP from private to public and disable to SCCM Server.
    May be It seems IP is twisted.

  12. Hello Testing this out but i get a Scan report saying Group Policy Conflict
    is there away of doing updates on machines with out Group Policy as we already have a Wsus Server deploying Windows updates, but want to test using SCCM instead we dont want to turn off Current wsus at the moment.

  13. So if our Current Group Policy set up is for our current WSUS server (WsusServer1.xxx.local) then we cant use SCCM (SCCM2012.xxx.local) to deploy Windows updates until we remove current server and remove from group policy?

    • @EarthCoder – Good Question, When SCCM is installed it creates a local policy and those are always overwritten by GPO. I mean to say that GPO will take precedence over SCCM local policies. So you have to disable or delete the WSUS GPO settings if you are going to use SCCM 2012 to deploy windows updates. you must also set Configure Automatic Updates = Disabled, let SCCM take complete control over updates deployment.

      • @ Prajwal
        Thanks, After disable the GP of AD, I am able to deploy the windows 7 clients updates. But other end windows 8 & windows 8.1 updates I am not able to deploy so far… on sccm 2012 R2. Any Inputs …

          • Thanks for your reply & always Support.
            I hope found the Solution ,
            As some of the M/s WINDOWS 7 Stand for detection state unknown means log file(wuahandler.log) stand for GP Error.
            then i dsable & enable My system , gppdate.exe/force , now win7 updates working fine.

            Same issue with some windows 8 (only 10) clients also detection state unknown with same error we need to try Gp Enable & disable
            so i will try the same & i get back to you
            Best Regards
            Arshad

          • Hi Prajwal,
            As application deployment as we add DP,
            I deployed windows 7 updates, or server updates fine without add DP (Distribution group name).
            is it recommended to add DP because I am not able push WINDOWS 8.1 updated. ..?

            wuahandler.log : err0r=0x8024401c ..(stand for GP error..?)
            (2) some windows 7 client error status id (11423) & last error code (-2147012894)
            Error description: : Network connection: windows update agent encountered Transient network connection-related error.
            client system need to update any windows update agent ..? or SCCM client agent issue….?
            My SCCM 2012 r2 agent are updated with R2 agent.
            Kindly give the inputs.
            Regards,
            Arshad

            • Hi Prajwal,
              for windows 8.1 updated ( for WSUS 3.0 SP2 OR WSUS 3.2), need KB2919355 update. client side …?
              Regards,
              Arshad

              • Hi Arshad, I read about the update KB2919355. “Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers. You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue.”

                • @prajwaldesai:disqus
                  Thanks for your Valuable Support.
                  Fine. Aapart from this update, i am unabale to deploy any windows 8 or windows 8.1 updates from sccm R2 .
                  (But windows 7 no issue. ) shall i send log file text of windows 8 system. Even After disabel the GP of domain
                  Best Regards,
                  Arshad

                • Prajwal Desai

                  Wuahandler.log text details:(dated 10-04-2014) , os windows 8.1

                  ![LOG[Async searching completed.]LOG]!>

                  so this error stand for GP correct (Code= 0x8024410c)….? If yes

                  after admin disable th GP from Domain Controller ……

                  After changed the “ Configure Automatic Update” from GPO to Not Configurewe are lost the control of windows update now , many machine get the update (windows 8) from Internet .

                  if required i will send the text of new current update log file tommorrow
                  Best Regards,
                  Arshad

    • @Earthcooder

      Thanks, After disable the GP of AD, I am able to deploy the windows 7 clients updates. But other end windows 8 & windows 8.1 updates I am not able to deploy so far… on sccm 2012 R2. Any Inputs

  14. Hi Prajwal,

    As My sccm 2012 R2 Server. now i checked your above comments on GPO. (sccm 2012 local policy) & AD GP policy. My case also all client not able reach the deploy updates, later discover the GPO issue according to the client Log & also sccm log file files , sccm Reports (scan reports , deploy reports)

    Now i completely disabele the GP of AD. so SCCM 2012 R2 having client local polices Exist , so i hope wehn i test as deploy updates for clients it will work fine….?.

    (2) Sccm 2012 R2 all Kind of (exchange connector) Mobile deviss it support…. My Exchange 2013 & Present i am able to see only 36 Mob Devices. If having any Ms article for all type of Mob device support , Please share the Link or steps.

    (3) I would like to install Managment pack for Exchange 2013 & Lync 2013 on SCOM 2012 R2. Please provide me download link & steps for installtion Guide.

    (3) after upgrade sccm 2012 sp1 to sccm 2012 R2 Some of My clients shows as inactive, If I try i to manually lnstall the Cleint SCCM R2 & Refesh the service , configration policy it will be fine…?

    (4)some of the clients i am not able to connect remotely (remote client option) from sccm 2012 R2… what could be the reason
    ..(no firewall but Kaspers 10.2 issue..?

    Thanking You in Advance.

    Arshad

  15. Hi,

    Prajwal,

    option (3) Management Pack installation done & no issue (exchange & LYNC 2013 ). other above My query Kindly let me know it

    Best Regards,
    Arshad

  16. Hi Prajwal,

    Been using the site for a few weeks now, great tools. Thank you.

    I want to setup an automatic deployment rule for the updates. In your post here you say it is covered in a separate article. Can you tell me where or is it still in the works? Any help is greatly appreciated.

    Kindly,
    Shawn

  17. Hello Prajwal

    Software Updates are not installing for me. I am using SCCM 2012 R2 but I see different steps in the wizard than what you show here. I have no place to create a deployment package or specify a distribution point. Have you seen this before?

      • I’m using 2012 R2 with everything except the database on one server.

        It looks like they have separated the missing steps into a second wizard. Now you have to right click on the SUG and choose “Download”. Then you get this wizard:

  18. Want to know about Automatic deployment rules in SCCM 2012 and best practices related to it

    Next – What is your opinion on having WIN 7 ,8 and XP machines put in one collection and applying patches ?
    What are the draw back and advantages ?

    Patches will be packaged and then will be deployed .

    Your quick response will be appreciated.

  19. Hi Prajwal,

    In this example you have shown the synchronized updates i.e., security updates for the windows 7. And how we can determine the selected updates will be suitable for the Windows machines in the environment. Please provide me the details how this can be done.

  20. You need to deploy the updates first to one of the test machine before you deploy it to systems in your organization. You should not directly deploy it to production systems. The same applies even if you are using WSUS. Because if an update(s) causes an issue rolling back is a big task.

    • Any advantage of this? Bcoz clients will download only those patches which are required to them and this information is stored in client’s wmi itself during wsus sync.
      So a xp machine will not try to download and install any patch which is related to win 7 only.

  21. I am trying it in the Virtual Labs as per the steps given by you .

    I have choosen the Synchronize From Microsoft Update. After the process selection, Language and clicked on close. But when i go to Monitoring and Component status in this Clicked on the Wsus_sync_manager it was started and showing the message at Wsus sync has been failed.

    Please suggest me regarding to the issue.

  22. Hi Prajwal,

    I am having a problem with updates, it says downloading (0% Complete) but its doing nothing since 4days any idea?

    • This indicates that the client is not able to find a DP to download content from. Is the content distributed to the DP ? Check the status and also check if the DP is correctly assigned to the boundary group where the boundary belongs to?

      • Hi prajwal there is no boundary group as i have only 1 boundary do i need to create boundary group even I have 1 boundary?
        and content is already distributed to DP. the error I am getting on status is 0x800705B4. and there are only 28 machines which failed to download this update.

      • Hi Prajawal,

        The error I am getting the operation return because the time out period has expired 0x800705B4. content is already distributed to DP & I have only 1 boundary so I have’t created boundary group. Is that compulsory to create boundary group as I have only 1 boundary? please let me know.
        note:- it says in status that complaint 57 ans error 19 computers.

        Thanks,
        Rahman

  23. @Rahman – You must create a boundary group. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.

  24. Yes you must create a boundary group. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.

  25. Hello Prajwal,
    I created a software group with 75 patches for windows 8.1.
    but clients only receive 11 patches and in sccm console shown 100% compliance.
    please help me.
    Thanks in advance

  26. As always nothing works in my environment:

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 1:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 2:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 3:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 4:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 5:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 6:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 7:00:12 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 8:00:12 AM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 8:28:30 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 9:28:35 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 10:28:35 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 11:28:35 AM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 12:28:35 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:12:39 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:37:44 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:47:34 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:48:29 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:50:24 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 1:58:59 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 2:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 3:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 4:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 5:59:04 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 6:59:04 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 7:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 8:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 9:59:05 PM 4152 (0x1038)

    Wakeup for a polling cycle SMS_WSUS_SYNC_MANAGER 11/17/2014 10:59:05 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 11:55:22 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/17/2014 11:55:32 PM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/18/2014 12:00:03 AM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/18/2014 12:20:58 AM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/18/2014 12:25:28 AM 4152 (0x1038)

    Wakeup by SCF change SMS_WSUS_SYNC_MANAGER 11/18/2014 12:25:38 AM 4152 (0x1038)

    Populating config from SCF SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:00:08 AM 4144 (0x1030)

    Waiting for changes for 10 minutes SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:00:08 AM 4144 (0x1030)

    Wait timed out after 10 minutes while waiting for at least one trigger event. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:10:37 AM 4144 (0x1030)

    Timed Out… SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:10:47 AM 4144 (0x1030)

    Default SUP not specified SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:10:47 AM 4144 (0x1030)

    Waiting for changes for 60 minutes SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:10:47 AM 4144 (0x1030)

    Trigger event array index 0 ended. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:20:58 AM 4144 (0x1030)

    SCF change notification triggered. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:21:03 AM 4144 (0x1030)

    Populating config from SCF SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:21:03 AM 4144 (0x1030)

    Waiting for changes for 50 minutes SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:21:03 AM 4144 (0x1030)

    Trigger event array index 0 ended. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:28 AM 4144 (0x1030)

    SCF change notification triggered. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:33 AM 4144 (0x1030)

    Populating config from SCF SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:33 AM 4144 (0x1030)

    Waiting for changes for 45 minutes SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:33 AM 4144 (0x1030)

    Trigger event array index 0 ended. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:38 AM 4144 (0x1030)

    SCF change notification triggered. SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:43 AM 4144 (0x1030)

    Populating config from SCF SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:43 AM 4144 (0x1030)

    Waiting for changes for 45 minutes SMS_WSUS_CONFIGURATION_MANAGER 11/18/2014 12:25:43 AM 4144 (0x1030)

  27. I added WSUS role on SCCM server, installed SUP role, configured it and did synchronize software updates (security, critical and definition updates for Windows 7). I have chosen all non-expired and no-superseded and put them into new software update group, and, finally deployed it to target collection with one Windows 7 machine. However nothing happened on machine – I noticed in WU in CP info Windows is up to date and in installed updates list I saw many updates installed on November 10th, however not using SCCM but probably online from MS since I installed SUP yesterday. Also I can manually change update settings – they are not grayed-out as it was the case when “normal” WSUS server is deployed. Logs are here: https://onedrive.live.com/redir?resid=670BDDFCE8F2477A!466&authkey=!AMJeRV46bRz7ilk&ithint=folder%2clog

  28. Prajwal, I solved my problem – updates were successfully deployed to my test collection. However two things bother me. First why update settings in Control Panel – Windows Update on client machines are not grayed-out. Secondly in Software Center user can follow update progress but if user clicks on installed update that requires restart in lower-right corner there is a button RESTART – I did not try but it probably would have restarted machine regardless of installation process of other updates that was in progress. I did not find any settings in SCCM client related to this “weird” behaviour. I assume this is not normal situation on clients.

    Answer to your question – I do not have dedicated WSUS server, WSUS is on SCCM server itself.

  29. Hi Prajwal, I have always had the most problems with software updates and SCCM. I have followed each step of the guide without issue thus far. I’m not sure that updates are getting to my 2008 R2 servers. I have created a software update group for deployment of critical updates to my 2012 R2 servers, and it appears that these updates showed up on the 2012 servers in the software center. I had to reboot each of them individually to finish the updates because I misconfigured the restart option I believe, but minor inconvenience. I can not seem to see any updates being deployed to the 2008 R2 servers? I didn’t have windows update setup on any of the servers, they have all never accessed windows update.

    Can you give some advice as to how to check that the updates are making it to the 2008 servers or are not making it there. Also, I saw the updates in the Software Center of the 2012 servers waiting for reboot, but once they rebooted and completed the installation of the updates, I didn’t see anything in Installed Software tab of the Software Center.

    I’d appreciate any help with the software updates as it’s always been the hardest thing to administer for me. Thanks.

    -SK

    • There are lot of things that we need to check here. I am sure you would have filtered the expired updates using the search criteria from list of updates. Login to any of the client which has 2008 R2 OS and check the windows update group policy, can you tell me what is the intranet update server info there ?

      • Hi Prajwal,
        I did filter the expired updates using the search criteria. The update group I created for the 2008 R2 servers contained just critical, not expired, and not superceeded updates. I didn’t make a specific GPO for the update server to point to my SCCM server. Is this necessary for the 2008 servers? If so I can create one and link it to the 2008 Servers OU. Thanks.

  30. Hi Prajwal,

    Can you please provide me with the URL for Deploying Software updates, using automatic software updates deployment.

    Thanks

  31. Hi Prajwal,
    I hope you can help me. I have configured SCCM 2012 R2 in my lab on a Windows Server 2008 R2 Operating system. I have installed the “Software Update Point” service and have successfully downloaded and filtered the patch for a Windows 7 Client sitting in my lab, as per the instructions above.
    For some reason my Windows 7 Client when polling is not picking up the Patchs that have been created as a deployment Package.
    Any helps would be much appreciated.
    Just to confirm if I click on “Configuration Manager” on the Windows 7 Client and go to “Sites” then find site this returns a message saying that configuration manager has found a site to manage this client.
    Many Thanks
    Jag

  32. Hi Prajwal,

    I hope you can help me. I have configured SCCM 2012 R2 in my lab on a Windows Server 2008 R2 Operating system. I have installed the “Software Update Point” service and have successfully downloaded and filtered the patch for a Windows 7 Client sitting in my lab, as per the instructions above.

    For some reason my Windows 7 Client when polling is not picking up the Patchs that have been created as a deployment Package.

    Any helps would be much appreciated.

    Just to confirm if I click on “Configuration Manager” on the Windows 7 Client and go to “Sites” then find site this returns a message saying that configuration manager has found a site to manage this client.

    Many Thanks

    Jag

    • Okay is it the only one Win7 client that is not pulling the updates or its whole collection. Can you try making the update package “AVAILABLE” to the client machine so that you see atleast its being distributed by DP ?.

  33. Prajwal,
    Thanks for posting. I forgot all of the steps and your blog was very easy to follow. One thing I would like to mention. Your section on creating a Software Update Group has Bulletin ID set to “MS”. For whatever reason critical updates don’t have a bulletin ID so they get missed. As soon as I took that out I was able to get my critical updates.

  34. Hello Prajwal
    iam using microsoft virtual lab for patch deployment.but i found a error when create a deployment package.i think its path has been not define properly do you have any idea related to this lab.

  35. Hi Pradeep, I am not sure about the lab that you are talking. I would recommend to build your own lab for SCCM and try out the testing. I understand that the labs are easy to learn but I feel real lab is good for learning.

  36. SCCM is complaining that the WSUS server cannot be contacted. I check IIS and there is no WSUS server running. I have reinstalled WSUS twice now, and there is no such step prompting me to “Create a Windows Server Update Services 3.0 Web site”. It’s not there. This is installing it from the add roles and features section of the Server Manager in server 2012 R2.

    The error I’m getting in the event log is this:

    “On 3/12/2015 12:21:25 PM, component SMS_WSUS_CONTROL_MANAGER on computer blah reported: WSUS Control Manager failed to configure proxy settings on WSUS Server “blah”.

    Possible cause: WSUS Server version 3.0 SP2 or above is not installed or cannot be contacted.

    Solution: Verify that the WSUS Server version 3.0 SP2 or greater is installed. Verify that the IIS ports configured in the site are same as those configured on the WSUS IIS website.You can receive failure because proxy is set but proxy name is not specified or proxy server port is invalid.”

    Google is turning up no hints about how to resolve this issue. Any ideas?

    • Hello Prajwal
      I am getting similar error in wsyncmgr log. WSUS update source not found. I did nto got option to create custom or default website. i am slo not using any proxy server. this box is directly connected to internet. also there is no application pool for WSUS in IIS and only default website is showing. any idea???

  37. Dear Prajwal,

    I want to create Standalone Media TS with Application & Package (Office 2010, adobe reader, 7Zip, Pdf creator etc) for work group machine, could you tell me that how to create TS because i tried lot of time but not success.

    Please help me.

    Regards,
    D.Chouhan
    [email protected]

  38. Hi Prajwal, what we are interested in is the client side (servers and Workstations). Can the SCCM client only pull down what it needs from a scheduled software update deployment or must you first have the all the updates available/downloaded on the machine? From what we’ve seen it seems that the whole package gets downloaded first if we do a scheduled software deployment and then compliance of the updates are checked.

  39. Helllo Prajwal

    I am facing a problems related to software update. i have already installed SUP and WSUS but when i click on Synchronize Software Updates no one software update are showing there.can you please provide me any help related to this.As iam fresher in SCCM.so please help me in a proper ways
    Thanks a lot

  40. Hi, I’m confused with he last few step od the Deploy Software Update Wizard: I’m stuck at the Deployment Package step. Which location should I pick? Can I pick local hard drive? Thank you in advance!

  41. Please help…
    I have created a Windows Update Package for Windows 7. When I tried to run the deployment, everything look fine and completed with no errors. However, nothing is happening on the client hosts (i.e. Windows 7 hosts). I don’t know where to check for error, and what did I do wrong or need to perform?

    • Do I have to create it in different server? Also, I don’t see anything happens on the clients; even though, the wizard completed successfully. What log (on the client machine) should I look for? I went to Software Center on the client box, and nothing is in there.

      • If you are creating new deployment package then you need to specify the location where the updates will be downloaded. Once you complete the wizard, at the end updates will be downloaded and stored in the location that you specified. Are you saying that you are not able to deploy the updates to client computers ?

        • Yes, the updates DID not get to the client computers. I followed all the step above and created a Software Update Group with few updates, deployed to a test collection (couple clients Windows 7). Everything seemed no errors, but when I went to the client’s Software Center, there is nothing in there and nothing happened. What log in SCCM server and log in the clients should I log for errors. I’ve been struggling with this issues for days. Today, I tried to create ADRs (one for Windows 7, one for Windows Server 2008), and It’s still not working. I see no updates (patches) listed in the Software Update group. Please help!

  42. Hello Prajwal,

    Thank you for your documentations – these are really handy. I am having lot of problems downloading Windows updates for patching process via SCCM 2012. I select the product for which I want to download the updates for Patching. After that I create a software group – no issues so far. Then I go ahead and create a deployment package for the update where it fails saying – The Deploy Software Updates Wizard completed with Errors.

    The irony is that sometimes it will working fine, sometimes it will fail in the middle of downloading updates & sometimes it will fail completely. I have made sure that our SCCM server has access to the web as well.

    I checked PatchDownloader.log file and it shows the following error:

    HttpQueryInfo HTTP_QUERY_CONTENT_LENGTH failed 12150

    Download http://wsus.ds.download.windowsupdate.com/c/msdownload/update/software/secu/2015/01/windows6.1-kb3004375-v3-x64_106d506f0b146279985ca204a0abf70423e00c68.cab to C:UsersTestAppDataLocalTempCAB75A1.tmp returns 12150

    ERROR: DownloadContentFiles() failed with hr=0x80072f76

    The above error sometimes will come up straight away or it will come up in the middle of downloading updates and the process will stop. I have also check the directory where the update files will be store has appropriate permission.

    I am lost here. Please help.

  43. Hello Prajwal,

    thanks very much for your great tutorials.

    i have a problem with my sup. it’s installed with your step-by-step guide.

    my issue is, that I miss several updates although the product and the category is selected in sup configuration settings.

    for example KB 2889923 (its the lync/skype for business April 2015 update)

    How ca I manually add a patch to the updates repository, or otherwise how con i reset the update point content and resync from scratch?

  44. Great doco.

    Assuming all steps have been completed without errors and you still are not getting the updates to the client:

    If you have created the deployment packages and nothing is happening on your client you can run the Software Updates Deployment Evaluation cycle on the client machine from “Actions” in the Configuration Manager client app.

    Remember that the default client settings are to poll for updates every 7 days as of 1/2/1970.

    Praj, it may be worth adding this small step to your instructions. It seems a lot of people are just waiting expecting it to kick off in a few minutes like you have stated:

    “After few minutes we see that the updates are installed on one the
    client machines in the collection and there is a notification that
    system needs to be restarted.”

    One i run this, updates start to appear in software center.

    SUCCESS

    Thanks

  45. Hi Praj,
    thank you so much for your step-by-step guide, really clear and helpful.
    Just a question to be sure, you wrote:”When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window”, does it mean that the software updates maintenance windows wins over the Default Client Settings?
    I know, it’s a basic question but I’m a beginner and I learn faster from masters.
    Thanks!

    Andrea

  46. Hello Prajwal,

    I’ve completed the following steps as mentioned. I’m getting the following msg after deployment in my
    updatedeployment.log. “Optional assignment, no advance download needed”. This pc has not been updated in over a year. And
    the other msg is ” EnumerateUpdates for action (UpdateActionInstall) – Total actionable updates = 0″.

    Pls Help.

  47. Dear Prajwal,
    I’ve followed all your steps. I dont get any errors but i get the msg at the every time i deploy software updates on my updatesdeployment.log.
    No actionable updates for install task. No attempt required.

    All my updates are current from 2016, no expired or superseded
    Computers that i’m deploying to, have not been updated in almost a year

    I have no clue why the updates are not going through.

    Pls help.

  48. Dear

    i have problem with the updates i tired many time as you described but no updates showing in the when i try you do updates sync nothing showing after performs all these steps im tired tell me what to do sir? what can be mistake ? what to do then it will work ?

  49. Dear Prajwal

    i couldnt find out the solution of sync updates nothing showing i cheek its log file there showing error. i already attached snaps what error became during sync updates tell me what is its final solution? thnx

  50. hey Prajwal now updates appears but on the client machine nothing updating those software updates. what is the major reason why client machine dnt have acces for updating installation? System center installation showing empty after done those step can you solve this issue please

  51. Hello Prajwal

    I am currently installing a newer version of SCCM 2012 in our dev enviroment before it goes to production we originally had 2007 but I have not migrated anything with the old version this is a fresh intall. I am trying to connect my WSUS server which is on a different box to my newly built 2012 sccm box, I have tried conneting using your guide and noob.com guide and to no avail I have not succeded. This is very baffling as the 2007 box connected with no problems. Do I need a fresh install of the WSUS server????

    • Hi Phil,

      Have you figured out how to connect your existing WSUS server? I’ve hit the same road block. It’s not clear if I use “Synchronize from and upstream data source…” or not.

      Thanks,

      Keith

  52. Dear Prajwal,

    Have you tried using other specialized software products for deployment? Is there anything decent on the market today? SCCM is very powerful, but I had a few products that I wasn’t able to deploy due to an unsupported file format. I’ve met several other product like Lansweper, Manage Engine and Total Software Deployment across the web, but I haven’t tried them yet.

  53. Greetings Prajwal,

    I wanted to start off by saying how helpful your guides have been. I have a question about creating the deployment package step where you have the Package Source set to “\SourcesUpdatesWindows 7.” Am I missing where that UNC was defined/established? Is that something that needs to be created before staring the process, so that the files have somewhere to go?

    • Thank you Matt. The package source path (windows 7 folder) is a folder where all the updates would be downloaded and the updates will be installed from the same folder. Yes you have to create a folder before you download the updates.

      • Thanks for the quick reply… So my next question is, where do you configure the system to download all Win 7 (or Win 8, Win 10, etc) updates to the desired location?

        • Yes, you could create a folder called updates under sources folder. Under updates folder, you can create folders like Windows 7, windows 8.1 etc to download the updates. If you wish you place all the updates in one folder you could do that as well.

    • Hi, I have the same issue, try to uncheck all of the products, and then run sync. Check the logs if it’s successful,

      and then check the products you need and run the sync again.

      It work on my end. Hope this helps.

  54. What I don’t understand is why you would download the software from the internet? What is the point of even using he WSUS if when creating the “Deploy Software Updates” via the wizard the updates are downloaded from the internet. I choose all the appropriate groups (by the way I am using 1511) when I set the SCCM console up as a Software Distribution Point (updates)…

    • That setting is for the server to download the updates in the first instance. It can get them from microsoft via the internet OR an upstream WSUS server. The clients will download the updates from the distribution point.

  55. Hi, I have the same issue, try to uncheck all of the products, and then run sync. Check the logs if it’s successful,
    and then check the products you need and run the sync again.
    It work on my end. Hope this helps.

  56. Hi Prajwal, i encountered this error in sccm software updates. Can you help me how to fix for days
    . Thanks

  57. Hi Prajwal, I deployed windows 7 updates to pilot users. I Check report, Security Update for Windows 7 (KB3146963) is required and installed on my laptop. But 2 more Desktop PC shows the update not required. All machines are windows 7 32bit. Is it a problem? Please help thanks.

  58. Can you please explain to me how the software update deployment process will work, if I install a new machine in the environment? I installed it via MDT task sequence, added it to the domain, it has SCCM client installed, I even added the machine to the Device collection for which I have set automatic updates. Will the Automatic Deployment Rule apply to the newly added server as well? Or are there some updates that have to be installed manually?

    Can someone make this clear to me? Thanks

  59. Hi Prajwal, can you configure where the site server should store all these updates? I’ve got a separate hard drive for it but I don’t see an option.

  60. Hi Prajwal,

    I’ve done a deployment, and it’s saying deployed in the deployment package, however the client doesn’t appear to be receiving the updates (the updates have been downloaded to the “sources/updates/windows 7” folder on the SCCM server.).

    I took a look at UpdatesDeployment.log on the client however nothing seems to be standing out (the only thing would be “No current service window available to run updates assignment with time required = 1”).

    Any help would be greatly appreciated.

    Thanks,

    Stephen

  61. Prajwal.
    When I create the collection, within a few days I receive an error on the distribution site that there is a file missing from the folder and then the deployments fail. I created a patch distribution for Adobe Products and it worked this past Friday, but today when I came in, the deployment package that I created was displaying an error and it failed. It fails for the same reason in that there is a file missing from the folder. I am not sure why this is happening as I am not doing anything to these folders once I create them. I am using SCCM 2012 R2 and following your steps. I have 3 update packages that are now failing on a regular basis. Am I causing the issue by adding additional selected patches from the “All Software Updates” section and “rick click” and “Update Membership”? I am having to re-create these almost now on a weekly basis and am not sure what I may be doing wrong. If you would, let me know what further logs or information you may need to help point me in the right direction.
    Mark
    [email protected]

  62. Hi Prajwal,

    I am new to sccm, and learning how to deploy updates. After creating the software update group and then going to deploy, during following the steps i am not prompted to create the deployment package. Am I doing something wrong or missed a step?

  63. Hi,

    I have 2 separate servers, one for WSUS and one for SCCM. I will like to use SCCM to get the updates from this WSUS server.
    Do i add site system role or create site system server? or both?

    Thanks

  64. I am just starting to wade into the SCCM pool, and have a question about applying Monthly Windows updates. I believe that my problem lies with the Scan Agent and getting Updates to be detected as required etc. After the process runs I everything comes back as Not Required. I have manually installed at least one of the problematic patches successfully, so they are needed. Going through the ScanAgent.log on the clients I see a lot of:

    Did not find CategoryID for Update:786656d5-cf9b-443c-a1bc-744b4ff6d3e7 ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    CScanAgent::ScanByUpdates – Did not find UpdateClassification for Update:786656d5-cf9b-443c-a1bc-744b4ff6d3e7 ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    Did not find CategoryID for Update:75efbd8b-6d39-437b-928f-af03ea750034 ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    CScanAgent::ScanByUpdates – Did not find UpdateClassification for Update:75efbd8b-6d39-437b-928f-af03ea750034 ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    Unable to find any Categories for at least one Update. Will not do a Category Based Scan. ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    Sources are current and valid. TTLs are also valid. ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    CScanJobManager::Scan – SKIPPING SCAN and using cached results… ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)
    CScanJobManager::Scan – Reporting Scan request complete to clients… ScanAgent 7/28/2016 8:51:22 AM 4472 (0x1178)

    Is this why my updates all show as Not Required? Is there something that i have missed in defining the Deployment package? Or the Baseline? Why do my updates not appear as needed?

  65. Hi Prajwal
    I have configured SCCM for updates but got errors.
    Attachment has the scenario.. WCM and wsyncmgr log files..
    Any Solution please ??

  66. Hi Prajwal,

    Can u define the term “Internet-Based Software Update Point” please, Thanks in advance

    Rahul Srivastav

  67. Software Update Point for Internet-Based Client Connections – This basically allows you to manage Configuration Manager clients when they are not connected to your company network but have a standard Internet connection.

  68. Hi Prajwal – Thank you for sharing this post, I’ve found it very helpful 🙂
    I think I’m clear on all the steps except for the package source.

    According to technet, I need to manually create The shared folder for the deployment package source files
    Deployment package source: Specifies the location of the software update source files. When the deployment is generated, the source files are compressed
    and copied to the distribution points that are associated with the deployment package. The source location must be entered as a network path (for example, \serversharenamepath), or the Browse button can be used to find the network location. The shared folder for the deployment package source files must be
    manually created before proceeding to the next page.

    https://technet.microsoft.com/en-us/library/bb680916.aspx

    Do I just need to right click in the Updates directory and create the new folder then reference it in the Package Source location in SCCM?
    TIA,
    Brandy

  69. Thank you for your great how to steps Prajwal!! Is WSUS required for SCCM to manage updates? Since you can point SCCM directly to the Microsoft update servers couldn’t you do this without WSUS running? I have an environment with 100 systems I need to manage so I’m trying to do this as simple as I can. I have no need for secondary sites since everyone can hit my primary site. Thanks again!!

  70. Dear Prajwal,

    Sorry to bother you, I have a critical issue in my SCCM 2012 R2, I try to troubleshoot and find the root cause but no luck, could you mind check my attachment file and take a look. Please advise me how can fix this issue, thx.

    Regards

    Boris

  71. Please will like to know if you have come across this issue on security update deployment on windows server 2012 r2

    i deployed security update via sccm and it recorded complaint for all the windows servers 2012 rs but when i log in to the servers the updates are not recorded on the add and remove programs.
    why does SCCM behave that way for windows server 2012r2 because windows server 2012 and 2008 r2 shows the update deployed via sccm.

  72. Hi Prajwal,

    I want to change the maximum run time (minutes) for software updates by default is 10 min and want to change it for 30 min.

    I know I can do it for every update manually. But how can I change it so that i don’t have to do it every month for the update. By default it should be set for 30 min.

    Regards,
    Sunil Kaushik.

  73. My WSUS sync isn’t work after a restore. Here are the following logs. I was able to remove Adobe by unchecking it and resyncing but I can’t get rid of the Java JRE Client. Please help. WCM Log
    Subscription contains categories unknown to WSUS.~ $$
    Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error~ $$
    ..
    Successfully connected to server: server, port: 8530, useSSL: False $$
    Category Company:94d731de-22a6-4458-dc4d-b5267de026fc (Adobe Systems, Inc.) not found on WSUS $$
    Category Product:b1d1a5ca-37c4-5805-b271-367467ef10f5 (Java JRE Client) not found on WSUS $$
    Starting WSUS category sync from upstream… $$Microsoft.SystemsManagementServer.WSUS.WSUSMSPException: WSUS sync failed with UssNotFound: ~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.IsSyncRunning() $$
    Failed to set Subscriptions on the WSUS Server. Error:(-2146233088)Unknown error 0x80131500~ $$

    • under Software Update Component properties, deselect all Products and Classifications which are enabled. Next run the Software Update Synchronization. Once it is complete, enable the required Products and Classifications that were disabled previously, and run the synchronization again. Let me know if that works.

      • Thanks. So I was able to get that to work. Now when I synced SCCM to WSUS I only see windows 7 updates. I looked in WSUS & I have multiple types of updates not just Windows 7. I noticed the WSUS content folder only had a few folders. I’m not sure what else to do. This is all after a restore. I think I failed to install SCCM on the correct drive. I also don’t see my \servernamesourcefolder. Is it possible to uninstall WSUS without any issues?

      • Thanks. I was able to get that to work. Now when I synced SCCM to WSUS I only see Windows 7 updates. I looked in WSUS and have multiple categories and products as far as software updates. I noticed that my WSUS content folder only contained a few folders. I’m not sure what else to do. This is all after a restore. I think I failed to install SCCM on the correct drive during the restore. I also don’t see my \servernamesorcefolder . Should I just start the restore over? Is it difficult to uninstall WSUS?

      • I got that fixed thanks. I did notice that my content folders are empty after the restore. I had a lot drivers etc I wanted to bring over. Do I have to manually copy that information?

  74. How is it possible to make the package install before on some deployment group to validate theres is no regression ?
    Also, we starting on this, and we are afraid there are a lot of udpates needed on our client systems, that will annoy users with 12348 reboots until all KB have been installed??

  75. First I love your guides! The time you have put in for the community is beyond appreciated! I am trying to learn SCCM as I follow your guides step by step. Here is what I am getting, and any help is beyond appreciated.

    After I click on “Synchronize Software Updates” I get this error in my wsyncmgr.log https://uploads.disquscdn.com/images/9e6516d6a9b805f46e9b9ddfe1e3b060b9559cad99aba2e388e0d5c1aac8c3ce.png

    Here is the WCM
    https://uploads.disquscdn.com/images/4aa759a4a6407bc89c49dcc188bcea8cea104aa62e56529a6e645a8c4a3be7d4.png

    and statesys
    https://uploads.disquscdn.com/images/f5271ce5155fa112705ca6c8b2ecead7205004f0acfb2666c8e839c69c88a334.png

  76. Hi ,

    SCCM Keep waiting user approval “Install All” and it is deployed as a Required. How to deploy Updates automatically without enduser interruption
    Thanks

  77. Check the folder and share permissions on the location where you selected to download the patches to. Both the share and the folder need to be open to write access by SCCM.

  78. Estoy realizando despliegue de Updates a equipos Windows 7 y Windows 10, desde el monitor de sccm pasan equipos como completado compliant pero cuando voy al equipo cliente no hay actividad del deployment ejecutado.saben que podría ser? Y desde la herramienta monitoring deployment indica resultados satisfactorios.

  79. Hi Prajwal,
    Good Day, Thank you for the manual i did follow all steps. But i have a question, I don’t have an idea where to find the error logs after i run my software updates to my client. My creating and deploying of software update was successful but not showing on the software Center of the client. Hope you solve my problem. Thanks

LEAVE A REPLY

Please enter your comment!
Please enter your name here