I know this question is old, but if it were to be answered, it would be of great help to me. I am in a lab environment, so I installed WSUS on a server, then added it to my primary site as the SUP. I created a SUG and deployed them to a device collection to no avail. In fact, it is just showing "Unknown" for the collection as though it doesn't even know if any of the PCs (1) in the collection needs the updates.
I only have a WSUS server and SCCM. No GPOs, no changes to the desktop (it was added to the domain and left alone). When I created a device collection containing said desktop and deployed the package, nothing.
Do we need to do something in AD or GPO’s for WSUS/SCCM ??? Or will everything completely be managed by SCCM.
If you haven't set anything before, then you do not need to do anything. SCCM uses local policies to use SUP. If you have any GPO's with any update setting, they will override the local ones, and possibly create problems.
SCCM found all our clients, software metering is ok, clients ware approved too … but the compliancy status is still be unknown.
seems like they have a problem connecting to SUP. Check these logs:
UpdatesDeployment.log
Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
UpdatesHandler.log
Provides information about software update compliance scanning and about the download and installation of software updates on the client.
UpdatesStore.log
Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
How can I force a compliance scan on my SCCM clients. The last compliance scan time report is empty, so I supose they never did a compliance scan.
Software Updates Deployment Evaluation Cycle: Evaluates the state of new and existing deployments and their associated software updates. This includes scanning for software updates compliance, but may not always catch scan results for the latest updates. This is a forced online scan and requires that the WSUS server is available for this action to succeed.
Software Updates Scan Cycle: Scans for software updates compliance for updates that are new since the last scan. This action does not evaluate deployment policies as the Software Updates Deployment Evaluation Cycle does. This is a forced online scan and requires that the WSUS server is available for this action to succeed.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
using SCCM 2012 in a LAB - Part 6. Deploying Software Updates
in Configuration Manager 2012
Posted
Do we need to do something in AD or GPO’s for WSUS/SCCM ??? Or will everything completely be managed by SCCM.
If you haven't set anything before, then you do not need to do anything. SCCM uses local policies to use SUP. If you have any GPO's with any update setting, they will override the local ones, and possibly create problems.
SCCM found all our clients, software metering is ok, clients ware approved too … but the compliancy status is still be unknown.
seems like they have a problem connecting to SUP. Check these logs:
UpdatesDeployment.log
Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
UpdatesHandler.log
Provides information about software update compliance scanning and about the download and installation of software updates on the client.
UpdatesStore.log
Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
How can I force a compliance scan on my SCCM clients. The last compliance scan time report is empty, so I supose they never did a compliance scan.
Control panel - Configuration Manager - Action [tab] - Software updates deployment evaluation cycle
ref.
Source: http://technet.microsoft.com/en-us/library/bb632393.aspx
When I create a report, all updates are marked as being not approved. Should I somewhere approve the patches before, such as in WSUS?
you use update list as way to approve to updates. The ones that are on the list that you deploy will be evaluated and if required be installed.