rrasco

I had a package I created once for 3 months, I had not noticed I can select for last 1 year. Maybe I missed that or they expanded the options in R2? I used to manually patch the machines via WU, but I prefer when I can just join a machine to the domain and it pushes out the client, SCEP, and all previous updates. Just let the machine run for a day or so and it will get all the software deployments taken care of.

I am curious, how does everyone handle patching new machines? When I join a new machine to the domain and move it to the correct OU, SCCM pushes out the client, intalls SCEP, and patches the machines with all previously deployed Update Groups through the use of ADRs. My question is, what about the patches that you didn't have an Update Group for? Such as updates that were published prior to using ADRs? If you only have the product date set to last 1 day and run on Patch Tuesday, wouldn't that effectively miss all previous updates? What do you guys do to get new machines up to date prior to letting SCCM patch what it knows about?

It basically says it doesn't have a valid connection to the database from the Data Source screen in SSRS and when I try to run an audit report.

Yep, that's exactly how mine is configured. That's how I came across the test button, was following that step in your guide.

After completing this part none of my audit reports work, I get an error basically saying the database connection is failing. I see the Audit and Audit5 reports in the audit reports from the SCOM console. I get this too from the report server URL, under audit reports when I test the connection.

Thanks for this. My upgrade is currently running, hopefully all goes well. I have a few notes about my process: KB2734608 would not install for me. It acted like I didn't have the right version of WSUS; "the upgrade product is missing". I have SP2, but maybe there was a superseeded update already installed on my server. Just a guess though. The prerequisite check put out a warning saying I needed both KB2720211 and KB2734608 but allowed me to begin the install. Fingers crossed it succeeds. I had to add the User State Migration Tool (USMT) during the ADK installer. I had to go back and add this since I left only the defaults checked.

Probably not. I think I just needed to wait, just a few seconds ago clients started reporting "Application no longer available" and my new package is now available via Software Center. I was afraid I borked it up by not following the proper procedure to remove a package. The new package is failing to install, but that's another issue. EDIT: The new package wasn't downloading, had to increase cache through config manager in control panel.

I setup an Application for Office 2013 w/SP1. Long story short, SP1 has issues. I deleted the deployments and application and re-packaged non-SP1 Office 2013, but I still see the original 2013 application in the Software Center on client machines. Hindsight is 20/20 and I see it's recommended to retire applications, but it's too late for that. How can I get rid of this application in Software Center?

Not that I am aware of. Where is that setting at? I see 'delete quarantined files after (days)' option in my custom antimalware policy on the 'advanced' tab, but there is no option to disable the client user interface. I have not installed SP1 yet.

I have a client machine that I thought didn't have the SCEP client. According to the logs the SCEP client is already installed and protected, but it is not in the system tray. I want to run a full on-demand scan, but I can't do it because there is no interface to run. I uninstalled the SC client and re-pushed it to the client to see if it would re-install SCEP, but the EndpointProtectionAgent.log on the client says: Any ideas why the SCEP client is not visible?

Follow up: I was able to get mine working. There were a few more things I tried to get it going. Referencing this post I enabled the Protected Storage Service. That did no resolve the issue. Moved onto find this post where I located the MachineKeys directory on Windows 7 (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys) and removed the key that started with 19c5cf and the cert was able to be created. Repaired CCM on the client and it was reporting in no time. I believe it was an old cert on that machine from before I had SCCM configured correctly, thus it had to be cleared to function correctly.

Which system did you have to enable the service for? Client or server? Mine is enabled on both and I am receiving this error from a new client I am trying to get into SCCM.

This has been configured for a few months for me. Checking in the \\sccm\sources\WindowsUpdates\EndpointProtection\ directory, it's full of definition updates, dating back to November. Over 1900 items and 2GB of data. Is SCCM supposed to delete expired definitions or do I need to do something else to manage that?

Does the ADR remove old updates along the way?

Just a suggestion, but couldn't we manually create the Deployment Package instead of creating an entire ADR just to create it? Is there any benefit to having an ADR create it instead?