Jump to content


Established Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

1,066 profile views

jimbocalvo's Achievements


Newbie (1/14)



  1. Hello all, I have been asked to look at a config issue that is happening with our iPad's, I am more from an AirWatch background and I'm still getting to grips with Intune so bear with me. The issue is that we have a device restriction policy which stops users from taking screen shots, we have some users who need to be exempt from that restriction. At the moment, the devices get the "main" restriction policy because they are a member of a Dynamic Azure Group and from what I can tell the restriction policy that has been set to exempt devices, has been assigned to a static group sync'd from AD. According to Intune, there are only 32 devices getting that policy, but there are over a hundred users in the group. Is the user because the assigned has been mixed? I.e. one policy is being applied per user and the other per device? If you need anymore information then please let me know. Thanks, J
  2. Just an update, I have some devices reporting and reporting correctly as one device has installed the patch and the Installed column has incremented by one.
  3. Hi guys, I am currently looking at the patch status of our devices, especially given everything that's happening at the moment. When I filter on Security Updates, I can see an update (KB4019472 for example) and the required column says 4, but I have at least 200 devices that should be requesting that patch. What am I missing? The Software Updates section for my clients are:- Enable Software Updates = Yes Software update scan schedule = Simple schedule running every day Schedule deployment re-evaluation = Simple schedule running every day When any sofwtare deployment deadline is reached..... = No Enable Management of Office 365 Client Agent = Not Configured If you need any more information then let me know. thanks, James
  4. Hi guys, I am having an issue deploying a "Required" Task Sequence to our Thin Devices. The devices in question are HP T630's and they have a Unified Write Filter. I am trying to rebuild them using a task sequence which is set to required. The collection where the device resides has a maintenance window set and the deployment has the "Commit changes at deadline or during a maintenance window (requires restarts)" checked. When the maintenance window starts, the device will start a countdown and reboot and go into maintenance mode so the UWF gets disabled, but then nothing happens. If I login with a local admin account and start software center, i can see the Operating System that I am attempting to deploy but it says available rather than required. After a period of time the device will reboot itself again and go back into production mode. If i boot the device off standalone media the task sequence starts immediately which makes me think its something with the config manager client on the device Any help would be appreciated as I am at a bit of a loss. thanks, James
  5. I just thought I'd post back with an update. I ended up running a full clean and reindex of WSUS and that has pretty much resolved the issue. I also instructed our clients to not contact WSUS for Defender updates and rejigged the push from SCCM and added an UNC path for manual (and fallback) DAT retrieval, this reduced the load on WSUS. I ran scripts against the database to see how many obsolete updates were present and it was over 8000. Some updates were (the best word I can use) stuck and I had to manually remove them from the database. The full run in the WSUS console to remove old updates took over 24 hours but purged the updates and when I ran the script against the database it came back as zero. The server is certainly more stable now. I am just preparing a daily clean of WSUS on the server for a scheduled task
  6. Hi, I may be missing something really obvious, but is there a way to set a default "Sort by" order for Software Center? Mine defaults to "Most Recent" and I would prefer to have it "Application Name: A to Z" thanks,
  7. Thanks Garth, we're just trying to arrange some downtime, whenever that will be. If it works I'll post back with an update
  8. I cant see a great deal of issues in the IIS logs, but what I have seen when I cross check in the application logs are ASP.NET errors, Event ID 1309 with an Event Code of 3001. I see timeouts from workstations when contacting the WSUS site. I have read some material were other people have had issues with their WSUS database either going offline or becoming unstable/corrupt. We are currently mulling over uninstalling and reinstalling WSUS and setting the database to be in the onbox installation of SQL rather than WSUS's own database. Would something like that sound reasonable and also our potential course of action?
  9. ok, the changes last night have made no difference :-( CPU is maxed at 100% and w3wp.exe is using 50-65% of it. I was optomistic last night as CPU dropped off and was then spiking every half an hour for a 10 minute period, I've been watching it this morning and its not dropped once. Even when I recycled the application pool it dopped momentarily and then went back to 100%
  10. WSUS is set for an auto sync once a day at 05:33 (bizarre time but there we are). But when I look at the sync reports in the WSUS console I can see three sync's a day, the WSUS one at 05:33 and then "Manual" ones happening at 08:00 and 16:00. Are those additional sync's being requested by Config Manager? I have just adjusted the polling schedule to 60 minutes.
  11. Hi Garth, is this the screen you're referring to?
  12. Hi, At the moment it has 350 clients, but this will grow The server is question is the Primary Server and has 14 roles installed, it has MP, SUP and DP installed. We have another server which also acts as a DP. The client polling policy is is 10 minutes Where would I check how often we were checking for SU?
  13. Hi guys, I have just started at a new job and one of the first things I've been asked to look at is the very high CPU load on the my company's primary server. The CPU maxes out at 100% (and when not that in the 90's) for most of the day, looking at the process(es) that is consuming the most and w3wp.exe, namely IIS Worker Process is the main culprit. When I look in IIS Manager I can see the WSUSPool as the source. At the moment its causing an issue with clients receving timely Defender updates, my colleague is of the opinion that the high CPU load is the cause of those delays in receiving defender updates. If it were a server I'd built myself or been looking into the issue since it started then I'd probably been able to get a good idea as to what the probable cause was, but I'm now playing catchup and going over things that appear to have already been tried. Setup: Server is a Windows Server 2012 R2 Data Center 18G Ram with 4 Cores Config Manager 1610 Not sure what other information anyone would need to assist but please let me know and I'll get it. So far I have amended the AV as all the directories where being scanned without the standard Config Manager exclusions and I have been looking at Private Memory Limit (under Recycling) for WsusPool in IIS. thanks in advance.
  • Create New...