RLC-Andrew

Have you reviewed your boundaries and confirmed that your servers belong or fit into one of the "boundary groups"? Also, on one of your servers check the registry location below. Are the WUServer and WUStatusServer keys set to your SCCM server? HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\

When I set this up years ago, all updates that were available were put into one of the "Base Set of Updates" groups and an underlying associated deployment package. So these hold mostly old updates at this point, as I do not add to them. Each month, the Patch Tuesday ADR described in my original post runs and create a new group (Patch Tuesday - 2019-01-18) as last months example. As it stands now, this group contains anything released or changed in the last month. This Group that is created is deployed to the various collections (Test Groups, Servers, Workstations etc.) Every few months, I move the updates contained in those ADR monthly groups into the "Yearly - Current Year" group to keep things cleaned up. I set this up based on some published instructions that were available online at that point in time (2015). I was curious if anyone had setup a similar style for the patching process.

I have a Patch Tuesday ADR than runs late in the day EST on the 2nd Tuesday of each month. This ADR grabs all the various update classifications I selected (critical, security, Service Packs, Update Rollups, Updates) for the "Last 1 Month". The "Last 1 month" is a hard coded setting from the drop down box. It downloads all the updates that match the criteria and last 1 month into my deployment package, and then creates a new software update group. I'll ask this question first: Is this generally how most have this set up for the patch Tuesday process?

Did a quick search, and didn't see anything pop out at me. I noticed today that I have "Domain Computers" in the "Operations Administrator" Security Role group inside SCCM. I'm assuming this is a default or was done by SCCM, as I was not the one who did this. Can anyone verify if they also have the "domain\domain computers" in that group?

I believe that would only work for definition updates, not the monthly patch Tuesday software updates we deploy using SCCM. I just want to use SCCM to manage the update process and for reporting, but I want the clients to first look to MS update via the internet to download the updates. As of now...they would look to the distribution point (over the VPN) to download them.

I have a remote site with 15-20 computers (St Louis). There is no distribution point or SCCM server in that location. These clients currently look to another remote site as their distribution server (NY). Someday, we'll deploy a full DP at the St Louis site. But for now, I want to distribute windows updates to the St Louis site but have them NOT download updates from the NY DP server. I could install a DP in St Louis, with essentially no content on it. Point the clients to that DP. Then deploy windows updates to those clients and choose the first "Download software updates from DP and install" and then choose the "Do not install software updates" from the 2nd section of deployment options. While leaving the checkbox for "if software updates are not available on dp in current.......download from ms updates". Is there another way to do this, without creating the empty DP in that location? That site doesn't have the storage space to hold the updates. Its only got a small DC at the moment.

I had this issue today. For me, it was (apparently) because I copied and pasted a task sequence. To fix, I just had to re-type the credentials in the configuration of the sequence. The creds had not changed, but I suppose they are lost during the copy and paste process.

Just following up: I followed the instructions from itrider and had no issues. Our server does not have secure boot enabled, and we did not see the known issues.

I currently have "Windows Assessment and Deployment Kit - Windows 10" version 10.0.26624 installed on my SCCM version 1702 Server. I believe when moving from 2012 to 1511, there was specific instructions at that time to install the version of ADK I'm running. Possibly, because the newest version at that time had bugs related to win 10. Everything is running fine, patching works, OSD still works. All is well. So should I leave the old ADK version alone, or should I update it? I cant claim to fully understand what its used for or how its works in conjunction with SCCM. Was hoping someone could provide some insight.

Figured it out, for anyone who cares. I decided to use the Windows 10 1607 DVD I had burned a while back to just manually get it updated for now. When I got to the wizard, hit next to go to the first step....it complained about the product key being invalid. Turns out, someone put or had Win 10 "Pro" installed. We only use enterprise products, and I've only configured SCCM for the Enterprise feature updates. This explains why the Feature update came back as "compliant". I think maybe a status of "not needed" would be better than compliant in this section, but it is ... what it is.

I just dropped a 1511 PC into the collection, and within a few minutes it detected the feature update as needed and started the installation. Both computers are in the same AD OU

I have a "Windows 10 Servicing CB Test Group" collection that I manually drop clients into to begin the servicing update to 1607. Update is required. I have previously used this (say, over a month ago). I have a Surface Pro laptop that "winver.exe" shows as having 1511 10586.679. The Config Mgr Client version (recently uninstalled/reinstalled) 5.00.8412.1007 In the deployment status, after running a "run summarization" ... this client shows as "compliant". Essentially, when trying to force the 1607 feature update to this laptop....The server side SCCM Console is reporting that the client is already compliant for the deployment.

I ran a hardware and software inventory report on my PC today, and noticed it had data going back to 2014. Can someone point me in the right direction for telling SCCM I only wish to store inventory data for a certain length of time? This default is set. But either its not working....or the key word would be "inactive data". And my data never becomes "inactive"? https://technet.microsoft.com/en-us/library/bb680423.aspx?f=255&MSPPError=-2147217396

Are there any errors in the locationservices.log?

Are both machines reachable from the SCCM server? Do they both have the firewall enabled? Do both machines have the "Network Location Awareness" service running?