Jump to content


Gacco

Established Members
  • Posts

    6
  • Joined

  • Last visited

Gacco's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. I have a new 2012 SCCM environment and am experimenting with how far we can go with automating specific tasks doing the patching/rebooting cycle. I would like to design a series of tasks to logon to a box as local admin and call an application or two following the monthly patching and reboot. Has anyone tried this or heard of a similar process? I am imagining a PowerShell Script or two to perform this. Any suggestions or advice?
  2. I am not sure where to begin. I have been battling with this beast with little to no positive results, and I cannot seem to get any traction or direction as to where the problem(s) may lie. I have a single site configured with my DB on a second server. I have created Collections, Software Update Groups and a couple of Compliance Baselines. My current frustration is trying to get my head around how to properly configure a compliance baseline as what i am doing is clearly not correct. The August patches just rolled out, and I attempted to create a baseline to run against my few Test Servers. The report comes back as Non-compliant, which is what i would expect as I have attempted to schedule the patches to be rolled out after hours Friday. When I run a compliance report on the Servers the report shows Non-compliant, but when i read through the report every single patch is listed as Not Applicable. If I reapply our organizations WSUS policy to draw them back into that arena WSUS shows many of the new patches as needed, so how have I so poorly defined my baseline that CM sees these patches as unnecessary. My Scan logs are littered wtih: Did not find CategoryID for Update:06e723e4-cbe2-4ef5-8dbf-3bbcc8584960 ScanAgent 8/11/2016 10:53:56 AM 4836 (0x12E4) CScanAgent::ScanByUpdates - Did not find UpdateClassification for Update:06e723e4-cbe2-4ef5-8dbf-3bbcc8584960 ScanAgent 8/11/2016 10:53:56 AM 4836 (0x12E4) What is this trying to tell me? I ran into much the same problems last month and still have yet to hear any suggestion as to where i may look for the problem. I have tried manually applying the updates, and as soon as I do that the patch shows up in CM as compliant for the Server on which I just manually installed it. I'd be all too happy to post logs and any configuration settings that anyone would like to review if there is anyone with any suggestions or desire to probe this situation for a moment with me.
  3. Yep. It is in the list of Updates in Control Panel and WindowsUpdate.log shows no particular errors other than the annoying 2016-07-28 09:13:33:115 752 1300 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037 It would seem then that the problem lies in the Scan Agent failing to pick up the necessity of these patches. I believe the only item that I have been able to get SCCM to push out is a Windows Defender Definition. Monthly Patches all appear to be "Not Required". Picking through ScanAgent.log more deeply.
  4. Nothing obvious in the ScanAgent.log My first effort to manually download and apply the 3169704 patch pictured failed with a OS incompatible type message, but I was not convinced MS download had given me the correct version as the name was 8.1 etc. Moved one Server to an OU to get WSUS GPO applied, and it did get the 3169704 and appears to have successfully applied that update though SCCM shows it was Not Required. I was suspicious that the problem was along those lines, but as a complete SCCM Noob, I am not sure of how to change the status of a patch to "Required".
  5. I have created an Automatic Deployment Rule and deployed a update package to a Collection with it. The members of the Collection all show as 100% Compliant and the Updates show as Not Required as can be seen in the attached file. Client Logs all show: No actionable updates for install task. No attempt required. The Updates in question have not been installed on the Target Servers, yet they show as Compliant. Server UpdateDeployment log shows: CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) Suspend activity in presentation mode is selected UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) Auto install during non-business hours is disabled or never set, selecting only scheduled updates. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) Attempting to install 0 updates UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) Updates could not be installed at this time. Waiting for the next maintenance window. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8) CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 7/26/2016 5:00:00 AM 25568 (0x63E0) It would seem that the Compliance Check is not running correctly or not being reported back to the Site Server correctly. Does anyone have any ideas on where my SCCM config went sideways?
×
×
  • Create New...