Jump to content


Search the Community

Showing results for tags 'software updates'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

  1. In my Windows 10 LTSC 1809 task sequence, the Install Software Updates step is failing to run. I have attached the log files for the latest attempt to build a test machine. I have deployed the required software update group to both the Unknown Computer collection (as I am deleting the SCCM object for the test machine before each test build) and to a common collection that all of the test machines are put into. The machine does receive and install updates post-build successfully so it is not the software update group or the deployment package as far as I can tell. smsts.zip UpdatesDeployment.log UpdatesHandler.log UpdatesStore.log WUAHandler.log
  2. Hi, I have to deploy windows updates on critical servers which gets patched very rarely due to some team dependency. I have SCCM CB 1706 installed. My client set below conditions: 1. Updates should get downloaded beforehand 48 hours actual Installation date. 2. If needed, installation time may change. Deployment should accomodate that. 3. Deployment time is 2 hours for 1 batch. So in case if deployment gets carried over 2 hours, second batch should not start. How to achieve this 1. Without maintenance window 2. With maintenance window 3. Any other way apart from above 2 options
  3. Hello Everyone, I want to get in the habit of cleaning up my SUGs created by my ADRs. I'd like to do this every 6 months but I've run into a problem. Within one of my ADRs, for example, I have the following set for the 'Title' options: -Preview -Security Only Quality Update -Security Only Update -x86 If I want to roll-up updates from the last 6 months into a single SUG, I am unable to enter in these items for the 'Title' option when searching from the 'Software Updates' node. I can only choose one. Aside from that, what is the best practice for rolling up these patches? Do I delete the SUGs, delete the content within the current package, and then when the next ADR runs things will have a fresh start? My SCEP ADR uses the same SUG so what is the best method of cleaning that up?
  4. Hi guys, I am currently looking at the patch status of our devices, especially given everything that's happening at the moment. When I filter on Security Updates, I can see an update (KB4019472 for example) and the required column says 4, but I have at least 200 devices that should be requesting that patch. What am I missing? The Software Updates section for my clients are:- Enable Software Updates = Yes Software update scan schedule = Simple schedule running every day Schedule deployment re-evaluation = Simple schedule running every day When any sofwtare deployment deadline is reached..... = No Enable Management of Office 365 Client Agent = Not Configured If you need any more information then let me know. thanks, James
  5. We are upgrading to Current Branch and want to include patching from this and not WSUS as curretly used. what is the best way to patch 3rd party applications through SCCM Current Branch?
  6. Hi. I'm having a bit of trouble with a task sequence. Everything runs fine and quick, until 'Running Action: install Software Updates'. It seems to hang/stall at 60% for hours. I can't see anything in the logs that obvious. I have a Primary in DomainA, and a Secondary in DomainB, and a DP off the Secondary in DomainB. The client PXE boots off the DP, seems to to do everything fine until the 'Install Software Updates' part. It does eventually complete after a few hours. As far as I can tell, all the updates are distributed to the DP. Can anyone point me in the right direction of where to look. Thanks.
  7. Hello all, On Tuesday afternoon I searched for the new updates and nothing showed up. I figured I might be too early so I went about my business. This morning (Thursday) I searched and it still finds no updated released in the last month. I searched the last 2 months and it found the November Rollups that have already been deployed. Last month in our monthly maintenance window we updated to CU4. Could that be the problem? I have not heard of any issues regarding CU4, although it's still early in it's release. I am not even sure where to look to see why it's not finding the latest updates.
  8. Hello All, I have a Powershell script that I use to create multiple Software Update Deployments and it works perfectly (well almost). The last piece I'm missing is automating the deadline date. Currently I just have it getting the current date and adding 5 days. I then go into each deployments properties and change the date/time to the desired info. I've been trying to work out automating this a little bit by adding a variable for a static date/time. I can then change this date (time will always be the same) to the desired info at script run. Below is what I've come up with so far. The -EnforcementDeadlineDay piece works on it own, in that it outputs the correct date with an incremented time. However once I put it in the full script i get the below errors. Any help is much appreciated. Cheers, Mike Script: # Monthly Deployment Date #$DeploymentDate = Get-Date -Format "yyyy-MM" $DeploymentDate = (Get-Date).AddDays(-30).ToString("yyyy-MM") $DeadlineDate = Get-Date -Month 08 -Day 07 -Year 2016 -Hour 17 -Minute 0 -Second 0 # Software Update Groups $SUPGroupName1 = "EN5 - EDC - Year 2013- ($DeploymentDate) Reference 1" $SUPGroupName2 = "EN5 - EDC - Year 2013+ ($DeploymentDate) Reference 2" #Load Configuration Manager PowerShell Module Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + '\ConfigurationManager.psd1') #Get SiteCode and set Powershell Drive $SiteCode = Get-PSDrive -PSProvider CMSITE Set-location $SiteCode":" # Create Standard Deployments (Group 1) $DeploymentName = "EN5 - PM Dev ($DeploymentDate) Reboot Deployment # 1" $DeploymentCount = 6 $Count = 0 1..$DeploymentCount | ForEach-Object { $Count++ Write-Progress -Activity "Creating Deployment Group 1" -Id 1 -Status "Running $($Count) / $($DeploymentCount)" -PercentComplete (($Count / $DeploymentCount) * 100) Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" -CollectionName "EN5 - PM - Deployment $Count (Lab)" -DeploymentName "$DeploymentName-$Count" -DeploymentType Required -VerbosityLevel AllMessages -TimeBasedOn LocalTime -DeploymentAvailableDay (Get-Date) -EnforcementDeadlineDay $DeadlineDate.ToLongDateString()$DeadlineDate.Addhours($Count).ToLongTimeString() -UserNotification HideAll -SoftwareInstallation $True -AllowRestart $True -RestartServer $False -RestartWorkstation $False -ProtectedType RemoteDistributionPoint -UnprotectedType UnprotectedDistributionPoint -GenerateSuccessAlert $False -DisableOperationsManagerAlert $False -GenerateOperationsManagerAlert $False -PersistOnWriteFilterDevice $False -UseBranchCache $False } Write-Progress -Activity "Creating Deployment Group 1" -Id 1 -Completed Errors: Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '6:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '7:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '8:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '9:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '10:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand Start-CMSoftwareUpdateDeployment : A positional parameter cannot be found that accepts argument '11:00:00 PM'. At E:\scripts\EN5 - CreateDeployments - LAB.ps1:24 char:5 + Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName "$SUPGroupName1" - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: ( [Start-CMSoftwareUpdateDeployment], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.StartSoftwareUpdateDeploymentCommand
  9. Hello everyone, I was wondering if anyone could give me some help setting up my software updates. I understand the concepts and such, but I struggling with setting up the Update Groups and Deployment Packages. From what I am reading, a lot of people are saying to create a Update Group per month, every month, then eventually roll these updates into a yearly software update group. This makes sense to me. My question is, should I have software update groups per product? Example, one for Windows 7 and one for Windows 8.1? Or should I just have one software update group per month, with all the products I need to support? I'm aware that the client will only grab the updates it needs if its all in one. Should I have one single deployment package? Or several, one for each product? I'm really looking for best practices. Or any "gotchas" from people who have been doing software updates through SCCM for awhile. I realize the general answer will be "it depends on your environment", so I'm really just looking for some tips/suggestions/guidance that will help streamline the process Appreciate any help/suggestions
  10. Gents, Do you know if software updates are stored in the content library and then distributed by the distribution points or if they are stored on the SUP (so clients need to download them from SUP) If there is an article dealing about this please do not hesitate to send the link.
  11. I apologize if this is obvious and is answered somewhere else, but I wasn't able to find by searching. SCCM 2012. I have a few thousand Windows Embedded Standard 7 (SP1) systems. I have a Software Update Group with the latest updates and I've deployed it to a collection with a test system. When I check that system it says "There are no updates available for your computer". If I run a report in SCCM it shows "Not required" for all the updates in the update group. However, if I click "Check online for updates from Windows Update" from the client it eventually comes back with a list of required updates... including those that are in the deployed software update group. I have tried changing the deadline for the deployment from 'As soon as possible' to a specific time with no change. I did see this in UpdatesDeployment.log "no current service window available to run updates assignment with the time required = 1". This machine has several maintenance windows but none are greater than 180 minutes. I've temporarily disabled all maintenance windows for this collection and that message has disappeared from UpdatesDeployment.log, but the problem persists. Another thing that is strange to me is that when I take an example KB and look at compliance, about 80% of my 3,000+ machines are "Not Required" but there are some that are required (unfortunately none of my labs)... these are all the same OS and built from the nearly the same image (it has changed a bit over time so I can't say 100%, but certainly none of them have the March-2016 updates installed yet). Any nudge in useful direction would be appreciated. Thanks
  12. Hi Everyone, I wanted to let you know that this month's free report giveaway is Patch Compliance Progression by Collection For each PC within a collection, the Patch Compliance Progression by Collection report will provide you with a count of missing software updates (patches) and the last hardware inventory date. The deployed state report parameter allows you to select the deployed state of the software update. The deployed states are: Yes – The effected software update is deployed within your environment No – The effected software update is NOT deployed within your environment Both The status count parameter allows you to select whether or not expired software updates are included in the status count. In ConfigMgr, software updates that are expired are still listed. When complying with standards such as the Payment Card Industry Data Security Standard (PCI DSS), expired software updates should always be excluded from status counts. Yes – Expired software updates are included within the status count No – Expired software updates are NOT included within status count The classification report parameter enables you to select which software update classification to display within the report. The update classifications, listed in order of severity, are: Critical Updates, Security Updates, Definition Updates, Service Packs, Update Roll-ups, Updates, Tools, and Feature Packs. Click here to read more about update classifications. To learn more about it see our website. http://www.enhansoft.com/resources#current-monthly-report
  13. So I'm trying to better automate my update process in SCCM 2012 R2 SP1. Right now I have an ADR that runs in the evening on Patch Tuesday that finds the appropriate updates based on update classification, product, date, not expired or superseded. It downloads the updates it finds into the Deployment Package, creates a new SUG for the month and deploys it out to the first pilot group. Then the next morning I come in and change the name of the SUG and the deployment to meet the naming standard, deploy it out to the remaining pilot and prod groups and email the end users affected in each group. I know I can use powershell to automate the deployment to the additional groups that I currently do manually. I could probably even automate the renames and the email notifications. The question I have not been able to find an answer for though is can I script what the ADR is doing with powershell? Can I script out finding the appropriate updates based on the search criteria (product, classification, date, etc) and create a SUG and do all of this all in one self contained PS script setup as a scheduled task? I've looked through the PS cmdlets but have not found a way to search for the applicable updates based on the criteria like i can in the ADR wizard.
  14. Gents, We are managing MS updates through SCCM and it is working well. We are now facing to a reboot issue. We enable the following GPO : No auto-restart with logged on users for scheduled automatic updates So there is no automatic restart but there is still a reboot required at the end of the grace period I think. I would like to increase this period or delete the reboot any idea ? Sypa
  15. Hello, I am getting ready to deploy some Office Service Packs. However I have no service packs for Microsoft Project 2013 or Visio 2013. Google search shows that these service packs are available however I cannot for the life of me find these in WSUS/SCCM Software Updates. I see SPs for Windows, Office, Visio Viewer, SharePoint, etc so the classification is definitely being polled and added to SCCM. Do these two (Project/Visio) service packs need to be pushed out as packages? If anyone could shed some light on this it'd be much appreciated. Thanks, Mike
  16. Gents, I recently set up software updates through automatic deployment rules. All works fine but some days after the deployments, users' laptops restart without any notification. Do you have an idea in order to suppress these unwanted reboots. Thanks in advance. Syparon
  17. We had an Admin that "Accidentally" uninstalled the WSUS, settings and DB from the SCCM 2012 R2 Server. After reinstalling the WSUS server, settings and DB with the same settings, nothing is syncing with the SCCM 2012 R2 software updates group. When refreshing the "All Software Updates" it only shows the updates from December 2014 and nothing from January. Is there a way to "re-link" SCCM with WSUS or do I have to reconfigure all the groups again from scratch? The original setup of the Software Update Service were followed using the Step-By-Step guides on this site.
  18. Wondering if anyone knows the proper Update classifications to make the client Root Certificate updates (i.e. http://support.microsoft.com/kb/931125) available to deploy? Can't seem to find any documentation on exactly what classes to include. Here are my classification settings (Administration > Configure Site Components > Software Update Point): Doesn't look available in the All Software Update node.
  19. Afternoon All, Hopefully there are some experienced SCUP users here on the forums. I seem to have an issue with the "Automatic" publishing feature of SCUP. They publish metadata only, despite client requesting that they need the update. My understanding is that if any Configuration Manager clients are requesting the update a full content will be initiated otherwise only metadata will be published. Am i missing something? Is there a specific log I can look at to see why it's not switching to full content automatically when requested?
  20. Hi, I've been using SCCM 2012 R2 for some time know, but there are still some mysteries to me. I have been asked to start deploying software updates through it rather than WSUS or Windows Updates itself. Before i came along, people got their updates the old fashion way-Windows Updates. So after the grueling task of figuring that out, i've got it working-ish! My main concern with this method (and also Endpoint) is that the majority of our users are NOT on the domain/network at all times. We do have several hub offices whose machines are on the network, but our line of work is mostly remote. Meaning these users are on home, hotel or data card wifi--not the network. They also rarely get on VPN. So my question is: are these people going to receive updates or endpoint definitions while being "offline?" I have a bunch of machines listed as inactive in Devices since they are never on our network. Is there a call home feature I'm unaware about with the sccm client? Keep in mind, when the machines are sent out, they are all sent out the same and with the client installed and working properly. Is this a bad setup in our environment? Any help or advice would be greatly appreciated!
  21. Updates are not showing as expired anymore in my update lists. For years, I would sync WSUS, then sync my SCCM repository and several updates each month would get flagged as expired. I would then remove them from my list and my deployment. Recently over the past few months, I've noticed that even though WSUS is showing that x number of updates have expired, SCCM is not showing them as expired. Right now, I am specifically talking about MS14-045 that MS recalled. I synced WSUS yesterday, looked at the sync report and MS14-045 was expired. But when I go to my SCCM repository and sync it, it does not show that MS number or any associated KB's as expired. This has been happening for a few months now. Does anyone know why my WSUS updates expire like normal but that is not transitioning to SCCM?
  22. Hi All, Just wondering how people do there software updates for servers and workstations using SCCM 2012. Do you use ADR's to create a new update group each month after patch Tuesday, and have a separate one for out of bands updates? Do you then have several different collections for servers and workstations for pilot, dev and production phases? Just trying to get an idea as to how to create a software update plan for my environment.
  23. Good morning all, As stated in the title, i'm trying to get Software Updates through SCCM 2012 going and I'm stuck because i'm used to the old school way of doing this on a standalone WSUS server. After I had already installed the WSUS role as well as SUP I looked at the guide generously posted by anyweb here : http://www.windows-noob.com/forums/index.php?/topic/5683-using-system-center-2012-configuration-manager-part-5-adding-wsus-adding-the-sup-role-deploying-the-configuration-manager-client-agent/ I noticed the few differences in my setup and his was I was installing using Server 2012, and at no point do I remember it asking me if I wanted to setup a default WSUS webpage. I know in standalone WSUS you had to setup IIS website for clients, but is that required for SCCM deployment? What I've done is the following: 1) added WSUS role to Server 2012 server 2) added SUP role in SCCM 3) I've setup my classifications / programs requiring updates and synchronized 4) downloaded Windows 7 updates and put them into a Windows 7 Updates group 5) now i'm stuck. I'm honestly ignorant to the way that SCCM deploys updates, and I think it's because i'm stuck to the way WSUS worked in the standalone and i'm over-thinking it. Can anyone point me in the right direction? I believe most if not all on the SCCM side is setup correctly, for all are online/ok in Component Status under monitoring...I just need a point in the right direction on how to grasp the logic of how to obtain / deploy with SCCM. I know it's a lot easier than i'm making it, just need some help Any help is greatly appreciated, thank you!
  24. Hello, Wondering if someone could help me out. I'm trying to do a build and capture including Software Updates. I can do a build and capture (without) Software Updates and everything works fine. But when I include Software Updates, the task bar will just sit there for like 30 minutes then finally fail. Times out I guess. It never does any updates. I am able to image a computer with software updates but I'd like to include updates in the image to save time. And the schedule updates on the system image only installs a few updates then I end up with 100 updates still to do after imaging. I can't do this when I have 30 machines to image. I have included the SMSMP=FQDN in the config and put my B&C collection in my Software Updates Group. Any ideas?
  25. Wonder if someone can help me figure this out, I have an issue with updates installing inside business hours. We have SCCM 2012 and we've configured our updates to install after 6pm on Wed but we do NOT have them checked to restart or update during business hours. The deadline is Thursdays 1AM UTC which is 6pm Wed our time, the default business hours are from 5am to 10pm. We've had a few hundred machines that have installed updates at 9am Wed morning, they upgraded to IE 10 and a few other updates. I checked their logs and sure enough they went and installed and sccm called for a restart of the machines. We did have IE 9 set to auto upgrade checked but most of our machines 3500+ updated as normal after the deadline and outside business hours.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.