Jump to content


Search the Community

Showing results for tags 'windows update'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 15 results

  1. Hello Everyone, I want to get in the habit of cleaning up my SUGs created by my ADRs. I'd like to do this every 6 months but I've run into a problem. Within one of my ADRs, for example, I have the following set for the 'Title' options: -Preview -Security Only Quality Update -Security Only Update -x86 If I want to roll-up updates from the last 6 months into a single SUG, I am unable to enter in these items for the 'Title' option when searching from the 'Software Updates' node. I can only choose one. Aside from that, what is the best practice for rolling up these patches? Do I delete the SUGs, delete the content within the current package, and then when the next ADR runs things will have a fresh start? My SCEP ADR uses the same SUG so what is the best method of cleaning that up?
  2. Good Morning, I am not currently utilizing WSUS, however, I was wondering if it was at all possible to utilize the same pre and post installation windows updates that are present in MDT 2013?
  3. If I take a machine from the office to home, the Configuration Manager does show Internet. We have a management point on the DMZ that the machine connects to get a list of updates. It looks like the workstation is making communication with that server based on the logs. What is not happening is the actual successful download of the patches and the installation of them. I read that the internet client should go to Microsoft updates first and then to a dp? We do not have a dp setup for the internet clients, as we want them to only download from the Microsoft, yet the packets I capture only point to the management point on the dmz. Any direction would be appreciated on getting these machines to download from windows update!
  4. Hi, I have created a TS to disable the antivirus (Trend - PS script) and then do a Software Update cycle and install Windows Updates on our servers - see: The plan is to reduce manual intervention and hours of work, watching and waiting - for our manual servers (ie clusters etc) However I find I have to login to run this or it fails, then when it does the restart step I have to login again to complete it. Any ideas on how I can get this to run under Computer permissions so I can push it out to multiple computers without having to login. Anything else I should be adding/any ideas?
  5. Hey, i have sort of a very strange problem, maybe someone is able to help me or at least tip me into the right direction on what i am doing wrong. We are running a SCCM2012 R2 CU3 environment. We deploy our Software and OS with it since Win7 without any issues. Now with Tablets emerging we obviously want to do the same here. This is what we do (for Win7 and Win8.1 seperate TS): Build and capture refrence image with a reference task sequence on a VM Apply Image from the original media from MVLS remove some preloaded apps junk install our corporate Software (Office, Reader, etc. ...) apply all Windows Updates from our WSUS (not SCUP) (ZTI script from MDT Tool) sysprep & capture the image distribute the Image and deploy through a different TS to our Systems Now here is the Point, if i now deply the Win8.1 reference image to a machine (SurfaceP3 or VM) and go to Windows updates it will request you to install Windows updates again, even though they already seem to be installed from the reference sequence. I also tried using the Offline Serviceing through a SCUP, that successfully applied the WU and also stated in the console, but when deploy the Image Windows updates also prompt me to install all updates even already installed. I also checked the eventvwr during the reference TS, it shows the Office Updates as installed successful and also Windows Updates as successful after a reboot has been done / what the script and the TS does anyways. I can also see the WIM file got quite bigger since the updates have been included (9+GB) What am i doing wrong. Why has this worked before for Win7 like a charm? Where can i check what's going wrong? Any help is appreciated!
  6. I recently upgraded our SCCM server from 2012 SP1 to 2012R2. Since then, I've been struggling to get OSD working again. After creating a new task sequence, with new versions of the packages for USMT, settings, deployment tools, etc, I've got it mostly back up and going. The trouble now is that the task sequence seems to be downloading updates from windows update, not from the SCCM server. Looking in the SMSTS.log, I see a few errors, though I'm not sure they are related. Compiling AppManClientConfig policy... TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Retrieving value from TSEnv for '_SMSTSAppManClientConfigPolicy' TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) ::DecompressBuffer(65536) TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Decompression (zlib) succeeded: original size 982, uncompressed size 6358. TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Instance path = 'CCM_ApplicationManagementClientConfig.SiteSettingsKey="1"' TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Start to compile TS policy TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Failed to find property 'AutoApplyDeployment' in 'CCM_ApplicationManagementClientConfig' class defintion. Error 0x80041002. Default value will be used for this property TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) End TS policy compilation TSManager 6/10/2014 9:10:06 AM 1276 (0x04FC) <...> pNAP->GetSystemIsolationInfo(&pNAPInfo, &bUnknownConnections), HRESULT=8027000c (e:\nts_sccm_release\sms\client\tasksequence\napcontrol\remediate.cpp,463) TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) GetSystemIsolationInfo(spNapClientInfo, &IsoStat), HRESULT=8027000c (e:\nts_sccm_release\sms\client\tasksequence\napcontrol\remediate.cpp,632) TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) Error getting system isolation info. Code 8027000C TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) ComputeComplianceAndRemediate(&QState), HRESULT=8027000c (e:\nts_sccm_release\sms\client\tasksequence\napcontrol\tsnapcontrol.cpp,48) TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) Remediation failed. Code 8027000C TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) hr = m_oNapCtrl.Remediate(QState), HRESULT=8027000c (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,1539) TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) Remediation failed with error code 8027000C TSManager 6/10/2014 9:10:28 AM 1276 (0x04FC) During the time that updates are being downloaded/installed, I don't see any errors. Here's the bit of the log file from that time. There are over 600 lines similar to the first few in this example: [613] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_fd7c7a92-93cb-47ba-a3a2-0ca6fcc345ba:version=203'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) [614] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_fdaa8e0b-63d2-4bbe-8209-a5526ce9bc86:version=203'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) [615] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_fe012160-7a31-44c8-a1ba-c6cdc184689a:version=202'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) [616] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_ff0d207d-29cd-44e8-88aa-3676f0c15bb9:version=202'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) [617] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_ff45265c-b98c-4104-8242-142580dd3fad:version=203'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) [618] Added/updated setting 'ccm_civersioninfo:modelname=site_cadca650-1ec0-4f91-96e4-eb2f3a11f57f/sum_ff845912-b926-463d-aa27-4a409412256b:version=203'. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) Unlocked ActualConfig successfully InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) Unlocked policy transaction lock successfully InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) Raising event: instance of CCM_PolicyAgent_SettingsEvaluationComplete { ClientID = "GUID:D51C9558-680A-4FA7-82DB-681493D90486"; DateTime = "20140610141449.928000+000"; PolicyNamespace = "\\\\.\\root\\ccm\\policy\\machine\\actualconfig"; ProcessID = 3024; ThreadID = 3028; }; InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) Successfully submitted event to the Status Agent. InstallSWUpdate 6/10/2014 9:14:49 AM 3028 (0x0BD4) End TS policy evaluation InstallSWUpdate 6/10/2014 9:14:50 AM 3028 (0x0BD4) Policy evaluation initiated InstallSWUpdate 6/10/2014 9:14:50 AM 3028 (0x0BD4) GetIPriviledgedInstallInterface successful InstallSWUpdate 6/10/2014 9:14:50 AM 3028 (0x0BD4) Refreshing Updates InstallSWUpdate 6/10/2014 9:14:50 AM 3028 (0x0BD4) Successfully initiated RefreshUpdates operation InstallSWUpdate 6/10/2014 9:15:33 AM 3028 (0x0BD4) Waiting for RefreshUpdates complete notification from Updates Deployment Agent InstallSWUpdate 6/10/2014 9:15:33 AM 3028 (0x0BD4) Notification received, RefreshUpdates have been completed InstallSWUpdates 6/10/2014 9:25:46 AM 2424 (0x0978) Signaled RefreshComplete notification InstallSWUpdates 6/10/2014 9:25:46 AM 2424 (0x0978) Received RefreshUpdates complete notification from Updates Deployment Agent InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) RefreshUpdates operation has been completed, hr=0x00000000 InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) GetIPriviledgedInstallInterface successful InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) Installing all updates targetted for this computer InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) Checking if the active request handle: {DACCC970-DB1B-4113-8480-D959395BD826} is valid. InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) CoCreateInstance succeeded InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) Active request handle: {DACCC970-DB1B-4113-8480-D959395BD826} is valid. InstallSWUpdate 6/10/2014 9:25:46 AM 3028 (0x0BD4) Installation of updates started InstallSWUpdate 6/10/2014 9:25:51 AM 3028 (0x0BD4) Waiting for installation job to complete InstallSWUpdate 6/10/2014 9:25:51 AM 3028 (0x0BD4) Can anyone point me to where I might have gone wrong?
  7. I'm running 2012 SP1 and I have an ADR setup for my workstations to automatically download and install. I'd like to handle the servers differently. Is it possible to configure the servers to simply download the patches but only install when I choose to? I know I can do this with WUS, but is it possible with SCCM?
  8. I'm having some problems with downstream servers syncing with the upstream server. All WSUS Servers are WSUS Server Version: 3.2.7600.256 and I have installed KB2720211 and KB2734608. The Database is held in the Windows Internal Database The Upstream server is synchronising with Windows Update absolutely fine, and downloading updates OK. The three downstream servers however are not. They are reporting as failed with the below message = Result = An error occurred with the server’s data store. Clicking Details shows the below detailed message = SqlException: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlDataReader.ReadInternal(Boolean setTimeout) at System.Data.SqlClient.SqlDataReader.Read() at Microsoft.UpdateServices.DatabaseAccess.DBConnection.ReadOneRow() at Microsoft.UpdateServices.Internal.DataAccess.HideUpdatesForReplicaSync(String xmlUpdateIds) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ProcessHiddenUpdates(Guid[] hiddenUpdates) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ReplicaSync() at Microsoft.UpdateServic Whats also weird is the computer status is being sync’d to the upstream server and the downstream servers are downloading new updates, yet the sync is still failing? Can anyone shed some light? The upstream server = Server 2003 1 Downstream server = Server 2008 R2 2 Downstream Servers = Server 2003
  9. Hello, I have about 8 labs (Windows 7, ~20-35 machines per each lab) spread across campus. These labs have Deep Freeze on them. We've recently started implementing SCCM 2012. What would be the best practice to update these machines that are frozen across campus? Each lab currently has their own separate scheduled maintenance time with Deep Freeze at some time within the night where it would check for updates from our WSUS server and then install them. We still have this WSUS server, but we now have SCCM 2012 on it also. I'm not sure how having SCCM 2012 on this server will now effect how these machines try to get updates from WSUS. What is the best practice for keeping all of these machines up to date? Do I have to create an ADR for each lab and correspond it to the scheduled maintenance time?
  10. Hello All, i am facing Problem, after a while. i setup up windows Update Automatic Rule, and it was working Perfect or i never notice issue. i setup update rules in every Friday at 8pm to 9pm my update will run and install and reboot, if require. and i setup maintenance time window for friday 8pm to 9 Pm. but in last friday (13/09/2013) i checked. out of 100 servers only 4 went trough. and rest of 96 got In Progress and (Waiting for maintenance windows before installing ) i checked servers event viewer but nothing in there. can you guys help me out to achieve this goal please. thank you
  11. Ok, I have several possible issues that I will place in order here and would like some asisstance if possible! I have SCCM 2012 installed on 1 server, WSUS on another server. I had to uninstall IIS/WSUS on server and reinstalled it because it was failing to sync with SCCM server When I reinstalled WSUS it prompted for Database but I went with the default option. I read somewhere it needs to be on a SQL server. Is this correct? I tried to connect it to the SQL DB on SCCM server but failed to communicate for some reason so hence I went with default option. I disabled the GPO pointing all Windows Updates to the WSUS server so SCCM can manage updates. I created some Device collections then Several ADRs and deployed to the Device collections. Now I am curious because I do not want my production servers to install the updates during business hours because it may have adverse affects plus I would rather have them restart off hours. How can I make that possible? The options from what I understand downloads and installs them automatically. Would I need to do this manually on all my servers? Also after reinstalling the WSUS my Workstations no longer can do Windows Updates. Error: Code 800B0001 Windows Update Encountered an unknown error. Is the GPO from windows update that I disabled causing this issue? I even did a gpupdate /sync /force and still got same error. I know to some of you this all may be stupid questions but I am new to SCCM of any kind and I work in a small shop so expertise is not high on this subject. Thanks for any help!!
  12. I am implenting ADR for patch managment and I am having a bit of a Property filter issue. I would like to create an ADR that creates monthly deployments for my patch managment that I have control on when deploying. So I have checked Create new Software Update Group under general and cleared the "enable the deployment after this rule is run". My problem is setting up the property filters under software updates. Here are my concern: If I check "date released or revised" and set it to last 30 days, my first Software Update Group will only have Updates valid for the last 30 days. If I don't set that time frame it will create a new group each month with all the current updates and over time that will put me over the 1000 update mark esplecially if I incorprate SCUP. What should i do to set that first deployment or how should i setup my property filters? Any thoughts?
  13. I figured I start a new post on this. My CIO and I have been going back and forth on this question for several days now and I want to share some insight and get some opinions. We used this post as a starting point http://blogs.technet...nager-2012.aspx Our Goals Protect all Windows 7 Machines with the latest security patches (Builten Id:MS) and Updates Protect all deployments of Mircrosoft - Now Windows Desktop (Office, Visual Studio, ETC) with latest security patches and updates Protect all Windows 2008R2 Servers with the latest security patches and Updates Protect all deployments of Adobe Acrobat, Adobe Reader, Adobe Flash with securty Updates and Patches Deploy Latest Drivers and Updates to our Dell PC's Monitor Compliance of Deployments Implementation, Limitations & Concerns All Updates Create an All Update Group for Reporting Purposes. We Selected all updates and put them in this group. DO NOT DEPLOY this group to anyone. We will use it only for reporting Purposes. (Not sure exactly how yet) WIndows 7 Machines Inital Setup 1. Create an Initial Updates Package. We called it "Windows 7 Software Udpates - Initial". This package contained all updates up to and including 05.31.2012. Our Search Criteria consisted of: Product=WIndows7 Expired=no Superseeded=No Date Released or Revised is less than or equal to 05/31/2012 This gave us at the time of writing this 286 Updates 2. Create The Monthly Update Package for June 2012. We called it "Windows 7 Software Updates - 2012 06" This Package contained all the updates in the month of June. Similiar Search criteria as above only different Date Range. This gave us 37 More Updates 3. Both of these Software Updates Groups where then deployed to a "Windows 7 Machines" Device Collection we created based on the following WMI Query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation 6.1%" Monthly Procedure Create a New Monthly Update Package after each "Patch Tuesday" and Deploy it to our Windows 7 Machine Device Collection. (We may do an Automatic Deployment Rule for this that we can later Green Light, not sure how to yet. We are currently using an ADR for Endpoint Protection Definiton Updates) Remove all the Expired and Superseeded updates from all Deployments - Just create a search criteria for Expried and Supersceded to yes and Edit Membership. Uncheck the Check Box and they will remove themselves from your deployment group and delete themselves off the server in 7 days. Another good post about this procedure http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx Update the All Software Group with New Updates Concern - We will never be able to delete any of our Monthly Updates or the Intitial Update package as that would create a hole in our security Updates. I.E. If a laptop left the network for 6 months and came back. I am not sure if I care, it's just that in 5 years I will have 60 of these Update Groups. I also do not know if having so many deployments will effect Client / Server Performance in anyway. Microsoft - Non-Windows Inital Setup 1. Create an Initial Updates Package. We called it "Microsoft Udpates - Initial". This package contained all updates up to and including 05.31.2012. Our Search Criteria consisted of: Product=Expression Design 4 Product=Office 2010 Product=Visual Studio 2010 Expired=no Superseded=No Date Released or Revised is less than or equal to 05/31/2012 This gave us at the time of writing this 103 Updates 2. Create The Monthly Update Package for June 2012. We called it "Microsoft Updates - 2012 06" This Package contained all the updates in the month of June. Similiar Search criteria as above only different Date Range. This gave us 2 More Updates 3. We had to create serveral deployments for this. One for each application that we deployed. Concern/Question 1. Again you will not be able to delete any of these deployments for threat of creating a security hole. 2.. Should we just combine the packages and deploy them to all Windows 7 Machines? Will this create any Client/Server Performance Issues? Adobe Updates **This Assumes you have already setup SCUP and have an understanding of it. We used this youtube tutorial to get started. http://www.youtube.com/watch?v=fyEGWSFWyy0 SCUP In SCUP we are going to Create 2 Publications. One for the intial Deployment and then another for the Monthly Updates. You will find that the updates here or a bit more infrequent and you may switch to a quaterly update 1. The Inital Publication we selected all updates, there were 39. 2. We assign the updates to a new Publication called "Adobe Updates - Inital" 3. We published Full Content 4. We will do the same thing for "Adobe Updates- 2012 06" ***Not 100% sure we need to seperate out these updates or if we can publish to an all encompasing group. Inital Setup 1. Create an Initial Updates Package. We called it "Adobe Udpates - Initial". This package contained all updates up to and including 05.31.2012. Our Search Criteria consisted of: Product=Adobe Acrobat Product=Adobe Reader Product=Adobe Flash Player Expired=no Superseded=No Date Released or Revised is less than or equal to 05/31/2012 This gave us at the time of writing this 39 Updates 2. Create The Monthly Update Package for June 2012. We called it "Adobe Updates - 2012 06" This Package contained all the updates in the month of June. Similiar Search criteria as above only different Date Range. This gave us 2 More Updates 3. We had to create serveral deployments for this. One for each application that we deployed. Same Concerns and Questions 1. Again you will not be able to delete any of these deployments for threat of creating a security hole. 2.. Should we just combine the packages and deploy them to all Windows 7 Machines? Will this create any Client/Server Performance Issues? Conclusions I know I left out a bunch here, Still have to discuss Windows Server 2008 Updates and Dell Update. THe main thing we are still trying to figure out if it is OK just to have Several Big Intial Updates and then Just one Software Update for Everything. How will that effect client/server performance. I will clean this post up over time. Just wanted to get some feed back to start. Not sure if I am overthinking this or not..
  14. Hi, Could someone please help me better understand how the compliance report actually determines which machines are compliant and not compliant. i have a sccm 2007 r3 wsus and mdt 2010 integration environment.... we have around 75% machines compliant and around 20% machines none compliant and the rest unknown. ive gone through the logs of machines and machines are receiving windows updates but i cannot workout what actually determines machine from being compliant and not compliant.... i need to have the compliance above 90% to keep the managers happy. any help would be appreciated. thank you
  15. Hello, I am deploying windows updates to a collection of testcomputers before i deploy them to the whole company. But what if an update would mess with some of our applications. How do i remove them through the SCCM? I use SCCM 2007 // Barty
×
×
  • Create New...