Jump to content


mkhan

SCCM 2012 Site Recovery and number of issues with Windows Updates for Clients

Recommended Posts

Please help...........

 

I had to do SCCM 2012 Recovery due to disaster and now having some confusing issues around Windows Updates for Clients

The main issue is some of my Windows Clients are not seeing Windows Updates but others are getting OK.
I have multiple of device collections based on OS, All Windows7, Windows 2008, Windows 2003, Windows 2012 etc.

What are NOT working?
1. I have deployed Windows Updates on all Device Collections. Except Windows 7 and Windows 2008 Collections are not getting any updates. Deployment Status is showing all Clients under Unknown tab as client check passed/Active. Client cannot see any updates at all.

 

What are working?
1. Windows are installing correctly (don’t know how) on Windows 2012 and Windows 2003 device collection
2. I have also created on Software group with IE updated and deployed to Windows 7 device collection, which worked OK
3. Application/Software updates are working OK

What I have done:

1. I have started a TechNet forum discussion before but I have closed it as I thought my problem has resolved, which is not the casehttp://social.technet.microsoft.com/Forums/en-US/dd02da59-2a15-42a7-b665-8578daca60d9/after-site-recovery-sccm-2012-clients-cannot-download-approved-windows-updates?forum=configmanagergeneral&prof=required
2. I have noticed that my boundaries are not correctly represented my Windows 7 clients VLANs, which should only impact on machines on new VLAN but machines in existing VLAN should get Windows Updates without any trouble. Having says that server VLAN remains unchanged but Windows Updates are not happening for Windows 2008 device collections
3. I have not started Windows OS deployment via SCCM yet but I noticed that the self-signed certificate has already expired and status is UNBLOCKED. (Administration>Security>Certificates) and also expired certificate is showing (Administration>Distribution Points> properties> under General Tab
Because some of the Device Collection Windows Updates is happening successfully, it think this is only related, if I want to Push Windows OS deployment or I may wrong.

4. Also my Client Setting Property is showing "Fales" under Software Updates "When any software update deployment deadline is reached, install all other software update deployment with deadline coming within a specific period of time. Should it be " True"?

Share this post


Link to post
Share on other sites

I also can see the following error in WindowsUpdate.log

--

2014-05-28 09:49:30:936 2532 1e00 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
2014-05-28 09:49:30:936 1064 23e4 Agent ** START ** Agent: Finding updates [CallerId = CcmExec]
2014-05-28 09:49:30:952 1064 23e4 Agent *********
2014-05-28 09:49:30:952 1064 23e4 Agent * Include potentially superseded updates
2014-05-28 09:49:30:952 1064 23e4 Agent * Online = Yes; Ignore download priority = Yes
2014-05-28 09:49:30:952 1064 23e4 Agent * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2014-05-28 09:49:30:952 1064 23e4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-05-28 09:49:30:952 1064 23e4 Agent * Search Scope = {Machine}
2014-05-28 09:49:31:233 1064 23e4 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2014-05-28 09:49:31:233 1064 23e4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://S-Syd-SCCM:80/ClientWebService/client.asmx
2014-05-28 09:49:47:628 1064 23e4 Agent WARNING: Failed to evaluate Installed rule, updateId = {189A8F50-0C3A-4FDF-8BC2-BC23A3EB11FB}.101, hr = 80242013
2014-05-28 09:49:53:447 1064 23e4 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2014-05-28 09:49:53:447 1064 23e4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://S-Syd-SCCM:80/ClientWebService/client.asmx


Share this post


Link to post
Share on other sites

This is not really easy reading... What I did see in your WindowsUpdate log file is that it's scanning for updates and finding them. The errors in there are only about the self update of the client... Did you check all the abvious things, like if the targeted updates are available in packages?

Share this post


Link to post
Share on other sites

Thanks Peter,

 

I recreate software package with the update for the month, select "download from Intranet" for the distribution server and select all clients to download from the distribution point.

 

 

When I check Contest Status, i saw some of the software group size is showing "0" but compliance 100% . Not sure why? So to test it I have created a new software deployment package and deploy to a test container. I had 47 updates in that software group. After the end of the deployment process, I have received notification that deployment and download was successful. Interestingly when I check the folder, where all update supposed to be download has only one update. Again not sure- why. After that i have selected the software group and select download and gone through the process. It shows lots of "Staging of update" and I can see lots of entry in the container folder. again, i was expecting 47 items but instead I can see 82 entry. Please tell me what I am missing and how I can be sure all updates download from Internet to the distribution point correctly.

 

 

Please help me to understand the product and solve update deployment mistry

Share this post


Link to post
Share on other sites

I thought, my clients can't download the updates from the distribution point because distribuion can't download every update it suppose download. I make sure it downloaded and now I am checking WindowsUpate.log and fond that my client can't see any approved updates. I am lost.....................




<![LOG[Detection job ({186FAEE8-3B26-49BF-89F1-4630EB26CF22}) started for assignment ({ABDF11CB-72F9-4F70-96DF-BC543930A973})]LOG]!><time="15:18:26.068-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="13732" file="updatesassignment.cpp:1182">
<![LOG[started evaluation for assignment ({ABDF11CB-72F9-4F70-96DF-BC543930A973})]LOG]!><time="15:18:26.078-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="13732" file="updatesassignment.cpp:814">
<![LOG[Evaluation initiated for (1) assignments.]LOG]!><time="15:18:26.078-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="13732" file="assignmentsmanager.cpp:1108">
<![LOG[DetectJob completion received for assignment ({ABDF11CB-72F9-4F70-96DF-BC543930A973})]LOG]!><time="15:18:26.218-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="13732" file="updatesassignment.cpp:2038">
<![LOG[update (Site_3B2F28C0-8FFC-41E7-8104-04DCB1175C25/SUM_d649e6a6-7a7e-4c34-bca4-b30ac9f950fc) added to the targeted list of deployment ({ABDF11CB-72F9-4F70-96DF-BC543930A973})]LOG]!><time="15:18:26.228-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="13732" file="updatesmanager.cpp:983">
<![LOG[EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0]LOG]!><time="15:21:35.531-600" date="06-02-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="11324" file="updatesmanager.cpp:1495">

Is the client can't find Windows Sourch Patche fildes from the distribution list? or the issue is with WSUS or someting else. I am lost.

I have also checked the WSUS, and all the clients are showing in just one group "Unassigned" Is it expected from WSUS and managed all through SCCM?

Share this post


Link to post
Share on other sites

mkan

 

You would be better attaching the log files themselves, rather than pasting the contents, it means we can open them in log viewers which makes reading them much easier.

 

If they are too large for the forum, post to dropbox/gdrive/onedrive etc.

Share this post


Link to post
Share on other sites

in my ScanAgent log, I have noticed the it is givenign Sources are not current

<![LOG[sources are not current]LOG]!><time="09:28:00.110-600" date="06-04-2014" component="ScanAgent" context="" type="1" thread="7140" file="utils.cpp:125">
<![LOG[scanJob({ECD026FE-61C1-4B93-844A-BEB04CAA9B37}): - - - - - -Locations requested for ScanJobID={ECD026FE-61C1-4B93-844A-BEB04CAA9B37} (LocationRequestID={ED399A7E-D52B-4C12-920E-E9AA99A7E12F}), will process the scan request once locations are available.]LOG]!><time="09:28:00.230-600" date="06-04-2014" component="ScanAgent" context="" type="1" thread="7140" file="utils.cpp:403">

As I have said prviously that I had to recover this SCCM from Database due to a major failure. During the recovery process, I had a critical error, which is still showing in the compoment status.

But my Software Update Point Synchronization Status is showing "completed".

 

I have checked the locationService.log, where I can't see WSUS Path and Distribution Point entry, is it suppose to be there for SCCM 2012 client? I have confirmed that local comptuer Windows Update Policy is enabled with correct Update server detail.

My WUAHandler.log is saying that it has found an existing WUA server.

--<![LOG[its a WSUS Update Source type ({3B2F28C0-8FFC-41E7-8104-04DCB1175C25}), adding it.]LOG]!><time="07:35:58.458-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="sourcemanager.cpp:1222">
<![LOG[Existing WUA Managed server was already set (http://S-Syd-SCCM.xxx.xxx:80), skipping Group Policy registration.]LOG]!><time="07:35:58.478-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="sourcemanager.cpp:925">
<![LOG[Added Update Source ({3B2F28C0-8FFC-41E7-8104-04DCB1175C25}) of content type: 2]LOG]!><time="07:35:58.488-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="sourcemanager.cpp:1255">
<![LOG[scan results will include superseded updates only when they are superseded by service packs and definition updates.]LOG]!><time="07:35:58.488-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="cwuahandler.cpp:2834">
<![LOG[search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')]LOG]!><time="07:35:58.488-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="cwuahandler.cpp:2841">
<![LOG[Async searching of updates using WUAgent started.]LOG]!><time="07:35:58.488-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9108" file="cwuahandler.cpp:578">
<![LOG[Async searching completed.]LOG]!><time="07:36:37.313-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="9572" file="cwuahandler.cpp:2065">
<![LOG[successfully completed scan.]LOG]!><time="07:36:38.458-600" date="06-04-2014" component="WUAHandler" context="" type="1" thread="7944" file="cwuahandler.cpp:3378">

 

=============

From the server side logs, I am getting Timed out messages.

WSUSCtrl.log is saying there is not unhealthy WSUS server component and timed out/shutdown. ===There are no unhealthy WSUS Server components on WSUS Server S-Syd-SCCM.xxx.xxx~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 00:33:33.286-660><thread=2984 (0xBA8)>
Successfully checked database connection on WSUS server S-Syd-SCCM.xxx.xxx~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 00:33:33.286-660><thread=2984 (0xBA8)>
~Waiting for changes for 57 minutes $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 00:33:33.286-660><thread=2984 (0xBA8)>
Timed Out...~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.553-660><thread=2984 (0xBA8)>
Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.553-660><thread=2984 (0xBA8)>
Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.553-660><thread=2984 (0xBA8)>
The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226)~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.553-660><thread=2984 (0xBA8)>
Successfully connected to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.553-660><thread=2984 (0xBA8)>
Local WSUS Server Proxy settings are correctly configured as Proxy Name and Proxy Port 80 $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.584-660><thread=2984 (0xBA8)>
Successfully connected to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.584-660><thread=2984 (0xBA8)>
There are no unhealthy WSUS Server components on WSUS Server S-Syd-SCCM.xxx.xxx~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.599-660><thread=2984 (0xBA8)>
Successfully checked database connection on WSUS server S-Syd-SCCM.xxx.xxx~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.599-660><thread=2984 (0xBA8)>
~Waiting for changes for 57 minutes $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 01:30:33.599-660><thread=2984 (0xBA8)>
Shutting Down...~ $$<SMS_WSUS_CONTROL_MANAGER><04-06-2014 02:00:43.089-660><thread=2984 (0xBA8)>

------------------

WCM.log is also showing it wait for changes for 59 mins and shutdown

Waiting for changes for 59 minutes $$<SMS_WSUS_CONFIGURATION_MANAGER><04-06-2014 01:27:26.245-660><thread=2980 (0xBA4)>
Shutting down... $$<SMS_WSUS_CONFIGURATION_MANAGER><04-06-2014 02:00:43.089-660><thread=2980 (0xBA4)>
Shutting Down...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-06-2014 02:00:43.089-660><thread=2980 (0xBA4)>

 

can someone please help

Share this post


Link to post
Share on other sites

Update .................................

In the event log, I can see Event ID 11002

Log Name: Application
Source: Windows Server Update Services
Date: 2/06/2014 4:12:58 PM
Event ID: 11002
Task Category: 8
Level: Error
Keywords: Classic
User: N/A
Computer: S-SYD-SCCM.xxx.xxx
Description:
WSUS is unable to connect to the database. See SoftwareDistribution.log for more information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Server Update Services" />
<EventID Qualifiers="0">11002</EventID>
<Level>2</Level>
<Task>8</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-06-02T06:12:58.000000000Z" />
<EventRecordID>619004</EventRecordID>
<Channel>Application</Channel>
<Computer>S-SYD-SCCM.xxx.xxx</Computer>
<Security />
</System>
<EventData>
<Data>WSUS is unable to connect to the database. See SoftwareDistribution.log for more information.</Data>

 

and Event ID 6703

Log Name: Application
Source: SMS Server
Date: 4/06/2014 6:42:49 PM
Event ID: 6703
Task Category: SMS_WSUS_SYNC_MANAGER
Level: Error
Keywords: Classic
User: N/A
Computer: S-SYD-SCCM.xxx.xxx
Description:
On 4/06/2014 6:42:49 PM, component SMS_WSUS_SYNC_MANAGER on computer S-Syd-SCCM.xxx.xxx reported: WSUS Synchronization failed.
Message: Failed to sync some of the updates.
Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncUpdates.
The operating system reported error 2148734208:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SMS Server" />
<EventID Qualifiers="49152">6703</EventID>


<Computer>S-SYD-SCCM.xxx.xxx</Computer>

<Data>Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncUpdates</Data>
<Data>Failed to sync some of the updates</Data>


<Data>On 4/06/2014 6:42:49 PM, component SMS_WSUS_SYNC_MANAGER on computer S-Syd-SCCM.xxx.xxx reported: </Data>
<Data> The operating system reported error 2148734208: </Data>
>

I have checked SoftwareDistribution.log,

 

2014-06-02 11:07:48.813 UTC Warning w3wp.8 DBConnection.OnReceivingInfoMessage The join order has been enforced because a local join hint is used.
2014-06-02 11:12:20.495 UTC Warning w3wp.9 AdminDataAccess.ExecuteSPGetEulaFile LicenseAgreement file does not exist: E:\Sources\WSUS\WsusContent\23\14D19C27B28CC3990260D7191F6E0FF6C7483623.txt
2014-06-02 11:12:21.657 UTC Warning w3wp.11 AdminDataAccess.ExecuteSPGetEulaFile LicenseAgreement file does not exist: E:\Sources\WSUS\WsusContent\23\14D19C27B28CC3990260D7191F6E0FF6C7483623.txt
2014-06-02 12:13:36.015 UTC Change w3wp.10 AdminDataAccess.StartSubscriptionManually Synchronization manually started

 

What could be the action from here, please suggest

Share this post


Link to post
Share on other sites

Hi Micky c,

 

Sorry I am in panic mode as I can't fix the broken SCCM. I have (and from now on will be) attached the log files.

 

I can't locate PatchDownloader.log anywhere, I only can see .dll file in two location. One thing I have done differently during the system recover process that is drive location. I possibly installed SCCM on from D drive but this time I have selected E drive.

I can see from SCCM Console that Syncronisation is success and also WSUS syncronization window I can see lots of success but not much download. (if that helps you)

In the event logs I can see sync fail error 6703

wcm.txt

wsyncmgr.txt

Share this post


Link to post
Share on other sites

from wsyncmgr:

 

Failed to sync update 91efe48b-7f85-4a74-9f33-26952da55c80. Error: The Microsoft Software License Terms have not been completely downloaded and cannot be accepted. Source: Microsoft.UpdateServices.Internal.BaseApi.LicenseAgreement.GetById SMS_WSUS_SYNC_MANAGER 05/06/2014 11:57:43 3148 (0x0C4C)
Failed to sync update 20c93660-7d50-4ffb-a621-688ccc973abf. Error: The Microsoft Software License Terms have not been completely downloaded and cannot be accepted. Source: Microsoft.UpdateServices.Internal.BaseApi.LicenseAgreement.GetById SMS_WSUS_SYNC_MANAGER 05/06/2014 11:57:45 3148 (0x0C4C)

 

Identify what these updates are: 91efe48b-7f85-4a74-9f33-26952da55c80 and 20c93660-7d50-4ffb-a621-688ccc973abf

 

I have seen this issue "The Microsoft Software License Terms have not been completely downloaded and cannot be accepted" before, but i cannot remember what the solution was.

 

You could try removing these two updates from the package, as a workaround

Edited by Mikey C
  • Like 1

Share this post


Link to post
Share on other sites

Thanks for your reply Mickey.

 

SQL is installed on a different server. During the major disaster, I only lost SCCM media server, not SCCM SQL server. My entire problem started after I recover SCCM media server from SQL. As I said that some of the Windows updates worked find but only Windows updates doesn't work for Windows 7 and Windows 2008 collection. For those two deployment, all clients are showing as "Unknown" in the status

 

I don't know what those package are and how to find them. But I will give a try and let you the result.

I appriciate your reply.

Share this post


Link to post
Share on other sites

Still no joy for me. I have found two updates and removed from the software groups, undeployed/redeployed. I have turned of proxy setting in IE and in the Software Update Point Properties, both boxes are unticketed.

 

http://social.technet.microsoft.com/Forums/en-US/39aece6b-c71a-4aad-9b51-f0982fd9196b/the-microsoft-software-license-terms-have-not-been-completely-downloaded-and-cannot-be-accepted?forum=configmanagersecurity

 

I am still getting error on WSUS Synchronization failed with Event ID 6703 error.

 

Also I am getting "Sources are current and valid. TTLS are however, invalid in ScanAgent.log (attached). Is it WSUSlocation not currect

No Proxy.rtf

ScanAgent.log

Share this post


Link to post
Share on other sites

It doesn't solve but I saw similar issue solved by the link given for some others. The reason why I have said" liked" because this forum is going for some time without any result. I was not expecting any solution with this. all my windows clients are without patch for couple of months now.

 

I have noticed that if I create software group with the Windows Patches, which released before my server crashed, all clients show as "Unknown". But if I create software group with the Windows Patches after I recover the SCCM server from SQL, it work fine.

I think, If there is a way to cleanup older referrences ( in SCCM/WSUS), all of my issues will be resolved including this syncronization error.

My problem is I am not 100% sure this is the solution. and also I don't know how to these or what to do

Share this post


Link to post
Share on other sites

Hi Peter,

not suer you will see this or not. I run WSUS reset suggested by someone ( http://social.technet.microsoft.com/Forums/en-US/cf4ebf5a-e19c-4985-9c25-57b1787b0aad/failed-to-sync-update-4d81de562aac433b85f144b464cd09aa-error-the-microsoft-software-license?forum=configmanagergeneral)%C2'> but I am still having the same issues. Any idea what should I do next?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...