BryanP 4 Posted April 29, 2015 Report post Posted April 29, 2015 Hi everyone. I've been working on SCCM for a little while now, inheriting management of an existing setup with about 30,000 clients. I've learned a lot, but I'm still trying to get it all figured out. Please bear with all the background below to get to the real question. I realized recently that a lot of updates weren't being applied and dug into the ADRs to figure out why. I found the problem and ended up having to split it into two ADRs by Severity (Critical/Important in one and Moderate/Low/None in the other) to get everything we need to patch in under the 1000 update limit. I informed my manager that April would be a lot of updates as the ones that were being missed all applied. Forcing users to reboot is a big deal in our environment. You catch a LOT of flack over it. So I distribute the updates over a weekend, which catches about 15000 or so that leave them turned on like they're supposed to. The rest start applying them when they come in Monday and are forced to reboot 4 hours later. You don't leave it turned on over the weekend, you have to reboot for updates in the middle of the day, live with it. Fine. So along comes this extra large round of updates, (people getting 200-500MB of patches depending on their individual setup). I started getting calls about people who left their computers on over the weekend yet they were still rebooting in the middle of the day. Not everyone, but enough to get some people upset. Looking at ccmcache I see where users would download a bunch of updates, reboot, then hours (or the next day), download another round. Sure, that makes sense. You installed a bunch of older updates and there were dependencies for newer updates. This month will be painful, but after that everybody should be back to normal. Using User X as an example. The ADR was set to execute at 8PM on Saturday night. I look in their CCMCACHE folder and see 61 folders (303MB) downloaded between 9 and 9:30PM that night. Then I see 5 more folders (66MB) created at 10PM that Sunday night. No problem. The PC rebooted twice over the weekend, they're fine to go on Monday morning. Except they rebooted yet again at 7PM Tuesday night. So I look and sure enough, 4 updates applied that Tuesday afternoon and forced the reboot 4 hours later. My first thought was they would have been in the second round and for some reason they didn't apply immediately. But no, all of them were in folders dated Saturday night, they just didn't apply until Tuesday afternoon, after a ton of other updates had applied. The KBs that applied late were KB3045999, KB3042553, KB3037574, and KB3045685. So that was a long way to go to get to my question. Anybody know why SCCM would wait like that? I've checked and rechecked the ADR settings. The deployment schedule is set for As Soon As Possible, so there should be no delays there. The only theory I have at this point (other than "Windows is weird, and it just waited to install the updates for a bit, sorry!"), is that instead of splitting the ADRs by Severity, maybe I should have split them by OS to get it down? Is it possible that having two ADRs push updates to the same PC at the same time would be a problem? I could get around that by splitting them by OS instead of Severity so that only one ADR is applying for a given machine. I've checked and it will still be under the 1000 limit, but by a smaller margin. Quote Share this post Link to post Share on other sites
BryanP 4 Posted April 29, 2015 Report post Posted April 29, 2015 Doing some more digging on other PCs this is happening to, it seems to be that for some computers, round 1 of updates is applying, then it waits anywhere from a few hours to a few days before deciding to check in again and realize there are more updates to be applied. The question is ... WHY is it waiting so long between checks? Quote Share this post Link to post Share on other sites
BryanP 4 Posted April 29, 2015 Report post Posted April 29, 2015 Aaaaand I'm an idiot. Remember I inherited this and I've been trying to educate myself on it without, oh, you know, actual training? This means some details I only learn as things go wrong. Client Settings -> Software Updates. The schedule is set for every 2 days. If I had set it to more frequent this wouldn't have happened. Now I just need to get through this month and confirm. I've already been told I'm dead man walking if certain people reboot again tonight. *sigh* Quote Share this post Link to post Share on other sites
anyweb 478 Posted April 30, 2015 Report post Posted April 30, 2015 i see you realised the problem, but i'll just reiterate for others, check your client agent settings targeted to those clients, how often are they set to check for updates ? Quote Share this post Link to post Share on other sites
Garrett804 8 Posted May 6, 2015 Report post Posted May 6, 2015 To expand on anyweb's advice. You need to check your maintenance windows as well, If you don't want them installing and/or restarting during certain hours then you need to put a maintenance window in effect. Quote Share this post Link to post Share on other sites
