Jump to content


anyweb

using SCCM 2012 in a LAB - Part 6. Deploying Software Updates

Recommended Posts

When you have SCCM configured to handle WSUS, should a client machine be able to run Windows update? Or will they get this error? My clients are getting a Windows could not search for updates error when they try it manually.

Share this post


Link to post
Share on other sites

Hey

 

The wizard, when downloading updates to the update package has the following unhappy results:

 

 

Error: The process is not in background processing mode.

Package:

Success: The software updates were placed in the existing package:

• Windows 7 Updates (Sept 17 2012)

Software updates downloaded from the internet

Error: Security Update for Windows 7 (KB975467)

Errors

The process is not in background processing mode.

Security Update for Windows 7 (KB979482)

Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 x86 (KB979916)

Security Update for Windows 7 (KB982665)

Security Update for Windows 7 (KB2124261)

Security Update for Windows 7 (KB2271195)

Security Update for Windows 7 (KB2347290)

Security Update for Windows 7 (KB2378111)

Security Update for Windows 7 (KB2442962)

 

[...]

 

Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2744842)

Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2744842)

 

The following services have been restarted and the downloading of updates attempted again:

 

Bits, Windows Update

 

The SCCM server does have a connection to the Internet. So, now... I am asking for help (again!)

 

Update:

 

I have done the following, as recommended here: http://bit.ly/oO2iWa

The error, however, is still occuring. I can synchronize with Microsoft Update fine, with no error. However, when downloading the updates to the update the distribution package the following occurs:

 

Error: The process is not in background processing mode

 

-- Matt

Edited by mpepprell

Share this post


Link to post
Share on other sites

Dear, I followed the entire topic and getting superseded error on most/all of the updates in log file. Please advice.

 

Skipped update 45a998db-0cd8-47cd-b917-ef6ab059e70c - Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2675157) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:05.080-300><thread=2844 (0xB1C)>

Skipped update 1581a364-a485-43de-872f-7252a661a01d - Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 for Itanium-based Systems (KB2699988) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:05.284-300><thread=2844 (0xB1C)>

Skipped update 89b634b6-b818-46b6-abbc-4a3fc2747496 - Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB2675157) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:05.676-300><thread=2844 (0xB1C)>

Skipped update 637277d4-e733-4471-a5ea-799e888ee750 - Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB2699988) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:05.898-300><thread=2844 (0xB1C)>

Skipped update 420e1f75-15e5-4af1-8d08-83d1f317cf02 - Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 Edition (KB2699988) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:06.177-300><thread=2844 (0xB1C)>

Skipped update 506508b4-dd57-4a46-a217-118c2a148566 - Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2675157) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:06.535-300><thread=2844 (0xB1C)>

Skipped update 538d4f66-e213-4010-8c18-b4722caaaedc - Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2699988) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:06.780-300><thread=2844 (0xB1C)>

Skipped update b8bc9bd9-6ce1-405a-8f0d-b4ec0cf1926e - Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2699988) because it was superseded. $$<SMS_WSUS_SYNC_MANAGER><09-26-2012 00:21:07.059-300><thread=2844 (0xB1C)>

Share this post


Link to post
Share on other sites

Hi,

 

2 questions

 

 

1) in a production environment is correct to use BULLETTIN ID=MS? In other words, are all the security patches included in MS bullettins or am i missing something ?

 

 

2) Im going to create this:

 

a) a compliance group (not deployed) with all the patches (more than 1000)

 

b ) one or more updates group deployed to all systems for past patches

 

c) ADRs for monthly patches

 

 

Compliance group must be deployed and disabled or not deployed?

 

Many thanks for your guides !

  • Like 1

Share this post


Link to post
Share on other sites

use ADR (automatic deployment rules) to do your patch tuesday monthly updates. I'll do a new post on that sooner or later

 

Have you done this yet?

Share this post


Link to post
Share on other sites

Thanks for the excellent write up. I am sure that Systems Admins around the globe will find this very useful. Please can anyone assist me with the following

 

Problem 1

Configuration Manager Trace Log Tool

dh0x.png

 

I understand this is related to the license agreement. But when I go back to SCCM 2012 and check Software Library, Windows 7 updates, I cannot find any update that has Lincense Terms = Required. How can I sort this issue.

 

 

 

Problem 2

In end of Part 6, it is mentioned to

create a new collection called Build and Capture Windows 7 X64 and repeat the above Deployment for our Windows 7 Updates and target it to the Build and Capture Windows 7 X64 Collection as follows

How to do this.

If I go to Assets & Compliance, Device Collection and Click Create New Device Collection

2nga2yt.png

It is asking for limiting collection. Which collection should I select here? Please advice.

Share this post


Link to post
Share on other sites

 

 

Problem 2

In end of Part 6, it is mentioned to

create a new collection called Build and Capture Windows 7 X64 and repeat the above Deployment for our Windows 7 Updates and target it to the Build and Capture Windows 7 X64 Collection as follows

How to do this.

If I go to Assets & Compliance, Device Collection and Click Create New Device Collection

2nga2yt.png

It is asking for limiting collection. Which collection should I select here? Please advice.

 

Same for me, please advise how to create the collection. What need to choose at "limiting collection" and what queru rule i need to use....

Share this post


Link to post
Share on other sites

as it's a build and capture collection it can be empty (no membership rules)

you can add computers to that collection using a direct membership rule later or by using computer association.

 

the limiting collection can be All systems or all windows 7 computers, it's up to you.

  • Like 1

Share this post


Link to post
Share on other sites

as it's a build and capture collection it can be empty (no membership rules)

you can add computers to that collection using a direct membership rule later or by using computer association.

 

the limiting collection can be All systems or all windows 7 computers, it's up to you.

 

Thank you!

Share this post


Link to post
Share on other sites

On the step 1 when i right click in the "All software updates" nothing happens. wsyncmgr.log has no activity. SCCM server has 2 network cards. one is to DC with no internet and one has internet access.

What am i missing?

Share this post


Link to post
Share on other sites

Thanks guys.

 

This site is the best of the BEST.

 

I have one big challenge.

 

My updates where deploying fine without issues until last or so , was out of office , so i returned to discover that the \sources\Windows 7 \ (downloaded updates for this operating sytem ) updates folders where downloaded but with noting in the folders.

 

meanwhile previously, the same server has successfully downloaded and deployed Windows
updates for all flavours of microsoft OS.



 

I confirmed proxy configuration is ok from the WSUScrl.log
file and synchronization with Microsoft upstream servers occurs successfully
from the wsynchmgr.log file.


Only problem is the updates *.msi files don’t drop any
more within the folders referenced in the attached.



 


The account logged on has proxy access and can browse using
internet explorer on the SCCM2012 Server, its also the Admin account for
SCCM2012


This started about 2 weeks ago.



Please help Champions.

 

Thanks a bunch..post-13038-0-17518500-1361721443_thumb.png

Share this post


Link to post
Share on other sites

Thanks guys.

 

This site is the best of the BEST.

 

I have one big challenge.

 

My updates where deploying fine without issues until last or so , was out of office , so i returned to discover that the \sources\Windows 7 \ (downloaded updates for this operating sytem ) updates folders where downloaded but with noting in the folders.

 

meanwhile previously, the same server has successfully downloaded and deployed Windows
updates for all flavours of microsoft OS.



 

I confirmed proxy configuration is ok from the WSUScrl.log
file and synchronization with Microsoft upstream servers occurs successfully
from the wsynchmgr.log file.


Only problem is the updates *.msi files don’t drop any
more within the folders referenced in the attached.



 


The account logged on has proxy access and can browse using
internet explorer on the SCCM2012 Server, its also the Admin account for
SCCM2012


This started about 2 weeks ago.



Please help Champions.

 

Thanks a bunch..post-13038-0-17518500-1361721443_thumb.png

Share this post


Link to post
Share on other sites

anyweb, great tutorial! But I must say either I've gone blind or don't understand why SUP is a pain to make life easier. What is it do you look for when the client is not getting the Updates installed? We have an AD Forest using only a Primary Server for SUP role, no childs or secondary, just DP's around the Globe. Basically at the point where the Windows Update Client is showing up in Windows Update history but the updates are not appearing in ccmcache folder (assuming that is where staging area is). I've verified the Local Policy shows the sccm.company.com:80. Updates are packaged and on the DP's without errors. My clients are in Collections where Updates are being Deployed. Enable Software Update Client is set to True with my schedules. What else did i leave out? Only thing I have a question on is the "Enable software update-based client installation is not 'checked'. Is that only for the Global needs if you wanted all your client with it installed? Not sure where that comes to play.

 

I am a first year "noob" at SCCM so please be gentle, (first post on this Forum). Humor me if you may. :)

 

Anyone share thoughts are welcomed.

 

Thanks,

 

Eric

Share this post


Link to post
Share on other sites

Hi,

 

2 questions

 

 

1) in a production environment is correct to use BULLETTIN ID=MS? In other words, are all the security patches included in MS bullettins or am i missing something ?

 

I also would like to know the rationale behind this.

Share this post


Link to post
Share on other sites

Well I was able to fix the issue "The process is not in background processing mode" by doing the suggested fixes, but it stopped working again this morning. Then after checking logs and reboots and everything seemed fine, then it dawned on me that our local policy applies the proxy back to IE9 connection settings after unchecking it, bam it was all good to go with no issues.

 

So hope this helps someone form pulling their hair out.

Share this post


Link to post
Share on other sites

Hi All

 

First time poster, long time user of these forums and fantastic guides. Anyweb you've done a great job with these. I'm an experienced SMS / SCCM admin and recently our org made the jump to SCCM 2012 SP1 CU3 and over time have been migrating clients to it.

 

I have an issue in controlling 'end user experience' with relation to updates. My requirements are fairly simple in that I have two main groups of computers for which different behavior is required.

Group 1: General windows workstations - receive updates when made available, install but prompt for reboots

Group 2: Contact Center workstations - receive updates and reboot only during Maint Window. Maint window is 12 hrs (1900-0700) machines wake at 0500 each day.

 

My approach was to achieve this with one deployment and have Maintenance Window applied to collection for Contact Center handle that requirement for Group 2. From testing this was not an issue and Group 2 behavior was achieved. My SUG deployment setings are:

  • Type: Required
  • Scheduling: Deadline set to 1 year in advance
  • User exp: Display and show all notifications
  • User exp: Deadline behavior - none checked
  • Device Restart: Only server checked

 

However for Group 1 the agent installs the updates and then commences a forced restart countdown (Your computer is about to restart). What I want is a prompt for restart and then at the deadline to force it occurs at that time. The deadline is in the future by weeks. Checking Software Center I can see that the restart is scheduled for the deadline.

 

Have I missed something here or am experience something abnormal? I have tried to remove any residual policy settings from Automatic Updates during my testing but this has never changed the user experience.

 

Thanks for any help here you guys can offer.

 

Tiger

Share this post


Link to post
Share on other sites

wsyncmgr.log

Sync failed: WSUS update source not found on site P01. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource

STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=ad.SCCM.local SITE=P01 PID=1612 TID=4884 GMTDATE=Fri Aug 01 16:18:21.943 2014 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site P01. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

Sync failed. Will retry in 60 minutes

 

WCM.log

Remote configuration failed on WSUS Server.

Share this post


Link to post
Share on other sites

Hi,

First I wanted to thank you for all the great HOWTOs on SCCM 2012. They have been very helpful and informative. I wanted to run this by you and see if I can get your input. We have an existing WSUS server right now so I wanted to know how we can integrate that with SCCM. I think I would install the basic SCCM configuration on our existing WSUS server and create a software update point, correct? Does it matter if it's already functioning as a WSUS server? From what I've read in your HOWTO, you install the WSUS role on the SCCM server but you don't configure the WSUS role afterward. Instead you configure the software update point in SCCM, correct? I haven't seen any articles on the Net about integrating SCCM with an existing standalone WSUS setup. We also have a similar scenario with our existing WDS server. Would GREATLY appreciate your help.

Regards,
RA

Share this post


Link to post
Share on other sites

there's is no integrating, you have to install a new WSUS, get rid of the old and start afresh.

 

have a read of this thread on Technet about the subject.

 

cheers

niall

Share this post


Link to post
Share on other sites

Hi,

 

for all of you getting the access denied message when making new Software update group, close console and run as administrator. Then it will work.

 

post-22178-0-43069000-1413198157_thumb.jpg

 

@Anyweb: just a suggestion you can add to the tutorial if people ran into this problems.

 

Thanks,

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...