Jump to content



anyweb

using SCCM 2012 RC in a LAB - Part 12. Updating an Operating System image using Offline Servicing.



Recommended Posts

anyweb    399

In Part 1 of this series we got our AD and SCCM servers ready, and then we installed System Center 2012 Configuration Manager as a standalone Primary site. In Part 2 we configured the SCCM server further by adding some Windows Server roles necessary for the following Configuration Manager 2012 functionality, Software Update Point (SUP) and Operating System Deployment. In Part 3 we configured the server further by Enabling Discovery methods and creating Boundary's and Boundary Groups. In Part 4 we configured Client Settings, Added roles and Distributed the Configmgr Client to our Computers within the LAB, then in Part 5 we enabled the Endpoint Protection Role and configured Endpoint Protection settings and targeted a collection called All Windows 7 Computers with these settings and policies.

In Part 6 we configured our SUP further to Deploy software updates to our All Windows 7 Computers and Build Windows 7 X64 collections. In Part 7 we used the Build and Capture process to create our Base Windows 7 X64 wim image. In Part 8 we created a USMT 4 package to migrate the users data using hardlinking and then we imported the captured image into ConfigMgr and created a Deploy Windows 7 X64 task sequence. We created a Deploy Windows 7 X64 Collection and set some User Device Affinity collection variables.

In Part 9 we created an Application, and created a deployment type for that application to only install if the Primary User was True for that device (User Device Affinity), we then copied our Task Sequence (duplicated it), deployed the new Task Sequence, added a computer to the new collection and then PXE booted the computer to the Deployment Menu. In Part 10 we monitored the Deployment process in a lot of detail to how UDA sent state messages and we verified that our application installed on the users Primary Device, in addition we modified our collection variables, and added a prestart command to our boot image to prompt for the SMSTSUdaUsers. In Part 11 we setup the Reporting Services Point Role and verified that reporting was working.

Now we will use a new feature in ConfigMgr which allows us to Patch operating system WIM images using Offline Servicing. This means that you can apply Windows Updates by using Component-Based Servicing (CBS) to update the your previously captured WIM images.

The Offline Servicing feature is applicable for Component Based Servicing (CBS) updates and for the following operating systems:

  • Microsoft Windows Vista SP2 and later
  • Microsoft Windows Server 2008 SP2 and later
  • Microsoft Windows 7 RTM
  • Microsoft Windows 2008 R2

DISM is used to inject the updates - Deployment Image Servicing and Management (DISM)






Note: At the launch of ConfigMgr 2012 Beta 2 Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 are not supported. They will be supported with Configuration Manager 2012 RTM.



Step 1. Review our current Captured WIM file.

Perform the following on your SCCM 2012 server as SMSadmin.

In the ConfigMgr console, expand the Software Library and then expand Operating Systems, select Operating System Images. This will contain our previously captured Windows 7 X64 WIM image. Select our Windows 7 X64 WIM image and note the four tabs which appear.

windows 7 enterprise wim image.png

Click on the Update Status tab. This tab will list any updates that have been added to our image via Offline Servicing, we haven't completed any Offline Servicing on our WIM image yet so for this reason it will appear empty.

no items found in update status.png

Note: Even though our Captured image has updates installed in it already, unfortunately the Update Status tab will not list udpates that are in the captured image unless those updates that have been added via Offline Servicing after the WIM image was added to ConfigMgr.


Step 2. Perform a Software Update Point Synchronization

Perform the following on your SCCM 2012 server as SMSadmin.

Before we perform Offline Servicing, we want to make sure we have the latest updates Synced. In Software Updates, All Software Updates. In the Ribbon, click on Synchronize Software Updates.

all software updates synchronize software updates.png

answer Yes to the Sync request

yes to sync.png

while it's syncing, using CMTrace, monitor the WsyncMgr.log file found in D:\Program Files\Microsoft Configuration Manager\Logs, look for the Sync Suceeded line to be sure it's finished. If you have synced recently it will be quick.

sync succeeded.png

Once the sync is complete, mark any new updates that were released since you last updated your target OS and download them and add them to your Target Operating System Software Update Group (for example, update these updates to your Windows 7 updates software update group which we created in part 6.


Step 3. Start Offline Servicing

Perform the following on your SCCM 2012 server as SMSadmin.

Select our Captured Windows 7 X64 image and click on Schedule Updates in the ribbon

schedule updates.png

The Update Operating System Image Wizard appears, note that it automatically selects the architecture of your image (X64) and you can list all the updates it has found available to this Operating System. If you want you can sort by any of the column headings, for example click on Bulletin ID to see what are the latest Bulletin ID's being made available to Offline Servicing.

update operating system image wizard.png


Note: if no updates appear, make sure to download them first.

click next, and you are presented with the Set Schedule screen, this is great for ConfigMgr admins as it means you can decide when your server will do the Offline Servicing work (disk intensive) so for example you could schedule it to occur on Saturday evening when everyone is home. If you want to set a schedule click on Custom Schedule, however as we are in a LAB we will choose As soon as possible.

Note: Injecting updates into the WIM images offline is disk intensive so you should not perform this operation except when the server is 'at rest'. Also allow for free space on your Configmgr Server drive as the WIM image will be duplicated (backup copy created) during this process.

As soon as possible.png

you'll be presented with a summary of Updates offered to the Offline Servicing Process

summary.png

click next to continue and review the completion screen, the wizard is quick, the injection however takes time as you will see.

completion screen.png

Step 4. Monitor the Progress with the OfflineServicingMgr.log file

Perform the following on your SCCM 2012 server as SMSadmin.

ConfigMgr 2012 introduced some new logs one of which is the OfflineServicingMgr.log file, open it in CMTrace so that we can monitor the progress of our Offline Servicing. You will note it mentions copying our current WIM image to a temporary folder called ConfigMgr_OfflineImageServicing, and it's at this point your ConfigMgr server will become slower to use (especially in a LAB as typically your hardware isn't that fast in a LAB and this is very disk intensive).

offlineservicing log.png

if you browse this temp folder in Windows Explorer you can see the WIM file and some other temp folders used for the CBS injection process (via DISM)

offline image servicing temp folder.png

Note: make sure to close Windows Explorer or browse to a different folder than the one above as if you are browsing it during Commit, then the process will fail to delete the temp files/folders.

keep watching the log in CMTrace as it will tell you what percentage is done, for example, 25% of the copying is completed

copying 25% complete.png

once it's done copying the WIM file it mounts it to inject the CBS updates

copying done mounting image at index 1.png

and after some time it will check all available updates to see if they are applicable or not, each update will have an Applicability State which can be listed as any of the following:-

  • NOT_REQUIRED
  • INSTALLED
  • APPLICABLE
  • APPLICABILITY_CHECK_NOT_SUPPORTED

applicability_check_not_supported.png




finally you can see how many updates are being applied to the mounted image

total number of updates that are successfully applied on the mounted image is 9.png

and then it commits those changes, verify that all is well in the OfflineServicingMgr.log file before continuing, note that in addition to unmounting the image (commiting changes) it then creates a backup copy of the original WIM file (with a file extension of BAK). Also look for the line saying Schedule Processing Completed, this notifies you that all is done.

backing up and schedule processing completed.png

Now Browse to where your original captured WIM file is stored and you should see the original WIM file is renamed to BAK and the new file (larger file as it has updates applied) is in it's place. If you need to keep the original file copy it elsewhere or give it a new name.

two wim files.png


Step 5. Review our updated Image in the ConfigMgr Console.

Now that the OfflineServicing process is complete, lets examine the WIM file in Operating System Images (click refresh to update the display). You should see that the Scheduled Update Status says Successful, and that the Update Status tab lists the state applicability of the 78 updates it referenced in the OfflineServicingMgr.log file.

update status tab is full with 78 updates state applicability.png

Right click on our Windows 7 X64 Enterprise image and choose Properties, click on the Installed Updates tab, here you can see when any updates were added via Offline Servicing (in our case, it was 9 updates and they are indeed listed in the Date Installed column.

date installed.png


Step 6. Update your image to your Distribution Points

The last part of this process is to update your newly updated image to our Distribution Points, this is not done automatically you must do it yourself, this means that the scheduled task can run (Offline Servicing) and when it's done, you have to review the changes made before you decide if you want to update the image to your DP's or not.

Select our image and click on Update Distribution Points in the ribbon

update distribution point.png

click ok When prompted

ok to update.png

That's it, you've now injected Windows Updates (CBS) using a new feature in ConfigMgr 2012 called Offline Servicing, once the WIM image has completed updating to the DP's your Task Sequence will reference the New updated image and your Enterprise (LAB) will be using the most secure, most up to date image available.

 

Related reading

 

  • Like 1

Share this post


Link to post
Share on other sites


iburnell    0

Two quick questions NIall

 

1) If you patch up your .WIM each month how does it cope with the older/superceded patches in the .WIM file?.

2) Could the "patched up" WIM be copied to a 2007 site so builds benefit from fully patched image

Share this post


Link to post
Share on other sites
anyweb    399

good questions,

1. not sure yet, will have to find out when that happens but i would assume that the superseded updates will overwrite the old ones. (ie: replace)
2. no unless you remove the configmgr client first as they are different hierarchies and versions.

Share this post


Link to post
Share on other sites
Iroqouiz    27

Would like to know that as well. Any updates on that?

 

Thanks for all the great guides, they've helped me a lot.

Share this post


Link to post
Share on other sites
itkroplis    2

Hi!

When I add a new win7 wim file and the executive "distribute content", is created in C:\ SMSPKGSIG new folder (for example PRI00014.1). Copying process is interrupted and win7.wim size is 20MB !?

If I try to execute this win7.wim "Shedule Updates". I get the response "Failed to copy the image from the package source location to the siteserver machine."

 

OfflineServicingMgr.log:

There is an image associated with this schedule.

Total number of individual updates to be installed is 90.

STATMSG: ID=7903 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=SCCM2012.LV SITE=GS0 PID=3884 TID=2968 GMTDATE=se mai 12 08:56:28.559 2012 ISTR0="GS000015" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

Package source location for image GS000015 is not writable. GLE=5

STATMSG: ID=7915 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_OFFLINE_SERVICING_MANAGER" SYS=SCCM2012.LV SITE=GS0 PID=3884 TID=2968 GMTDATE=se mai 12 08:56:28.568 2012 ISTR0="GS000015" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

Schedule processing failed

 

The problem is probably here:

Package source location for image GS000015 is not writable. GLE=5

What rights and where to be?

-------

 

 

Update:

Create a new sharing folder. I gave the right to sharing and security rights of every all / full. Began to work well. Lack of understanding of how SCCM authenticate. Although SCCM admin users and SCCM server account is given full rights.

 

 

Update2:

 

Sharing Permission change to Everyone to full controll.

Interestingly, with an account sccm2012 the authorization? Maybe the system!

  • Like 1

Share this post


Link to post
Share on other sites
anyweb    399

well in my example above SMSadmin is the user running the configmgr console and that user is a local administrator of the same box, are you performing this as a user that has local administrative permissions on that server or has the user rights to read/write to that folder (the package source folder mentioned in your log file)

  • Like 1

Share this post


Link to post
Share on other sites
hhancock    1

Does the Windows 7 Updates Software Update Group need to be deployed before it can be added to the WIM? I have not deployed the Software Update Group yet and noticed that the Schedule Updates Wizard doesn't populate with any information.

 

* I just need to deploy to the All Unknown Computers Device Collection.

Share this post


Link to post
Share on other sites
hhancock    1

Okay, I've gotten Offline Servicing to work thanks to this guide. I have a quick question with regards to adding updates to the Windows 7 Updates SUG (Software Update Group). Do I just do the following?

  1. Download update (if it isn't already)
  2. Edit membership (to make it a part of my Windows 7 Updates SUG)
  3. Schedule Updates on the Operating System Installer Image
  4. Update Distribution Points

Is that it?

Share this post


Link to post
Share on other sites
anyweb    399

that;'s about it, but i'd review the logs between point 3 and 4 to be sure the wim was updated successfully, in addition you may want to deploy the new wim image using a separate duplicate task sequence to verify it's working ok prior to rolling it out.

Share this post


Link to post
Share on other sites
hhancock    1

that;'s about it, but i'd review the logs between point 3 and 4 to be sure the wim was updated successfully, in addition you may want to deploy the new wim image using a separate duplicate task sequence to verify it's working ok prior to rolling it out.

 

The process I listed above didn't work for me. I go to "Schedule Updates" on the Operating System Installer Image yet the new updates are not listed. In fact, nothing is listed.

 

Specifically, I am trying to add Internet Explorer 9 to my image but it doesn't seem to be included in the update. It shows in my Windows 7 Updates SUG but it doesn't appear to get installed during the Offline Servicing.

 

In the OfflineServicingMgr.log file I noticed the following:

 

Applicability State = APPLICABILITY_CHECK_NOT_SUPPORTED, Update Binary = \\SCCM01\Sources\Updates\Windows7\ed9979fd-98b0-478d-a792-10ac1409756b\WU-IE9-Windows7-x64.exe. $$<SMS_OFFLINE_SERVICING_MANAGER><10-30-2012 18:37:03.435+240><thread=5160 (0x1428)>

 

What does APPLICABILITY_CHECK_NOT_SUPPORTED mean exactly. Is this why it isn't installed on my image?

Share this post


Link to post
Share on other sites
hhancock    1

I believe my issue is because Offline Servicing only installs core OS updates (Component-based Servicing). When I added the "Install Software Updates" to the task sequence it appears to have installed IE9 properly. However, I did notice that it didn't install those updates that were not marked as "required" during this pass (which included some cumulative security updates for IE9). Is this because I choose to "Install Mandatory Software Updates?"

Share this post


Link to post
Share on other sites
hhancock    1

Is it possible to automate this process at all with the Automatic Deployment Rules? I would like to apply new updates to my image automatically.

Share this post


Link to post
Share on other sites
fxcat    0

Thank you, Great Article!!

 

Quick question,

Lets say my WIM file is 4GB and the updates added are 50MB.

when you “update” your distribution points. Does it copy the full WIM file again everywhere or just the part that have been changed ?

 

Thank you

Share this post


Link to post
Share on other sites
67_dbc    1

I am having issues with my Offline Imaging in a sense that nothing is wrong with the process being done with Offline Scheduling but once the image is applied during the TS phase on the client, login and review the Windows Update History, all the updates appear up as fail?

 

Where do you suggest troubleshooting this issue? Do I have an issues with an update(s) injected in the WIM which is causing all the others to fail?

 

I haven't started over with a new WIM with a new sync of updates but I wanted to reach out to the community to see if anyone has had this issue or not.

 

Eric

Share this post


Link to post
Share on other sites
anyweb    399

did you do multiple offline servicing attempts for this or just one ? can you show me a screenshot of what the updates appear like in the operating system

Share this post


Link to post
Share on other sites
67_dbc    1

Yes this image was ran a couple times due to recent issues McAfee Access Protection was blocking the updates being applied to the WIM. Now our environment is heavy on security so my SCCM server 'had' McAfee installed at the time. Once I removed it, I've was able to successfully patch my WIM's. But to think of it, with McAfee involved at the time, it could have messed up this WIM even though SCCM says everything is successful on the console once I moved forward.

 

If I may just to help with the community, here is a KB that McAfee does not want to own this problem when it is there problem....

https://kc.mcafee.com/corporate/index?page=content&id=KB76867&cat=CORP_PRODUCTS&%20actp=LIST

 

Here are the updates applied to the image so we know logically they should be in the WIM.

post-17123-0-82616400-1376001317_thumb.png

 

And the other image refers to the machine that recieved that image.

post-17123-0-17400000-1376001470_thumb.png

 

post-17123-0-50112700-1376002194_thumb.png

 

post-17123-0-60762200-1376002530_thumb.png

 

Perhaps while you are thinking about it, I will create a freash copy of this WIM, and re-apply the same updates to and see how it goes.

 

 

As always Niall, I love your sccm knowledge, keep up the good work! I hope you can let me PM you on SUP questions if you have 15 minutes of time.

 

Eric

Share this post


Link to post
Share on other sites
67_dbc    1

I did recreate the WIM, installed a fresh set of Updates on using the same steps above. Still getting the same issue on the clients not installing the updates in the Windows Update History. I don't know of any other way beside viewing that GUI if that is truely a failed update that didn't apply. Are there logs else where that would support that these updates are really failing during install?

 

Eric

Share this post


Link to post
Share on other sites
67_dbc    1

Still at lost on this issue. So i decided that this can't work adding Windows Updates to the WIM. Unable to find anyone successful at it. So I move on and now I am unable to successfully get the Software Update step in the TS to work either. Let me just make sure I understand how it works. Added the step to right after Setup Windows and ConfigMgr. The radio button choosen is All Software Updates. Once the step arrives during the OSD, it will see it but jumps right over, nothing happens. I have SUP configured but where I am confused is, am I applying the step in the right order? Also, does the machine recieving the OSD deployment need to be in a collection where the updates are pointed as well? I've done it before, but only like 1/3 of them install then everything else fails. Am I suppose to be adding reboots at any point then add another All or Mandatory Software Update step right after?

 

How do you fully patch a machine during OSD is really what I want to know.

 

Anyone that can share a sample of the process order would be great!

 

Eric

Share this post


Link to post
Share on other sites
kidg    0

Hi everyone - thanks in advance for reading my query.....

 

I seem unable to add any further updates (via the "Schedule Updates" - I currently see 9 in total available for my x64 Windows 7 image) and when viewing "OfflineServicingMgr.log" (screen shot attached) every update that is attempted to be installed reports "Failed to install update with ID ********* on the image. ErrorCode = 2096"

 

Does anyone know what error 2096 is and how to fix it?

 

No AV running on the Site Server

Running SCCM 2012 SP1 CU1

 

Thanks,

 

Mark

post-21377-0-35755500-1378376739_thumb.jpg

Share this post


Link to post
Share on other sites

There are already quite some posts about that issue. Did you see this already: http://social.technet.microsoft.com/Forums/en-US/9c34add1-5261-4dcf-b3f6-7c26ef4fcd28/sccm-2012-sp1-offline-servicing-failed-to-install-update

 

What did you already try and where did you already look at?

Share this post


Link to post
Share on other sites
67_dbc    1

There are already quite some posts about that issue. Did you see this already: http://social.technet.microsoft.com/Forums/en-US/9c34add1-5261-4dcf-b3f6-7c26ef4fcd28/sccm-2012-sp1-offline-servicing-failed-to-install-update

 

What did you already try and where did you already look at?

 

Peter, can you chime in on any of my post under 67_dbc

I am still having issues successfully applying Windows Updates at the client side and I have no issues with Offline Imaging as posted, page 1 at the bottom. At the client level appears to be where it's failing. I am not sure exactly where to contiue.

 

SCCM2012 Non-SP1.

 

Any suggestions is greatly appreciated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×