Jump to content




Sign in to follow this  
juice13610

Not understanding how SCCM 2012/WSUS work together



Recommended Posts

I have been setting up SCCM 2012 in a lab environment and to be completely honest, I have no idea what I'm doing regarding the patching aspect. I took a beta 4 day in-class class and have my book, so I'm not totally running blind, but I'm still lost.

  1. I setup a site server named LAB-WSUS that had WSUS 3.0 SP2 installed and downloaded updates. Why does it appear my SCCM CAS is going directly out to Microsoft.com for updates? Shouldn't it be going to the WSUS server? Isn't that the point of the SUP site server? When I downloaded the patches, it asked me where to put the "package.". It just downloaded all of the patches onto the SCCM CAS server (per my direction).
  2. I setup a deployment package and chose to deploy to one of the device collections I have setup. I have no GPOs set to point those servers to the appropriate WSUS server, but why do they have to? It appears that my SCCM server is doing all the work.

Thanks in advance!!!!

 

Juice

Share this post


Link to post
Share on other sites


SCCM/SUP uses the META data of WSUS to determine which updates are new and where they can be downloaded, after that it downloads the updates itself.

 

There is no need to create GPO's to point to the WSUS/SUP server, as the SCCM client uses a local policy to do exactly this.

Share this post


Link to post
Share on other sites

How is the client supposed to be setup? Do you have to setup a gpo to enable windows updates or anything at all?? I approved some patches a few days ago for a single computer (a collection that contained one computer) but when looking at the update group, it says 0 compliant, 0 required, 0 not required, 4 unknown. What do I have to do to make them report???

 

 

SCCM/SUP uses the META data of WSUS to determine which updates are new and where they can be downloaded, after that it downloads the updates itself.

 

There is no need to create GPO's to point to the WSUS/SUP server, as the SCCM client uses a local policy to do exactly this.

Share this post


Link to post
Share on other sites

In other words, what do I have to do to the actual PC? As of right now, all I have done is install windows and join the domain, and let SCCM do the rest. It is doing nothing when attempting to deploy patches to it. When I go to the Monitoring -> Deployments -> Windows 7 Updates to STL Computers OU area, it shows that the 1 pc in the collection is "unknown." I don't know what I'm supposed to do to make the computer take the deployment and "comply".

Share this post


Link to post
Share on other sites

As long as the client on the PC is healthy (it can receive policy from its MP), you don't need to configure it. As mentioned before, the SCCM client will configure the WSUS location in Windows Update using local policy.

 

That being said, if there is a group policy object that changes the WSUS server location, then updates through SCCM may not work as intended. GPOs overwrite local policies and the SCCM client will fail to configure software updates on the PC.

  • Make sure all updates targeted have been downloaded and distributed to a distribution point.
  • Make sure software updates are enabled on the clients (edit the Software Update Client Agent properties).
  • Force Software Update related actions on the agent and monitor the logs
  • If not in a domain environment (WORKGROUP), make sure a Server Locator Point (SMSSLP property during install) is defined in the client

 

Have a look at log file locations for SCCM 2007 (most still apply to 2012) http://technet.microsoft.com/en-us/library/bb892800.aspx, and troubleshoot any issues for the SUP component on the client and server:

 

 

Software Update Point Log Files

 

By default, the Configuration Manager 2007 site system log files are found in <ConfigMgrInstallationPath>\Logs. The following table lists and describes the software updates site system log files.

 

Log File Name Description

ciamgr.log

Provides information about the addition, deletion, and modification of software update configuration items.

distmgr.log

Provides information about the replication of software update deployment packages.

objreplmgr.log

Provides information about the replication of software updates notification files from a parent to child sites.

PatchDownloader.log

Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.

030c41d9079671d09a62d8e2c1db6973.gifNote On 64-bit operating systems and on 32-bit operating systems with no Configuration Manager 2007 installed, PatchDownloader.log is created in the server logs directory. On 32-bit operating systems, if the Configuration Manager 2007 client is installed, PatchDownloader.log is created in the client logs directory.

 

 

replmgr.log

Provides information about the process for replicating files between sites.

smsdbmon.log

Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.

SUPSetup

Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.

WCM.log

Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.

WSUSCtrl.log

Provides information about the configuration, database connectivity, and health of the WSUS server for the site.

wsyncmgr.log

Provides information about the software updates synchronization process.

 

WSUS Server Log Files

 

By default, the log files for WSUS running on the software update point site system role are found in %ProgramFiles%\Update Services\LogFiles. The following table lists and describes the WSUS server log files.

 

Log File Name Description

Change.log

Provides information about the WSUS server database information that has changed.

SoftwareDistribution.log

Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.

 

Software Updates Client Computer Log Files

 

By default, the Configuration Manager 2007 client computer log files are found in %Windir%\CCM\Logs. For client computers that are also management points, the log files are found in %ProgramFiles%\SMS_CCM\Logs. The following table lists and describes the software updates client computer log files.

 

Log File Name Description

CIAgent.log

Provides information about processing configuration items, including software updates.

LocationServices.log

Provides information about the location of the WSUS server when a scan is initiated on the client.

PatchDownloader.log

Provides information about the process for downloading software updates from the update source to the download destination on the site server.

This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

PolicyAgent.log

Provides information about the process for downloading, compiling, and deleting policies on client computers.

PolicyEvaluator

Provides information about the process for evaluating policies on client computers, including policies from software updates.

RebootCoordinator.log

Provides information about the process for coordinating system restarts on client computers after software update installations.

ScanAgent.log

Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.

ScanWrapper

Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.

SdmAgent.log

Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.

ServiceWindowManager.log

Provides information about the process for evaluating configured maintenance windows.

smscliUI.log

Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.

SmsWusHandler

Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.

StateMessage.log

Provides information about when software updates state messages are created and sent to the management point.

UpdatesDeployment.log

Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.

UpdatesHandler.log

Provides information about software update compliance scanning and about the download and installation of software updates on the client.

UpdatesStore.log

Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.

WUAHandler.log

Provides information about when the Windows Update Agent on the client searches for software updates.

WUSSyncXML.log

Provides information about the Inventory Tool for the Microsoft Updates synchronization process.

This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

 

Windows Update Agent Log File

 

By default, the Windows Update Agent log file is found on the Configuration Manager Client computer in %Windir%. The following table provides the log file name and description.

 

Log File Name Description

WindowsUpdate.log

Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.

 

 

Good luck

Share this post


Link to post
Share on other sites

AdrianP,

 

Thank you this is a very helpful post, i have been trying to look for information which states the differences between WSUS (GPO) and SCCM SUP. The main questions i have are below, but this is based on a scenario that you used to patch using WSUS and GPO but have now moved on to using SCCM. Please put aside the software center which would show updates. Also any GPO's that had been used for client side targeting have been removed.

 

1. Should the servers/workstations still show in the WSUS console as either all computers or unassigned?

2. What is the difference in the windowsupdate.log that you can look for to ensure that patching is now done by SUP and not WSUS (GPO).

3. Traditionally using wuauclt.exe /..... Would show the user how many updates were available for their server/workstation. How do you determine this using SCCM

4. If you have a separate WSUS internet facing server and you are creating your deployment package should you download from the internet or point it to the WSUS content on the WSUS server?

 

 

Hopefully you can help as i think these are all questions that would be very helpful.

 

Thanks

 

mac

Share this post


Link to post
Share on other sites

  1. Correct.
  2. It should show the FQDN of the SUP.
  3. Software Center shows the available updates.
  4. Depends, if the device that you are running the console on has internet, then I would use that to download the updates to the package.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


×