Jump to content


anyweb

Configuring Software Update Point within SCCM

Recommended Posts

try temporarily disbaling the firewall on the client and do a Data Discovery, do you see the client in configmgr collections ? is it approved and client=yes ?

Share this post


Link to post
Share on other sites


You probably selected Store updates locally during the installation of WSUS. This means that you are storing the updates on three different places, the WSUS folder, the Updates package and on the DP.

 

 

at least, is there any way to "unselect" the "store localy updates"? Do I have to reinstall? It's a 2008 R2 so by reinstalling I mean removing the WSUS role and re-enabling it. What's the easiest thing to do.

 

Thanks,

Share this post


Link to post
Share on other sites

try temporarily disbaling the firewall on the client and do a Data Discovery, do you see the client in configmgr collections ? is it approved and client=yes ?

 

How to do a Data Discovery. I see the client in ConfigMgr Collections but it's not approved and client=no. How to change this parameters.

 

Thanks for your help.

Share this post


Link to post
Share on other sites

at least, is there any way to "unselect" the "store localy updates"? Do I have to reinstall? It's a 2008 R2 so by reinstalling I mean removing the WSUS role and re-enabling it. What's the easiest thing to do.

 

Thanks,

 

Well.. I was a bit to quick with saying that it is not needed at all, because it can be used to store license associated with the software updates...

 

You can also just clean up the WSUS directory, by opening the WSUS Console > Options > WSUS Cleaunup Wizard. This will cleanup al unwanted, expired, superceded, etc updates.

Share this post


Link to post
Share on other sites

Verify

 

On a client, open up control panel and the Configuration Manager client agent, click on the actions tab and Initiate the Following actions

 

Machine Policy Retrieval & Evaluation Cycle

Software Updates Deployment Evaluation Cycle

Software Updates Scan Cycle

 

post-1-1229634162_thumb.jpg

 

If you don't see any updates coming then read the WUAHandler log for details to see what is happening....

 

the log is located in C:\windows\system32\ccm\logs (x86) or c:\windows\syswow64\ccm\logs

 

you can also browse the c:\windows\syswow64\ccm\cache folder to see if any updates have started to download yet

 

be patient, even if you set the deadline for 10:10 it might take time to get them transferred over.

 

Tip: To troubleshoot scan errors, you can run the Troubleshooting 1 - Scan errors report which will return a count of computers for each error that occurred during the last scan for software update compliance on client computers. You can then drill down to the Troubleshooting 3 / Computers Failing with a specific scan error report to view a list of computers that returned that specific scan error.

 

here's what your desktop will look like when the software updates are being pushed out, you can click on the update icon to get details of the updates themselves

 

post-1-1229859160_thumb.jpg

 

after they are applied the update icon will change colour

 

post-1-1229859167_thumb.jpg

 

and here is my WUAhandler.log file (of a successful update) compare it to your own if you are experiencing problems to see what is different...

 

WUAHandler.log

 

 

Hi,

i tried to do like you but it's doesn't work. Can you help me please. I have a little bit different configuration because I do not use Active Directory. I add computer to SCCM like this (Computer association, Import Computer Information = > Import single computer). Can you explain me how to configure deploy update with SCCM please.

 

When I tried like you, i haven't got all the action in Computer manager Properties but i have all the components installed.

 

Configuration : WIndows Server 2008 R2, SCCM 2007 SP2 R2, WSUS 3.0 SP2

post-5534-12710766334743_thumb.jpg

post-5534-12710766966212_thumb.jpg

Share this post


Link to post
Share on other sites

Hello,

Just one question, can you configure SCCM to deploy Windows update to computer in a collection (add computer in collection using Computer Association => Import Computer Association => Import single computer) without setup on the same server Active Directory? I want to deploy windows update without setup Active Directory.

Share this post


Link to post
Share on other sites

this post is really separate to setting up a Software Update Point, but i'll give you a hint, you need to SLP role installed on your site server, slp=server locator point, you'll then need to configure the configmr clients with the info required to see the SLP

 

if you have questions that are not specific to this topic then please raise them as separate posts to avoid any confusion

 

cheers

niall

Share this post


Link to post
Share on other sites

Assuming settings are part of configuring SUP, I'll post this question here.

 

When updates are configured to not require a client to reboot (For example: emergency dispatch systems) automatically, I get the package and red arrow in the system tray. Is there a way to force visible reminders to reboot? I'd like something flashier and more pesky than the little box and arrow.

 

I've been through all the settings and all I find is reminders that a reboot is going to happen, but when one is needed and not forced, can SCCM be configured to pester systems that are always on until they reboot?

 

Much thanks for any and all ideas.

 

-Kelly

Share this post


Link to post
Share on other sites

hi all,,

 

can u please help me?

 

i have question to ask

 

1. I have deploy Software Update to server collection contain 2 Server.

2. The deployment success

3. I have check the status message queries from sccm console to re confirm ..the content downloaded successfully into the server.

4. Then i check in the server in cache folder..all patches pushed from sccm is there..

 

the problem is until now the patches is not install. it supposed to install automatically right?..

 

is it because the deadline or not?

 

thanks in advance...

Share this post


Link to post
Share on other sites

hi all,,

 

can u please help me?

 

i have question to ask

 

1. I have deploy Software Update to server collection contain 2 Server.

2. The deployment success

3. I have check the status message queries from sccm console to re confirm ..the content downloaded successfully into the server.

4. Then i check in the server in cache folder..all patches pushed from sccm is there..

 

the problem is until now the patches is not install. it supposed to install automatically right?..

 

is it because the deadline or not?

 

thanks in advance...

 

If your update package has a deadline that's set in the future it will indeed wait with the installation untill after the deadline. You can choose to install the updates manually from the server or adjust the deadline of the update package.

Share this post


Link to post
Share on other sites

Hello. how can i change the products and classification of the updates? I tried change them through the software update component and issue a WSUS cleanup from that console but i keep on seeing for example Office 2002 although i have removed it from that product list and also on the wsus.log i can still see the initial classifications that i selected. I tried changing it also through WSUS console but no luck.

 

Any ideas?

Share this post


Link to post
Share on other sites

If your update package has a deadline that's set in the future it will indeed wait with the installation untill after the deadline. You can choose to install the updates manually from the server or adjust the deadline of the update package.

 

thanks bro for the explanation..i didn't realize the package will follow the deadline even though it successfully downloaded into the server..now all the patches have been installed after meet the deadline time..thanks..

Share this post


Link to post
Share on other sites

Hello,

 

By doing MS - Date Released within 1 month - Date Revised within one Month - Expired No - Superseded No ==> 16

 

which seems low as the email from WSUS is 36 (37 counted) patches so I changed to

 

MS - - Date Revised within one Month - Expired No - Superseded No ==> 31

 

- Date Revised within one Month - Expired No - Superseded No ==> 114

 

So this shows that there seems to be a gap within these variances of criterai and not really sure which one is the best way to go as for example this month I noticed several patches released 4/13/2010 and revised 7/13/2010... in my search folders they were not picked as I selected the released and revised within the last month ... it is an "AND" not an "OR"

 

Any idea? Should it an OR? Or select only the patches Revised within a 1 month?

 

e.g.:MS10-024 Security Update for Windows Server 2003 x64 Edition (KN976323)

 

Also the patches coming with no bulletin ID are not picked up is it correct?

 

e.g.:"Update for Microsoft Office Outlook 2007 Junk Email Fileter (KB2202131)"

 

All the one WSUS was listed as "Other Updates" none are picked...

 

Update Rollup 4 for Exchange Server 2010 (KB982639)

Windows Malicious Software Removal Tool - July 2010 (KB890830)

Windows Malicious Software Removal Tool - July 2010 (KB890830) - IE Version

Windows Malicious Software Removal Tool x64 - July 2010 (KB890830)

Definition Update for Microsoft Office 2010 suites (KB982726), 64-Bit Edition

Definition Update for Microsoft Office 2010 suites (KB982726), 32-Bit Edition

 

Thanks,

Dom

Share this post


Link to post
Share on other sites

interesting points and yes your search folders will produce different results based on your criteria, experimenting will give you a better overview,

as regards not including certain updates (patches) from your statement

 

Also the patches coming with no bulletin ID are not picked up is it correct?

 

correct, by including MS as the bulletin ID (or MS10 or whatever) we are looking for Security Updates only , only SEcurity Updates are given a bulletin ID.

 

if you want All Security Updates AND all other updates, create another search folder called 'all updates' for the given OS and do not include bulletin ID as a search category, see the difference ?

Share this post


Link to post
Share on other sites

Hi there,

 

I would like install all update after an os deployement with software (like Windows 7 and Office 2010) because I need to ensure that any new installations are fully patched. I follow a topic from this website and I think my "Software Update" are OK beacause I can deploy update (picture 1). I hope it's possible and i think (I'm not sure) you need to use "Install Software Update" (picture 2) to do this. Anybody can confirmed me that? I see you can deploy update with package (picture 3) but I think you need to update your package so, it's not for me the better solution.

 

 

 

Thanks in advance.

 

Best Regards

post-6793-12835026821495_thumb.jpg

post-6793-12835027602339_thumb.jpg

post-6793-12835027963339_thumb.jpg

Share this post


Link to post
Share on other sites

yes it's possible, just advertise a new deployment management task (or tasks) containing the updates (both windows 7 and office updates) to the collection(s) that the computers are in

Share this post


Link to post
Share on other sites

OK and think you fir your answer.

But how to do this? How advertise a new deployment management task (or tasks) containing the updates? I just need to do like this : http://www.windows-noob.com/forums/index.php?/topic/1815-using-update-lists-when-deploying-monthly-updates/ and add "Install Software Update" in TS?

 

 

 

Thanks in advance.

 

Best Regards

Share this post


Link to post
Share on other sites

yep that shows you how to point the Deployment Management Task to a specific collection, you should probably create two Deployment Management Tasks, point one to your Deployment Collection and the other to the Unknown Computers Collection

Share this post


Link to post
Share on other sites

below is a screenshot of Offline Updates (via MDT integration in the Task Sequence)

 

post-1-1246990311_thumb.jpg

 

 

this, For me it doesnt work....

 

if i deploy via Advertissement after OS Installed it works well (so my Deployment Package works well), but during depoyment, it failed, i got deploying error and i got that in my sccm.log log :

 

sccm.jpg

 

 

any idea ? it is work for some of you ? (Update offline, during deploying OS)

 

 

Best Regards

Share this post


Link to post
Share on other sites

rest is OK. deployment failed when "windows update offline" is starting...

 

other software deployment works well...and if i skip "offline Windows update", deployment works well...

Share this post


Link to post
Share on other sites

rest is OK. deployment failed when "windows update offline" is starting...

 

other software deployment works well...and if i skip "offline Windows update", deployment works well...

 

 

here is my Task sequence..something really simple.. (i disabled offline update since it doesnt work)

 

 

 

screen02f.jpg

 

 

 

 

 

some idea about errors ?

 

 

Regards,

 

 

Marc.

Share this post


Link to post
Share on other sites

what error do you get ?

is that a standard Install Software Updates step or one you created yourself ?

Share this post


Link to post
Share on other sites

error is in my smslog i posted just 2 post before..check it :)

 

i create a stand task sequence (not an MDT here, but i did an MDT it's same, same error), and i did ADD > Software offline update, and i browse on my update package i ceated before..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...