Jump to content


anyweb

Configuring Software Update Point within SCCM

Recommended Posts



yes of course for the MDT, if i create an MDT TS i use tooolkit package.

 

but here i use a standard task seuquence create with SCCM 2007 (R3), and i add "Software offline update" and i browse on my Package 'All Windows 7 Update" i created in my SUS, as you can see in the screenshots in my prvious reply.

 

So i get this Unknow errors about Failed to install software update as you can see.. i don't know why :-/

 

looks some post before mine, ia2s , did it (as we can see in his screenshot n°3), i would like to know if it works for him or not

 

Regards, :)

Share this post


Link to post
Share on other sites

Hello,

i was wondering, if i neet to configuring a GPO for WSUS clients ?

I mean the GPO for connect to the WSUS :

 

to point the client computers to the WSUS server (in Administrative template)

 

1. In the Windows Update details pane, double-click Specify intranet Microsoft update service location.

2. Click Enabled, and type the HTTP URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http://servername in both boxes, and then click OK.

 

Or maybe the Configuration manager clients will do it without GPO ? but if my clients have internet access and automatic update enable, i don't want that they download automatically updatefrom windows update...

 

do i need to specify WSUS server in a gpo ?

 

Regards ,

Share this post


Link to post
Share on other sites

Assuming settings are part of configuring SUP, I'll post this question here.

 

I have been reading these guides with great interest, and so far they are working great.

 

My Question is that if you configure the gpo settings for WSUS to point to your SCCM server for installation of the client (Software Update Point Client Installation), and have configurered nothing else on the WSUS settings how does that interfere with the SCCM software updates? ie: would I still see the green updates icon etc etc.

 

Thanks in advance.

 

Gary

Share this post


Link to post
Share on other sites

In theory that would work, however, there's no point really.

 

If you let the SCCM agent manage this setting you wouldn't have to use a GPO, which in turn would save the computer on boot up time since it wouldn't have to process an extra (unnecessary) GPO at boot.

Share this post


Link to post
Share on other sites

Forgive my ignorance KuifJe, but the reason for using a Software Update Point Client Installation is so that I can deploy the client to the machine via WSUS?

 

So if it wasnt there, then my workstations would not even get the client to configure anything.

Share this post


Link to post
Share on other sites

Forgive my ignorance KuifJe, but the reason for using a Software Update Point Client Installation is so that I can deploy the client to the machine via WSUS?

 

So if it wasnt there, then my workstations would not even get the client to configure anything.

 

Sorry, missed the bit for Client Installation. However, I would still refrain from using a GPO to configure the WSUS/SUP location.

 

Instead, define the proper discovery methods (AD System Discovery) and make sure you're discovering all systems you want to manage with SCCM and then configure the Client Push Installation method (http://technet.microsoft.com/en-us/library/bb632380.aspx).

 

This prevents any conflicts between local policies set by teh SCCM agent and the GPO that wsa used to direct the systems in the first place. Also, with the client push installation you can control additional settings for the SCCM agent (SMSSITECODE, SMSCACHESIZE, CCMINSTALLDIR etc.). More info: http://technet.microsoft.com/en-us/library/bb680980.aspx

Share this post


Link to post
Share on other sites

Thanks for your reply, I was using the WSUS as some of our clients wont be online for weeks at a time, so this way they would all eventually "catch up"

(I may look at deploying the client VIA GPO instead)

Share this post


Link to post
Share on other sites

This is about updates but a different question.

If I have a GPO that disables automatic updates for the domain or OU SCCM will not be able to run its updates, but at the same time, I do not want clients to be able to go into windows update on their own and run it. Is there a way to disable the ability for them to be able to run windows update like as if the GPO were turned on and autoupdates were disabled?

I want it greyed out like the GPO without actually disabling the service.

Share this post


Link to post
Share on other sites

You can use a GPO to configure the 'Specify intranet Microsoft update service location' to point to the SCCM update point. This would prevent users from changing the setting.

 

This would however override the SCCM client setting, so when changing the SCCM update point you will need to manually adjust the GPO to point to the new update point.

Share this post


Link to post
Share on other sites

You can use a GPO to configure the 'Specify intranet Microsoft update service location' to point to the SCCM update point. This would prevent users from changing the setting.

 

This would however override the SCCM client setting, so when changing the SCCM update point you will need to manually adjust the GPO to point to the new update point.

 

 

I basically had to go to GPO policy manager<<user settings<<<administrative templates<<start menu and taskbar and enable "remove links and access to windows update"

 

Another question I had though is I was pushing out a handful of updates just as a test. Both of my computers didnt download these updates from sccm. Does this mean they already have the updates and dont need them? Or a better question is if they dont need the update will they still download and "try" to install them or will they ignore them altogether?

Share this post


Link to post
Share on other sites

The SCCM client will start a scan for updates and compare the ones installed to the ones needed/available just like with a regular WSUS. After the scan it will only download the updates when needed by the client. The download will not start untill the deadline for the updates has been reached and even then it depends on the different settings in the update deployment package.

 

You can check the UpdatesHandler and UpdatesStore log files of the SCCM clients to see if there was an update scan and if there were any updates available.

Share this post


Link to post
Share on other sites

updatestore.log says

 

![LOG[successfully done with SetStatus() operation.]LOG]!><time="14:10:03.401+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2584" file="cupdatesstore.cpp:376">

<![LOG[Querying update status of 2 updates.]LOG]!><time="14:10:06.214+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2584" file="cupdatesstore.cpp:1146">

<![LOG[Queried Update (47ad79ce-554a-4cd3-89b5-882ee5285578): Status=Missing, Title=Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704), BulletinID=MS11-028, QNumbers=2446704, LocaleID=.]LOG]!><time="14:10:06.214+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2584" file="cupdatesstore.cpp:1189">

<![LOG[Queried Update (9c3076be-890e-4a52-a74f-af7ece21eb59): Status=Missing, Title=Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704), BulletinID=MS11-028, QNumbers=2446704, LocaleID=.]LOG]!><time="14:10:06.214+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2584" file="cupdatesstore.cpp:1189">

<![LOG[Querying update status completed successfully.]LOG]!><time="14:10:06.214+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2584" file="cupdatesstore.cpp:1170">

<![LOG[Querying update status of 7 updates.]LOG]!><time="14:11:48.215+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2340" file="cupdatesstore.cpp:1146">

<![LOG[Querying update status completed successfully.]LOG]!><time="14:11:48.215+300" date="05-11-2011" component="UpdatesStore" context="" type="1" thread="2340" file="cupdatesstore.cpp:1170">

 

updateshandler says

 

![LOG[updates scan completion received, result = 0x0.]LOG]!><time="14:08:00.494+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="1724" file="capplicabilityhandler.cpp:100">

<![LOG[initiating updates scan for checking applicability.]LOG]!><time="14:09:56.839+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2340" file="capplicabilityhandler.cpp:414">

<![LOG[successfully initiated scan.]LOG]!><time="14:09:57.089+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2340" file="capplicabilityhandler.cpp:485">

<![LOG[initiating updates scan for checking applicability.]LOG]!><time="14:09:57.089+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="3028" file="capplicabilityhandler.cpp:414">

<![LOG[successfully initiated scan.]LOG]!><time="14:09:57.198+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="3028" file="capplicabilityhandler.cpp:485">

<![LOG[updates scan completion received, result = 0x0.]LOG]!><time="14:10:00.683+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="1724" file="capplicabilityhandler.cpp:100">

<![LOG[updates scan completion received, result = 0x0.]LOG]!><time="14:10:00.761+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2340" file="capplicabilityhandler.cpp:100">

<![LOG[initiating updates scan for checking applicability.]LOG]!><time="14:11:48.090+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2248" file="capplicabilityhandler.cpp:414">

<![LOG[successfully initiated scan.]LOG]!><time="14:11:48.136+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2248" file="capplicabilityhandler.cpp:485">

<![LOG[updates scan completion received, result = 0x0.]LOG]!><time="14:11:48.215+300" date="05-11-2011" component="UpdatesHandler" context="" type="1" thread="2340" file="capplicabilityhandler.cpp:100">

 

 

I dont see any errors. But the sourcefiles apparently did not make it to the cache like it did the first time I ran other updates. Am I missing something?

 

 

 

30 minutes later I discovered it had downloaded a new package which I setup just now. But only one of the updates out of the 2. So I guess it justs selects what it needs?

It still has not installed it. I have run a manual update scan (by going to ms update site) it needs like 100+ updates but the updates available to me are like 30 from the search folder i created. What gives?

Share this post


Link to post
Share on other sites

Yes, it only gets the updates it needs.

 

Updates will not be downloaded untill the installation of the updates is started. The installation can be started manually or you can use a deadline in the deployment settings of the update package. Do you get the popup of the SCCM agent which says there are updates available?

 

Also check your deployment settings (Computer Management > Software Updates > Deployment Management) when the updates will be made available to the client.

 

Attached is a screenshot of the settings for a deployment package from my environment (which works perfectly).

 

post-3196-0-52583300-1305172641_thumb.png

Share this post


Link to post
Share on other sites

Yes, it only gets the updates it needs.

 

Updates will not be downloaded untill the installation of the updates is started. The installation can be started manually or you can use a deadline in the deployment settings of the update package. Do you get the popup of the SCCM agent which says there are updates available?

 

Also check your deployment settings (Computer Management > Software Updates > Deployment Management) when the updates will be made available to the client.

 

Attached is a screenshot of the settings for a deployment package from my environment (which works perfectly).

 

post-3196-0-52583300-1305172641_thumb.png

 

Thanks for the reply.

I checked my settings and had the advertisement to run "as soon as possible" and had a time about 5 minutes ahead on the bottom selection.

Weird, it appeared to download one of the updates but I didn't see it installed.

And yes, I will get the advert window popup just as test when it did run successfully which was the first time i set it up. Its only when I apply changes to the updates that nothing happens.

Share this post


Link to post
Share on other sites

I am having a weird issue with a client computer. It is simply not pulling updates. I have done everything in the tutorial but still cant get the updates to download to cache and checked the wuahandler log too

 

<![LOG[Existing WUA Managed server was already set (http://company.HEADQUARTERS.company.COM:80), skipping Group Policy registration.]LOG]!><time="11:52:13.423+300" date="07-12-2011" component="WUAHandler" context="" type="1" thread="2304" file="sourcemanager.cpp:1041">

<![LOG[Added Update Source ({8D938AAF-AD85-43F4-A235-D614AD410191}) of content type: 2]LOG]!><time="11:52:13.439+300" date="07-12-2011" component="WUAHandler" context="" type="1" thread="2304" file="sourcemanager.cpp:1381">

<![LOG[Async searching of updates using WUAgent started.]LOG]!><time="11:52:13.439+300" date="07-12-2011" component="WUAHandler" context="" type="1" thread="2304" file="cwuahandler.cpp:587">

<![LOG[Async searching completed.]LOG]!><time="11:52:49.439+300" date="07-12-2011" component="WUAHandler" context="" type="1" thread="2976" file="cwuahandler.cpp:2099">

<![LOG[successfully completed scan.]LOG]!><time="11:52:49.673+300" date="07-12-2011" component="WUAHandler" context="" type="1" thread="824" file="cwuahandler.cpp:3261">

 

There is nothing in here to go on except for the fact that its missing the scan details...

Also, I have uninstalled and reinstalled the client and removed and readded to domain...one thing of interest is this is an imaged pc

I have reset the SID and tried to reset the GUID also but dont know where to do that..

The firewall and antivirus are also turned off...nothing also in the event viewer to track

I am out of ideas...

Share this post


Link to post
Share on other sites

The console on my sccm server has the option to Deploy Software Updates when creating a deployment management task. However, the console on my workstation does not. any ideas? thanks

 

Nevermind, posted too soon. Restarted the workstation console and it was there. sorry...

Share this post


Link to post
Share on other sites

Hi, all!!

I need a help.

A have configured sccm server, like described in this guide. But nohting happen on my test comp.

In WUAHandler.log:

<![LOG[its a WSUS Update Source type ({E606BEC7-5452-4A9D-99E8-FF3E85B30E02}), adding it.]LOG]!><time="10:12:52.891+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="sourcemanager.cpp:1348">

<![LOG[Enabling WUA Managed server policy to use server: https://MNV-SRV-SCCM.MNV.RU:8531]LOG]!><time="10:12:52.891+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="sourcemanager.cpp:1054">

<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="10:12:53.000+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="sourcemanager.cpp:1060">

<![LOG[Waiting for 30 secs for policy to take effect on WU Agent.]LOG]!><time="10:13:01.282+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="sourcemanager.cpp:1124">

<![LOG[Added Update Source ({E606BEC7-5452-4A9D-99E8-FF3E85B30E02}) of content type: 2]LOG]!><time="10:13:31.298+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="sourcemanager.cpp:1381">

<![LOG[Async searching of updates using WUAgent started.]LOG]!><time="10:13:31.313+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="cwuahandler.cpp:587">

<![LOG[Async searching completed.]LOG]!><time="10:13:56.001+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3176" file="cwuahandler.cpp:2099">

<![LOG[successfully completed scan.]LOG]!><time="10:13:56.392+-660" date="09-03-2011" component="WUAHandler" context="" type="1" thread="3772" file="cwuahandler.cpp:3261">

Accroding last record in log, we have no any problem, but i still no any changes on test computer.

Can you help me to find out, whats wrong?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...