Jump to content


Configuring Software Update Point within SCCM

Recommended Posts

We do need some more information then (like what did you configure, packages, deployments, etc.)

Thanks for your post.

I try to configure SCCM 2007 R3 to deploy security updates to my domain computers.

I try to do this exact like in this article. I put one test computer ( Win XP SP3) to test collection.

Enything else? Your adviсe is very important for me, because it very important task

Share this post

Link to post
Share on other sites


I`ve initiated some actions in Configuration Manager Properties:1) Machine Policy Retrieval & Evaluation Cycle 2)Softaware Updates Deployment Evaluation Cycle, but i still don`t see any changes...Either in Wuahadler.log, nor in "Run Advertiside Programs".

In wuahandler.log there are few strings :

<![LOG[Async searching of updates using WUAgent started.]LOG]!>....

<![LOG[Async searching completed.]LOG]!>....

<![LOG[successfully completed scan.]LOG]!>...

As I understand, that means - no updates was found...

Whats wrong... I'm confused....

Share this post

Link to post
Share on other sites

Hi I followed your process fully, which i knew before but followed it anyway, when i do the Software Updates Deployment Evaluation Cycle my WUAHandler.log shows no activity, yet i can deploy apps the this client all day long, not sure what else to check.


my setup


1 wsus server

1 SCCM sp2 server (added SWUP role etc)

can see the patches being downloaded but do now move to the chache folder on the client, andf this is not getting to me, any help would be a god send

Share this post

Link to post
Share on other sites

check to see if this computer is in an ou targetted with any other software updates (eg: wsus gpo)

if not, check the actions tab of the client, are all actions present ?

Share this post

Link to post
Share on other sites


I have a problem with my server SCCM2007.

in particular I can not run the software update.


I installed WSUS and I have not configured anything, I proceeded to configure the sccm.

When I sync I get the following error:


On 11/10/11 14:13:58, component SMS_WSUS_SYNC_MANAGER on computer SERVERNAME reported: SMS WSUS Synchronization failed.

Message: WSUS server not configured.

Source: CWSyncMgr: DoSync.

The operating system reported error 2147500037: Unspecified error


For more information, see Help and Support Center at



I do not download updates from Microsoft Update, but from another server of our company.


Thank you for your help.

Share this post

Link to post
Share on other sites


I have a problem with Windows Update Agent and SCCM Update Agent.

I have supress reboots in the Deployment Management in SCCM then, as expected, when a reboot is required a red icon appear. But at the next day the WUA window is showed and it allow a delayed restart in 10 minutes, 1 hour or 4 hours. I don't want that the WUA window appear and allow the users to reboot whenever they want. Anyone know a solution?. Thanks in advance


Share this post

Link to post
Share on other sites

Hi Anyweb,


Thanks for a great article. I have used this and SCCM unleashed book to understand most of how this part of SCCM works.


What I still don't understand are four bits ( or need clarification ) if you would please.


1. Deployment Management node-- Are these similar to advertisements in the software distribution part ?


2. If I want to apply (eg: win 7 sp1) to a classroom and see it happen say within an hour how would I go about doing it ? ( assuming I have all the engine working wsus , sup etc) what logs at either end should I use to check the progress or lack of it ?


3. How do i set the time in the update tab in the sccm client ? it's set to 3:00 am and most of our classrooms are shutdown at that time. i have tried to find anything that says how to change this on the internet and have come up with a blank.


4. Is it possible to deploy MS hotfixes using this method ( am i right in thinking that this is only possible if the hotfix is in a MS catalog ?). If not do I have to use Software distribution to do this ?


I would be really grateful if you could have even a brief answer at your earliest please .


Many thanks again for maintaiing this wonderful resource.



Share this post

Link to post
Share on other sites



I have an issue with getting the updates to start deploying immediately.

Once I have downloaded the required updates and deployed them, I have attempted to initiate the following


1. Machines policy retrieval and evaluation Cycle

2. Software Updates Scan Cycle

3. Software Updates deployment evaluation cycle


The schedule for the deployment is set as follows


updates to be made available: As soon as possible

Deadline for udpates installation: current time


I was expecting this to start installing the update on the test machines immediately but it did not install till after 20 mins


Windows Updates log shows the following


2012-09-17 15:13:11:087 1488 db0 Agent * Added update {70D41FF9-0796-4EB6-A699-61C04CB395FE}.100 to search result

2012-09-17 15:13:11:087 1488 db0 Agent * Added update {87E3E2FA-70E5-4B90-83EE-A16F41569A11}.106 to search result

2012-09-17 15:13:11:118 1488 db0 Agent * Found 192 updates and 61 categories in search; evaluated appl. rules of 1072 out of 2146 deployed entities


2012-09-17 15:13:11:431 1488 db0 Agent *********

2012-09-17 15:13:11:431 1488 db0 Agent ** END ** Agent: Finding updates [CallerId = CcmExec]

2012-09-17 15:13:11:431 1488 db0 Agent *************

2012-09-17 15:13:11:462 2252 e60 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = CcmExec]

2012-09-17 15:13:13:321 2252 e60 COMAPI - Updates found = 192

2012-09-17 15:13:13:321 2252 e60 COMAPI ---------

2012-09-17 15:13:13:321 2252 e60 COMAPI -- END -- COMAPI: Search [ClientId = CcmExec]

2012-09-17 15:13:13:321 2252 e60 COMAPI -------------


WUAHandler.log contains the following entries


Successfully completed scan. WUAHandler 17/09/2012 14:45:23 1852 (0x073C)

Going to search using WSUS update source. WUAHandler 17/09/2012 15:18:43 5700 (0x1644)

Synchronous searching started using filter: 'UpdateID = 'bdf4d8e9-c1a2-4b0e-8703-0d00a09bf57e' AND DeploymentAction = *'... WUAHandler 17/09/2012 15:18:43 5700 (0x1644)

Successfully completed synchronous searching of updates. WUAHandler 17/09/2012 15:19:01 5700 (0x1644)

1. Update: bdf4d8e9-c1a2-4b0e-8703-0d00a09bf57e, 103 BundledUpdates: 1 WUAHandler 17/09/2012 15:19:01 5700 (0x1644)

Update: c5547a35-e639-4352-94f8-ddeda5fa2080, 102 BundledUpdates: 0 WUAHandler 17/09/2012 15:19:01 5700 (0x1644)

1. Update (Missing): Security Update for Windows XP (KB2564958) (bdf4d8e9-c1a2-4b0e-8703-0d00a09bf57e, 103) WUAHandler 17/09/2012 15:19:01 5700 (0x1644)

Async installation of updates started. WUAHandler 17/09/2012 15:19:02 5700 (0x1644)

Update 1 (bdf4d8e9-c1a2-4b0e-8703-0d00a09bf57e) finished installing (0x00000000), Reboot Required? Yes WUAHandler 17/09/2012 15:19:13 4528 (0x11B0)

Async install completed. WUAHandler 17/09/2012 15:19:13 4164 (0x1044)

Installation of updates completed. WUAHandler 17/09/2012 15:19:13 620 (0x026C)

Update (bdf4d8e9-c1a2-4b0e-8703-0d00a09bf57e) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 17/09/2012 15:28:58 4380 (0x111C)

Async searching of updates using WUAgent started. WUAHandler 17/09/2012 15:28:58 4380 (0x111C)



what do i have to do to get it to start installing the updates immediately?

Share this post

Link to post
Share on other sites

So, I have looked and looked, but I can't seem to find the answer to how to disable users from checking the internet for updates. This seems like it would be the simplest of questions since one of the big ideas behind WSUS is to keep computers from applying updates you don't want them to get, but maybe I'm blind or my noobnish is shining through.


As a fall back I guess the easiest way is to use the GPO to point to the SCCM server. Am I to assume that I should point it here:


http://<server.domain.com:8530/ClientWebService/client.asmx as shown in the updates log on clients?

Share this post

Link to post
Share on other sites

The tutorials you provide are great. I have two questions


1. In the sotware Update Deployment template / display/Time Settings should I change the Duration from 0 to 1 and what are the effects.




2. On the primary site server in site settings / Client Agents / Software Update Client Agent Update Installation /


To get better results should I enforce all mandatory.

I have about have about 7, 000 machines in total.

Does this mean the update will Install after a certain amount of days no matter what.

Share this post

Link to post
Share on other sites



I'm fairly new to sccm, and i'm trying to get wsus and sccm to work properly, my problem is however that i dont have a spare 2TB to store all the updates it wants to download, now i've seen the option in wsus to auto approve the updates, but have clients download them from the MS update site, problem is, sccm keeps reseeting it back to storing the files locally, which continuously fills up the available hdd space (60gb).

Is there any way to have it use the above mentioned wsus setting? Or will i need to buy a bunch of large drives to put in the server? I'm mainly using this to be able to use MS FEP, which actually works fine, and updates from MS.


Share this post

Link to post
Share on other sites

I want to install the updates automatically for the user. Do I need to choose the 'set a deadline...' or can I just do it without? When I choose the deadline option all clients will come and download the updates which result in network overload. When I set a deadline in let's say 3 weeks, will it download in the background everything it needs or not?


EDIT: And also, can I use WOL on a secondary site that is in another domain than primary site over WAN or are the magic packets send from the primary site only?

Share this post

Link to post
Share on other sites

great post anyweb !


i have a question for you, but i dont think it's same topic :)

i have SCCM2012 SP1 & Wsus 3.0 installed on windows 2012 server, everything run smoothly.

but a few month ago, i had change my proxy server. and all serer run without proxy.

the problem is, when i change proxy settings on sccm server (i change the settings through internet option in control panel) i found that wsus proxy still use the old configuration.

i change proxy on wsus, then synchronise succeeded.

but few hour later, the proxy change again (back to old proxy setting). i change it manualy every 3 hour, and synchronise manualy.




fixed anyway,

i had change the Proxy And Account Settings on server & sites system roles -> software update point and uncheck all proxy settings for update point.




Share this post

Link to post
Share on other sites

I have been administrator since SMS2003 and have a couple questions that I can not figure out.

I have read many posts here and did look at the link http://www.windows-noob.com/forums/index.php?showtopic=812

how to install WSUS on remote site.


I am using SCCM 2007 at this time, WSUS is fully installed on three servers.

One Primary site SCCM 07 server and two secondary site servers used as distribution and SUPs.

I can re-image computers using tasks and USMT, push software packages .

We have the WSUS setup to automatically download Forefront definition updates which gets pushed out automatically.

We want to control how security updates get pushed out manually by placing the computers in collections which is working fine.


my question:

I want computers in the secondary sites to download updates from them instead of pulling from the primary site server.

I did the full installation of WSUS in the secondary sites and now want to know how to let them pull from the primary and be controlled from the primary.

I am simply confused about the selections on the wsus setup.

Share this post

Link to post
Share on other sites

Thanks for the reply Peter. I do have a distribution point on the two secondary SCCM servers but I cannot get the WSUS installed correctly on them because I get errors in the Site System Status that others have talked about in this form. I read the install procedure for the remote install of WSUS but I do not think that is what I need in this scenario.

it appears there are two ways to use the remote wsus?

It looks like I can use the primary SCCM to control the secondary DPs but WSUS is required on the Primary and the two secondaries.

I installed WSUS on all three servers with full install. Both secondaries became replicas of the primary WSUS. Is that the correct way to install them.

I did not select the option to use ports 8530 and 8531 but left them at port 80 and 443.

Share this post

Link to post
Share on other sites

If you want the clients on the secondary site to use a local WSUS, then you should install WSUS on there and let the software update point handle the configuration. If you installed it on port 80/443 then make sure to configure that in the software update point configuration.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...