Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 9. Deploying Monthly Updates

Recommended Posts

Hi anyweb
I do everything as you said but I have two problems.
1)with my administrator account when I open software center I got an error that it can not connect to the server.
2)when I used push client , my client is not going to get it.even I tried manual install for that and it didn't work.
I will be very grateful if U can help me with this.
my email is nr.nosratinia@outlook.com if U can email me the solution.

Share this post


Link to post
Share on other sites


First: THANKS for the blog!

 

I followed instructions and got a final result the systems are updated. I have couple of questions.

 

1. I found that Software Updates - Windows Server 2012 collections (Automatic, Maintenance and Manual) does not include Hyper-V hosts machines that are running Server 2012. Sure when highlight Devices node all Servers 2012 VMs and hosts are listed. Looks like script for collections creation doesn't look for OS precisely but uses other values.

 

2. Not related to blog... but related to SCCM.

 

When highlight Devices node, I see all discovered devices. What is confusing for me that in Client Activity column all devices are shown as Active. But for a last 3 days one of my host is down. So the host and VMs on it are shown Active.

Is it normal? What this Active means?

 

 

Share this post


Link to post
Share on other sites

quick question...

 

I created new ADR and forgot to save it as template (did it without instructions :) ).

sure not a big deal. But want to ask can I make an existing ADR a template or the only way is to redo?

Share this post


Link to post
Share on other sites

Hi. Please explaint to me one thing.
I make ADR Rule for MS Office.
Every mounth ADR will create a new SU group. What i need to do with this "old" groups? Will i manualy delete it or what ?
li87.png

Share this post


Link to post
Share on other sites

you can keep the old SUG for reporting purposes as you see fit (to check for compliance etc.) and then delete them when you feel it's ok to do so.

Share this post


Link to post
Share on other sites

select your SUG, in the ribbon above have you clicked on the Run Summarization button above and let it complete ?

Share this post


Link to post
Share on other sites

Create ADRs by manual but SUG yjn created. Deployment packeges has 0 updates. After 8 october i change condition last 7 days and run ADR manualy, then SUG created. Whats wrong?

 

 

UPDATE

Oh NO!

 

I think i get.

My SU role was sheduled on 5:50 (UTC+3). So when i look in patch tursday updates properties i see

Released:08.10.2013 20:00

 

I think this is it.

My WSUS Sync on second tuesday in (utc+3) 5:50 when in USA yet Monday so it not get updates in this day. And ADR not working.

Share this post


Link to post
Share on other sites

Hi,

Great guides. Saved me a painful learning curve! Thanks.

 

Back to the patch Tuesday up dates and only getting the last day. Perfectly fine with what that's doing and just picking up the patch tuesday releases.

My question goes back to what was asked before: If MS release a patch between the patch Tuesdays, how do we pick that one up? As far as I can tell, just doing last day would miss those.

 

What would you recommend to ensure no patches are missed?

Share this post


Link to post
Share on other sites

if you want to patch systems with updates released before you started your cycle then create baselines for each year containing updates for that platform

 

eg:

Windows 7 updates - 2013 Baseline

Windows 7 updates - 2012 Baseline

 

and so on....

Share this post


Link to post
Share on other sites

No, I'm fine with that and that's what I've done.

An example

 

June 12th Patch Tuesday (ADR picks up changes)

June 30th MS release a critical patch out of cycle (No ADR job to pick this up)

July 12th Patch Tuesday (ADR picks up change)

 

How would we pick up the June 30th release?

Share this post


Link to post
Share on other sites

if Microsoft release out of cycle patches then deploy then without an ADR (just create a regular SDR to deal with out of cycle patches).

Share this post


Link to post
Share on other sites

Would I be right in saying the "out of cycle" patch would be picked up when your WSUS does a sync and SCCM will deploy it with the rule? Regardless of when it was released?

 

I have by WSUS set to sync once a day, and deploy and new updates daily. Of course, when patch day comes there are usually a fair few, but I do get the odd one or two throughout a week sometimes.

Share this post


Link to post
Share on other sites

dont do anything in wsus, your SUP controls what wsus syncs and when

Share this post


Link to post
Share on other sites

what happens when you click on 'get help with this error' ?

what does your windowsupdate.log and wuahandler.log file look like ?

Share this post


Link to post
Share on other sites

Thank you for all your comprehensive articles on SCCM!

 

I've gotten to the point where the ADR is created but it does not bring any updates in when I run it. My setup is slightly different because I'm using SCCM 2012 SP1 on Server 2012 with WSUS. WSUS is showing 4191 updates waiting for approval. Do these need to be approved in WSUS before SysCenter will pick them up? Everytime I run the ADR it says successful but no updates are added.

 

Any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

Hi Opacityzero,

 

I would wait for Anyweb, Rocketman, or anyone else with more experience to reply before taking my advise to heart, but I would try the following:

 

Remove the SUP (Software Update Point) role from SCCM (Under Servers and Site System Roles). Remove the WSUS role from the server altogether and start again. I know from my own experience and others on forums, with SCCM and WSUS, it can be a bit picky.

It's best to NEVER EVER even open the WSUS console...EVER!!! lol.

What I would do is:

 

Remove the SUP role.

Remove WSUS from the server it self, and then follow the guide from Anyweb to set it up again.

Once you have done that, don't open the WSUS console at all. Never even touch it. Windows Updates will be 100% managed via the SUP role on SCCM.

Once you have sorted the SUP role out and set a sync time and status, you can monitor it from here:

 

post-20536-0-57131100-1387193040_thumb.png

 

Also, the log files should be ruleengine.log & wsyncmg.log, which for me is located in "D:\Program Files\Microsoft Configuration Manager\Logs\"

(Obviously, change the location for your own).

 

I could be wrong, but this is my best answer from my own experience as I had problems initially as well.

 

Thanks

Share this post


Link to post
Share on other sites

I followed this tutorial back in October. I thought the initial install worked so I left it alone. After a computer on our network got infected with ransomeware I started checking into machines and the last time they were updated. They all list the same date in October 2013. Maybe what really happened is the existing updates on our client machines were working and then stopped working when I goofed something up on the this tutorial. What can I look into to get this functioning? I noticed my sources directory has not been updated since October. I double checked all settings today and all match this tutorial exactly. Thanks for your help!

Share this post


Link to post
Share on other sites

Hey and thanks for a great guide.

 

I created the update package using your guide, but it doesn't seem to download any updates? I have approved all updates up to this date. Do I have to wait for it to sync or should it begin downloading the files immediately? The network folder where I choose to store the package is also empty.

 

This is how it looks like:

 

noupdatesfound.PNG

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...