Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 10. Monitoring our Monthly Updates Automatic Deployment Rule

Recommended Posts

Hey Anyweb...

As always great job on this post in particular. I found it to be extremely helpful in understanding the way updates are download, packaged, and deployed... and all automagically!!

 

Still, I've run into an error that I'm having trouble with. Everything works flawlessly until deploying to clients. Here is an example from the WUAHandler.log from a problem machine...

 

<![LOG[its a WSUS Update Source type ({F45E8BEE-9A7B-4C8B-A561-53D5ECFAA5DB}), adding it.]LOG]!><time="16:34:33.292+300" date="09-26-2013" component="WUAHandler" context="" type="1" thread="5388" file="sourcemanager.cpp:1232">
<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="16:34:33.432+300" date="09-26-2013" component="WUAHandler" context="" type="1" thread="5388" file="sourcemanager.cpp:954">
<![LOG[Failed to Add Update Source for WUAgent of type (2) and id ({F45E8BEE-9A7B-4C8B-A561-53D5ECFAA5DB}). Error = 0x87d00692.]LOG]!><time="16:34:35.757+300" date="09-26-2013" component="WUAHandler" context="" type="3" thread="5388" file="cwuahandler.cpp:2325">
So, It's pretty obvious to me that there is a conflict where '12 is trying to point the machine to the '12 server holding the deployment and some kind of policy that is pointing to the '07 server that is still in place for machines that haven't been migrated. Unfortunately, my Network Admin and myself have not been able to isolate where it's coming from.
For some background/troubleshooting... We're obviously in the process of migrating from '07 to '12. We'd like to begin updating the '12 clients while still updating/migrating the '07 clients. The most telling troubleshooting I've found is in the registry. In the key HKLM/Software/Policies/Microsoft/Windows/WindowsUpdate there are two sub-keys called WUServer and WUStatusServer. On every client that is/was on CCM '07 those sub-keys are set to the '07 server. If I manually change them to the '12 server, they automatically revert back to the '07 server when I run the evaluation cycles on the machines from the '12 console. Just to test that, I imaged a new machine and did not let '07 install whatsoever. Rather, I installed '12 from scratch... no migration basically. Everything works like a charm on that machine. This machine's reg keys in question were already set to the '12 server.
Do you have any idea what is causing the migrated systems to revert back like that? Do the systems refresh group policy when the evaluation cycles are started?
I hope I have not inundated you with info to the point of confusion and I sincerely hope all of that make sense. As always, thanks for the assistance!
*Edit - For whatever reason, the pasted LOG is omitting a couple lines. Of course, they are the most pertinent. Because you've likely seen them before, I'll just try to describe. One is enabling the '12 server policy to use the '12 server. The other missing lines report an error enabling that policy because "group policy setting were overwritten by....."
Edited by xc3ss1v3

Share this post


Link to post
Share on other sites

First of all, this guide was just great in helping me getting to know sccm.

 

I have one question with regards to Windows updates. If I set up everything just like the guide (that is only include updated added in the last 1 day and run the update every 2nd Tuesday of every month), what will happen to update that were release prior of the creation of the ADR?

 

 

Share this post


Link to post
Share on other sites

 

what will happen to update that were release prior of the creation of the ADR?

 

you'll need to create separate baselines Software Update Groups for those updates and deploy them accordingly

Share this post


Link to post
Share on other sites

Quick question... This will be the 2nd month of running updates. In the RuleEngine.log I see where SCCM did go out and pursue updates as scheduled on Update Tuesday. From what I can tell, nothing was added to the deployment package because everything already existed. I know this will seem like common sense, but I just wanted to verify. Since nothing was added, it would not automatically create another deployment, correct?

 

And, visa versa, if something was added, then it would automatically create a new deployment? I wouldn't need to trigger it?

Share this post


Link to post
Share on other sites

These are such great posts. Long time listerner- first time caller here.

 

We are just now getting to the process of migrating from WSUS to SCCM for our updates. I've got all the clients setup and ADR's working etc.

 

The only issue I am having is with the server updates and how to set those up. I have run your script and have all the folders/collections setup. I just don't know what to do next, and how to set the maintenance windows for the collection that says Server 2008 Maintenance Window. I am assuming the "2008 Manual" is best served by just manually specifying which servers I want to do manually. In the guide it says you will cover maintenance windows, but I can't find that post, did I miss it?

 

Thanks so much for your help and these posts!

Share this post


Link to post
Share on other sites

This is probably a silly question, but how would I go about setting up an ADR to run on "Patch Tuesday", which in my case, I'm GMT+10 so "Patch Tuesday" is actually "Patch Wednesday" here.

 

Currently in our legacy SCCM 2007 environment I do this all manually on the Thursday of patch week, but was hoping to leverage ADRs in our new 2012 environment to help simplify this.

 

I currently have a rule to fire every second Tuesday at 11:59:59 PM but unfortunately doesn't seem to get all the updates (must be released later).

 

I also couldn't find any sort of method to set the Sync time to UTC (the client schedule yes, but not the actual sync schedule)

 

Thanks

Share this post


Link to post
Share on other sites

Hi anyweb,

 

Doesn't work. The ADR fires at 11:59PM on the second Tuesday of every month (I'm already using the Patch Tuesday template type). The issue is, that most updates don't come into our system until 6AM the Wednesday morning. (Our update sync schedule is every two hours, so this is not the cause.)

 

Making the rule fire on every second Wednesday doesn't suffice either as there are months where the second Wednesday happens before the second Tuesday. Any ideas?

 

Thanks

Share this post


Link to post
Share on other sites

hi there,

 

we are using the system center 2012 r2 and i have deployed all OSD task sequences and updates to unknown computers collection.

 

my question is: how do you deploy a new operating system incl. updates to an already known machine? (=not unknown system)

 

because machines with a re-setup will be member of all systems collection and you dont want to deploy OSD & updates with "required" ticked, do you?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.