Software update issue

I'm having a problem getting software updates to install using SCCM 2012 R2. This is a new site setup - new site code, new everything, etc.. We previously had SCCM 2007 R2. There are three site MP & DP systems, the primary site server houses the database and reporting service point and there's a single SUP currently. 

The installation of the updates never starts during the maintenance windows for the server or the workstations which have no maintenance window. From the logs, servers are seeing the maintenance window, but again the updates installation never starts.

I recently had to move a dedicated single SUP due to performance issues when a SUP was installed on each MP/DP system, however this doesn't seem to be related - I think. The new SUP is setup to use HTTPS and I've seen in the client logs they are communicating with the new SUP.

I have noted this interesting behavior: If I click on 'check for updates' on a client system, it returns no new updates needed. In this case presumably it's going to the SUP for the catalog. If I next click on 'check online for updates from Windows Update', I get a list of new required updates as expected. If I click on 'check for updates' again, I now see the new required updates.

It appears that the catalog isn't updating locally on the client to use for the scan. Is this possibly why the systems aren't installing the assigned updates or is this an unrelated issue?

I thought that I could possibly resolve this by pushing out the latest Windows Update Agent to fix this problem, but this seems like the big hammer approach. I've also considered that this could be a Symantec (SEP) issue on the clients, but I'm unsure how to begin troubleshooting that. I need some advice on where to begin troubleshooting the assigned update issue here.

Any help is very much appreciated.

Thanks in advance! 

  

March 28th, 2015 3:35pm

When you have enabled the Software Update Management feature within Client Settings, the WUAgent on those clients, will be directed to the SUP/WSUS for scan/detect. So when you click "check for updates" within WU on that client, yes, it is only checking against the catalog on your SUP/WSUS. If you have not disabled "access to Windows Update features etc", yes, the client can "check online" against the public MSFT catalogs.

If your managed client is not performing updating via Configmgr as required, you will need to check into your ConfigMgr "deployments" for the "missing" updates, and confirm that you have downloaded the updates into package(s), created deployments, assigned to the relevant collections, and configured the relevant deployment parameters. If you are using Maintenance Windows, you will have additional diagnosis to perform, e.g. that there is sufficient time allowed within the MW's for the updating to commence *and* complete, including any necessary restarts etc.

These guides may be useful to begin your journey:

Free ebook: Microsoft System Center: Troubleshooting Configuration Manager
http://blogs.msdn.com/b/microsoft_press/archive/2013/11/12/free-ebook-microsoft-system-center-troubleshooting-configuration-manager.aspx

Free ebook: Microsoft System Center Software Update Management Field Experience
http://aka.ms/695849pdf

Free Windows Admin Tool Kit Click here and download it now
March 29th, 2015 1:06am

Hi,

Please check the following registry entry on the agents:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

After you enable software update agent on the client, the setting in registry will be overridden and the location will be set to your SUP site server.

March 30th, 2015 5:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics