Hi,

I installed some Windows security updates through SCCM 2012 R2 on a group of Windows servers for the first time. The users of the servers reboot the servers manually, so I suppressed the reboot during the deployment. I also work with a maintenance window for the deployment itself.

It all worked fine and most systems went to "In Progress" status with a pending reboot. Today, 2 days later, the users of the servers rebooted the servers and now they all are in status "Unknown - Client check passed/Active". A minority of them shows the status "Compliant".

I ran a software update cycle on them several times and ran a summarization, but they remain in this status. In the WUAHandler.log there is a report "Successfully completed scan" and WindowsUpdate.log shows that it is communicating with the correct SCCM server. Tried a telnet session from some random servers on the WSUS port 8530 without any problem. The WSUS server seems to be correctly assigned through GPO (checked registry).

Why are those servers remaining in "Unknown - Client check passed/Active" state? I had even a server that showed a completed status before that now is showing this unknown status.

Thanks for your help.

• Edited by WiVM Wednesday, May 06, 2015 8:11 AM

Hi Stoyan,

I have indeed seen many of those posts, but what is different here is that some of the those servers report "compliant", but later go back to "Unknown - Client check passed/Active". Others remain in "Unknown - Client check passed/Active". After some time some go back to their correct state, while the updates have already been installed days before.

For my understanding it has to do with the client policy on servers which is set at the default value of 7 days for Windows update. When I force a Software Update Deployment Evaluation Cycle some seems to come through with correct info, others not. It is really not providing reliable information. But I need to be able to report the coverage of the updates.

Thank you

• Edited by WiVM Thursday, May 07, 2015 6:49 AM

Hi,

I still did not find a solution for this issue. Could it may be because the status is not updated when the maintenance window expired? I guess not. The thing that may be different from normal was that there was an expired update in the package. I have removed that one.

Now I extended the maintenance window and re-ran the same updated deployment on the same servers. Just to see what happens related to the status.

I urgently need a more reliable way to report the coverage of these updates.

Thank you.

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.