Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

software update management

9 Topics

SCCM Server fails Windows 11 24H2 upgrade package download
SCCM Server 2403 fails Windows 11 24H2 upgrade package download (both 2024-09B and 2024-10B). Running MP, DP, Site and WSUS database, several other roles on the same Windows Server 2022 VM. Running SUP/Wsus on another dedicated VM in the same subnet. When running ADR, GUI shows error message: 0x87d20417 ADR rule download failed When downloading the updates manually to new deployment package, error message: Failed to download content id 666666666 Cannot create a file when that file already exists Here is a sample from Patchdownloader.log file: Downloading content for ContentID = 18696696, FileName = professional_en-us.esd. Software Updates Patch Downloader 09.10.2024 13:26:50 11808 (0x2E20) Proxy is enabled for download, using registry settings or defaults. Software Updates Patch Downloader 09.10.2024 13:26:50 11808 (0x2E20) Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-" Software Updates Patch Downloader 09.10.2024 13:26:50 8052 (0x1F74) Download file size : 553783259 bytes Software Updates Patch Downloader 09.10.2024 13:26:50 8052 (0x1F74) Download http://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esd in progress: 10 percent complete Software Updates Patch Downloader 09.10.2024 13:26:51 8052 (0x1F74) ....... Download http://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esd in progress: 90 percent complete Software Updates Patch Downloader 09.10.2024 13:27:00 8052 (0x1F74) InternetReadFile() return true and pdwNumberOfBytesRead equals to 0, but ulTotalFileRead=553703152 still less than ulFileSize=553783259, treat it as a retriable error. Software Updates Patch Downloader 09.10.2024 13:27:01 8052 (0x1F74) InternetQueryDataAvailable return code = 183 - Can still retry for 3 times. Will retry in 10 seconds. Software Updates Patch Downloader 09.10.2024 13:27:01 8052 (0x1F74) the same kind of error is logged for several other files related to the upgrade package, but not all. Downloading using Edge browser on the same machine directly from url "[http://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esd]" works fine, so it should not be a connectivity issue. Downloading Windows 11 23H2 upgrade package works fine. Has anybody else faced the same issue?
RNalivaika
Oct 15, 2024 Place Configuration Manager
398Views
0likes
0Comments
Management point in another domain (no-trust)
Hi folks, we have a situation where we would need to install a MP, DP and WSUS on a server that is in another domain to manage client that are in that domain. I was planning of installing the roles using a service account, import the CA cert from that domain in the Site server. Will there be any issues? I was reading about the communication between the sites roles and I also notice that the site server have to talk with a domain controller and the management point also have to talk with a DC. Which DC are we talking about and why it should talk with them. Does the MP in the other domain will try to reach the DC in the same domain? Does the site server will try to talk with the DC in the other domain? I know it's a strange one but it is the only way I manage to get to reduce the cost and be able to managed PCs that are on the other domain. Thanks! Mathieu
Solved
Mathieu_Desjardins
Apr 18, 2024 Place Configuration Manager
1KViews
0likes
2Comments
Microsoft Patching is not working until User logon to the newly imaged device
Hi All, I have a customer that they have two separate SCCM and WSUS environments in the same domain and they use SCCM for OS imaging and WSUS for patch updates. The problem is end user hast to logon to the device after imaging the OS using SCCM to kick start the patching process from WSUS. My client's understanding is that it should work without user logon to the device since GPO targeted to all authenticated users. Please also note that the computer objects and other settings are working without any issues. I would appreciate if anyone come across such a behavior and there is any workaround that we can do kick start the patching regardless of user login or is this behavior by design? Thanks, Dilan
dilanmic
Jun 13, 2023 Place Configuration Manager
553Views
0likes
0Comments
upgrade windows 10 with task sequence
I upgrade old version of windows 10 on my computers with sccm task sequence sucessfully and it reboot the computer alone. I want to notify the user before the reboot and define a countdown before the restart with of course the possibility of restarting it immediately if the user wants it. How can i do it ?
Bily06
Jun 01, 2023 Place Configuration Manager
888Views
0likes
1Comment
Latest CU for server 2008 are not seen as missing.
Hi all, I am getting a strange issue where cumulative updates for server 2008 SP2 (both x86 and x64) and 2008 R2 are not seen as missing by Endpoint Manager. I have followed all the ESU requirements, tried to install every single updates to be compliant for the ESU and all updates where not applicable (already installed). When I am installing updates by hand, they are installing without any complaint. I do not know where to look at and the problem is that they are showing compliant in report because the updates are not seen, but when a scan from Nessus is done, the result is that all my server 2008 and 2008 R2 are missing tones of patches. All ideas on where to start investigating are welcome. Thank you! Mathieu
Mathieu Desjardins
Oct 06, 2021 Place Configuration Manager
680Views
0likes
2Comments
Collocating SQL or remote SQL
Hi All Wanted to bounce my thoughts with fellow members. I am about to embark on a mini project for a customer. It's for a small experiment and a new network and infrastructure environment will be created on-premises. Unfortunately for this piece of work cloud is not an option. So a Virtualisation environment, SAN, networking, firewalls will all be procured. I need to build MECM to help deploy a gold image to approx. 100 workstations, there are 2 variances of laptops I need to consider. As its an experiment it also not going to grow. I also need to ensure patching is configured for both clients and the small server estate being built. So my thoughts are to build a new VM with MECM 2006 with the SUP role for WSUS and then use the OSD techniques with TS to build the Windows 10 image using PXE. They will be building a SQL server to host a database for a third party application. My question is as its such a small environment should I put SQL on the same standalone server which will host the Primary site MECM server and SUP or it is doing a lot already and I should move the SQL stuff to a remote SQL rather than collocate? From reading the docs I understand some considerations need to be taken into account to host both WSUS and ConfigMgr DBs within SQL (difference instances?) but because the environment will be so small my personal preference would be to keep it on same box, easier for me to deploy and easier for the customer to manage. The security of the environment is high due to the nature of the customer. What would others recommend and what would your approach be? Many thanks
Solved
isotonic_uk
Aug 25, 2020 Place Configuration Manager
981Views
0likes
2Comments
Problem with Signing Certificate for WSUS
Hello, I am in the process of standing up a new ConfigMgr 1910 on Server 2019. My WSUS server is remote and I have SSL working between the site server and the SUP. I am able to see and deploy MS updates in the CM console. However CM is not creating the signing certificate. I have tried to load the certificate manually using SCUP but receive the following error. I have tried removing the SUP and the uninstalling and reinstalling WSUS on the remote server as well I have tried to install the certificate on WSUS before configuring SSL and after and receive the same error. I have also observed that the WSUS keystore is missing from the certificates console. I am unable to find any errors in the logs. Any help would be great! Patrick
pfitchie
Mar 06, 2020 Place Configuration Manager
2.3KViews
0likes
1Comment
WSUS Sync Failing
Within the last hour or so I have carried up a cleanup of our WSUS and reindexed the database as per this article https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/ Once complete I re-enable the SUP schedule and WSUS has not been able to Sync since. Our SCCM Version is 1702 with the hotfix, hosted on a Server 2012r2 system. WSUS content is within a SQL database. WCM.log; "System.Net.WebException: The request failed with HTTP status 403: Target service not allowed.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)" WsusCtrl.log does not seem to indicate any proxy related errors; "No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name ####### and Proxy Port ##"
Deleted
Feb 23, 2018 Place Configuration Manager
17KViews
0likes
9Comments
How is everyones software updates setup?
At the moment, we have found that SCCM is missing updates and Nessus is picking up on this. Our Microsoft Gold partner setup 2 ADR's per product with the evaluation time running the 3rd tuesday of every month. Is there any recommended Microsoft baselines which I can look at to recreate the ADRs?
Andrew Baker
Dec 11, 2017 Place Configuration Manager
1KViews
0likes
0Comments