by Mark | Jun 3, 2016 | How To, Patch Releases, SCCM
KB3155482 for SCCM 1602
Microsoft released a new patch for System Centre Configuration Manager today (KB3155482) which fixes the following issues in SCCM version 1602.
- Remote Control
- The SCCMRDPSYSTEM.EXE process stops running on Windows Embedded clients after your try and start a remote control session.
- Site Systems
- The DBSchemaChangeHistory table in the site database grows exponentially.
- Microsoft Intune and Mobile Device Management
- The Service Connection Point can take 30 minutes or more to recognize a newly added Microsoft Intune Subscription.
- Incorrect certificate data can be used to manage mobile devices which can causes this to fail
- The Service Connection Point may try and renew the wrong certificate if multiple certificates are installed and have the same expiration date.
- An “Invalid parameter to CIM setting” message is displayed when you try to check the baseline deployment status of a custom IOS or Mac profile.
- The SMS_DMP_Connector registry key remains after you remove a Microsoft Intune subscription. Successive attempts to add a new Microsoft Intune subscription trigger authentication errors.
The hotfix should be now available to install directly from your SCCM console.
Open the SCCM console and go to Administration, then Cloud Services, then Updates and Servicing
In the right pane, you should see the update has downloaded and is ready to install.
Right click the update and choose Install Update Pack
Click on Next to start the installation.
Choose whether you want to vaildate or not and click on Next.
Accept the license terms checkbox and click on Next.
Make sure your environment is ready for the installation and when you are ready to do so, click on Next.
If all has gone well and the installation didnt come across any errors, you can now Close the window.
You should now have installed KB3155482 in to your SCCM 2012 environment.
See how our software, SnaPatch Patch Management addon for SCCM can help you.
by Mark | May 28, 2016 | Features, Patch Management, Patch Releases, SCCM
SCCM 1602 Upgrade
Microsoft released an update to SCCM from version 1511 to version 1602 a few months back.
Updating from SCCM 1511 to 1602 is a fairly easy process, you just need to follow the steps;
Go to your SCCM console, and then to Administration, Cloud Services, then Updates and Servicing.
Right click the update and choose to run the prerequisite check. This will take a few minutes, so give this sometime to complete then refresh the page and make sure there are no errors. Now to install 1602, again right click on the update, but this time choose Install Update Pack. It is a very easy upgrade process, you basically just need to follow the bouncing ball. The upgrade can take 10 – 30 minutes depending on your environment.
Once completed you can check your version number within SCCM by going to the top left hand corner, clicking the down arrow, then choosing About Configuration Manager. You can see, as in the picture below, the System Centre Configuration Manager version is on 1602.
Click the link to see how to install the next update, KB3155482
SCCM 1602 Features
SCCM version 1602 introduces some great new features as below;
- Client Online Status
- You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline
- Support for SQL Server AlwaysOn Availability Groups
- Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database
- Windows 10 Device Health Attestation Reporting
- You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software
- Office 365 Update Management
- You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update
- New Antimalware Policy Settings
- New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan
by Mark | Mar 7, 2016 | SCCM
System Centre Configuration Manager (SCCM) Auto Deployment Rule Error 0x87d20415
Are you experiencing Auto Deployment Rule Error 0x87d20415 in SCCM? Don’t worry, it’s a common issue related to SCCM’s hard-coded limit on the number of updates that can be downloaded by an Automatic Deployment Rule. To fix it, check your Auto Deployment Rules in SCCM’s Software Library and investigate the issue by examining the ruleengine.log file. Once you’ve identified the problem, set the Date Revised or Released to the last month, go to your Automatic Deployment Rule, and choose Run Now. After completing this process, check the ruleengine.log file again to ensure that updates download without any issues. By following these steps, you can easily overcome Auto Deployment Rule Error 0x87d20415 in SCCM and ensure that your Automatic Deployment Rules run smoothly. For more helpful solutions to SCCM deployment issues, be sure to check out our other articles.
Check your Auto Deployment Rules
When you notice that updates haven’t been downloading as intended, one of the first things to check is your Auto Deployment Rules. Go to the Software Library in SCCM and select Automatic Deployment Rules. In the main window, you should be able to see the error code and why your Auto Deployment Rule hasn’t run. The error in this case is 0x87d20415.
Go to Software Library and choose Automatic Deployment Rules
I
In the main window you should be able to see the error code and why your Auto Deployment Rule hasnt run. The error in this example is 0x87d20415, as per the below image.
The issue is that SCCM has a hard coded limit on the number of updates (1000) that can be downloaded by an Automatic Deployment Rule. The best place to start to investigate that this is the case, is to check the ruleengine.log, located install directory – Microsoft Configuration Manager – Logs – ruleengine.log.
Looking at the file with cmtrace, you should be able to easily identify that this is in fact the issue. (Issue highlighted in yellow)
You can see that the ADR has hit the 1000 update limits as highlighted in yellow above.
To overcome this issue, you need to set the date revised or released to the last month. This way, SCCM will only check for updates released in this period. To do this, right click on your Automatic Deployment Rule and click properties. Go to the Software Updates tab, and choose Date Released or Revised, and set this for a more suitable time frame (1 month should suffice, but this does depend on your Update deployment schedule)
Once you have changed this range, go to your Automatic Deployment Rule, and choose Run Now.
Once this has been completed, check the Ruleengine.log once again, and you should hopefully see that the updates are now in fact downloading and the dreaded error, Auto Deployment Rule Error 0x87d20415 has disappeared.
In conclusion, fixing Auto Deployment Rule Error 0x87d20415 in SCCM can be quite simple. By following the steps outlined above, you can resolve this issue and ensure that your Automatic Deployment Rules run smoothly without encountering this error. If you encounter any other SCCM deployment issues, be sure to check out our other articles for solutions.
by Mark | Feb 27, 2016 | Features, Patch Releases, SCCM
An update version 3 has been released for Microsoft’s System Centre Configuration Manager 2012.
SCCM 2012 CU3
This update released by Microsoft fixes the following issues;
Administrator Console
- The Administrator Console may take longer than expected to expand different nodes, such as the All Users or All Devices nodes. This occurs when the console is installed on a touch-screen enabled computer.
- The Create Task Sequence Wizard generates an Unhandled exception when the Configuration Manager Console is installed on a computer that is running Windows 10 version 1511.
- The Configuration Manager console exits unexpectedly when the Task Sequence Editor is used to change a Microsoft Recovery (Windows RE) partition. Additionally, you receive an exception that resembles the following:
System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
The Configuration Manager console exits unexpectedly when you try to add a custom icon for an application that’s available in the Application Catalog. This only occurs if the FIPS local/group security policy, ‘System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing’, is enabled on the computer that is running the console.
Operating system deployment
- A task sequence may continue for an application installation failure, even if the Continue on error option is not selected in the task sequence properties. This applies to task sequences installing applications that use a dynamic variable list.
- A task sequence will try to reinstall applications already installed by using a dynamic variable list if one of the applications is configured to restart the computer. For example, if the third in a list of 3 applications requires a restart, the first and second applications in the list will try to install again after the restart.
Use of the pre-provision BitLocker task sequence step during an operating system deployment results in the Trusted Platform Module (TPM) having a status of Ready for use, with reduced functionality.
Configuration Manager Client
- Applications removed from a Mac client computer continue to appear in the Installed Software node of hardware inventory for that client.
Microsoft Intune and mobile device management
- In a Configuration Manager environment in which the Microsoft Exchange Server connector is configured for use with Microsoft Exchange Server 2013, mobile devices aren’t listed as expected in the All Mobile Devices node of the administrator console. Additionally, errors that resemble the following are recorded in the EasDisc.log file on the Configuration Manager site server:
- The certificate required to connect to the Intune service cannot be renewed if the Microsoft Intune connector is installed to a server other than the site server, and proxy authentication is required for Internet access.
- Blocking Exchange ActiveSync access for an enrolled device fails. Errors that resemble the following are recorded in the EasDisc.log file on the site server after the blocking action fails:*** [42000][102][Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near ‘IsUIBlocked’.ERROR: UpdateDeviceAccessState: Execute() failed.
Site Systems
- The client automatic upgrade policy is refreshed after every restart of the SMS Executive service, even when no properties have changes. Entries that resemble the following are recorded in the hman.log file on the site server.
Handle auto-upgrade client configuration changes
Update auto-upgrade client configurations
- The State Systems component does not process messages that are generated by the Certificate Registration Point site system role if that server is configured to use a non-US date format. Errors that resemble the following are recorded in the statesys.log file on the site server:
SQL MESSAGE: spProcessStateReport – Error: Message processing encountered a SQL error 241 at record 1 for TopicType 5001: “Conversion failed when converting date and/or time from character string.”, Line 0 in procedure “”
- The SMS Executive service may exit unexpectedly when it processes a NOIDMIF file that contains a Unicode character invalid for the codepage of the site server.
- The “Reassign Distribution Point” migration task may stop responding when it tries to reassign a distribution point from a Configuration Manager 2007 secondary site. This occurs if the database record for the 2007 distribution point is removed and replicated to the primary site before the new record is added.
- The WMI Provider Host (WmiPrvSE.exe) hosting the Configuration Manager Provider (SMSProv) may exceed its memory quota on a site that processes lots of status messages from a custom application. This can result in a loss of connectivity through the Configuration Manager console until the server hosting the provider is restarted.
- Queries, and query-based collections that use the Windows Update Agent Version as criteria return unexpected results for Windows 10-based computers. This is because the Windows Update Agent Version in hardware inventory data is reported incorrectly in the 6.x range, such as 6.0.10240.16397 instead of the 10.x range, such as 10.0.10240.16397
Software distribution and content management
- 3120338 Content can’t be downloaded from Cloud-Based Distribution Points System Center 2012 Configuration Manager Service Pack 2 when BranchCache is enabled
- Applications deployed to a device that uses the Primary Device global condition will fail if the primary user has an apostrophe in their name.
- Distribution Points configured for HTTPS communications will be reset to use HTTP communications after other site properties are changed. For example, installing a new Software Update Point can trigger the Distribution Point to revert to HTTP communications. Other Distribution Point settings may also change.
- 3123884 Application installation fails from the Company Portal in System Center 2012 Configuration Manager
Settings management
- 3118485 “Setting Discovery Error” is returned for SQL Server 2014 Configuration Items in System Center Configuration Manager
- A Configuration Item (CI) that uses a Setting Type of SQL query will only evaluate against the first instance of a SQL Server even if the “All Instances” option is checked in the CI properties.
Additional changes that are included in this update
Endpoint Protection
- 3041687 Revised February 2015 anti-malware platform update for Endpoint Protection clients
Supported operating systems
- Mac OS X 10.11 can be targeted as a client platform for the following features:
Application Management
Settings Management
Software updates management / operating system deployment
- A new optional task sequence variable, SMSTSWaitForSecondReboot, is available to better control client behavior when a software update installation requires two restarts. This is in addition to changes released with System Center 2012 Configuration Manager SP2 to improve handling of unexpected restarts, as documented in Install Software Updates. This variable should be set before the “Install Software Updates” step to prevent a task sequence from failing because of a “double reboot” of a software update.SMSTSWaitForSecondReboot is a value in seconds that specifies how long the task sequence execution process should pause after the computer restarts to allow for sufficient time for a second restart to occur. For example, setting SMSTSWaitForSecondReboot to 600 results in a pause of 10 minutes after a restart before additional task sequence steps execute. This can be useful when hundreds of updates are being applied in a single “Install Software Updates” task sequence step. The value can be raised or lowered , depending on the volume of updates in your environment. If later task sequence steps trigger a computer restart, a second SMSTSWaitForSecondReboot variable can be set to reduce the wait down back to 0. This makes sure there are no additional delays after software updates are applied.
To download this Hotfix, visit the Microsoft site here
by Mark | Feb 27, 2016 | How To, SCCM
SCCM Log files for Software Updates
System Center Configuration Manager (SCCM) is a powerful tool used by administrators for managing large-scale deployments. SCCM software updates provide a simple way to keep client systems up to date with the latest security and feature updates. SCCM log files contain valuable information about the software updates deployment process and can help administrators troubleshoot issues. In this article, we will discuss the important SCCM log files for software updates and how to analyze them to troubleshoot issues.
SCCM Log files overview
What are SCCM Log files?
SCCM log files are text files that contain information about the various processes and actions taken by SCCM. These log files are created by SCCM components during their operation and provide valuable insights into the workings of SCCM.
Why are SCCM Log files important?
SCCM log files are crucial for troubleshooting issues that may arise during software updates deployment. They contain detailed information about the actions taken by SCCM components and can help administrators identify the root cause of an issue.
SCCM Log files for Software Updates
The following are the important SCCM log files for software updates:
| Log Name |
Description |
Server Side or Client Side |
CcmExec.log
|
Records actions taken by the SCCM client on the local machine, such as software deployments, inventory scans, and software update installations. |
Client Side |
UpdatesDeployment.log
|
Records details of the deployment process for software updates, including whether they were successfully installed or failed. |
Client Side |
WUAHandler.log
|
Records the communication between the SCCM client and Windows Update Agent (WUA), which is responsible for checking for and installing updates. |
Client Side |
PatchDownloader.log
|
Records the download process for software updates, including the location from which updates were downloaded and whether they were successfully downloaded. |
Client Side |
SiteComponentManager.log
|
Records the status of SCCM components and their installation or uninstallation. This log is useful for troubleshooting SCCM server component issues. |
Server Side |
SMS_AZUREAD_CONNECTOR.log
|
Records actions taken by the SCCM Azure Active Directory (AAD) Connector, which is responsible for syncing user and device data between SCCM and AAD. This log is useful for troubleshooting AAD sync issues. |
Server Side |
CAS.log
|
Records actions taken by the SCCM Central Administration Site (CAS), which is responsible for managing multiple primary sites. This log is useful for troubleshooting issues that affect multiple primary sites. |
Server Side |
MP_Location.log
|
Records actions taken by the SCCM Management Point (MP), which is responsible for managing client communications and data. This log is useful for troubleshooting MP issues. |
Server Side |
Wsyncmgr.log
|
Records the synchronization process for software updates between the SCCM server and the WSUS server. This log is useful for troubleshooting update synchronization issues. |
Server Side |
DataTransferService.log
|
Records the transfer of data between the SCCM server and client machines, including software updates and packages. This log is useful for troubleshooting issues related to data transfer. |
Client Side |
UpdatesHandler.log
|
Records actions taken by the SCCM software update handler, which is responsible for coordinating the download and installation of software updates on the client machine. This log is useful for troubleshooting update installation issues. |
Client Side |
UpdatesStore.log
|
Records the location and status of software updates stored on the client machine. This log is useful for troubleshooting issues related to software update storage. |
Client Side |
UpdatesAssignments.log
|
Records details of software update assignments, including which updates are assigned to which client machines. This log is useful for troubleshooting update assignment issues. |
Server Side |
ContentTransferManager.log
|
Records the transfer of content between the SCCM server and client machines, including software updates and packages. This log is useful for troubleshooting issues related to content transfer. |
Client Side |
RebootCoordinator.log
|
Records actions taken by the SCCM reboot coordinator, which is responsible for coordinating system reboots after software update installations. This log is useful for troubleshooting reboot-related issues. |
Client Side |
Supersedence.log
|
Records details of software update supersedence, including which updates supersede which other updates. This log is useful for troubleshooting update supersedence issues. |
Server Side |
PolicyEvaluator.log
|
Records actions taken by the SCCM policy evaluator, which is responsible for enforcing client policies and settings. This log is useful for troubleshooting policy-related issues. |
Client Side |
Analyzing SCCM Log files
Analyzing SCCM log files is crucial for troubleshooting issues related to software updates deployment. Here are the steps for analyzing SCCM log files:
- Identify the relevant log file(s) for the issue at hand.
- Open the log file using a text editor such as Notepad++.
- Search for the relevant error or warning messages in the log file.
- Analyze the messages to identify the root cause of the issue.
- Take the necessary actions to resolve the issue based on the root cause identified.
Common SCCM Update issues and their resolutions
Here are some common issues related to software updates deployment in SCCM and their resolutions:
- Software updates are not showing up in the SCCM console: Check the synchronization status of the software update point and ensure that the latest software updates are synchronized.
- Software updates are failing to install on client systems: Check the relevant log files to identify the root cause of the issue and take the necessary actions to resolve it.
- Software updates are getting stuck in the downloading phase: Check the ContentTransferManager.log and PatchDownloader.log files to identify the root cause of the issue and take the necessary actions to resolve it.
SCCM Logs FAQs
What is SCCM software updates deployment?
SCCM software updates deployment is a process of deploying the latest software updates to client systems in a managed environment.
What are SCCM log files?
SCCM log files are text files that contain information about the various processes and actions taken by SCCM components.
Why are SCCM log files important?
SCCM log files are important for troubleshooting issues related to software updates deployment in SCCM.
How do I analyze SCCM log files?
To analyze SCCM log files, you need to identify the relevant log file(s), open them using a text editor, search for the relevant error or warning messages, and analyze the messages to identify the root cause of the issue.
What are some best practices for analyzing SCCM log files?
Some best practices for analyzing SCCM log files include using a log file viewer, taking regular backups of the log files, and understanding the structure and messages contained in the log files.
How can I automate a Snapshot prior to deploying patches to my virtual servers?
Use SnaPatch to automate the whole update process to your virtual machines.
Where are the SCCM Log files located?
The SCCM (System Center Configuration Manager) log files are located in different directories on the SCCM server and client computers. On the SCCM server, the log files are typically located in the “Logs” folder within the SCCM installation directory. The default installation directory is “C:Program FilesMicrosoft Configuration ManagerLogs”.
On the client computers, the log files are located in the “CCMLogs” folder within the Windows directory. The default path is “C:WindowsCCMLogs”. The log files are named according to the component or feature they relate to. For example, the “ClientLocation.log” file logs information about the client’s location, while the “SoftwareCenter.log” file logs information about the Software Center feature.
SCCM Logs – Conclusion
SCCM log files are crucial for troubleshooting issues related to software updates deployment. In this article, we discussed the important SCCM log files for software updates and how to analyze them to troubleshoot issues. We also discussed some common issues related to software updates deployment in SCCM and their resolutions. By following the best practices for SCCM log file analysis, administrators can ensure a smooth and successful software updates deployment process.
by Mark | Feb 27, 2016 | How To, SCCM
SCCM Clients failing to install windows updates
Microsoft System Center Configuration Manager (SCCM) is a popular tool used for managing and deploying updates to Windows clients in an organization. However, sometimes SCCM clients can encounter issues while installing Windows updates, resulting in failed installations. This can be a frustrating experience for IT professionals who are responsible for maintaining a secure and up-to-date environment. In this article, we will explore common causes of SCCM clients failing to install Windows updates and provide solutions to troubleshoot and resolve these issues.
Common Causes of SCCM Clients Failing to Install Windows Updates:
There can be various reasons why SCCM clients may fail to install Windows updates. Here are some common causes:
- Inadequate Disk Space: If the SCCM client has insufficient disk space, it may fail to install updates.
- Connectivity Issues: The SCCM client must have a stable and reliable connection to the network and the SCCM server to download and install updates. Any connectivity issues can cause the installation to fail.
- Corrupted Update Files: Sometimes, the update files downloaded by the SCCM client can become corrupted, leading to a failed installation.
- Incorrect Permissions: If the user account used to run the SCCM client does not have sufficient permissions to install updates, the installation may fail.
- Conflicting Software: Sometimes, other software installed on the client machine can interfere with the installation of Windows updates.
Troubleshooting SCCM Clients Failing to Install Windows Updates:
Now that we have identified some common causes of SCCM clients failing to install Windows updates, let’s look at some troubleshooting steps to resolve these issues.
- Check Disk Space: Verify that the SCCM client has sufficient disk space to install updates. Clear any unwanted files or increase the disk space if needed.
- Check Connectivity: Ensure that the SCCM client has a stable network connection to the SCCM server. Check for any firewall or network configuration issues that may be affecting the connection.
- Clear the Software Distribution Folder: Sometimes, clearing the contents of the Software Distribution folder on the SCCM client can help resolve update installation issues. To do this, stop the Windows Update service, delete the contents of the C:WindowsSoftwareDistribution folder, and then restart the Windows Update service.
- Verify Permissions: Ensure that the user account used to run the SCCM client has sufficient permissions to install updates. The user account should be a member of the local Administrators group on the client machine.
- Uninstall Conflicting Software: If other software is interfering with the installation of Windows updates, uninstall the software and attempt the update installation again.
The most common cause of Windows Update Failures
If you find no issues while looking at the Client and SCCM server Windows Updates logs and you determine that it isnt something else (as above), it maybe worth checking the following on the clients with the issues.
If you have issues with SCCM client machines during an update deployment, an issue that could be causing the problem is a proxy value has been set within the registry.
Open Regedit and navigate to the following key location
HKEY_LOCAL_MACHINE – SOFTWARE – Microsoft – Windows – CurrentVersion – Internet Settings – Connections – WinHttpSettings
Delete the WinHttpSettings value
Close Regedit and reboot the server.
FAQs
How can I tell if an SCCM client failed to install updates?
You can check the SCCM console to view the update deployment status. If the update installation has failed, you will see an error message with details of the failure.
What should I do if an SCCM client repeatedly fails to install updates?
Try the troubleshooting steps mentioned in this article to resolve the issue. If the issue persists, you may need to investigate further and seek assistance from Microsoft support.
What should I do if an SCCM client reports a download failure for an update?
First, check the client’s internet connectivity and ensure that there is no firewall or proxy server blocking the download. If the issue persists, try clearing the Software Distribution folder or restarting the Windows Update service on the client machine.
How can I troubleshoot an SCCM client that is stuck in “Downloading” or “Installing” updates?
Check the client’s connectivity to the SCCM server and ensure that there is enough disk space on the client machine. You can also try clearing the Software Distribution folder or restarting the Windows Update service on the client machine.
What are some common errors that occur when SCCM clients fail to install updates?
Some common errors include “Failed to install updates,” “Error 0x80070003,” and “Error 0x8007000e.” The specific error message can provide clues to the underlying issue.
How can I troubleshoot an SCCM client that is reporting a Windows Update error?
Check the client’s internet connectivity, ensure that there is enough disk space on the client machine, and verify that the user account used to run the SCCM client has sufficient permissions to install updates. You can also try restarting the Windows Update service or clearing the Software Distribution folder on the client machine.
How can I prevent SCCM clients from failing to install Windows updates in the future?
Ensure that the client machines are regularly maintained and have enough disk space available. Keep the SCCM server up-to-date with the latest updates and patches. Additionally, consider implementing a regular update schedule and enforcing compliance policies to ensure that updates are installed on a timely basis.
Conclusion:
SCCM clients failing to install Windows updates can be a frustrating issue to deal with, but with the right troubleshooting steps, it can be resolved. In this article, we have outlined some common causes of update installation failures and provided solutions to troubleshoot and resolve these issues. By following these steps, you can ensure that your SCCM clients stay up-to-date and secure.
Click on Next to start the installation.
Choose whether you want to vaildate or not and click on Next.
