dverbern Posted March 23, 2014 Report post Posted March 23, 2014 Hello, My company is using SCCM 2012 SP1 (5.0.7804.1400) and using SCCM's functionality for deploying Windows updates to workstations and servers. Over the past weekend, one of our critical servers restarted itself unexpectedly. It is a Windows Server 2008 R2 server that is part of a collection that has a defined maintenance window for installing updates. This restart occurred outside this maintenance window and the WindowsUpdate.log on the machine states: "AU scheduling auto reboot check since no user is logged on and reboot is required." I have searched for this issue online and it appears others have encountered it. Some posters have suggested that perhaps SCCM is telling the server one thing (i.e. stick to the maintenance window) yet Windows Update on the server itself is perhaps giving the server a different answer. Some have suggested that a change to Group Policy to prevent this Windows Update behaviour might be necessary. To summarize - should I have faith that a server will follow ONLY the policies from SCCM or are there other sources of Windows Update/SUS instruction that I have to consider? Comments most appreciated. Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted March 24, 2014 Report post Posted March 24, 2014 Have a look at this, and also check out the other posts in his blog. This will will give you a better understanding of the Windows Update Agent and of SCCM update processes. http://blog.configmgrftw.com/software-updates-management-and-group-policy-for-configmgr-cont/ Quote Share this post Link to post Share on other sites More sharing options...
Ocelaris Posted April 9, 2014 Report post Posted April 9, 2014 We're looking at the same thing. The recommendation from the article that Peter33 pointed out says to turn "Configure automatic updates" to disabled... which should not impact your CM updates (untested). Secondly, look at your maintenance windows, if you have no maintenance window the update will be applied at the deadline, and that often happens in the middle of the day. i.e. you must have a regularly occurring maintenance window or your outstanding deployments will apply at the wrong time. Also make sure in your maintenance window you don't have "apply only to task sequences". Hope that helps Quote Share this post Link to post Share on other sites More sharing options...
sherlinbecse Posted April 29, 2016 Report post Posted April 29, 2016 I have came across similar Issue. We have set of servers that have installed IE11 on the maintenance window (which is 2 hours of duration). After the server reboots, the scan agent detected that these servers require Cumulative updates of IE11 and downloaded the same. However, these updates where deployed previously with past dates, hence they had status "Past due - will be Installed". Within this period, the 2 hours maintenance window completed. Now, we the issue is that, these servers got rebooted after some a day time which is outside maintenance window. In event logs we could see the reboot is initiated by System and not by ccmexec.exe. Windows update is configured "Never check for updates". We are unable to find entries in Reboot coordinator or Windows update logs. So, how these servers where rebooted? Quote Share this post Link to post Share on other sites More sharing options...
