Steve G. Posted September 18, 2014 Report post Posted September 18, 2014 I've run into a problem with software update-based installation. I'm curious to know if others have experienced the same issue. This method of installation puts the client on the WSUS server that holds the software update point role. The intent is that clients will download and install the client that if they have that SUP role server defined as their default WSUS server. However, in my environment (and many others, I suspect), this must be effected through the use of a group policy which A) defines the WSUS server, and configures the update installation schedule. Just pointing computers to the WSUS server accomplishes nothing if the computers are not also told to automatically download and install updates on a schedule. However, once that download/install schedule is defined, update deployments start to go awry. "Group Policy Conflict" shows up as the error message. Searching for solutions shows many folks saying that group policy should not be used to define any WSUS settings for computers with a 2012 client. So, this seems to be a catch-22, but not one that I see any real discussion of. I need to configure WSUS policy to get the client on the computers through this method, but then once the computers have the client the policy will cause deployments to fail. I might at this point try a WMI filter on the policy, but was wondering if I was missing something simple here, since nobody else is complaining (as far as I can tell). Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted September 18, 2014 Report post Posted September 18, 2014 have you looked at this post, http://www.windows-noob.com/forums/index.php?/topic/5683-using-system-center-2012-configuration-manager-part-5-adding-wsus-adding-the-sup-role-deploying-the-configuration-manager-client-agent/ I've setup my hierarchy lab that way and the software updates worked just fine as you can see by later guides in that series shown below http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-step-by-step-guides/ 1 Quote Share this post Link to post Share on other sites More sharing options...
Steve G. Posted September 18, 2014 Report post Posted September 18, 2014 Thanks for the reply. I did indeed use this guide, both long ago when setting up SCCM 2012, and recently trying to figure out the conundrum. I defined the policy setting just so, and the result was the Group Policy Conflict error. Question: Do you deploy Endpoint Protection via SCCM, or do you use another antimalware client? It was definition update deployments that started generating the errors. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted September 18, 2014 Report post Posted September 18, 2014 in the lab it's SCEP only, where did you see errors exactly ? Quote Share this post Link to post Share on other sites More sharing options...
Steve G. Posted September 18, 2014 Report post Posted September 18, 2014 The definition update ADR runs every day, so that's the one that started showing errors first. Here's a thread in a similar vein in which you participated: http://www.windows-noob.com/forums/index.php?/topic/6142-scepsup-and-gpos/ Personally, I don't have a problem with specifying a WSUS server location via policy. The errors start once an update install schedule has been configured. Quote Share this post Link to post Share on other sites More sharing options...
Steve G. Posted September 22, 2014 Report post Posted September 22, 2014 FWIW, I"m going to go ahead and configure an update schedule to automatically download and install. If I get errors again, I'll post'em. Quote Share this post Link to post Share on other sites More sharing options...
