Signumxsa Posted February 12, 2015 Report post Posted February 12, 2015 Hi All, We are going to start to patch our servers using SCCM I have created software update groups for Server 2003, 2008 and 2012 which contains all important and critical updates for the server up until DEC 2014.However I have a problem some servers that require a manual reboot so I advertise my updates like the below: Type of deployment : Requiredinstallation deadline : As soon as possibleSuppress system restarts : Servers The problem is that after the reboot I check SCCM and the client is compliant the I then go to work the next day check the SCCM console and the client shows as in progress requires reboot because it has installed more updates. I know the problem is that some updates aren't required until a pre-req is install however is there a way to ensure that the client automatically checks SCCM server for updates every 15 minute so that I can confirm that all updates are installed. Also from the SCCM client logs how can I confirm that there is no software updates left to install on the machine if I run the software scan cycle manually Thanks Quote Share this post Link to post Share on other sites More sharing options...
cpuprofessional Posted January 14, 2016 Report post Posted January 14, 2016 I ran into the same problem with patching desktops, some recent critical patches needed a pre-req to be detected. What I did was scheduled my patches with a start time defined for each group. Also make sure you specify a deadline instead of the default so that you have full control of when patches go out. This will change based on how many patches you include. Look at the service window log or the wuaupdate log to make sure that you have enough for sccm to install the patches. if the window is too short it will say something like not enough time in service window or something link that. Then a few hours later, in the middle of my patch window I deploy a powershell script that runs a policy retrieval and software update scan. The package looks like this powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File ".\PolicyForce_Machine_UpdateDeploy_UpdateScan.ps1" In the source folder the I have a ps1 with this inside it $computer = "." $SCCMClient = [wmiclass] "\\$computer\root\ccm:SMS_Client" #Machine Policy Retrieval and Evaluation Cycle $SCCMClient.TriggerSchedule("{00000000-0000-0000-0000-000000000021}") #Software Updates Deployment Evaluation Cycle $SCCMClient.TriggerSchedule("{00000000-0000-0000-0000-000000000108}") #Software Updates Scan Cycle $SCCMClient.TriggerSchedule("{00000000-0000-0000-0000-000000000108}") You can do this a few ways with vb or other scripts This shows you the actions you can do http://blogs.technet.com/b/charlesa_us/archive/2015/03/07/triggering-configmgr-client-actions-with-wmic-without-pesky-right-click-tools.aspx Here are a few different ways to get this accomplished, like vb and other methods. http://tompaps.blogspot.com/2012/12/machine-policy-retrieval-sccm.html https://blogs.technet.microsoft.com/configmgrdogs/2014/09/03/wmi-powershell-and-the-configuration-manager-client/ https://gallery.technet.microsoft.com/scriptcenter/ConfigMgr-Client-Action-16a364a5 hope this helps Quote Share this post Link to post Share on other sites More sharing options...
YPCC Posted January 19, 2016 Report post Posted January 19, 2016 I know the problem is that some updates aren't required until a pre-req is install however is there a way to ensure that the client automatically checks SCCM server for updates every 15 minute so that I can confirm that all updates are installed. 2 options: 1 - Set a maintenance window on your collection so that way nothing can occur on the server unless you drop the main windows for the duration of the patching. 2 - Create a new "Client Setting", increase the software update cycle frequency so it checks for every 15mins as you wanted. Deploy this setting to your servers collection. Be sure to raise the priority of this setting so it takes precedence over your default client settings I always use maint windows on our servers, even if to prevent a accidental deployment. I have a powershell script that then deploys my updates for me and creates maintenance windows so takes away all the manual work from me Quote Share this post Link to post Share on other sites More sharing options...
