Tevura Posted August 25, 2015 Report post Posted August 25, 2015 So this is a weird one I'm trying to wrap my head around. For the most part, the ADRs are doing exactly what they need to be doing to maintain compliance in my network. My System Center environment is large and contains a CAS with 4 primary site and a DP. One of the primary sites does most of the heavy lifting as the other three are used for remote locations. On this particular 2012 R2 server, its only receiving part of it's required software updates and missing about half. I've got my server ADRs broken down into the following:Server 2012 ADR: This only looks for servers that are Server 2012, 2012 R2, no supersedence and Security Updates for its Updates Classification. Server - Critical Updates: Targets all Windows Server versions, no supersedence, and Critical Updates for its Updates Classification. Server - Updates: Targets all Windows Server versions, no supersedence, and Updates for its Updates Classification. This set up method repeats for Feature Packs, Service Packs, Tools, Definition Updates and Update Rollups. I've checked every relating log file and see no errors indicating a problem with it receiving these and by all accounts, it looks like it got everything until I run a compliance report for our InfoSec team. Specifically the Compliance 1 - Overall compliance report built into SCCM with a target collection of Windows Server 2012. Its here that I see the missing updates. Also, if I manually check for updates on this machine, the missing ones show up but I never see them in Software Center no matter how many times I try running the Machine Policy and Windows Update action items from the client app. The rest of my hierarchy doesn't experience this at all and receive all their updates. Any thoughts that might help point me where to look would be greatly appreciated! Quote Share this post Link to post Share on other sites More sharing options...
NickolajA Posted August 26, 2015 Report post Posted August 26, 2015 That's really an odd issue indeed. On the SUP associated with the Primary Site server having the issue mentioned, is it able to fully synchronize the same software updates? Does the Software Update Groups consist of the same software updates on all of your servers? How are the SUP configured to synchronize it's update? Quote Share this post Link to post Share on other sites More sharing options...
Tevura Posted August 26, 2015 Report post Posted August 26, 2015 Thanks for taking the time here! To answer your questions; yes its able to and successfully sync the same software updates. There are 3 lines however that show up around 12-1am local about once a week on wsyncmgr.log as follows: Sync failed: Unknown: NullReferenceException: Object reference not set to an instance of an object.~~at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.FilterNeededUpdates(UpdateIdentity[] allUpdates, ServerSyncFilter filter). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUSSTATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=MyFQDNsiteserver SITE=001 PID=3552 TID=6352 GMTDATE=Wed Aug 26 08:28:02.569 2015 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="Unknown: NullReferenceException: Object reference not set to an instance of an object.~~at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.FilterNeededUpdates(UpdateIdentity[] allUpdates, ServerSyncFilter filter)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 Sync failed. Will retry in 60 minutesAfter that the logs look clean and on retry it succeeds with no errors. The Software Update Groups do consist of the same software updates on all servers and the current SUP sync schedule is set daily and the rule runs after any SUP synchronization. Quote Share this post Link to post Share on other sites More sharing options...
Tevura Posted August 27, 2015 Report post Posted August 27, 2015 So I gave it some thought and client machines are receiving everything they need from this server. I decided to look at it as a client receiving updates and checked the softwaredistribution.log. There's a tremendous amount of errors all similar to as follows: UTCWarning w3wp.40 SoapUtilities.CreateException ThrowException: actor = https://myprimaryserver:8531/ClientWebService/client.asmx, ID=e769f25b-d908-483d-a61e-ad05bc4e0f12, ErrorCode=ConfigChanged, Message=, Client=36ce4e18-cccd-4115-afdf-8db2aeadcb0d UTCWarning w3wp.45 DBConnection.OnReceivingInfoMessage Invalid event dropped. EventInstanceID=FB41B745-8A83-4E96-A8AD-61C241FBBA11, ComputerID=595c3943-8246-4eac-a79e-6ba685308574. Invalid EventID. Quote Share this post Link to post Share on other sites More sharing options...
Tevura Posted September 3, 2015 Report post Posted September 3, 2015 Solved it! By shear happenstance, I noticed it's client was blocked in the console. Unblocked it. Ran Machine Policy, and Update Scan/Evaluations and magically, update city. Unsure how it got blocked in the first place but I'll take a win when I can get it. 1 Quote Share this post Link to post Share on other sites More sharing options...
NickolajA Posted September 4, 2015 Report post Posted September 4, 2015 That's great! Thanks for sharing your findings to the problem Quote Share this post Link to post Share on other sites More sharing options...
