Software Updates Not Applying in Task Sequence

[Kops]

Hi everyone,

 

I am having an issue where my software updates are not being applied during the OSD Task Sequence.

 

I've created a very simple task sequence that doesn't do much other than configure the OS, join the domain, install the SCCM client, and run software updates.

 

I read in a few different threads online that it can be beneficial to trigger a Software Update Scan Cycle prior to applying the updates in the TS, so I have attempted to do that with the command below (Scan for Updates in the TS), however updates still aren't being applied during OSD.

 

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE

I investigated my WUHandler.log (attached) and found an error Unable to read existing resultant WUA policy. Error = 0x80070002

When researching this, some people suggest that it may have to do with a GPO that configures a Intranet Microsoft Update Service Location to http://ServerFQDN:8530 however that was advised in the Step by Step config guide I found here.

I'm hoping someone can help me figure out why my updates won't install as a part of the OSD Task Sequence!

WUAHandler.log

[NickolajA]

Regarding the GPO, you should not have that configured where it defines the location of the server. All that you should configure in the GPO is to Disable "Configure Automatic Updates". I'd attempt the following:

 

1. Make sure that you SUP is functioning correctly by checking it's component state in the ConfigMgr console.

2. Deploy a Software Update Group containing updates that you're sure that the reference image used in your task sequence does not include, to the OSD staging collection (where you've added the device for it to be able to start the OSD, or if you're using Unknown computer support, deploy it against 'All Unknown Computers')

3. Remove your scan-steps, these are not necessary. Only include a single 'Install Software Updates' step.

4. Check to see if any updates were installed.

[Kops]

Hey Nickolaj, thanks for lending a hand. I've confirmed that all Components are OK, and have just deployed our September Windows Update package to the 'Unknown Computers' collection. I'll go back to using just the single 'Install Software Updates' and test this OSD. Will report back with my findings.

[Kops]

Just following up, updates are working great now that I've deployed them to the unknown computers group, I hadn't realized that was a necessary step. I thought since I have the "Setup ConfigMgr" task earlier in the sequence that it should be picked up as a known device at that point, but I guess I was wrong! Thanks for your help Nickolaj.

[NickolajA]

Since you're not prestaging (or importing it, whatever ) and using Unknown Computer support, ConfigMgr only knows that this system during the provisioning phase is in the All Unknown Computers collection. Therefor you'd have to deploy SUG's to that collection if you'd want to deploy Software Updates during OSD.

 

I'm glad I was able to help!

[cfreeman21]

Did you remove Scan for Updates and the Wait for Scan and only have 1 Install Updates or do you still have 3 to 4 passes of install updates. Thanks!