Updates not Deploying. All updates listed as Not required

[Gacco]

I have created an Automatic Deployment Rule and deployed a update package to a Collection with it. The members of the Collection all show as 100% Compliant and the Updates show as Not Required as can be seen in the attached file.

Client Logs all show:

No actionable updates for install task. No attempt required.

 

The Updates in question have not been installed on the Target Servers, yet they show as Compliant. Server UpdateDeployment log shows: CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

Suspend activity in presentation mode is selected UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

Auto install during non-business hours is disabled or never set, selecting only scheduled updates. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

Attempting to install 0 updates UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

Updates could not be installed at this time. Waiting for the next maintenance window. UpdatesDeploymentAgent 7/25/2016 10:00:00 PM 25064 (0x61E8)

CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 7/26/2016 5:00:00 AM 25568 (0x63E0)

It would seem that the Compliance Check is not running correctly or not being reported back to the Site Server correctly. Does anyone have any ideas on where my SCCM config went sideways?

[Apexes]

As all of them are coming back Not Required - have you tried installing this KB manually on one of the systems?

 

check your scanagent.log on machines - any clues in there?

[Gacco]

Nothing obvious in the ScanAgent.log My first effort to manually download and apply the 3169704 patch pictured failed with a OS incompatible type message, but I was not convinced MS download had given me the correct version as the name was 8.1 etc. Moved one Server to an OU to get WSUS GPO applied, and it did get the 3169704 and appears to have successfully applied that update though SCCM shows it was Not Required. I was suspicious that the problem was along those lines, but as a complete SCCM Noob, I am not sure of how to change the status of a patch to "Required".

[Gacco]

That second image was supposed to be of the Patch install status.

[Apexes]

You can't change a patch to be "Required"

 

SCCM determines this by scanning the machine, which scanagent.log can give you information on.

 

does 3169704 show as installed in updates, and was it done correctly by wsus? check windowsupdate.log

[Gacco]

Yep. It is in the list of Updates in Control Panel and WindowsUpdate.log shows no particular errors other than the annoying

 

2016-07-28 09:13:33:115 752 1300 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

It would seem then that the problem lies in the Scan Agent failing to pick up the necessity of these patches. I believe the only item that I have been able to get SCCM to push out is a Windows Defender Definition. Monthly Patches all appear to be "Not Required". Picking through ScanAgent.log more deeply.