juice13610 Posted March 22, 2012 Report post Posted March 22, 2012 I have been setting up SCCM 2012 in a lab environment and to be completely honest, I have no idea what I'm doing regarding the patching aspect. I took a beta 4 day in-class class and have my book, so I'm not totally running blind, but I'm still lost. I setup a site server named LAB-WSUS that had WSUS 3.0 SP2 installed and downloaded updates. Why does it appear my SCCM CAS is going directly out to Microsoft.com for updates? Shouldn't it be going to the WSUS server? Isn't that the point of the SUP site server? When I downloaded the patches, it asked me where to put the "package.". It just downloaded all of the patches onto the SCCM CAS server (per my direction). I setup a deployment package and chose to deploy to one of the device collections I have setup. I have no GPOs set to point those servers to the appropriate WSUS server, but why do they have to? It appears that my SCCM server is doing all the work. Thanks in advance!!!! Juice Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted March 23, 2012 Report post Posted March 23, 2012 SCCM/SUP uses the META data of WSUS to determine which updates are new and where they can be downloaded, after that it downloads the updates itself. There is no need to create GPO's to point to the WSUS/SUP server, as the SCCM client uses a local policy to do exactly this. Quote Share this post Link to post Share on other sites More sharing options...
juice13610 Posted March 23, 2012 Report post Posted March 23, 2012 How is the client supposed to be setup? Do you have to setup a gpo to enable windows updates or anything at all?? I approved some patches a few days ago for a single computer (a collection that contained one computer) but when looking at the update group, it says 0 compliant, 0 required, 0 not required, 4 unknown. What do I have to do to make them report??? SCCM/SUP uses the META data of WSUS to determine which updates are new and where they can be downloaded, after that it downloads the updates itself. There is no need to create GPO's to point to the WSUS/SUP server, as the SCCM client uses a local policy to do exactly this. Quote Share this post Link to post Share on other sites More sharing options...
juice13610 Posted March 23, 2012 Report post Posted March 23, 2012 In other words, what do I have to do to the actual PC? As of right now, all I have done is install windows and join the domain, and let SCCM do the rest. It is doing nothing when attempting to deploy patches to it. When I go to the Monitoring -> Deployments -> Windows 7 Updates to STL Computers OU area, it shows that the 1 pc in the collection is "unknown." I don't know what I'm supposed to do to make the computer take the deployment and "comply". Quote Share this post Link to post Share on other sites More sharing options...
juice13610 Posted March 27, 2012 Report post Posted March 27, 2012 Anybody out there? Quote Share this post Link to post Share on other sites More sharing options...
AdrianP Posted April 16, 2012 Report post Posted April 16, 2012 As long as the client on the PC is healthy (it can receive policy from its MP), you don't need to configure it. As mentioned before, the SCCM client will configure the WSUS location in Windows Update using local policy. That being said, if there is a group policy object that changes the WSUS server location, then updates through SCCM may not work as intended. GPOs overwrite local policies and the SCCM client will fail to configure software updates on the PC. Make sure all updates targeted have been downloaded and distributed to a distribution point. Make sure software updates are enabled on the clients (edit the Software Update Client Agent properties). Force Software Update related actions on the agent and monitor the logs If not in a domain environment (WORKGROUP), make sure a Server Locator Point (SMSSLP property during install) is defined in the client Have a look at log file locations for SCCM 2007 (most still apply to 2012) http://technet.microsoft.com/en-us/library/bb892800.aspx, and troubleshoot any issues for the SUP component on the client and server: Software Update Point Log Files By default, the Configuration Manager 2007 site system log files are found in <ConfigMgrInstallationPath>\Logs. The following table lists and describes the software updates site system log files. Log File Name Description ciamgr.log Provides information about the addition, deletion, and modification of software update configuration items. distmgr.log Provides information about the replication of software update deployment packages. objreplmgr.log Provides information about the replication of software updates notification files from a parent to child sites. PatchDownloader.log Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server. Note On 64-bit operating systems and on 32-bit operating systems with no Configuration Manager 2007 installed, PatchDownloader.log is created in the server logs directory. On 32-bit operating systems, if the Configuration Manager 2007 client is installed, PatchDownloader.log is created in the client logs directory. replmgr.log Provides information about the process for replicating files between sites. smsdbmon.log Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components. SUPSetup Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file. WCM.log Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages. WSUSCtrl.log Provides information about the configuration, database connectivity, and health of the WSUS server for the site. wsyncmgr.log Provides information about the software updates synchronization process. WSUS Server Log Files By default, the log files for WSUS running on the software update point site system role are found in %ProgramFiles%\Update Services\LogFiles. The following table lists and describes the WSUS server log files. Log File Name Description Change.log Provides information about the WSUS server database information that has changed. SoftwareDistribution.log Provides information about the software updates that are synchronized from the configured update source to the WSUS server database. Software Updates Client Computer Log Files By default, the Configuration Manager 2007 client computer log files are found in %Windir%\CCM\Logs. For client computers that are also management points, the log files are found in %ProgramFiles%\SMS_CCM\Logs. The following table lists and describes the software updates client computer log files. Log File Name Description CIAgent.log Provides information about processing configuration items, including software updates. LocationServices.log Provides information about the location of the WSUS server when a scan is initiated on the client. PatchDownloader.log Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates. PolicyAgent.log Provides information about the process for downloading, compiling, and deleting policies on client computers. PolicyEvaluator Provides information about the process for evaluating policies on client computers, including policies from software updates. RebootCoordinator.log Provides information about the process for coordinating system restarts on client computers after software update installations. ScanAgent.log Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on. ScanWrapper Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients. SdmAgent.log Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates. ServiceWindowManager.log Provides information about the process for evaluating configured maintenance windows. smscliUI.log Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on. SmsWusHandler Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers. StateMessage.log Provides information about when software updates state messages are created and sent to the management point. UpdatesDeployment.log Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface. UpdatesHandler.log Provides information about software update compliance scanning and about the download and installation of software updates on the client. UpdatesStore.log Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle. WUAHandler.log Provides information about when the Windows Update Agent on the client searches for software updates. WUSSyncXML.log Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates. Windows Update Agent Log File By default, the Windows Update Agent log file is found on the Configuration Manager Client computer in %Windir%. The following table provides the log file name and description. Log File Name Description WindowsUpdate.log Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components. Good luck Quote Share this post Link to post Share on other sites More sharing options...
mac3847 Posted April 7, 2014 Report post Posted April 7, 2014 AdrianP, Thank you this is a very helpful post, i have been trying to look for information which states the differences between WSUS (GPO) and SCCM SUP. The main questions i have are below, but this is based on a scenario that you used to patch using WSUS and GPO but have now moved on to using SCCM. Please put aside the software center which would show updates. Also any GPO's that had been used for client side targeting have been removed. 1. Should the servers/workstations still show in the WSUS console as either all computers or unassigned? 2. What is the difference in the windowsupdate.log that you can look for to ensure that patching is now done by SUP and not WSUS (GPO). 3. Traditionally using wuauclt.exe /..... Would show the user how many updates were available for their server/workstation. How do you determine this using SCCM 4. If you have a separate WSUS internet facing server and you are creating your deployment package should you download from the internet or point it to the WSUS content on the WSUS server? Hopefully you can help as i think these are all questions that would be very helpful. Thanks mac Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted April 7, 2014 Report post Posted April 7, 2014 Correct. It should show the FQDN of the SUP. Software Center shows the available updates. Depends, if the device that you are running the console on has internet, then I would use that to download the updates to the package. Quote Share this post Link to post Share on other sites More sharing options...
