Updates are not being installed automatically

[anyweb]

This guide assumes you've installed a SUP within SCCM and configured it for software updates to your clients.

You may notice that the familiar windows update icon still appears even though SCCM is handling windows updates to your client.



to resolve open up Group Policy Management and right click on the Default Domain Policy, choose Edit.

expand Computer Configuration\Policies\Administrative Templates\Windows Components and then select Windows Update from the list *scroll down*



find the setting configure automatic updates



right click it, choose properties and then set it to Disabled



The Windows Update Icon will disappear however you will still receive updates from Configuration Manager as normal.

to speed up clients getting this GPO open a command prompt and do gpudpate /force

cheers
anyweb

[KuifJe]

I was wondering about this...

 

This would mean you'd also have to disable an in place WSUS policy?

 

So you don't need to configure a policy to check for updates on the WSUS, rather you shut down the updates all together and rely on the SCCM agent for regular checks?

[anyweb]

try it and see what happens

[KuifJe]

Shame I updated all the servers before I started the install of SCCM

[MRaybone]

Ok, this issue just affected me kind of majorly - a server whose updates were under SCCM's control applied updates and rebooted at 3am. Ouch. Am I right in thinking if this GPO is applied, SCCM's update behaviour is totally unaffected, but the annoying windows update icon with scary restart settings will cease to appear and have any effect?

 

Cheers,

MRaybone.

[anyweb]

i dont get it, did you use a deployment template that allowed the system to reboot ? that is why you should have at least two deployment templates

 

one for servers (no reboot) and one for workstations (reboot ok)

 

the little group policy tip merely gets rid of the windows update ICON from appearing, it doesn't stop windows updates from being deployed via configmgr,

 

can you explain what happened in your situation please ?

[MRaybone]

can you explain what happened in your situation please ?

I received a report that a server had rebooted itself at 3am after installing updates - this happened during backup so the owners weren't too pleased...

Ater disabling Windows Update GP so that the SCCM client could take control of the Windows Update settings, the Windows Update icon started to appear in the Systray, prompting users to select a time (3:00am by default) for Automatic updates to occur. My guess is that on this particular server, someone actually just clicked OK on this prompt so the machine grabbed updates from the net and rebooted at 3am.

 

My question was that if we apply only the GP setting that you mentioned in your post, would updating via SCCM be unaffected? Simply because the other GP settings in use before prevented SCCM from taking control.

 

Things are looking ok after applying the GPO now anyway, so I think it should all be alright.

 

 

P.S. Sorry for the delayed replies but I think my email notifications are being blocked by our mail system somewhere.

[anyweb]

I use the GP and my servers update fine, same for desktops,

 

i'd advise you to test in the lab first to verify, always test everything

[Antonius138]

Hello all,

 

I am having some trouble deploying patches in my test group. I have been poring over all of the SCCM guides and they are all excellent expecially for a visual learner like myself. The thing that makes my situation a little tricky is that we have both Microsoft System Center Essentials 2010 agents as well as SCCM 2007 R2 SP2 agents installed on all of our workstations. I attempted to deploy the latest Windows XP patches to one of my co-workers machines and the patches never showed up. I have the following in my log file:

 

<![LOG[its a WSUS Update Source type ({55895E29-8F7C-47F8-87EC-37D4787C2B13}), adding it.]LOG]!><time="16:24:44.125+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1348">

<![LOG[Enabling WUA Managed server policy to use server: http://ourserver:8530]LOG]!><time="16:24:44.125+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1054">

<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="16:24:44.157+420" date="05-11-2010" component="WUAHandler" context="" type="1" thread="5500" file="sourcemanager.cpp:1060">

<![LOG[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server https://ourserver:8531 and Policy ENABLED]LOG]!><time="16:24:45.625+420" date="05-11-2010" component="WUAHandler" context="" type="3" thread="5500" file="sourcemanager.cpp:1116">

 

When I pushed the patches out with SCE I set a deadline of 10:00 AM for the patches to be installed which was not a concern as the WSUS or SCE GPO has the option to not reboot any workstations that have users logged on. Well at 9:45 AM this morning, all of our workstation got the 15 minute reboot warning from the SCCM agent with no option to deplay the restart. So all of our workstations were rebooted at 10:00 AM causing me a lot of stress.

 

Any ideas on how to move forward?

 

Thanks,

Anthony

[anyweb]

sounds a bit messy, are you intending to do software updates via SCCM or not ? if not just remove the software update client agent and see does that help ?

[KuifJe]

 

snip...

 

Any ideas on how to move forward?

 

Thanks,

Anthony

 

Remove either the SCCM or the SCE agent would be my advise and stick to 1 application for desktop management, or, as anyweb pointed out, decide which functionality you want from which application. SCE uses the same mechanisms and communication channels as SCCM so it's hard to troubleshoot. It might even be possible SCE agents are responding to SCCM policies. Not to mention SCE using group policies which could overwrite certain local policy settings used by SCCM.

 

What is the exact reasoning behind using SCE and SCCM in the same environemnt (if you don't mind my asking)?