n00blar Posted May 8, 2013 Report post Posted May 8, 2013 I'm running SCCM 2012 SP1 and here's what I'm trying to achieve. I'm trying to deploy Windows 7 x64 SP1 updates via the same task sequence that deploys the OS. What I've done: Task sequence works and it targets the All Unknown Computers device collection Created a Scan For Updates task Created a Wait For Scan To Finish task Created Install Updates task Created a Software Update Group that lists Windows 7 x-64 updates for the last 9 months Created a deployment task for step 5 that targets All Unknown Computers device collection Created a Deployment Package for step 5 Here's what happens: OS is deployed properly Updates don't seem to be installed Here are some warnings I read in the WUAHandler.log file: Unable to read existing WUA resultant policy. Error = 0x80070002. Seems Group Policy is not yet initialized because client is in provisioning mode, writing WSUS Server location in registry. Here are errors in the smsts.log file: (these seem to be new errors that come up after installing SP1, but I don't know if these are preventing the updates from installing) CryptProtectData failed TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) DecryptString failed. 8007000d. TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) CryptProtectData failed TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) DecryptString failed. 80070057. TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) Getting active request access handle TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) Error opening HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Task Sequence. code 80070002 TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) Error - could not get package and program IDs. code 80070002 TSManager 5/8/2013 12:06:55 PM 2828 (0x0B0C) Failed to open the task sequence key HKLM\Software\Microsoft\SMS\Task Sequence. Error code 0x80070002 TSManager 5/8/2013 12:06:56 PM 2828 (0x0B0C) I'm attaching some of the configuration settings I've created in the task sequence. Quote Share this post Link to post Share on other sites More sharing options...
Rocket Man Posted May 8, 2013 Report post Posted May 8, 2013 Have you deployed the SUG to the unknown computer collection? Quote Share this post Link to post Share on other sites More sharing options...
kvineets Posted May 9, 2013 Report post Posted May 9, 2013 do we really need the scan as for new build system , we know that it requires all the patches. Why not create the package of all the patches and run it Quote Share this post Link to post Share on other sites More sharing options...
n00blar Posted May 9, 2013 Report post Posted May 9, 2013 Have you deployed the SUG to the unknown computer collection? Yes, I did...and nothing. Quote Share this post Link to post Share on other sites More sharing options...
Rocket Man Posted May 9, 2013 Report post Posted May 9, 2013 You should not need the scan and wait for scan tasks in the sequence. Have you tried it without them with just the install software update task with mandatory updates as the option. Quote Share this post Link to post Share on other sites More sharing options...
