Community solution: Security Updates in CM2012 won’t work with Shared Distribution Points after migration


Original issue:

We do have a little issue with Shared Distribution Points (I’m not talking about DP shares, all DPs in CM07 are Site System Servers) being able to install Security Patches.
The environment consists of a CM07 Primary Site with approx. 180 DPs and a new CM2012 CAS and Primary Site. All regular packages and all Software Update Deployment Packages were migrated to CM2012. All Shared Distribution Points are listed in the CM2012 console in Administration – Migration – Source Hierarchy. When looking at the properties of a deployment of an “old” CM07 package, these shared DPs are also listed.

Now, when adding a new deployment in CM2012 to install an “old” CM07 package that only resides on the DPs of the CM07 site, the software gets installed. The function “Shared Distribution Point” works. When doing the same with a Security patch package that has been created in CM07 and migrated to CM2012, the client cannot find its shared DP where the package exists. It stays on “Downloading 0%” in the Software Center and the ContentTransferManager.log tells me “UpdateLocations – Received empty location update for CTM Job”. When I do send the same migrated package to a DP that only belongs to CM2012, the updates can be installed. I cannot find any appropriate information what’s going on. The following questions are still not answered yet:

1. Do Software Updates packages work with Shared Distribution Points? They’re listed nowhere within any of the properties of a Software Updates package, so cannot be verified by an administrator
2. When I do add additional DPs to an existing CM07 package, the Data Gathering job updates the list of the Shared Distribution Points of this package in CM2012. Does this happen to the Software Updates packages also, when DPs get added in CM07?
3. Is there anything during migration of Software Updates packages that needs to be done for shared DPs to work? As mentioned, other installation packages work fine
Hopefully, somebody can shed some light into this issue. After 4 days of testing, I’m running out of ideas.

Solution:

After digging deeper into SQL, we finally found the issue that caused the Security Patch package not being available. Using SQL query ” select * from v_PackageStatusDistPointsSumm where PackageID = ‘xxxxxxxx’ “, the entry in CM07 listed the 3 DPs with an InstallState of “Package Installation complete”, while in CM2012, the status displayed “Waiting to install”. Of course, no client is allowed to access content on a DP that is still processing. We actually migrated the package to CM2012 while it was still in the process of being copied to the DPs in CM07.
Unfortunately, the Data Gatherer job that runs every 2 hours, doesn’t seem to pick up the new state and correct the entry in the database. Neither a migration job with changed objects changes this state. We deleted the patch package in CM2012, made sure that we have a proper state in CM07, migrated again to CM2012 and now the patch package can be installed from clients using the Shared Distribution Points.

So make sure not to have a state of “Waiting to install” in any of your packages, otherwise Shared DPs won’t work. We found some more in the database being migrated during processing and will have to delete and migrate them again. Have fun.

Original post:  Security Updates in CM2012 won’t work with Shared Distribution Points after migration

email

Written by , Posted .