October Microsoft Patch Disrupting ConfigMgr OSD

The October 2014 Patch Tuesday batch has brought a fresh round of OS deployment problems for ConfigMgr 2012 users. Several people have reported Security Update KB2984976 requiring multiple reboots, which intereferes with ConfigMgr Task Sequences as they cannot accommodate multiple reboots for a Software Update during the OSD process.  This issue has been acknowledged and documented by Microsoft as a known...

Read More»

10 Tips for a More Successful Windows Image Build & Capture

In a recent build and capture (b&c) task sequence for ConfigMgr 2012 R2 that I was helping a customer with, I decided it was worthwhile to list the top things that can be overlooked.  If these are done prior to beginning the process, then it can help to shorten and troubleshooting time involved. Create an […]

Read More»

Software Update – kb2920189 & VM Secure boot

Hi All, Yesterday i was updating my lab and i noticed that every single vm was failing to install kb2920189. All my vm’s are running windows server 2012 R2 under a WS2012 R2 host, it means i created a 2nd generation of VM’s and the Secure boot was enabled. Looking at the logs, i found the error 0x800f0922 and if you look at the internet, there are lots of things about this error that was not relevant to the issue here, until i found a forum post that helped me. basically, if you’re having this problem with your 2nd generation machines with secure boot enabled, perform the following tasks: 1- shutdown your VM 2- Edit the VM settings and under Firmware, disable the Enable Secure boot 3- Bring the VM up and install the hotfix 4- Shutdown the VM again 5- Edit the VM settings and under Firmware, Enable the…

Read the complete blog: http://thedesktopteam.com/blog/raphael/software-update-kb2920189-vm-secure-boot/

Read More»

Matching ConfigMgr Software Updates to a Deployment Package with PowerShell

The content side of Software Updates in ConfigMgr can be a bit confusing. Unlike Packages and Applications, in which the entirety of the content is downloaded to the local cache, when the client downloads Software Updates it only downloads the individual update.  As such, the Deployment Package is nothing more than a means of getting groups of individual updates out onto the...

Read More»

SCCM 2012 – SUP – Error: There was an error downloading the software update. (12152)

Hi All, recently i was at a customer site installing SCCM 2012 R2 and i had an issue downloading some updates… The steps were simple. as it was the 1st time, i’ve created an Software Update Group with all Windows 7 updates already released and tried to download it to a deployment package… The wizard was telling me that some updates failed to download with error: There was an error downloading the software update. (12152) and of course, a long list of updates where bellow it. the 1st i thought it was internet/proxy problem, however, there was no proxy involved and i could navigate to the internet without any problem… looking at the patchdownloader.log (it can be under %temp%, C:\Users\\AppData\Local\Temp or \Logs) i saw the following Checking machine config Software Updates Patch Downloader 19/03/2014 09:03:23 5472 (0×1560) Cert revocation check is disabled so cert revocation list will not be checked….

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-sup-error-there-was-an-error-downloading-the-software-update-12152/

Read More»

SCCM 2012 – Updating SCCM client during TS

Hi All, for ages, i’ve being using a script to automatically populate the PATCH option of the SCCM client installation in a TS environment. the reason i’ve been using this script (if not clear for you), is the number of hotfixes and the allowed size of the text box on a TS… fortunately with SCCM 2012, the SCCM product group changed the way they di hotfixes and started to use Updates Rollup, meaning that you would not find the issue we’ve been experiencing on SCCM 2007. Even it is true, Microsoft had to release few updates out of the Update Rollup and people don’t know how to manage them in a Task Sequence as this has changed a bit. Fortunately (again), the script has been updates to SCCM 2012 (http://blogs.technet.com/b/deploymentguys/archive/2013/06/04/automatically-populate-the-patch-property-for-the-configmgr-client-installation-script-update.aspx) however, what happen if you don’t have the ZTIUtility.vbs or don’t want do the MDT integration? Well…you need to do…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-updating-sccm-client-during-ts/

Read More»

SCCM 2012 – Software Updates

Hi All, Today I’m going to talk a bit aobut software updates. As you may be aware, softwre update is a “simple” task however, the process behind the software update can be a bit complex. And the reason is simple, what happen if I do this? Well…i don’t want this post to be dealt as “best practices” but a guidance on how to do software update and the reason is simple, many people know how to do, but always want a bit more guidance on what would be better….and remember…not best practices. I always refuse to talk about best practices because it always depends. Let’s imagine the scenario where you have a remote site with 3k users. Should you put a local DP there? maybe a secondary site? Let’s assume that as best practices, you would add a distribution point, but on this scenario, every single server should only be…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-software-updates/

Read More»

Notes on The Software Update Scan Cycle

Most of the below information is cobbled together from a couple of TechNet pages, a blog post or two, presentations I’ve seen over the years, conversations I’ve had with others, forum posts and experience — there’s just no one definitive source with a product as big as ConfigMgr that also relies on another full product in this case. And of course, there are always gaps (and sometimes errors) in the actual public documentation. Here are a few of the sources I could dig up though (note that very little has changed as far…read more

The post Notes on The Software Update Scan Cycle appeared first on ConfigMgrFTW.

Read More»

Windows Update – What Is It Good For?

As is sometimes the case, this blog post is inspired by me being wrong or making an inaccurate statement (and then doing a bunch of research). This time, the statement was about what updates are released on “Patch Tuesday”. First, know that “Patch Tuesday” is not an official Microsoft term but is commonly used and accepted by most (if not all) folks as being the once a month day (always the second Tuesday of the month) when Microsoft releases security fixes to their products. From this stems a series of implications…read more

Read More»

The WUA Dilemma in ConfigMgr

I’ve blogged about the *unfun* of the Windows Update Agent (WUA) before, answered many forums posts on the subject, and presented information on it at multiple venues including MMS and IT/Dev Connections. Until recently, I didn’t have a good solution though. The simple diagram in this post sums up the dilemma. Basically, the WUA is meant to be an autonomous component that does things like install Windows updates, detect pending reboots, and nag the end-user about the first two things. None of these are these are desirable in an enterprise…read more

Read More»

Keeping Track of Software Updates

By Suzanne Tighe It seems that every time I am talking to a Configuration Manager Admin, the sore subject of software updates comes up and the difficulty they have in managing these updates to ensure compliancy! With that in mind, Enhansoft’s Overall Missing Software Update Status by Classification report is a SSRS report that we designed to give a very...

Read More»