Finally I got some time to work on Automatic Deployment Rules (ADR) in ConfigMgr 2012. At a first glance, when you read Microsoft Technet article about ADRs it seems to be pretty simple, yet effective way to manage Monthly Patching using Configuration Manager in an automated way. During the weekend, I got a chance to go through the documentation, just to make myself aware of – What is ADR? What it can do? How to use them effectively?
We had set up eveything as per the Technet documentation – Our ADR had a proper name, the targeted collection, Software Update Group Information, Evaluation Schedule, Installation Deadline, Download Setting etc. So, we were all set to start using ADR to push out Monthly Patches in an automated way.
Rather than waiting for the Evaluation Schedule, we thought to run it manually, but wait – It failed as soon as it started. What exactly caused the issue? After a long time, I was back wearing my Troubleshooting Hat. First place, was of course ruleengine.log. So there we have it, our first error.
“Failed to download the update from the internet. Error = 403
Failed to download ContentID for Update ID XXX. Error code = 403”
So, now we know that it failed to download the content for all the updates. But wait a sec, when we evaluated the “Manual Patching Method”, our SCCM server was able to download updates from the Internet. We were 100% sure that we have not changed any settings after testing manual patching. So, where was the missing key??
We even checked PatchDownloader.log, so we could see that the download failed with error: 0x80070193
“ERROR: DownloadContentFiles() failed with hr=0x80070193”
Error 403 means Forbidden. So something was stopping us to reach Microsoft to download our updates. It could be a Network Issue, Proxy Server Issue or a Firewall. Now in our case, all of these components should not cause issue because when we tested Manual Patching, everything worked OK.
Just to make sure, we even tried to download the patch manually, which ADR was trying to download automatically. When we selected that Patch from All Updates node, we were successfully able to download the update. So now, we were 100% sure that Network, Proxy and Firewall, everything was working fine. That means, there was something in ConfigMgr which was stopping it from downloading updates from Internet.
Our first guess, we have to check the Properties of Software Update Point, under “Administration – Servers and Site System Roles”
Phew, there it is – while setting up and configuring SUP, we had missed to select the option
“Use a proxy server when downloading content with Auto Deployment Rules”
This was the reason why SCCM was not able to download content files for any updates initiated by ADR, though, everything worked fine when we did the patching using legacy manual patching method. Finally spending close to 20-25 minutes, we knew what was causing the issue, a single check mark might be responsible for sleepless nights for SCCM Admin 😉