STEP BY STEP GUIDE FOR PATCHING SCCM MANAGED WINDOWS CLIENT DEVICES
For remediating patching on SCCM Managed client computers
4 Important Steps :
1. Scanning of devices
2. Reviewing Logs to see patch status
3. Remediation to deploy Patches
4. Patches are deployed as per logs, however reporting is showing as non compliant
Additional info on :
Manual Patch deployment
Possibility of why issues being reported.
Software Center Error Codes & description
--------------------------------------------------------------------------------------------
STEP 1: Scanning of devices:
Check WUA Handler log if scanning is failing
Complete detail on WUAHandler.log & fix is linked to registry.pol - check date , rename or delete registry.pol file & run gpupdate /force & run software update eval cycle & scan cycle.
Complete troubleshooting video on scanning issue • Patch scanning fail GROUP POLICY issu...
STEP 2: Reviewing Logs to see patch status:
Check updatestore.log for that particular KB we will see if missing or existing by taking note of unique ID.
Review more logs based on unique id Updatedeployment.log, updatehandler.log, updatestore.log, WUAHandler.log, windowsupdate.log may give us good clue on errors.
To review Windowsupdatelog
Powershell -- get-windowsupdatelog
Logs will have entry like:
ASSIGNMENT_EVALUATE_SUCCESS, ASSIGNMENT_ENFORCE_FAILED or any other message like Failed to attach update to the automation wrapper = 0x87D00215.
If seen as finished installing (0x000000000), means patches are installed.
No pending patches available as of now, kindly find the log details.
![LOG[EnumerateUpdates for action (UpdateActionInstall) – Total actionable updates = 0]LOG]! time=”05:02:16.837-60”date=”02-16-2022” component=”UpdatesDeploymentAgent” context=”” type=”1” thread=”27904” file=updatesmanager.cpp:1826”
STEP 3: Remediation to deploy Patches:
Caused by some update files becoming corrupt while being downloaded. If this happens you can delete or rename the folder & it will be recreated in same location.
Couple of placed observed one in software distribution & ccmcache
Renaming Folders
Softwaredistribution folder located in C:\windows\
If ccmcache, can rename ccmcache folder or specific subfolder if aware
Catroot2 folder located in C:\windows\System32
By default it will not allow as services are running in backend
. Stop Windows update service Service name: wuauserv
. Stop Cryptographic Services Service name: CryptSvc
. Stop Background Intelligent Transfer Service name: bits
. Stop Windows Installer Services Service name: msiserver
Post service stopped rename folder
. Sometimes few services auto start so you will need to disable it.
. Once folders are renamed restart / enable above 4 services & also check status of SMS Agent host service
. If windows installer services is giving error while starting check to Unregister and re-register Windows Installer by following command
. Msiexec /unregister
. Msiexec /regserver
Reboot system & check
. Initiate “Software Update Scan Cycle” and “Software Updates deployment evaluation cycle” from configuration manager applet
. Review logs
If patches still fail to deploy, there can be windows issue
. Sfc/scannow (this is System File Checker)
. Windows Update troubleshooter can be accessed thru settings
STEP 4: Patches are deployed as per logs, however reporting is showing as non compliant.
We need client to resend its data to the MP. It’s a convenient way to force some state messages up.
. Powershell query
. $UpdateStore = New-Object –ComObject Microsoft.CCM.updateStore
. $UpdateStore.RefreshServerComplianceState()
. This command will help to update / refresh compliance state on SCCM
Sitecode change
Reinstall Client
--------------------------------------------------------------------------------------
Possibility of why issues being reported:
Offline or Inactive client – bring it back to network
Device not in use – its retired from AD or SCCM
Pending Reboot
Low Disk space – housekeeping of HDD / upgrade HDD size
Download Corrupt
SCCM Client Corrupted
If client not updating recent date client repair / reinstall
GPO issue
-------------------------------------------------------------------------------------
Follow Below platforms to get updates:
Blog Website: https://mecmworld.blogspot.com
Twitter : / yagneshmalaviya
Linked In : / yagnesh-malaviya
Facebook: / mecmworld
Instagram : / mecm_world
Email ID: [email protected]
If you would like to share your troubleshooting fix or knowledge on MECM, you are most welcome to share your interest in email. Will look forward to collaborate & share knowledge.
Смотрите видео STEP BY STEP GUIDE FOR PATCHING SCCM MANAGED WINDOWS CLIENT DEVICES онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь MECM WORLD 20 Февраль 2022, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 3,000 раз и оно понравилось 73 людям.