Sign in
Microsoft.com
 
System Center Configuration Manager TechCenter
 
 
 
System Center Configuration Manager TechCenter > System Center Configuration Manager Forums > Configuration Manager Software Updates Management > Software Updates not being installed when maintenance window starts if user is logged on to console session
Ask a questionAsk a question
Search Forums:
 

QuestionSoftware Updates not being installed when maintenance window starts if user is logged on to console session

  • Thursday, April 02, 2009 8:00 PMBenoitMalenfant Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

    I am running SCCM 2007 SP1 and have been experiencing a weird problem when deploying Software Updates to servers that have specific maintenance windows

    The typical set-up is:

    I've got a deployment with the monthly security hotfixes in it.
    The deployment is set with a deadline PRIOR to the sevrer's maintenance window.
    It is confgured to NOT be executed outside the maintenance windows.
    The maintenance window are AT LEAST 1 hour (60 minutes / 3600 seconds :-) )long.

    When the maintenance window starts on any given servers, most of them will install any required hotfixes that are part of the deployment previously created. SOME of the servers will NOT install the required hotfixes, even though they have been downloaded in the "ccm\cache" folder. This happens any given month, unrelated to the number of hotfixes to be installed or the size of the hotfixes.

    When I look at the "UpdatesDeployment.log" of any of the targetted servers that are showing the problem (they all show the same behaviour in their log) I see the following (I've only included the interesting parts of the log):

    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event
    Attempting pending install assignment 
    Starting install for assignment ({F260B056-8CF5-4412-8E44-B13A8CF40706})
    [...]
    EnumerateUpdates for action (UpdateActionInstall) - Total visible updates = 4
    No current service window available to run updates assignment with time required = 3600
    No service window available to run updates assignment
    This assignment ({F260B056-8CF5-4412-8E44-B13A8CF40706}) will be retried once the service window is available.
    No pending install assignment
    [...]
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event


    After investigating further, I did notice that all servers that do not install the security hotfixes during the maintenance window have 1 point in common:

    A user logged on to the console session of the server through RDP (MSTSC /CONSOLE or /ADMIN).

    If I force a logoff or reset the console session and then re-initiate a "Software Updates Deployment Evaluation Cycle" by using the SCCM client GUI (while still in the maintenance window), they then install properly by themselves.

    Anybody else has this problem? If so, is there a fix available?

    I could obviously set a task sequence before my deployments to force a logoff on the console session, but that's a bit lame, I'd much prefer fixing the problem at root.

     

All Replies

  • Friday, April 03, 2009 1:20 AMJason SandysMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    If you truly think this is a bug and can confirm it, call PSS so they can get the ConfigMgr team to look at it and issue a fix.
    Jason | http://myitforum.com/cs2/blogs/jsandys
     
  • Friday, April 03, 2009 3:32 AMCzar_Log Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    We have a similar problem where some machines just will not patch during the maintenance windows. All files are there and the policy is waiting for the service window. When the window comes, nothing runs. We wrote a few scripts to check automatically if the patches applied after x minutes into a patch window. If nothing has happened we force a Software Update Deployment Evaulation Cycle (must be first), then a Software Updates Scan Cycle. That has been working to kick off the installs on all the machines that are really ready to deploy and are waiting. We worked with support awhile ago and came up no solution. So we just gave up moved on to other issues and use this work around. 
     
  • Monday, May 18, 2009 1:18 PMdouglas robertson Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Has anyone got any update whether this is an issue or not.  I am getting the same issues with installing on a 2008 server. 

    updatesdeployment.log excerpt:

    Assignment {00F29B91-BD61-4EBA-A004-D604429B1312} has total CI = 2 
    OnPolicyModify for assignment ({00F29B91-BD61-4EBA-A004-D604429B1312})... 
    EnumerateUpdates for action (UpdateActionInstall) - Total visible updates = 1 
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event 
    OnServiceWindowAvailable - No pending install assignment

    when it downloads policy it sees an assignment for 1 update but when the service window starts it saying no pending install assignment.  I had been logged on via RDP to check whether it all ran ok and after nothing happened, I came across this forum post.
     
  • Monday, May 18, 2009 4:59 PMMichaelk123 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Have you tried increasing the maintenance window?  If it's feasible, I'd start there; as I've had clients repeatedly not install software updates due to maintenance window constraints.  Hope this helps:)
     
  • Friday, May 22, 2009 1:53 PMOPePePe Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    I am getting the same issues with Software Updates on Windows XP (SP2 and SP3).
    We have defined a ServiceWindows from 11:00PM to 06:00AM. Windows XP security updates works but we have trouble with Office 2007 updates. We have tried to increase maintanance windows with no luck.
    SCCM 2007 SP1 with R2 Windows Server 2003 SP2 R2.

    From UpdatesDeployment.log:
    Service startup system task UpdatesDeploymentAgent 21.05.2009 20:51:59 5448 (0x1548)
    Software Updates feature is enabled UpdatesDeploymentAgent 21.05.2009 20:51:59 5448 (0x1548)
    Assignment {24F6EF33-C55E-4657-9582-5621F5C3DCBC} has total CI = 37 UpdatesDeploymentAgent 21.05.2009 20:52:00 5448 (0x1548)
    Assignment ({24F6EF33-C55E-4657-9582-5621F5C3DCBC}) reconnected to the existing job ({C104343E-86E4-4C4F-8385-5BFEA15D67C8}) successfully. UpdatesDeploymentAgent 21.05.2009 20:52:00 5448 (0x1548)
    No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 21.05.2009 20:52:00 5448 (0x1548)
    Startup task completed UpdatesDeploymentAgent 21.05.2009 20:52:00 5448 (0x1548)
    Message received: '<?xml version='1.0' ?><SoftwareUpdatesMessage MessageType='EnforceMandatoryUpdates'/>' UpdatesDeploymentAgent 21.05.2009 21:00:00 5992 (0x1768)
    No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 21.05.2009 21:00:00 5992 (0x1768)
    No updates needed to be installed on user defined schedule. UpdatesDeploymentAgent 21.05.2009 21:00:00 5992 (0x1768)
    User logoff system task UpdatesDeploymentAgent 21.05.2009 21:04:57 2144 (0x0860)
    Service startup system task UpdatesDeploymentAgent 21.05.2009 21:06:50 3500 (0x0DAC)
    Software Updates feature is enabled UpdatesDeploymentAgent 21.05.2009 21:06:50 3500 (0x0DAC)
    No user is logged on UpdatesDeploymentAgent 21.05.2009 21:06:53 3500 (0x0DAC)
    Total Pending reboot updates = 0 UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    No pending reboot updates at system restart. UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    Assignment {24F6EF33-C55E-4657-9582-5621F5C3DCBC} has total CI = 37 UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    Assignment ({24F6EF33-C55E-4657-9582-5621F5C3DCBC}) reconnected to the existing job ({C104343E-86E4-4C4F-8385-5BFEA15D67C8}) successfully. UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    Startup task completed UpdatesDeploymentAgent 21.05.2009 21:06:55 3500 (0x0DAC)
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 22.05.2009 01:00:00 3268 (0x0CC4)
    OnServiceWindowAvailable - No pending install assignment UpdatesDeploymentAgent 22.05.2009 01:00:00 3268 (0x0CC4)
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event UpdatesDeploymentAgent 22.05.2009 05:00:00 3200 (0x0C80)

    From WUAHandler.log:
    Async searching of updates using WUAgent started. WUAHandler 21.05.2009 20:15:18 3708 (0x0E7C)
    Async searching completed. WUAHandler 21.05.2009 20:16:07 840 (0x0348)
    Successfully completed scan. WUAHandler 21.05.2009 20:16:08 3300 (0x0CE4)
    Its a WSUS Update Source type ({4E6007CF-A09B-4084-AE1B-7F35EA754C5F}), adding it. WUAHandler 21.05.2009 20:16:51 3300 (0x0CE4)
    Existing WUA Managed server was already set (http://MyCmServer.MyDomain.net:8530), skipping Group Policy registration. WUAHandler 21.05.2009 20:16:51 3300 (0x0CE4)
    Added Update Source ({4E6007CF-A09B-4084-AE1B-7F35EA754C5F}) of content type: 2 WUAHandler 21.05.2009 20:16:51 3300 (0x0CE4)
    Async searching of updates using WUAgent started. WUAHandler 21.05.2009 20:16:51 3300 (0x0CE4)
    Async searching completed. WUAHandler 21.05.2009 20:17:21 2748 (0x0ABC)
    Successfully completed scan. WUAHandler 21.05.2009 20:17:21 4924 (0x133C)
    Its a WSUS Update Source type ({4E6007CF-A09B-4084-AE1B-7F35EA754C5F}), adding it. WUAHandler 21.05.2009 20:17:25 4924 (0x133C)
    Existing WUA Managed server was already set (http://MyCmServer.MyDomain.net:8530), skipping Group Policy registration. WUAHandler 21.05.2009 20:17:25 4924 (0x133C)
    Added Update Source ({4E6007CF-A09B-4084-AE1B-7F35EA754C5F}) of content type: 2 WUAHandler 21.05.2009 20:17:25 4924 (0x133C)
    Async searching of updates using WUAgent started. WUAHandler 21.05.2009 20:17:25 4924 (0x133C)
    Async searching completed. WUAHandler 21.05.2009 20:17:50 4412 (0x113C)
    Successfully completed scan. WUAHandler 21.05.2009 20:17:51 5708 (0x164C)

     
  • Monday, August 17, 2009 3:53 PMcsp122 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    we're observing the same behavior... has anybody got rules of thumb on how long the maintenance windows should be? should 90 minutes be enough? does the size of the update list determine the window? if so, with 900 updates in our "catch up" list, how much time should be allotted for maintenance windows?
     
  • Thursday, August 20, 2009 5:34 PMScott-R__ Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I always heard you shouldn't go over 500 updates in a deployment.  Has that changed?
    Scott
     
  • Thursday, August 20, 2009 11:06 PMJohn MarcumMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    There has been some talk about not putting more than 500 updates in a package as Scott mentioned. I can't possibly imagine what you are patching that there could be 900 patches? When a service pack is released it superceeds all previous patches and I don't know of any product that has 900 applicable patches. I release my patches according to product. Next 90 minutes is not a long enough window I don't think. There has to be enough time for the patch to install and the machine to reboot. Yamini posted a great post in these forums on exactly how the amount of time is calcualted, that post is here:

     http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/b5a3bf30-28d6-4b59-b6a0-ee6baec392cd


    You should be able to see in the logs why the servers are not patching too.
    John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
     
  • Tuesday, October 27, 2009 6:35 PMnsousa1 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Do you mind sharing those scripts? I am not interested in reinventing the wheel here...
     
  • Tuesday, October 27, 2009 7:21 PMJohn MarcumMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Do you mind sharing those scripts? I am not interested in reinventing the wheel here...

    Not sure what scripts you are referring to?
    John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
     
  • Friday, October 30, 2009 7:38 PMnsousa1 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I would like to manually initiate a Software Updates Deployment Evaluation Cycle and Software Updates Scan Cycle action through VbScript or something similar.
     
  • Sunday, November 01, 2009 2:50 AMJohn MarcumMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    The easiest way to do that is to use the right click tools.

    http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx

    John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum