SCCM SUp Detection for KB960082 patch
-
Thursday, February 12, 2009 7:59 PMHello,
I have my Wsus that detects 4 patches for KB 960082 but in SCCM console I see only 3. I am not getting the SQL 2000 sp4 for failover cluster. any idea why? all synchro are with out error
All Replies
-
Thursday, February 12, 2009 10:59 PM ConfigMgr 2007 does not support updates that require user input. If you check in the SUSDB you will see this particular update requires user input and will not sync.
The below query will report to you the updates that are not supported by ConfigMgr 2007 becuase they request user input:
USE SUSDB
SELECT SecuirtyBulletin, DefaultTitle, KnowledgebaseArticle, InstallationCanRequestUserInput
FROM PUBLIC_VIEWS.vUpdate Where KnowledgebaseArticle = '960082' AND InstallationCanRequestUserInput = 1
Levi- Proposed As Answer by Levi Stevens [Dell] Thursday, February 12, 2009 11:00 PM
-
Friday, February 13, 2009 1:05 AMHi,
That's very disturbing don't you think? the only reason I caught it is that I updated to R2 from Sp1. And I monitored the update process closely.
This very very disturbing. Why the limitation (in ther words what user input that makes it a show stopper. for the sync.
Thanks -
Friday, February 13, 2009 2:35 PMSo how do I detect that its needed. otherwise my system will go unpatched
-
Friday, February 13, 2009 6:30 PMThis only affects SQL/Exchange clusters. Your non-cluster instances will be detected and installed. Clusters are not a common thing that would just be randomly deployed within your company. You can be assured that your DBA's/Exchange admins are very well aware of thier clusters and are patching them manually. So I believe the risk is mitigated. It would be nice to still report on the compliance even if you cannot deploy them becuase they need user input. I have given this feedback to my team members working on the future release.
-
Friday, February 13, 2009 8:12 PM
the DBA'\exchange admins are dependent on me to give them the tools to:
Detect
download
Evaluation Deployement
Production Deployement
Now it seems that I have to throw one of the incentives to have an SCCM infrastructure. and it is a major one. Our clusters do not go to the internet. we do not want to use MBSA tools because certain updates do not get detected. And What was the TCO for having SCCM infrastructure when OSD is not patched, NAP healthvalidator is a compomised item. Come on what the solution. SCCM recommends to not mingle with the WSUS. So really it is not mitigate
In our mind SCCM will detect will deploy and it up to the user of the systems (DBA\SCOM admins IIS admins sharepoint admins to download and kick the install when they want it.
And with SCCM we can see thos that did patch or did not patch. (check compliance) -
Saturday, February 14, 2009 6:47 PMModeratorLevi Stevens [MSFT] said:
ConfigMgr 2007 does not support updates that require user input. If you check in the SUSDB you will see this particular update requires user input and will not sync.
The below query will report to you the updates that are not supported by ConfigMgr 2007 becuase they request user input:
USE SUSDB
SELECT SecuirtyBulletin, DefaultTitle, KnowledgebaseArticle, InstallationCanRequestUserInput
FROM PUBLIC_VIEWS.vUpdate Where KnowledgebaseArticle = '960082' AND InstallationCanRequestUserInput = 1
Levi
Levi good post shouldnt it allthough be this query to get all patches that require Userinput.
USE SUSDB
SELECT SecuirtyBulletin, DefaultTitle, KnowledgebaseArticle, InstallationCanRequestUserInput
FROM PUBLIC_VIEWS.vUpdate Where InstallationCanRequestUserInput = 1 -
Thursday, February 19, 2009 2:16 PMA better query would be the one that will pull from the susdb the machine that requires the patches with user entervention needed.
.png){kind=spacer}
