none
Application Deployment Stuck In Progress RRS feed

  • Question

  • Hi, I deployed a Windows Update via Application (wusa.exe /quiet).  Many of the clients are stuck on "In Progress".  When I check the client, I see that the update was successfully installed but it never updates the SCCM server, even after a reboot.  I don't understand why some clients are reporting are successfully installed while others are stuck in progress even though it was successfully installed anyway.  Here's the AppEnforce.log readout:

    +++ Starting Install enforcement for App DT "KB3020369 Windows 7 x64" ApplicationDeliveryType - ScopeId_797F9B5C-C57B-4073-B2F9-46948ACE70F7/DeploymentType_d8bc13a9-6096-4c8f-87e4-073b38a4d622, Revision - 7, ContentPath - C:\Windows\ccmcache\a, Execution Context - System    AppEnforce    9/6/2016 10:47:29 AM    6792 (0x1A88)
        A user is not logged on to the system.    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Performing detection of app deployment type KB3020369 Windows 7 x64(ScopeId_797F9B5C-C57B-4073-B2F9-46948ACE70F7/DeploymentType_d8bc13a9-6096-4c8f-87e4-073b38a4d622, revision 7) for system.    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
    +++ Application not discovered. [AppDT Id: ScopeId_797F9B5C-C57B-4073-B2F9-46948ACE70F7/DeploymentType_d8bc13a9-6096-4c8f-87e4-073b38a4d622, Revision: 7]    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        App enforcement environment:
        Context: Machine
        Command line: wusa.exe "Windows6.1-KB3020369-x64.msu" /quiet
        Allow user interaction: No
        UI mode: 1
        User token: null
        Session Id: 4294967295
        Content path: C:\Windows\ccmcache\a
        Working directory:     AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Prepared working directory: C:\Windows\ccmcache\a    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
    Found executable file wusa.exe with complete path C:\Windows\system32\wusa.exe    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Prepared command line: "C:\Windows\system32\wusa.exe" "Windows6.1-KB3020369-x64.msu" /quiet    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Executing Command line: "C:\Windows\system32\wusa.exe" "Windows6.1-KB3020369-x64.msu" /quiet with system context    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Working directory C:\Windows\ccmcache\a    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Post install behavior is BasedOnExitCode    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Waiting for process 6940 to finish.  Timeout = 120 minutes.    AppEnforce    9/6/2016 10:47:31 AM    6792 (0x1A88)
        Process 6940 terminated with exitcode: 2359302    AppEnforce    9/6/2016 10:47:36 AM    6792 (0x1A88)
        Looking for exit code 2359302 in exit codes table...    AppEnforce    9/6/2016 10:47:36 AM    6792 (0x1A88)
        Unmatched exit code (2359302) is considered an execution failure.    AppEnforce    9/6/2016 10:47:36 AM    6792 (0x1A88)
    ++++++ App enforcement completed (6 seconds) for App DT "KB3020369 Windows 7 x64" [ScopeId_797F9B5C-C57B-4073-B2F9-46948ACE70F7/DeploymentType_d8bc13a9-6096-4c8f-87e4-073b38a4d622], Revision: 7, User SID: ] ++++++    AppEnforce    9/6/2016 10:47:36 AM    6792 (0x1A88)

    Wednesday, September 7, 2016 12:49 PM

All replies

  • Because it's returning a non-success exit code.

    In this case, 2359302 = "The update to be installed is already installed on the system."


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, September 7, 2016 1:19 PM
  • We had this issue so we extracted the cab file and used DISM instead. 2359302 translates to the patch already being applied.

    Here's how we deploy hotfixes:

    Installation Program: DISM /Online /Add-Package /PackagePath:"Windows6.1-KB2775511-v2-x64.cab" /quiet /norestart

    Detection Method: PowerShell

    $props =@{
    Machine = $($psitem.Name)
    Present = $false
    }
    Try
    {
    $Hotfix = Get-Hotfix "KB2775511" -ErrorAction Stop
    $props.Present = $true
    Write-Host "Installed"
    }
    Catch
    {
    $props.Present = $false
    Break
    }

    HTH!

    Wednesday, September 7, 2016 1:20 PM
  • Because it's returning a non-success exit code.

    In this case, 2359302 = "The update to be installed is already installed on the system."


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thanks Jason, I'm aware that it's already installed.  I'm just wondering why SCCM doesn't understand that because we have plenty of clients in that same deployment that have it installed, and SCCM is reporting that under the Success tab (listed as Already Compliant)
    Wednesday, September 7, 2016 1:55 PM
  • We had this issue so we extracted the cab file and used DISM instead. 2359302 translates to the patch already being applied.

    Here's how we deploy hotfixes:

    Installation Program: DISM /Online /Add-Package /PackagePath:"Windows6.1-KB2775511-v2-x64.cab" /quiet /norestart

    Detection Method: PowerShell

    $props =@{
    Machine = $($psitem.Name)
    Present = $false
    }
    Try
    {
    $Hotfix = Get-Hotfix "KB2775511" -ErrorAction Stop
    $props.Present = $true
    Write-Host "Installed"
    }
    Catch
    {
    $props.Present = $false
    Break
    }

    HTH!

    Thanks!  I'll give this a shot and see if our results are any better.
    Wednesday, September 7, 2016 1:55 PM
  • Well, as noted, it's a non-zero exit code which equates to a failure unless otherwise explicitly defined. Systems reporting as already compliant are doing so because they are matching your detection criteria and thus never actually enforcing the deployment type. So that implies that there is a flaw in your detection criteria as really the command-line should never be run if the update is already installed.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, September 7, 2016 1:59 PM
  • Thanks, that makes sense.  Is using a powershell script like the one listed above a common way to detect if a KB update has already been installed?
    Wednesday, September 7, 2016 2:40 PM
  • Not sure if it's the common way to detect KB updates but the environments I worked in were either air-gapped or the specific KB was not available from the Windows Catalog so it was much faster and easier to detect the KB via Get-Hotfix.
    Wednesday, September 7, 2016 3:41 PM
  • Hi Joshua,

    I tried the deployment with that script last night and the majority of the client machines failed with error "Script is not signed".

    Any ideas how to fix this?

    Thanks.

    Thursday, September 8, 2016 12:20 PM
  • Nevermind, I just found the setting in computer agent settings.  I will try again tonight.  Thanks.
    Thursday, September 8, 2016 12:29 PM
  • Nevermind, I just found the setting in computer agent settings.  I will try again tonight.  Thanks.

    Hi,

        Have you got your issue resolved now? If so, could you please share your solution with us? Thank you.

    Best regards,

    Jimmy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 19, 2016 1:35 PM
    Moderator
  • Did you get this to work and what did you do?

    I am doing similar, using get-hotfix | Where-Object {$_.HotFixID -match “KB4522014”} to detect. Works good, but if it already exists, then it reports back to SCCM as Error with:

    Deployment failed,Action failed,0x240006 (2359302),The update to be installed is already installed on the system

    Tuesday, October 1, 2019 3:19 PM