locked
WAU Installing Non-Approved Updates while 2012 Client is being installed RRS feed

  • Question

  • We are doing a side-by-side upgrade from CM 07 to CM 2012. We are pushing the 2012 client from 07. Everything seems successful except for the fact that during the upgrade process WAU seems to be going directly to MS to download and install updates that previously were not approved. I have tried stopping the WAU service as part of the install process but that doesn't seem to be working. 
    Tuesday, April 16, 2013 3:12 PM

Answers

  • I fixed this by scripting a custom solution that shuts down and disabled WU Service then created a task in SCCM that re-enables it as well as a scheduled task that would do the same thing should the client not register properly within 7 days.
    • Marked as answer by WhiteSS Thursday, May 23, 2013 6:21 PM
    Thursday, May 23, 2013 6:21 PM

All replies

  • Is it working as expected after the CM12 clients are fully installed / migrated?

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, April 16, 2013 3:30 PM
  • something is configuring the local WSUS policy on the client. Check the wuahandler.log and see if you have Applied a GPO and verify that you have enabled Software updates in the client settings.

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Wednesday, April 17, 2013 9:22 AM
  • If you are pushing cm 2012 clients from sccm 2007 as a package, What are the source files for that package ?..

    If you use only ccmsetup.exe as a source file it will download other files either from mp or windows update.


    Delphin

    Wednesday, April 17, 2013 11:46 AM
  • Copy allfiles and subfolders from Configuration Manager\client\ folder in CM12 to your source location and use that.

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Wednesday, April 17, 2013 12:09 PM
  • Once the client registers, yes it all connects as designed
    Wednesday, April 17, 2013 12:29 PM
  • I have a self contained EXE with all of the source files in it.
    Wednesday, April 17, 2013 12:30 PM
  • I have a self contained EXE with all of the source files in it.
    Wednesday, April 17, 2013 12:30 PM
  • So that's what I don't get. there is no GPO from AD and no local GPO configured. During the CM2012 install I have a custom action to stop the WAU service via a net stop command. Even if there were something configured in a policy, it would be configured to point to our enterprise WSUS that has since been deprecated, not back to MS.

    I've even used regmon (or whatever its called now) to watch the WU keys. During the install, the entire root is deleted when the CM07 client is uninstalled. Then when the CM2012 client installs it drops its keys down.

    Wednesday, April 17, 2013 12:34 PM
  • ccmsetup.log would be of some help..

    Delphin

    Wednesday, April 17, 2013 1:02 PM
  • I was able to grab some logs from clients and here is what is actually happening.

    1. 2007 environment pushes 2012 client install 
    2. 2012 uninstalls 2007 client, WAU is stopped on the client
    3. 2012 is installed WAU is started
    4. minutes/hours pass - this should be pretty quick though. average was under 8 minutes on the 3 I had access to
    5. client registers
    6. more minutes/hours pass - this seems to be anywhere from an hour or four or 2 days in the case of a client that was being moved around and power cycled
    7. SUP policy is downloaded and applied

    At step 6 is when the WAU service is going to Microsoft for updates and auto-approving patches for itself. At this point i'm not sure there's much I can do other than open a ticket with MS.


    • Edited by WhiteSS Thursday, April 18, 2013 1:40 PM
    Thursday, April 18, 2013 1:39 PM
  • I fixed this by scripting a custom solution that shuts down and disabled WU Service then created a task in SCCM that re-enables it as well as a scheduled task that would do the same thing should the client not register properly within 7 days.
    • Marked as answer by WhiteSS Thursday, May 23, 2013 6:21 PM
    Thursday, May 23, 2013 6:21 PM