locked
FCS Definition Updates RRS feed

  • Question

  • On one of my win2k3 and xp sp2 machines, the FCS client is installed but doesn't pull the latest definiton updates from FCS.

    The system tray shows the exlamation point and when I try to update the definitions, it says none are available. When I go into the MOM Administration console I see the client checked in at the same time I tried to manually update the definition.

    The machines are joined to a domain and do not have a firewall on the client.

    This is a shared infrastructure with SCCM. FCS and SCCM are sharing WSUS. The clients are pointing to the Software Update Point and I've configured the definition update auto approval rule.

     I also configured the proxy within Internet Explorer on both machines as I was not able to get out to the WSUS box.

    Currently there are FCS policies deployed to these two machines. Does a policy need to be deployed thought in order for it to pull the latest definition updates from WSUS?

    Are there any advanced troubleshooting tools?

    I have no idea why two out of 55 machines are having issues. Any ideas would be great.

    Thanks,

    -Matt
    Matthew Tinnney (206) 778 4432 http://www.linkedin.com/pub/3/b81/371
    Monday, April 6, 2009 10:50 PM

Answers

  • Hi Matt,

     

    Thank you for your post.

     

    According to your description, I suspect this issue may relate to the policy issue. Client Security agents might not be receiving the configured Client Security policy.

     

    As far as I know, Client Security can deploy configurations to agents via policies. These policies are deployed directly to an organizational unit (OU) via a Client Security–created Group Policy object (GPO), or they can also be added to an existing GPO that an administrator has previously created.

     

    If the client agent not applied the policy, please check the following:

    1.      Make sure the target computer is a member of a security group to which the Client Security policy has been deployed.

    2.      Make sure the target computer reside in the OU to which the Client Security policy has been deployed.

    3.      Make sure the target computer is a member of the same domain.

     

    Regards,


    Nick Gu - MSFT
    Monday, April 13, 2009 9:42 AM
  • GPMC
    ------
    you can use GPMC.msc -> group policy -> group policy reault wizard and choose machine u want
    then see report , look for WSUS policy and FCS policy they should be from the winner GPOs.

    WSUS
    ------
    1- can you see computers at wsus console.
    2- auto approval of difinistion update for all computers (or for membership that 2 machine included)

    Workstation
    --------------
    1- run gpupdate /force and check the application event viewer, you should see evvent id 1704 SceCli
    2- try to telnet wsus-computer 80     (or port 8530 ) , it should success and session should open.
    3- check that automatic update service are started and automatic
    4- you can stop this automatic update service and delete folder content of (%windir%\SoftwareDistribution), then start service again and run cmd: wuauclt /detectnow   then see if updates sync from wsus.



    Monday, April 20, 2009 9:26 PM

All replies

  • Hi Matt,

     

    Thank you for your post.

     

    According to your description, I suspect this issue may relate to the policy issue. Client Security agents might not be receiving the configured Client Security policy.

     

    As far as I know, Client Security can deploy configurations to agents via policies. These policies are deployed directly to an organizational unit (OU) via a Client Security–created Group Policy object (GPO), or they can also be added to an existing GPO that an administrator has previously created.

     

    If the client agent not applied the policy, please check the following:

    1.      Make sure the target computer is a member of a security group to which the Client Security policy has been deployed.

    2.      Make sure the target computer reside in the OU to which the Client Security policy has been deployed.

    3.      Make sure the target computer is a member of the same domain.

     

    Regards,


    Nick Gu - MSFT
    Monday, April 13, 2009 9:42 AM
  • GPMC
    ------
    you can use GPMC.msc -> group policy -> group policy reault wizard and choose machine u want
    then see report , look for WSUS policy and FCS policy they should be from the winner GPOs.

    WSUS
    ------
    1- can you see computers at wsus console.
    2- auto approval of difinistion update for all computers (or for membership that 2 machine included)

    Workstation
    --------------
    1- run gpupdate /force and check the application event viewer, you should see evvent id 1704 SceCli
    2- try to telnet wsus-computer 80     (or port 8530 ) , it should success and session should open.
    3- check that automatic update service are started and automatic
    4- you can stop this automatic update service and delete folder content of (%windir%\SoftwareDistribution), then start service again and run cmd: wuauclt /detectnow   then see if updates sync from wsus.



    Monday, April 20, 2009 9:26 PM