locked
Some security updates not deploying to a reimaged client- WSUS says no updates required RRS feed

  • Question

  • SCCM 2012 R2

    In the client WUAHandler.log we have 'No updates were actionable for installation'

    In WSUS the report for the specified client pc has '0 updates have not been installed'

    If we run SCCM report Compliance 5 - specific computer, we get some windows updates with 'is required'

    How do we detect / fix this?

    Also have we missed any required/  best practice recommendations if we need to reimage a pc (not via sccm)

    Thanks

    David

    Wednesday, March 4, 2015 1:40 PM

Answers

  • Ok working now -

    So in updatesdeployment.log:

    Update (Site_816357A7-6CA0-4131-8568-274AEA4CCA80/SUM_2e266803-345b-4ce4-9a27-4819b81e6246) Name (Update for Microsoft PowerPoint 2013 (KB2956149) 32-Bit Edition) ArticleID (2956149) added to the targeted list of deployment ({56558513-6aa6-42db-a072-4feee570e6bd}) UpdatesDeploymentAgent 04/03/2015 15:40:58 2080 (0x0820)

    I ran a manual software updates scan cycle and then a software updates deployment evaluation cycle

    These are set to run every 7 days so I suppose it is possible that the pc won't get the updates for two weeks?  If the pc is off for more than the scheduled interval does it then run the actions asap?

    Thanks

    David

    • Proposed as answer by Joyce L Thursday, March 5, 2015 9:01 AM
    • Marked as answer by Joyce L Thursday, March 12, 2015 9:37 AM
    Wednesday, March 4, 2015 4:46 PM

All replies

  • Missing/required update(s) will get installed automatically if the client is member of a collection where a software udpate group (that contains the missing KBs) is deployed to. That's independent of a client being reimaged. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, March 4, 2015 2:09 PM
  • That's good to know re reimaging

    However we have an ADR software update group that contains the security update and it is targeted at a collection that includes the problem pc

    If WSUS disagrees about whether the update get deployed, will it actually get deployed?

    Thanks

    David

    Wednesday, March 4, 2015 2:25 PM
  • Examine Updates*.log on the client and don't use WSUS reports. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, March 4, 2015 3:02 PM
  • Ok working now -

    So in updatesdeployment.log:

    Update (Site_816357A7-6CA0-4131-8568-274AEA4CCA80/SUM_2e266803-345b-4ce4-9a27-4819b81e6246) Name (Update for Microsoft PowerPoint 2013 (KB2956149) 32-Bit Edition) ArticleID (2956149) added to the targeted list of deployment ({56558513-6aa6-42db-a072-4feee570e6bd}) UpdatesDeploymentAgent 04/03/2015 15:40:58 2080 (0x0820)

    I ran a manual software updates scan cycle and then a software updates deployment evaluation cycle

    These are set to run every 7 days so I suppose it is possible that the pc won't get the updates for two weeks?  If the pc is off for more than the scheduled interval does it then run the actions asap?

    Thanks

    David

    • Proposed as answer by Joyce L Thursday, March 5, 2015 9:01 AM
    • Marked as answer by Joyce L Thursday, March 12, 2015 9:37 AM
    Wednesday, March 4, 2015 4:46 PM
  • Hi,

    You could check the blog below that describes ConfigMgr 2012 Windows Update Client Process.

    http://blogs.technet.com/b/configmgrdogs/archive/2014/06/30/configmgr-2012-windows-update-client-process.aspx

    Best Regards,

    Joyce


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 5, 2015 9:01 AM