none
Enforcement State Unknown but updates visible on clients? RRS feed

  • Question

  • Hi all. A strange issue has just appeared in one of our environments with software update deployments. It would appear the report "Enforcement States for a Deployment" is stuck showing clients as "Enforcement State Unknown".

    The clients can see updates no problem at all, so functionally I have no issue. Updates are available and install correctly, but my issue is my deployments are now completely blind in that I have no status updates at all - 4+ days now and the status hasn't changed. I can't see any issue on the client side - StateMessage.log indicates it can successfully forward messages.

    Weirdly, this issue only seems to be affecting Software Update Deployments as software distribution reports are updating their statuses as expected.

    I've checked inboxes for blacklogs and can't see anything too out-of-the-ordinary, and I've also tried the "force state refresh" VBS that's doing the rounds on these boards. I've even tried reinstalling the client and recreating the deployments, but all these actions have me believe the issue is with my SCCM server only.

    Can anyone help me?

    EDIT - The plot thickens somewhat. The report "Evaluation states for a deployment" has just changed to "Evaluation Succeeded", but  "Enforcement States for a Deployment" remains at "Enforcement State Unknown". HELP!


    • Edited by mvjjkc Monday, February 20, 2012 3:33 AM
    Monday, February 20, 2012 3:26 AM

Answers

  • No - my deployments have deadlines and notifications are not suppressed.

    I may abandon this thread is it's not presenting any major difficulty and the updates are available as normal. It's more an annoyance that it has slightly different state message behaviour to my other deployments.

    I'll update this thread accordingly if anything changes for better or worse.

    Thanks again for all the suggestions.

    • Marked as answer by mvjjkc Tuesday, May 22, 2012 4:46 AM
    Wednesday, February 29, 2012 8:49 PM

All replies

  • I have seen the same issue a few times, what I have don to fix it is running a maintenance script on all the clients at a daily basis. Create a package with the script and configure it to run daily. It will force a state update on the client and upload the information to the MP.

    Option Explicit
    On Error Resume Next

    Call RefreshServerComplianceState

    ' WScript.Echo "Finished"

    Sub RefreshServerComplianceState()

        ' Initialize the UpdatesStore variable.
        dim newCCMUpdatesStore
       
        ' Create the COM object.
        set newCCMUpdatesStore = CreateObject ("Microsoft.CCM.UpdatesStore")

        ' Refresh the server compliance state by running the RefreshServerComplianceState method.
        newCCMUpdatesStore.RefreshServerComplianceState
       
        ' Output success message.
    '    wscript.echo "Ran RefreshServerComplianceState."

    End Sub


    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund

    Monday, February 20, 2012 5:26 AM
    Moderator
  • Thanks for the reply Kent, but I have already tried that script as mentioned in the OP.

    The machines in question will change their status to "Compliant" after updates have been installed, but it's a straight jump from "Enforcement State Unknown" to "Compliant", bypassing the expected "Downloading Updates"/"Downloaded Updates" etc.

    I'm probably worrying about nothing, but my other five environments (and 30+ deployments) are not displaying this behaviour.

    Just another question on a slightly different note, do MS security bulletins for excel change the build number? I've had a query regarding Excel installed on two different environments. SCCM states both are compliant but the build numbers are 11.8211.8202 and 11.8342.8341 respectively. Both environments have identical update lists. I'm presuming MS bulletins don't change these build numbers, but can someone confirm this for me?

    Thanks again.

    Monday, February 20, 2012 8:34 PM
  • I think, you need to take a pause and analyse the log files to verify that everything is gng well.

    The below blog posts would help you in doing that,

    http://blogs.technet.com/b/configurationmgr/archive/2010/11/04/information-on-the-configmgr-2007-client-side-process-for-software-updates.aspx

    http://blogs.technet.com/b/sudheesn/archive/2010/11/10/troubleshooting-sccm-part-iii-software-updates.aspx


    Anoop C Nair - @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    User Group:  ConfigMgr Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, February 21, 2012 1:15 AM
  • Hi,

    I saw this situation some time ago and find if “Suppress display notifications on clients” radio button checked on the Display/Time Settings tab of the specific Deployment Management Properties box and in order to do that we also had to set a deadline (on the Schedule tab of the same Properties box).  Without the deadline, I was getting the “Enforcement State Unknown” status.

    Also read this technet document: Software Updates State Messages

    Inside document, we have:

    Enforcement States for a Mandatory Deployment

    When the deadline is reached for a mandatory deployment, client computers create state messages for the following:

    I think enforcement states is designed for mandatory deployment.

    Thanks

    Wednesday, February 29, 2012 7:49 AM
  • No - my deployments have deadlines and notifications are not suppressed.

    I may abandon this thread is it's not presenting any major difficulty and the updates are available as normal. It's more an annoyance that it has slightly different state message behaviour to my other deployments.

    I'll update this thread accordingly if anything changes for better or worse.

    Thanks again for all the suggestions.

    • Marked as answer by mvjjkc Tuesday, May 22, 2012 4:46 AM
    Wednesday, February 29, 2012 8:49 PM
  • rephlexions

    Did you find out the solution for this problem? I have the same problem, I have some computers that recieved the patch  but in report Software Updates - C. Deployment States, they was as Enforcement state unknown, but in logs like WUAHandler I saw that they are install. Somebody knows about this?

    Thanks

    Fernando Cruz

     
    Wednesday, December 19, 2012 6:55 PM
  • No sorry I can't offer any more information. The issue did resolve itself over time and after updates were rolled into my baselines, so I'd guess it had something to do with the deployment itself. Maybe you can try to recreate the deployment again?

    Wednesday, December 19, 2012 8:23 PM
  • I still have the same issue. i am on SCCM 2012
    Wednesday, July 23, 2014 11:07 AM
  • Anyone ever resolve this one?
    Friday, October 31, 2014 4:47 PM
  • Hi - no unfortunately I haven't got a definitive resolution for this, but I've found recreating the deployment fixes the issue for a period of time (and re-occurs again after a few weeks). I opened another thread which has been marked as answered but typically doesn't actually answer the question here.
    Sunday, November 2, 2014 10:56 PM
  • Hi rpxn,Perhaps this discussion would help: http://www.networksteve.com/enterprise/topic.php/SCCM_2012_R2_problem_with_device_deployment_%28user_deployments_OK/?TopicId=68674&Posts=2

    The SQL code resolved my issue. Apparently "corrupt PADBID in the database".

    Thursday, November 6, 2014 10:51 AM
  • Hi - thanks for the suggestion but in my particular case my clients are working fine and policies are flowing correctly. The deployments also work without issue - it's only the reports that show "Enforcement State Unknown". The affected clients can see the deployments correctly and install without issue, but the status for these never changes unless I duplicate the deployment.
    Thursday, November 6, 2014 7:19 PM