none
Deploying Security update to 2012 R2 through ConfigMgr. RRS feed

  • Question

  • Hi,

    I have create a software group for all critical and security updates and then deployed to the Windows 2012 R2 collection. however some of security/critical updates has got installed manually even they are showing as not required on SCCM deployment. 

    further, when I had deployed the software updates as available, there are around 4 updates showing as missing and they has showed on software center in client pc. even if I taken one of security update and check on the WMI database on a client pc, that also showing as applicability=1 (not required). However same update that I check deployed manually, It has successfully installed. I have manually checked and installed KBKB4512489. That's not superseded update either. 

    I have checked log filed related to software update deployment and still didn't find any errors. so far I didn't find any errors on policyagent.log, policyevaluator.log, scanagent.log, updatesdeployemnt.log, updateshandler.log, and updatestore.log

    below I have attached some of screenshots for the referencing.

    appreciate the help on this.

    


    Thanks, 

    Dialn


    • Edited by Dilanmic Sunday, January 26, 2020 6:22 AM correction
    Sunday, January 26, 2020 4:33 AM

Answers

  • Hi Dialn,
     
    From the information you provided, I notice Windows server 2012 R2 updates showing as not required on SCCM deployment
     
    In general, products that are beyond their support lifecycle are not supported for use with any version of Configuration Manager as clients or in server roles. As the end of support date Windows server 2012 R2 is on 10/9/2018., they will no longer be tested nor supported with Configuration Manager. So they are no longer showing up as required. The patches are still being developed by Microsoft in the extended support lifecycle, but the machine won't actually recognize that the patch is required unless it has the extended support license. Also we need to make sure the  Configuration Manager is with latest released version of current branch. We can cee more details in the following link:
    https://techcommunity.microsoft.com/t5/configuration-manager-blog/extended-security-updates-and-configuration-manager/ba-p/825618
     
    For our situation, we suggest to upgrade our Windows server to Windows server 2016 Standard/Datacenter or higher version which is in the support lifecycle to make it work.
     
    Hope it can help.
     
    Best regards.
    Crystal

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Dilanmic Thursday, January 30, 2020 12:22 AM
    Monday, January 27, 2020 4:44 AM

All replies

  • Hi Dialn,
     
    From the information you provided, I notice Windows server 2012 R2 updates showing as not required on SCCM deployment
     
    In general, products that are beyond their support lifecycle are not supported for use with any version of Configuration Manager as clients or in server roles. As the end of support date Windows server 2012 R2 is on 10/9/2018., they will no longer be tested nor supported with Configuration Manager. So they are no longer showing up as required. The patches are still being developed by Microsoft in the extended support lifecycle, but the machine won't actually recognize that the patch is required unless it has the extended support license. Also we need to make sure the  Configuration Manager is with latest released version of current branch. We can cee more details in the following link:
    https://techcommunity.microsoft.com/t5/configuration-manager-blog/extended-security-updates-and-configuration-manager/ba-p/825618
     
    For our situation, we suggest to upgrade our Windows server to Windows server 2016 Standard/Datacenter or higher version which is in the support lifecycle to make it work.
     
    Hope it can help.
     
    Best regards.
    Crystal

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Dilanmic Thursday, January 30, 2020 12:22 AM
    Monday, January 27, 2020 4:44 AM
  • Hi

    As Crystal said upgrade your windows server to 2016 and make sure you use the latest SCCM CB version.

    Also check if you have installed the latest SSU

    Monday, January 27, 2020 7:43 AM
  • Thank you very much.

    Thanks,

    Dilan

    Thursday, January 30, 2020 12:22 AM
  • Hi Dialn,

    Thanks for marking our reply as answer. I am glad that the information can help. If there's anything we can help in the future, feel free to post in our forum.

    Have a nice day!

    Best regards.

    Crystal


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 30, 2020 5:07 AM