none
SCCM Clients on new environment not installing deployed updates RRS feed

  • Pertanyaan

  • Good Morning,

    I have setup a new SCCM environment that has a single management point that has the SUP role installed. There are 2 separate DPs. No CAS. 

    I have move about a 100 workstations to the new SCCM environment - site code LP1, I have setup. The steps I used was:

    •  Deployed a GPO that updated the site code from P01 to LP1 as a re-deploy of the client did not update the site code.
    •  Once the client reported to the LP1 the clients updated to the latest version.

    The new environment is running on version 1906. Workstations are not installing the updates I have deployed about 2 weeks ago.

    Initially the WUAHandler.log was still looking at the SUP on P01. I have selected all the workstations in the collection and from client notification, I selected Switch to next Software Update Point. When I looked at the WUAHandler.log there was no change. I re-deployed the client with the uninstall switch to see if this will resolve it. I even removed the SUP roles from the CAS and Site Server on P01. Having a look at the WUAHandler.log after the clean install of the client it is still not looking at LP1 for updates:

    <![LOG[CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles]LOG]!><time="07:37:41.805-120" date="09-05-2019" component="WUAHandler" context="" type="1" thread="14436" file="cwuahandler.cpp:3162">
    <![LOG[CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles]LOG]!><time="07:38:51.120-120" date="09-05-2019" component="WUAHandler" context="" type="1" thread="11772" file="cwuahandler.cpp:3162">
    <![LOG[CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles]LOG]!><time="09:52:25.297-120" date="09-05-2019" component="WUAHandler" context="" type="1" thread="18464" file="cwuahandler.cpp:3162">
    <![LOG[CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles]LOG]!><time="10:07:56.025-120" date="09-05-2019" component="WUAHandler" context="" type="1" thread="4596" file="cwuahandler.cpp:3162">

    When I look at Deployments under Monitoring, there are no updates on the ADR for SCEP or any of the WSUS updates that have been deployed, compliance is still on 0.0% on all of the deployments. Distribution Point Group Status shows all packages are distributed correctly. When I look at the Specify Intranet Microsoft Update Service Location on my local machine, the alternate download server is http://localhost:8005 and the rest of the option are blank.

    I have 2 Boundary groups - one that have the Management Point - LP1 and one that have the DPs - DP. The 4 subnets of the site I am testing with have been configured in boundaries, and  is part of both boundary groups. LP1 has the tick box selected for "Use this boundary group for site assignment" and has a relationship with DP that fails over the Distribution Point and Software Update Point after 10 minutes and never fail over management point. DP has a relationship with LP1 that never fail over for DP and SUP points.

    Is there anything I have missed when moving the client from P01 to LP1?

    Kind Regards,

    Stian

    Jumat, 06 September 2019 08.22

Semua Balasan

  • GPO is not required for apply new site code, when you initiate client push from LP1 site, client will automatically changed to new site code, refer the below logs for more details, also monitor the ccmsetup.log for client installation

    Clientlocation and locationservice.log 

    Ensure you have boundary and boundary group configured correctly. 

    Jumat, 06 September 2019 08.50
  • +1, don't use group policy for this as it tattoos values into the registry that are not true policies. I highly recommend that remove the policy and delete the associated values from the registry on each system as that's the only way to get rid of them now. GPRequestedSiteAssignmentCodeGPSiteAssignmentRetryDuration(Hour)GPSiteAssignmentRetryInterval(Min) are the values and they are located in the HKLM\SOFTWARE\Microsoft\SMS\Mobile Client key.

    Next, your SUP needs to be assigned to the proper boundary groups as well as noted by Kaylan. In most environments, this simply means means adding the site system hosting the SUP as a reference to the default boundary group, but that depends on the environment.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Jumat, 06 September 2019 12.35
  • Afternoon Gents,

    I will look into removing the GPO that replaces the site code.

    I have however solved my problem. My DP Boundary Group did not have the DPs specified on the Reference tab under Site System Servers. As soon as I added the DPs my machine updated the local GPO to look at the correct SUP for the LP1 site and monitoring started to report compliance for the workstations.

    Thank you for your assistance, much appreciated.

    Regards,

    Senin, 09 September 2019 10.45
  • > As soon as I added the DPs

    It sounds like your SUP role(s) are co-located with your DP role(s) as your DPs have nothing to do with setting the local GPO for the WSUS instance.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Senin, 09 September 2019 14.50