The below post explains the end to end process of software updates management in SCCM 2012 Pre-requisites: 1. WSUS Server (WSUS 3.0 SP2 ) should be installed on the SCCM site server or if you want to install WSUS on another server, it is important that you install WSUS administration console as the SCCM Server uses API. This link explains the step by step procedure to install WSUS 3.0 SP2 2. Install SUP-Software Update Point on the SCCM Server . 3. Reporting Services Point: Install reporting services point role as described in this link . 4. Client agent: The software update client agent should be enabled(will be enabled by default) and the settings have to specified as per the requirement. On SCCM console, go to Administration>Site Configuration>Client settings>Right click on Default client settings> Click on Properties. If required, we can create custom client settings and then enable client settings for that settings. Unde
The below post explains the end to end process for patch deployment through SCCM.
Pre-requisites:
1. WSUS Server (WSUS 3.0 SP2) should be installed on the SCCM site server or if you want to install WSUS on another server, it is important that you install WSUS administration console as the SCCM Server uses API.
The link below explains the step by step procedure to install WSUS 3.0 SP2
2. Install SUP-Software Update Point on the SCCM Server.
3. Component Configuration:
If any changes have to be made to software update component configuration, we can do this from component configuration node> software update point component>properties> select the tab for which the changes have to be made appropriately.
4. Client agent: The software update client agent should be enabled and the settings have to specified as per the requirement.
Enable the "software update client agent"
The following 2 log files can be checked for verifying proper configuration of SCCM with WSUS.
a] WSUSCTRL.LOG- Provides information about the configuration,
database connectivity, and health of the WSUS server for the site.
Search string: "There are no unhealthy components"
Location: Configuration manager Installation Directory/ Logs folder
b] WCM.LOG-
Provides information about the software update
point configuration and connecting to the Windows Server Update Services (WSUS)
server for subscribed update categories, classifications, and languages.
Search string : Successfully connected to server. Verify upstream server etc..
Location: Configuration manager Installation Directory/ Logs folder
The server set up is now ready for sychronizing,deploying and managing updates from SCCM Server.
It covers the following aspects of patch deployment:
1. Software update synchronization
2. Creating an update list
3. Creating a deployment package
4. Creating a deployment template
5. Deployment of software package
1.Software Update Synchronization:
Microsoft releases security updates on 2nd
Tuesdays of every month. We have to sync the patches with the Microsoft update .
The synchronizing procedure is as follows -
Log in to SCCM Server -> go to computer management -> Software updates -> Click on update repository -> click on run synchronization.
And Click Yes on the prompt.
The synchronization process can be checked in WSYNCMGR.LOG
Location: Configuration manager Installation Directory/ Logs folder
Search Status codes:
- 6702 for success
- 6703 for failure
- 6701 for starting of the sync process
- 6704 in process
Once the synchronization process is complete, the metadata is downloaded and segregated within Update repository as shown.
2. Creating an Update List:
We select the required patches from the Update repository metadata and create a list of the updates called "update list" . these updates are then populated within "Update list" node.
Here, I am selecting MS04-041 Win XP Updates.
In SCCM Console, Go to computer management ->
software updates -> update repository ->Security updates ->Microsoft.
On the right side pane,select the required patches.
After selecting patches, click on
update list.
Select “Create a new update list” and
name the update list accordingly. Click next.
Click Next, review summary, Summary tabs and click on close to complete the Update list wizard.
The update list has been created now and next we are going to create a package of these updates.
3. Creating a Package:
In order to create a package for these updates, we would need source files for these updates similar to source files required for Software distribution.
The only difference is that the software updates are downloaded real time when required from the Microsoft update site.
To store source files, create a shared folder with read and write permissions.
Here, I have created a shared folder " WindowsXPupdates" .Select this location for downloading the patches and create folders as per requirement.
\\SCCM1\WindowsXPupdates will be the shared folder here.
Select the update list that you created, and click on download software updates to download the patches into the folder created in the previous step.Under "Deployment Package" tab, select "Create a new deployment package" , enter the name appropriately and enter the package source( that is the shared folder we created earlier) Click Next.
Distribution Point tab: Click on Browse and select the
appropriate distribution points where this update package has to be
distributed. Click Next.
Data access tab: Select the Access through common configmgr
package share (nothing but SMSPKGX$ where x is the drive letter)
Click Next.
Distribution Settings tab: Here, the priorities can
be selected.Leave default settings and proceed.
Click Next
Download Location tab: Specify whether to download
the updates from internet or any other server where these updates have already
been downloaded in case if there is no direct internet connection.
Language selection tab: Select the languages here for the software update files to be downloaded.
Click Next, review the summary
and click on close to complete the wizard.
On the progress tab, it will take some time depending
on the number of updates you have selected to download for provisioning them.
After sometime, you will get a success message as
shown below and the patches will be downloaded to the shared folder that you
have specified.
Go to the computer management -> software updates ->
Deployment packages. Your package will appear there. And also confirm whether the package has been
distributed to the required distribution points as shown below.
Now that the package has been created, we can deploy it to clients using two methods:
* associate it with a deployment template
* deploy directly without creating a deployment template.
We can use deployment templates to save time the next time if we want to deploy updates to the same set of client computers.
4.Create a deployment template:
In deployment template, we can specify the following settings that will be common and help us next time when we want to deploy software updates to client computers which require same parameters.
* Collection
* Display and time settings
* Restart settings
* Download settings
Go to computer management -> software updates
-> Deployment templates -> new deployment template.
On the Deployment template wizard,
Template name tab: Enter the name for the template and description.
Collection TAB : Browse the appropriate collection, here I have selected "All Windows XP Systems"
Display/Time settings: Here, the display and time settings can be specified as desired.
Restart settings: Specify whether the restart is allowed on servers and workstations and also to allow system restart outside the maintenance window.
Event generation tab is applicable only if you have MOM or monitoring set up implemented, click next to proceed to download settings.
Download Settings: Specify how the client behaves when it is in slow or fast boundary i.e. whether it should download from the DP or to NOT to install.
We can also specify the behavior of the client when it is in protected DP.
On SMS 2003 settings tab, click next or select appropriate option as per your infrastructure requirement.
Click Next and then close to complete the template wizard.
Now, the deployment template is created and ready to be associated with deployment package.
5. Deployment of software update package:
Go to the computer management -> software
updates -> update list -> select the update list that has been created in
the previous steps, and click on Deploy Software Updates from Actions pane.
Deploy software update wizard opens up. Under General tab, enter the name and description.
Deployment
template tab: Select the deployment template that was created
in the previous steps. It is just simply associating the existing template instead
of specifying all the common parameters mentioned previously in the deployment
template.
Schedule tab: This is where you define the date and time settings i.e. when to make
the software update package program available on the client computers.
We can set deadlines and also control how it
behaves during maintenance windows.
To make the program available immediately to client
computers, select “As soon as possible”.
The only setting that you need to specify when deployment schedule is used is SCHEDULE.
Click Next, review summary and click on close to
complete the wizard.
Deployment status of the software update:
To check for the status of the software update, go
to the computer management -> software updates -> Deployment management
-> select the corresponding advertisement and click on software update.
Select any one of the bulletin IDs and view the deployment status as shown
below.
This is a typical software update process, however settings can be modified as per the requirements.
For better administration, it is recommended to create search folders.
Comments
Post a Comment