Skip to main content

Software Update Management- SCCM 2012

The below post explains the end to end process of software updates management in SCCM 2012 Pre-requisites: 1.  WSUS Server (WSUS 3.0 SP2 ) should be installed on the SCCM site server or if you want to install WSUS on another server, it is important that you install WSUS administration console as the SCCM Server uses API. This  link explains the step by step procedure to install WSUS 3.0 SP2 2. Install SUP-Software Update Point on the SCCM Server . 3. Reporting Services Point: Install reporting services point role as described in this link . 4. Client agent: The software update client agent should be enabled(will be enabled by default) and the settings have to specified as per the requirement. On SCCM console, go to Administration>Site Configuration>Client settings>Right click on Default client settings> Click on Properties. If required, we can create custom client settings and then enable client settings for that settings. ...
4 comments

Automatic deployment Rules in SCCM 2012

The below post explains the step by step creation of Automatic deployment rule for Software update management in SCCM 2012.

1.  Open SCCM Console, go to Software Library> Software updates>Automatic Deployment rules> right click and select “Create Automatic Deployment rule” to kick start the Automatic Deployment rule wizard.

2.   General tab:
Under General tab, provide the below information appropriately.
a)      Name: Enter the unique name for the ADR(Automatic Deployment Rule), here it is Windows 7 updates.
b)      Description: enter the description
c)       Template: There is no separate node for Deployment template in SCCM 2012; instead it is available here in general tab of the ADR wizard. Click on Manage template or select the template from the drop down menu. We can create a new template at the end of the ADR wizard by clicking on save template. Here, I have selected Patch Tuesday to deploy the Windows 7 updates.
d)      Collection: Click on Browse and select the appropriate intended collection to be targeted, here it is “All Windows 7 Systems”.
e)      Software update group: Software update group is almost similar to our Update lists in SCCM 2007. We can create a software update group from here and use it at a later stage when required.
Here, I have selected “Create a new software update group”.
If Add to an Existing Software Update Group is selected, a brand new group will be created the first time the Auto Deployment Rule is run and every time the rule runs after that the new updates are added to that group.
f)       Enable Deployment rule: the last option if checked enables and runs the Automatic Deployment rule that is being created. If not selected, manually we can deploy the software update group created.
Click Next.



         3.    Deployment Settings:

On this tab, we have options to

a)      Wake On LAN: Use Wake On LAN to wake up clients for required deployments, select this if Power management is in use.
b)      Detail Level: From the drop down menu, we can select the level of detailed messages that clients have to report, I am going with “Only success and error messages”
c)       License agreements: Select the option as shown below to approve any license agreements and deploy the software updates automatically.


4.       Software Updates

This tab is equivalent to Search folders node of SCCM 2007, we can select Article ID, Bulletin ID, and Product etc.
I have selected Product and the filter as Windows 7.


5.       Evaluation Schedule:

Here, we can specify the schedule for the rule to run. We can schedule it to run automatically, customize it or make it run manually.
As the Monthly patch deployment template is selected, run the rule on a schedule selection will make the rule to run every 30 days.
I am going with the option “Do not run this rule automatically”.


6.       Deployment Schedule:

This deployment schedule is similar to SCCM 2007, we can modify schedule and also make the deployment mandatory in these settings.
a)      Schedule evaluation: Select UTC or client local time here.
b)      Software available time: Select when the software updates are available after the created rule is run.
c)       Installation deadline: This is equivalent to mandatory schedule that was available in SCCM 2007, set a deadline for the updates to be installed.
                Here, I am going with the default values.


7.       User experience:

This is a new tab in SCCM 2012 where we define the settings for the user experience.
The three things that can be defined in this tab are

·         User visual experience- select whether to display or hide in Software center and other notifications
·         Deadline behavior-select whether to install that software and/or system to restart when the installation deadline defined previously in the deployment schedule tab.

·         Device restart behavior- Select the “Servers” or “Workstations” restart to be suppressed.


8.       Alerts:
Here, we define the settings to generate an alert if the compliance goes below a certain standard level.



9.       Download settings: this is similar to SCCM 2007 Download settings tab where we can set the download behavior when a client is within a slow or unreliable boundary.
We now have an option to download the updates directly from Microsoft update if the software updates are not available on DPs.

Change the settings as required and click next.



10.       Deployment package:

Create a new deployment package or select an existing one if it is already created before.

Here, I am creating a new deployment package. Enter the details appropriately, select the sending priority and click next.
Note that a shared folder has to be created for downloading the patches.( \\SCCM12\SUP\)


11.       Distribution Points: Here is where the distribution points are added. Just  click on the add button and select the DP’s applicable to this deployment.


12.       Download location: Specify from where the updates have to be downloaded, whether from internet or from a already downloaded location.

Here, I have selected Internet option. Click Next.

13.       Language selection:

Select the applicable languages from here, I have selected English here. Click Next.


14.       Summary:
Review summary and also there is an option to save the template (i.e. deployment template in SCCM 2007). It can be saved for further usage and will be available on Template option under General tab of any Automatic Deployment Rule wizard going forward.
Click on “Save As template” as shown below and enter a name for the deployment template. (Here it is a Windows 7 template). Change any settings if required and Click Save to save  the template.
Click Next to proceed to completion.


15.       Completion: On the completion page, a successfully completed message appears. Click close to complete the wizard.


Executing the Automatic Deployment rule:

1.       The newly created rule is available under “Automatic Deployment Rules” node as shown. We can run it now.

 2.       Right click on the rule and select “Run now” and click OK on the pop window.


3.       The log file that can be used for troubleshooting is ruleengine.log
Location: Configuration Manager Installation directory\Logs folder

It will show the downloading of the software updates that are specified within the rule. It checks for software groups and if not found, creates new software update groups.



4. Once the updates are downloaded, it will look for an existing software update group. If not found, it will create a new software group and it appears in the console node of Software update groups as shown below.

From here, we can deploy and check the status of the deployment.

Comments

Post a Comment

Popular posts from this blog

Registering SPN for SQL Server for SCCM

If using a domain account to install SQL server 2008 R2 for SCCM, you have to register a SPN (Service Principal Name) in Active Directory for that domain account. Two SPNs for the account should be registered,     1. For NETBIOS name of the SQL Server     2. For the FQDN of SQL server. The procedure to do that is as follows 1. Log on to a domain controller; open a command prompt with administrative privileges. 2. Type the below commands replacing SQL server name. setspn –A MSSQLSvc/< SQL Server NETBIOS name >:1433<Domain\Account> setspn –A MSSQLSvc/< SQL Server FQDN >:1433 <Domain\Account> 3. As shown in the below screenshot, the server name here is  CM2012 for NETBIOS name and CM2012.CONTOSO.COM 4.  Verify the registration of SPN by typing the below command Setspn –L  <domain\account>
1 comment
Read more

Consistency validation for SQL Server registry keys failed error -SQL for SCCM

During installation of SQL server, "Consistency validation for SQL Server registry keys failed” error pops up in the below scenarios. 1.   Previous installation of SQL exists. 2.   Inappropriate permissions on the registry keys of Microsoft SQL server. Solution that worked me is explained below. A. Identify the issue: 1. Go to %Program Files%\Microsoft SQL Server\100\SetupBootstrap\Log\”date  and time of installation” 2. Search (in Detail_GlobalRules.txt) for lines containing the following string "Could not fix registry key" 3. Run “regedit”, s et full control permissions for the appropriate registry keys mentioned in "Detail_GlobalRules.txt" file. Re-run the installation. B. Modifying the registry: 1. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server in registry. (To open registry, run “regedit”) 2. Right click and go to Permission 3. Click on Advance tab and c heck the below options.     i. Include i...
6 comments
Read more

SQL Queries for SCCM Sites

The below queries are useful for assessing the site and hierarchy information from SCCM Site servers. 1.Site Roles select SiteCode , RoleName , ServerName from SysResList 2.Hierarchy information including site version select * from sites 3.Total Secondary sites select CAST ( Version as varchar ) 'Category' , count (*) 'SiteCount' from v_Site ( NOLOCK ) where Type <> 1 group by Version UNION select 'Total Primary Sites' 'Category' , count (*) 'SiteCount' from v_Site ( NOLOCK ) where Type <> 1 ORDER BY Category DESC 4.Client count by site select sms_assigned_sites0 , count ( distinct name0 ) from v_RA_System_SMSAssignedSites ass join v_R_System sys on ass . resourceID = sys . resourceID where client0 = 1 and obsolete0 = 0 and active0 = 1 group by sms_assigned_sites0 order by count ( distinct name0 ) desc 5.MP Communication Status in last 7 d...
2 comments
Read more