Deploy-Software-Updates-Using-SCCM-2012-R2-Snap17.jpg' alt='Sccm Patch Deployment Best Practices' title='Sccm Patch Deployment Best Practices' />SCCM Configmgr 2. Troubleshoot Client software update issues. One of most important and critically used feature in configuration manager 2. Software updates. It is always challenging and import task for any sccm administrator to achieve good patch compliance success rate within the given SLAService level agreement. Patch compliance success rate is depends mainly on heath of your SCCM clients and some times things may go wrong even though sccm client is healthy able to receive applicationspackages and performing inventory except patches. I have created lot of SSRS reports on software update compliance out of many,one of the widely used report is get the patch compliance status of software update group for specific collection with linked report to get the computers with unknown and required status for troubleshooting to check when was the last hardware,last software scan,last user ,OS etc. Coming to the subject line, I have been seeing many questions on the configuration manager forums and social networking sites on software update patching issues. Client getting packages ,applications but not software updates. Most of the clients receiving deployed software updates but still few do not get. Clients not detecting software updates. Sccm Patch Deployment Best Practices' title='Sccm Patch Deployment Best Practices' />In this post we will look at the steps on how to deploy software updates using SCCM 2012 R2. Deploying the software updates for the computer. This post presents how to create an automatic deployment rule on System Center Configuration Manager. This part describes some SCCM software update best pratices to manage Microsoft updates. Client log says patches not required but sccm report says ,updates required. Software update failing to install ,how to fix  7 I have added patches to the existing software update groupdeployment and these newly added patches not deploying successful and many more. The solution for the most of the above issues can be identified and solved by analyzing the the client logs before we do in depth troubleshooting. In this blog post SCCM 2. Troubleshoot software update client issues,I will explain you the basic troubleshooting steps only on client side which will help you to resolve issues on your own by analyzing the logs and take it further afterwards. Add Disk Drivers To Winpeshl. Before we jump into the troubleshooting,I would like to illustrate the main components which are involved in deploying software updates. When you enable software update agent setting in client agent settings,a policy will be created with this setting and stored in SQL Database. So when client initiate machine policy,it communicate with management point which includes the software update client feature installation instructions to be installed or applied on the client. In this process, Client will create local GPO with WSUS Settings by leaving automatic updates. If you do not  disable automatic updates Via GPO leaving the door open for the WUA to do things on its own outside the control of Config. Mgr including installing any updates approved directly in WSUS including new versions of the agent itself which are automatically approved and rebooting systems which have a pending reboot. Neither of these is desirable in a Config. Mgr managed environment and thus the recommendation for disabling automatic updates. As for the rest of the Windows Update GPO settings, they are meaningless in the context of Config. Mgr so it doesnt really matter what you set those to if you disable automatic updates,more from here. If you choose to create a GPO for WUA, you must configure the Windows Update Server option to point to the active software update point server in the site or location. If there is an existing GPO that was intended to manage standalone WSUS prior to implementing Configuration Manager in your environment, the GPO could override the local GPO created by Configuration Manager, which can cause issues when the software update client tries to communicate with the software update point server. Updated on 03022015 Relevant to SCCM 2012 including R2 For an SCCM 2007 version of this article, go to httphayesjupe. Best Practices to Capture an Image for Deployment Alexandr May 15, 2015. Bk Precision 1601 Manual there. Thanks for your article Nice information for deployment specialists Reviewers guide june 2017 vmware airwatch windows 10 unified endpoint management reviewers guide vmware airwatch 9. Software update Components involved are 1. Windows update agent WUA2. Software update client agent from SCCM3. Windows management instrumentation WMINote Make sure you disable the automatic updates via GPO,further reading http blog. Windows Update agentWUA is responsible for scheduling and initializing scan, detection, download, and install of updates on the client machine. WUA Agent is an implanted service in a Windows service SVCHOST. Windows Update which you can see from services. If you disable WUA Agent, software update agent will not function correctly. So it always recommended to not disable this service. Software update client agent from SCCM When you enable the software update agent,it will install 2 actions on the client 1 Software update scan cycle 2 software update deployment Evaluation Cycle. Software Update Scan Schedule This action perform the software update scan along with WUA against the Microsoft update catalog, which occurs every 7 days by default. Deployment evaluation This action Initiate the software update deployment to start download and install the updates. Note when you create software update deployment with deadline for ex at 4. PM ,the actual time that software update client start updating the installation is depends on on setting disable deadline randomization located in the Computer Agent client settingsA delay of up to 2 hours will be applied with deadline time to install required software updates. This randomization prevents all software update clients from starting update installations at the same time This setting is disabled by default. More info,read https technet. MSPPError 2. 14. If you enable this setting,then the deployed software updates will be installed with deadline what you set i. PM based on Client local time or UTC. It is also good to know the patch compliance states which are sent as state messages by client to site server. Patch compliance is calculated based on these 4 states. Installed This means the software update is applicable and the client already has the update installed. Not Required This means the software update is not applicable to the client. Required This means the software update is applicable but is not yet installed. Alternatively, it may mean that the software update was installed but the state message has not yet been sent to to the site server. Unknown This means either that the client system did not complete the software scan or the site server did not receive the scan status from the client system. Enough theory, Lets have a look at client troubleshooting steps. Note Client logs can be found at windirccmlogs ,if you have not changed the default path. There are many logs on the client which help you to troubleshoot client issues,but we only look at important logs what is required for software updates. First log to check is locationservices. This log is used to check the correct software update point has been detected by the client. You can also see the management point and distribution point entries from this log. Windows update agent windows update service will contact WSUS SUP for scanning and if is successful,a state message will be sent to site server confirming that,software update scan is completed successfully which can be seen from this log. Get the report to know the software update scan results from here. For some reason,if you dont see the successfully completed scan message,you should start troubleshooting from this log based on the error. You can get the error description from CMTrace. Copy the error code and use ctrlL Error lookup from your cmtrace. If WSUS entries are not set correctly or having any issues locating the correct WSUS,you can set WSUS entry manually or script. Further troubleshooting is required.