Software update management
104 TopicsPlanning a 24H2 in-place upgrade from 23H2 using Feature Update:
I'm planning to roll out Windows 11 24H2 as an in-place upgrade from 23H2 using Feature Update in Microsoft Config Manager (SCCM). I'm considering the following approach: I will use the Task Sequence to upgrade the devices from 23H2 to 24H2 using Feature Update. WHY Task Sequence: I also want to update the drivers and bios of the system and take the opportunity to update the devices (see screenshot for more information). Any advice, sample Task Sequence or best practices from anyone using the similar upgrade process would be greatly appreciated. Thanks in advance!492Views0likes0CommentsSCCM Server fails Windows 11 24H2 upgrade package download
SCCM Server 2403 fails Windows 11 24H2 upgrade package download (both 2024-09B and 2024-10B). Running MP, DP, Site and WSUS database, several other roles on the same Windows Server 2022 VM. Running SUP/Wsus on another dedicated VM in the same subnet. When running ADR, GUI shows error message: 0x87d20417 ADR rule download failed When downloading the updates manually to new deployment package, error message: Failed to download content id 666666666 Cannot create a file when that file already exists Here is a sample from Patchdownloader.log file: Downloading content for ContentID = 18696696, FileName = professional_en-us.esd. Software Updates Patch Downloader 09.10.2024 13:26:50 11808 (0x2E20) Proxy is enabled for download, using registry settings or defaults. Software Updates Patch Downloader 09.10.2024 13:26:50 11808 (0x2E20) Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-" Software Updates Patch Downloader 09.10.2024 13:26:50 8052 (0x1F74) Download file size : 553783259 bytes Software Updates Patch Downloader 09.10.2024 13:26:50 8052 (0x1F74) Downloadhttp://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esdin progress: 10 percent complete Software Updates Patch Downloader 09.10.2024 13:26:51 8052 (0x1F74) ....... Downloadhttp://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esdin progress: 90 percent complete Software Updates Patch Downloader 09.10.2024 13:27:00 8052 (0x1F74) InternetReadFile() return true and pdwNumberOfBytesRead equals to 0, but ulTotalFileRead=553703152 still less than ulFileSize=553783259, treat it as a retriable error. Software Updates Patch Downloader 09.10.2024 13:27:01 8052 (0x1F74)InternetQueryDataAvailable return code = 183- Can still retry for 3 times. Will retry in 10 seconds. Software Updates Patch Downloader 09.10.2024 13:27:01 8052 (0x1F74) the same kind of error is logged for several other files related to the upgrade package, but not all. Downloading using Edge browser on the same machine directly from url "[http://dl.delivery.mp.microsoft.com/filestreamingservice/files/75ac9ad5-f29b-4e95-af3f-8a321bd39b92/public/professional_en-us_98014c58afbd29a57aed4f5eb6819f5cc5bce4a4.esd]" works fine, so it should not be a connectivity issue. Downloading Windows 1123H2 upgrade package works fine. Has anybody else faced the same issue?345Views0likes0CommentsWSUS/SUP Updates download from a network partially connected to internet.
Morning, sorry if this topic was answered before but I was not able to find a post. We are setting a highly private network with minimal access to internet. The way we are setup is that the MECM servers have almost no access to internet. Server CCM-01 is the primary site server with a WSUS console installed on it. He can access resolve internal names only (DNS on DC). Server CCM-02 is the DP-MP-SUP that will deserve all clients. WSUS and SUP installed on it and can resolve internal names only (DNS on DC). Server CCM-03 is the upstream server for WSUS so it has WSUS and SUP role on it. He can resolve external and internal DNS names and can connect to internet as well. The metadata is synching as supposed to but when trying to download an update, I have an errorERROR: DownloadUpdateContent() failed with hr=0x80072ee7. I see in the logs that the Primary Site Server is not able to resolve external DNS names. We made that happen but I was still getting the download error. I was thinking that the primary site server would make the update download from the upstream WSUS server. Am I right? What would be the right way to do it?216Views0likes1CommentInvalid certificate signature in ConfigMgr Software Update ADR (2309)
Hi. We are getting the following error in "PatchDownloader.log" when attempting to download the latest January 2024 CU and feature updates (23H2) for Windows 11 on the site server (through ADR): Authentication of file C:\WINDOWS\TEMP\CAB2BC8.tmp.cab failed, error 0x800b0004. And in ConfigMgr console: Invalid certificate signature (0X80073633) Attempting to download the file manually from a browser on the site server results in "NET::ERR_CERT_COMMON_NAME_INVALID", as it points to an akamai CDN of some sort (this error does NOT appear on other servers\clients). Not sure if this is part of what the site server validate during patch download, but continuing manually past the certificate error in the browser leads to another error: <h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>0Hlu3ZQAAAAAFiFHUfJk7RI/HjL44V91yU1RPRURHRTEyMTAARWRnZQ== Is some part of our ConfigMgr-site not validating CDN downloaded cabs after january, or is some part of Microsoft's CDN configured wrong? Or does this CDN possibly have a corrupt version of the file? Can we reset the CDN used by the patch downloader in some way, so it could try a different server? This is one of the cabs in question: http://dl.delivery.mp.microsoft.com/filestreamingservice/files/6154c6f8-b347-4928-8d96-8d185ef53f55/public/fodmetadata_client_792b7158195bd67711324cd21791150c5a8b3264.cab I have also tried importing the code signing certificate in the CAB-file manually to "Trusted Publishers" and "Trusted Root Certification Authorities", but it has had no effect. Other things I have tried: - Deleting update source files for it to redownload (download does seem fine, maybe only code validation is failing?) - Flushing DNS on site server and rebooting (in an attempt to change CDN server if that could be the cause).1.9KViews0likes2CommentsSoftware updates postponed
Hello When I deploy software updates, the result is that they are postponed, for 5 or 6 days. I attach the picture with the situation, as it is seen on a client's Software Center. I cannot find where I can change that setting, where I can cancel that delay setting. Could someone point me where to look for that setting?177Views0likes0CommentsMedia Feature Pack installation
Hi all we are installing Windows 11 Enterprise N version. But with this version camera in teams is not working. So, i try adding it by Add-WindowsCapability. Devices are managed by SCCM and have CIS implemented. I try trick with Set-ItemProperty -Path HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name UseWUServer -Value 0 and restart WSUS service this not working. I try set GPO - Download repair content and optional features directly from Windows Updates instead of Windows Server Updates Services (WSUS). When i uninstall SCCM client all is working fine. When i check CBS logs : 2024-08-15 08:31:47, Info CBS Exec: Clients specified using Windows Update. 2024-08-15 08:31:47, Info CBS Perf: Entering stage: Downloading 2024-08-15 08:31:47, Info CBS FLOW: Entering stage: Downloading 2024-08-15 08:31:47, Info CBS FC: Calling Download on WUClient Acquirer 2024-08-15 08:31:47, Info CBS FC: FCAcquirerWUClient: Calling WindowsUpdateDownloadFromUUP 2024-08-15 08:31:47, Info CBS FC: FCAcquirerWUClient: WULib Mode Complete: [0] 2024-08-15 08:31:47, Info CBS WU: Update service is not default AU service, skip. URL:https://fe2cr.update.microsoft.com/v6/, Name: Microsoft Update 2024-08-15 08:31:47, Info CBS WU: Update service is not default AU service, skip. URL:https://fe3cr.eu-db.delivery.mp.microsoft.com/, Name: DCat Flighting Prod 2024-08-15 08:31:47, Info CBS WU: Update service is not default AU service, skip. URL:https://fe3cr.delivery.mp.microsoft.com/, Name: Windows Store (DCat Prod) 2024-08-15 08:31:47, Info CBS WU: WSUS service is the default, URL: (null), Name: Windows Server Update Service 2024-08-15 08:31:47, Info CBS Windows Insider Program: Current settings: Content type: (null), Build branch: (null), Ring: (null), Build Flighting Enabled: No 2024-08-15 08:31:47, Info CBS WU: Group policy setting windows update server source to: 2 this is no SCCM machine 2024-08-15 07:47:01, Info CBS Exec: Clients specified using Windows Update. 2024-08-15 07:47:01, Info CBS Perf: Entering stage: Downloading 2024-08-15 07:47:01, Info CBS FLOW: Entering stage: Downloading 2024-08-15 07:47:01, Info CBS FC: Calling Download on WUClient Acquirer 2024-08-15 07:47:01, Info CBS FC: FCAcquirerWUClient: Calling WindowsUpdateDownloadFromUUP 2024-08-15 07:47:01, Info CBS FC: FCAcquirerWUClient: WULib Mode Complete: [0] 2024-08-15 07:47:01, Info CBS WU: Microsoft Update service is the default, URL:https://fe2cr.update.microsoft.com/v6/, Name: Microsoft Update 2024-08-15 07:47:01, Info CBS Windows Insider Program: Current settings: Content type: (null), Build branch: (null), Ring: (null), Build Flighting Enabled: No 2024-08-15 07:47:01, Info CBS WU: Group policy setting windows update server source to: 2359Views0likes1CommentGetting "Access Denied" for Windows Updates
Hey there, I have an SCCM (v2303) environment managing ~600 devices for the last 7+ years with a very high success rate (96% or better). Over the last 3 monthly update cycles, I've had a few devices fail to install an update with this error - "Failed to install update(s) - 0X80070005 - Access denied". All of the devices are on an internal network and have been managed by this SCCM instance for over 3 years. Using Software Center to attempt another installation fails but if I clear the cache and re-run the installation after that it usually succeeds. It's only happening on 3-4 devices each update cycle but it's a bit troublesome. Thoughts? TIA ~dgm~446Views0likes0CommentsSCCM Collection Machines Failing Active Patches
I need to build a collection of machines that are struggling to get patches installed successfully. We would like for the collection to be as accurate as possible with the following logic: 1) failed patch status 2) failed patch is not a patch that has not been superseded 3) patch is actively deployed 4) exclude any machine that has a reboot pending status for any patch We do have a collection built using the logic below but feel like this is not specific enough. (select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System as SYS Inner Join SMS_SUMDeploymentAssetDetails as SUM on SYS.ResourceID = SUM.ResourceID WHERE (sum.statustype = 5) and SUM.LastEnforcementErrorCode <> 0) Any direction you can provide on either a sql query to gather this information or better yet actual collection logic code would greatly be appreciated. Thanks, Jason328Views0likes0CommentsSoftware Center Not Updating on certain devices
I have a new build of MECM. I created 7 devices that have different OS's on them. They are in Active Directory and Discovery Found them. The agent is installed on all 7 with a green check box next to them in the console. They are all in a device collection, recognized by the Client Settings. I modified the Software Center to resemble the colors of our company and logo. On some of the above devices, the new Software Center shows. On the others, it is the generic one that comes out of the box. Strange is that I built 2 Windows 10 machines, one x64 the ohter x86. The X64 has the new center where the x86 has the old. Server 2012 R2 and 2022 have the correct center but 2016 and 2019 do not. How best to diagnose this to find out why some are working properly and other are not?2.9KViews0likes14Comments