This guide will show you how to configure SCUP and deploy 3rd party updates(Adobe, Flash Player) With Microsoft Updates via SCCM 2012 using SCUP plus software update catalogs.
Managing 3rd Party Updates in SCCM 2012 using SCUP
1- Installing and configuration SCUP 2011
It’s required to publish the updates to WSUS in order to deploy them through SCCM.
First we have to install SCUP, that could be install on “Software Update Point” or you can install on remote machine where SCCM console is running.
a- Download the SystemCenterupdatesPublisher.msi from Microsoft.
b- Install this MSI with run as administrator on “Software Update Point” (in my case).
c- Will launch the installation wizard.
d- If you have WSUS 3.0 SP2 hotfix then will continue the wizard else we have to install WSUS 3.0 SP2 hotfix.
e- Choose the default installation path click install.
f- Once installation is complete than launch the SCUP on server.
g- Will get the below SCUP console
h- We have to configure the SCUP use the required certificates (in my case using self-signed certificate) Note- In windows server 2012 and 2012 R2 by defaults WSUS no longer allow to issue the certificates. To allow this we have to create registry keys
i- Click on left upper corner and open options, in options page click enable publishing to an update server (select the update server as per your case i.e. Local/Remote), click test connection.
j- Click to create certificate, it will update as per your certificate.
k- Enable Configuration manager integration(select the configuration server as per your case i.e. Local/Remote), click test connection.
Important:- Export the self-signed Certificate add in domain GPME (Trusted root certificate and trusted Publishers )to trust this certificate for clients.
This ends to SCUP configurations.
2- Catalog Subscription and Import catalogs on SCUP
In this section will guide you import the updates via Catalogs in SCUP.
a- Download the CAB file from respective vendor site and copy to shared location
b- Open SCUP console and click Import choose the catalog file.
c- At the confirmation screen, click Next once more to confirm the selection and the import will begin. If prompted asking if you trust the publisher listed, select “Always Accept…” then click Accept
d- Once the catalogs have been imported, click OK to return to the main screen
e- In the left column, browse to the folder of the updates publisher then locate the update you wish to publish to SCCM
f- Right click on the update and select “Publish”
Important Note: You can also add updates to Publications (Group of Updates) by right clicking the updates and choosing assign and creating a Publication group. You can publish these groups all at once.
g- The window which appears will have 3 primary choices: Automatic, Full Content, and Metadata Only. Since we want the update files to be downloaded and stored in SCCM alongside Microsoft updates so that it’s ready to deploy, select “Full Content” then click Next
h- Click Next in the “Publish Software Update” Wizard. A progress bar will appear as the update(s) are downloaded and added into SCCM. During this process, you may be prompted with a Security Warning asking if you wish to accept this content. If so, select “Always Accept…” then click “Accept”. Note: If the vendor does not digitally sign their content, you will have to do this every time you Publish or import the catalog
i- Once complete, the window will display how many updates were selected for publishing and how many were published with full content. If the numbers on both lines match, then the Publish was successful. Click Close
Important Note: If there are any issue during Publishing, the SCUP log may be checked which is located at %temp%\scup.log.
3-Adding the updates within the SCCM Console
a- Launch the SCCM Console, browse to “Software Library” then expand the “Software Updates” folder
b- Right click “All Software Updates” at the top of the folder then choose “Synchronize Software Updates.” When prompted to verify that you want to run synchronization, choose “Yes”
Once the sync finishes, you should now see the new updates available within the SCCM Console and they will be available for deployment! If you do not see the update after the synchronization completes, see the section named “Vendor Specific SCCM Configuration“ below.
c- All required updates will be available on \Software Library\Overview\Software Updates\All Software Updates
d- Now you need to create Software Update Group and assign to required collections.
This Ends to Managing 3rd Party Updates in SCCM 2012 using SCUP