Troubleshooting: – Windows Software Updates Sync Issue between SCCM 2012 R2 and WSUS server.

In this blog i will share the steps to resolve the sync issue between SCCM server and WSUS servers, in my case I am running with SCCM 2012 R2 on Windows servers 2012 R2 Data Center and WSUS servers is also running with Windows servers 2012 R2 Data Center. (SCCM and WSUS both are in different servers)

 

Scenario:

After installation of WSUS and SUP , we started the Synchronize Software update from SCCM Console, But Updates are not getting synced with SCCM Console.

Synchronize Software update

To resolve this issue we need to monitor the two log files WsyncMgr.log and WCM.log to see progress.

Wsyncmgr.log

Sync failed: WSUS update source not found on site GGN. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource     SMS_WSUS_SYNC_MANAGER      5/9/2017 5:30:00 PM            2884 (0x0B44)

STATMSG: ID=6703 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=INSVRGGN02.rajlabs.com SITE=GGN PID=1628 TID=2884 GMTDATE=Tue May 09 12:00:00.191 2017 ISTR0=”getSiteUpdateSource” ISTR1=”WSUS update source not found on site GGN. Please refer to WCM.log for configuration error details.” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0          SMS_WSUS_SYNC_MANAGER      5/9/2017 5:30:00 PM            2884 (0x0B44)

Sync failed. Will retry in 60 minutes         SMS_WSUS_SYNC_MANAGER      5/9/2017 5:30:00 PM            2884 (0x0B44)

Setting sync alert to active state on site GGN   SMS_WSUS_SYNC_MANAGER      5/9/2017 5:30:00 PM            2884 (0x0B44)

Sync time: 0d00h00m00s   SMS_WSUS_SYNC_MANAGER      5/9/2017 5:30:00 PM          2884 (0x0B44)

WsyncMgr

 

WCM.log 

Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)          SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM  2872 (0x0B38)

Checking runtime v2.0.50727…       SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM 2872 (0x0B38)

Failed to create assembly name object for Microsoft.UpdateServices.Administration. Error = 0x80131701.     SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM  2872 (0x0B38)

Checking runtime v4.0.30319…       SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM 2872 (0x0B38)

Did not find supported version of assembly Microsoft.UpdateServices.Administration.          SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM  2872 (0x0B38)

Supported WSUS version not found         SMS_WSUS_CONFIGURATION_MANAGER          5/10/2017 8:00:09 AM  2872 (0x0B38)

STATMSG: ID=6607 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_CONFIGURATION_MANAGER” SYS=INSVRGGN02.rajlabs.com SITE=GGN PID=1628 TID=2872 GMTDATE=Wed May 10 02:30:09.100 2017 ISTR0=”INSVRGGN03.rajlabs.com” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0          SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM  2872 (0x0B38)

Remote configuration failed on WSUS Server.  SMS_WSUS_CONFIGURATION_MANAGER          5/10/2017 8:00:09 AM  2872 (0x0B38)

STATMSG: ID=6600 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_CONFIGURATION_MANAGER” SYS=INSVRGGN02.rajlabs.com SITE=GGN PID=1628 TID=2872 GMTDATE=Wed May 10 02:30:09.108 2017 ISTR0=”INSVRGGN03.rajlabs.com” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0          SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:00:09 AM  2872 (0x0B38)

Waiting for changes for 11 minutes         SMS_WSUS_CONFIGURATION_MANAGER          5/10/2017 8:00:09 AM  2872 (0x0B38)

Wait timed out after 11 minutes while waiting for at least one trigger event.          SMS_WSUS_CONFIGURATION_MANAGER 5/10/2017 8:11:02 AM  2872 (0x0B38)

WCM

Troubleshooting Steps and Solution:

  • Check the communication ports that should be correct as 8530\8531
  • Check the WSUS version and required hotfix’s.
  • If you are running with WSUS v 6.2 or later then we needs to install the  “Windows Server Update Services Tools”  Features  on your primary site server.

 

 

After this installation you need to run the Sync again and you will get the below logs to verify.

 WCM.Log

Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.3.9600.16384                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:12 AM    2872 (0x0B38)

Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.3.9600.16384                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:12 AM    2872 (0x0B38)

Supported WSUS version found               SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:12 AM    2872 (0x0B38)

Assembly WSUSMSP loaded in .NET runtime v4.0.30319.34014 SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:12 AM         2872 (0x0B38)

Attempting connection to WSUS server: INSVRGGN03.rajlabs.com, port: 8530, useSSL: False                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:12 AM    2872 (0x0B38)

Successfully connected to server: INSVRGGN03.rajlabs.com, port: 8530, useSSL: False                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:17 AM    2872 (0x0B38)

Verify Upstream Server settings on the Active WSUS Server      SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:17 AM         2872 (0x0B38)

Successfully configured WSUS Server settings and Upstream Server to insvrggn03.rajlabs.com                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:20 AM    2872 (0x0B38)

WSUS Server configuration has been updated. Updating Group Info.    SMS_WSUS_CONFIGURATION_MANAGER                5/10/2017 8:11:20 AM    2872 (0x0B38)

Updating Group Info for WSUS.                SMS_WSUS_CONFIGURATION_MANAGER         5/10/2017 8:11:20 AM    2872 (0x0B38)

Wsyncmgr.log

Starting Sync      SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

Performing sync on local request             SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

Read SUPs from SCF for INSVRGGN02.rajlabs.com           SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

Found 1 SUPs    SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

Found active SUP INSVRGGN03.rajlabs.com from SCF File.          SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=INSVRGGN02.rajlabs.com SITE=GGN PID=1628 TID=2884 GMTDATE=Wed May 10 02:48:41.331 2017 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0                SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:41 AM    2884 (0x0B44)

Synchronizing WSUS server INSVRGGN03.rajlabs.com  SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:42 AM    2884 (0x0B44)

STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS=INSVRGGN02.rajlabs.com SITE=GGN PID=1628 TID=2884 GMTDATE=Wed May 10 02:48:42.355 2017 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0                SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:42 AM    2884 (0x0B44)

Synchronizing WSUS server insvrggn03.rajlabs.com …   SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:42 AM    1064 (0x0428)

sync: Starting WSUS synchronization     SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:42 AM    1064 (0x0428)

sync: WSUS synchronizing categories    SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:53 AM    1064 (0x0428)

sync: WSUS synchronizing updates         SMS_WSUS_SYNC_MANAGER 5/10/2017 8:18:55 AM    1064 (0x0428)

sync: WSUS synchronizing updates         SMS_WSUS_SYNC_MANAGER 5/10/2017 8:19:57 AM    1064 (0x0428)

Done synchronizing WSUS Server insvrggn03.rajlabs.com            SMS_WSUS_SYNC_MANAGER 5/10/2017 8:19:57 AM    1064 (0x0428)

This End the this log.

Advertisements

Managing 3rd Party Updates in SCCM 2012 using SCUP

This guide will show you how to configure SCUP and deploy 3rd party updates(Adobe, Flash Player) With Microsoft Updates via SCCM 2012 using SCUP plus software update catalogs.

Managing 3rd Party Updates in SCCM 2012 using SCUP

1- Installing and configuration SCUP 2011

It’s required to publish the updates to WSUS in order to deploy them through SCCM.
First we have to install SCUP, that could be install on “Software Update Point” or you can install on remote machine where SCCM console is running.

a- Download the SystemCenterupdatesPublisher.msi from Microsoft.
b- Install this MSI with run as administrator on “Software Update Point” (in my case).
c- Will launch the installation wizard.
1

d- If you have WSUS 3.0 SP2 hotfix then will continue the wizard else we have to install WSUS 3.0 SP2 hotfix.
2
3
e- Choose the default installation path click install.
f- Once installation is complete than launch the SCUP on server.
4
g- Will get the below SCUP console

5
h- We have to configure the SCUP use the required certificates (in my case using self-signed certificate) Note- In windows server 2012 and 2012 R2 by defaults WSUS no longer allow to issue the certificates. To allow this we have to create registry keys
Reg
i- Click on left upper corner and open options, in options page click enable publishing to an update server (select the update server as per your case i.e. Local/Remote), click test connection.
6

j- Click to create certificate, it will update as per your certificate.

7
k- Enable Configuration manager integration(select the configuration server as per your case i.e. Local/Remote), click test connection.

8

Important:- Export the self-signed Certificate add in domain GPME (Trusted root certificate and trusted Publishers )to trust this certificate for clients.

This ends to SCUP configurations.

2- Catalog Subscription and Import catalogs on SCUP

In this section will guide you import the updates via Catalogs in SCUP.

a-  Download the CAB file from respective vendor site and copy to shared location

b- Open SCUP console and click Import choose the catalog file.

A

c- At the confirmation screen, click Next once more to confirm the selection and the import will begin. If prompted asking if you trust the publisher listed, select “Always Accept…” then click Accept

B

d- Once the catalogs have been imported, click OK to return to the main screen

e- In the left column, browse to the folder of the updates publisher then locate the update you wish to publish to SCCM

f- Right click on the update and select “Publish”

Important Note: You can also add updates to Publications (Group of Updates) by right clicking the updates and choosing assign and creating a Publication group. You can publish these groups all at once.

C

g- The window which appears will have 3 primary choices: Automatic, Full Content, and Metadata Only. Since we want the update files to be downloaded and stored in SCCM alongside Microsoft updates so that it’s ready to deploy, select “Full Content” then click Next

D

h- Click Next in the “Publish Software Update” Wizard. A progress bar will appear as the update(s) are downloaded and added into SCCM.  During this process, you may be prompted with a Security Warning asking if you wish to accept this content.  If so, select “Always Accept…” then click “Accept”.  Note:  If the vendor does not digitally sign their content, you will have to do this every time you Publish or import the catalog

i- Once complete, the window will display how many updates were selected for publishing and how many were published with full content. If the numbers on both lines match, then the Publish was successful.  Click Close

E

Important Note:  If there are any issue during Publishing, the SCUP log may be checked which is located at %temp%\scup.log.

3-Adding the updates within the SCCM Console

a- Launch the SCCM Console, browse to “Software Library” then expand the “Software Updates” folder

b- Right click “All Software Updates” at the top of the folder then choose “Synchronize Software Updates.” When prompted to verify that you want to run synchronization, choose “Yes”

F

Once the sync finishes, you should now see the new updates available within the SCCM Console and they will be available for deployment!  If you do not see the update after the synchronization completes, see the section named “Vendor Specific SCCM Configuration“ below.

Vendor1

Vendor2

c- All required updates will be available on \Software Library\Overview\Software Updates\All Software Updates

d- Now you need to create Software Update Group and assign to required collections.

This Ends to Managing 3rd Party Updates in SCCM 2012 using SCUP