Software Updates Management For ConfigMgr 2012
Software Updates Management For ConfigMgr 2012
CONTENTS
Introduction to Software Updates Management..............................................................................4
Reference Flowcharts...................................................................................................................... 5
Installation & Configuration............................................................................................................ 6
Prerequisites & Requirements.................................................................................................................... 6
Software Updates.................................................................................................................................... 6
Endpoint Protection................................................................................................................................. 6
Installation & Configuration........................................................................................................................ 6
Software Update Point............................................................................................................................ 6
Endpoint Protection Role......................................................................................................................... 6
Configuring Client Settings......................................................................................................................... 7
Configuring Client Settings for Software Updates...................................................................................7
Configuring Client Settings for Endpoint Protection................................................................................7
Other Relevant Client Settings................................................................................................................ 8
Deployment.................................................................................................................................... 9
Client Requirements................................................................................................................................... 9
Update Groups........................................................................................................................................... 9
Deployment Packages................................................................................................................................ 9
Deployments.............................................................................................................................................. 9
Maintenance Windows................................................................................................................................ 9
Maintenance................................................................................................................................. 10
Expired Updates....................................................................................................................................... 10
Content Cleanup...................................................................................................................................... 10
WSUS Server Maintenance (by Meghan Stewart).....................................................................................11
How it works................................................................................................................................. 13
Software Update Point Installation............................................................................................................ 13
WSUS Configuration Manager.................................................................................................................. 14
Synchronization........................................................................................................................................ 15
On Central Administration Site or Standalone Primary Site...................................................................15
On Child Primary Site and Secondary Sites........................................................................................... 19
Compliance.............................................................................................................................................. 22
Software Update Scan Policy................................................................................................................. 22
WSUS Server Location.......................................................................................................................... 24
Software Update Scan on Clients.......................................................................................................... 28
State Message Processing Flow............................................................................................................. 32
Software Update Summarization........................................................................................................... 35
Software Update Switching (SP1 and R2 only)......................................................................................36
Deployment.............................................................................................................................................. 36
Creating a Software Update Group....................................................................................................... 36
Creating a Deployment for Software Update Group manually...............................................................38
Creating a Deployment using an Automatic Deployment Rule..............................................................43
Best Practices............................................................................................................................... 62
Troubleshooting............................................................................................................................. 62
Synchronization........................................................................................................................................ 62
Relevant Data....................................................................................................................................... 62
Synchronization fails with WSUS server not configured.....................................................................62
Synchronization fails due to issues with EULA......................................................................................64
Synchronization fails due to errors communicating with Microsoft Update...........................................64
WSUS Control Manager (WSUSCtrl) reports an error.............................................................................64
Compliance.............................................................................................................................................. 65
Relevant Data....................................................................................................................................... 65
Scan Failures......................................................................................................................................... 65
Group Policy overrides WSUS Server..................................................................................................... 66
Compliance results Unknown................................................................................................................ 66
Clients are unable to find the WSUS Source Location...........................................................................67
Deployment.............................................................................................................................................. 67
Relevant Data....................................................................................................................................... 67
Updates fail to get downloaded............................................................................................................ 67
Updates fail to get installed.................................................................................................................. 67
Unexpected Reboots OR Updates Getting Installed outside Maintenance Window...............................68
Procedures.................................................................................................................................... 68
A. Logging................................................................................................................................................ 68
How to enable Verbose & Debug Logging on the Configuration Manager Client & Management Point. 68
How to enable Verbose Logging for State System component on the Site Server.................................69
How to enable Verbose Logging for WSUS Synchronization Manager (WSyncMgr)...............................69
How to enable SQL Tracing for Configuration Manager Logs.................................................................69
How to enable verbose logging for Windows Update Agent..................................................................69
How to configure SQL Profiler to troubleshoot WSUS Location Request Issues......................................70
How to configure SQL Profiler to see State Message processing...........................................................70
B. Synchronization.................................................................................................................................... 71
How to Configure Proxy Settings for the Software Update Point............................................................71
How to Check Proxy Configuration on a computer................................................................................72
How to Configure WSUS Server Connection Account for the Software Update Point.............................72
How to Determine the Port Settings Used by WSUS..............................................................................72
Verify Anonymous Access is Enabled on the DssAuthWebService Virtual Directory..............................73
Check Permissions on the ApiRemoting30 Virtual Directory..................................................................73
Check the Update Source Settings in WSUS.........................................................................................73
How to test Connectivity from Site Server to WSUS..............................................................................74
FAQ................................................................................................................................................ 79
How many clients can the Software Update Point support?......................................................................79
Whats the maximum number of updates you can have in a Deployment?..............................................79
Can I manage software updates for clients in an untrusted forest?..........................................................80
Synchronization
Compliance
Deployment
Reporting
SOFTWARE UPDATES
ENDPOINT PROTECTION
http://technet.microsoft.com/en-us/library/hh508770.aspx#BKMK_Step1
Configure Alerts for Endpoint Protection in Configuration Manager:
http://technet.microsoft.com/en-us/library/hh508782.aspx
Configure Definition Updates for Endpoint Protection in Configuration Manager:
http://technet.microsoft.com/en-us/library/jj822983.aspx
Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager:
http://technet.microsoft.com/en-us/library/hh508785.aspx
Configuring Products and Classifications required for Endpoint Protection for Software Update
Point:
1) In the Configuration Manager Console, go to:
a) Go to the Administration Pane, expand Site Configuration, and click Sites
b) Right click on the Central Administration or Standalone Primary Site
c) Select Configure Site Components, then click Software Update Point.
2) On the Classifications tab, ensure that the Definition Updates check box
and the Updates check box are selected.
3) On the Products tab, ensure that the product Forefront Endpoint Protection 2010 check
box is selected, and then click OK.
DEPLOYMENT
CLIENT REQUIREMENTS
UPDATE GROUPS
Software update groups provide you with an effective method to organize software updates in
your environment. For steps on adding updates to an update group, refer to:
http://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_AddUpdatesToGroup
DEPLOYMENT PACKAGES
MAINTENANCE WINDOWS
Maintenance Windows
http://technet.microsoft.com/en-us/library/hh508762.aspx
Maintenance Windows vs. Business Hours:
http://blogs.technet.com/b/server-cloud/archive/2012/03/28/business-hours-vs-maintenancewindows-with-system-center-2012-configuration-manager.aspx
MAINTENANCE
EXPIRED UPDATES
As part of the ongoing Update Revision process, some updates are Expired by Microsoft within
the Microsoft Update Catalog; this is usually because there is a newer version of the update
available or a specific problem with the existing update. During Software Update
Synchronization, these Expired updates get marked as Expired in the Configuration Manger
console as well which is indicated by a Grey icon next to the Update. These expired updates are
automatically cleaned up from the Configuration Manager database on a schedule.
Removal of the Expired Updates is performed by the WSUS Synchronization Manager Component
and these updates are removed only if the following conditions are true:
Update is not referenced in an Update Assignment.
Update is older than the value of Updates Cleanup Age (7 days by default)
WSUS Synchronization Manager on the top-level Configuration Manger site checks for Updates to
cleanup every 1 hour, and removes expired updates if they match the criteria. When WSUS
Synchronization Manager deletes expired updates, the following entries can be seen in the
WSyncMgr.log:
Deleting old expired updates... SMS_WSUS_SYNC_MANAGER
Deleted 100 expired updates
SMS_WSUS_SYNC_MANAGER
CONTENT CLEANUP
As Expired Updates are removed, Content for those Expired updates can get orphaned. WSUS
Synchronization Manager also cleans up the Content that is no longer referenced on a schedule.
As part of the content cleanup, WSUS Synchronization Manager goes through the packages
owned by the current site and finds Content that is no longer referenced and removes the
content from the Package source directory. Content is only removed if the Content has been
orphaned for more than 1 day (by default).
If any content is removed, the cleanup process also refreshes the package so that the updated
content is sent to the Distribution Points. When WSUS Synchronization Manager removes
orphaned content, the following entries can be seen in the WSyncMgr.log:
Deleting orphaned content for package CS100006 (EPDefinitions) from source <PackageSource>
SMS_WSUS_SYNC_MANAGER
Deleting orphaned content folder \\<PackageSource>\51b6db15-6938-4b37-9fa8-caf513e13930...
SMS_WSUS_SYNC_MANAGER
.
.
Deleting orphaned content folder \\<PackageSource>\526b6a85-a62c-4d54-bc0d-b3409223b0df...
SMS_WSUS_SYNC_MANAGER
Deleted 12 orphaned content folders in package CS100006 (EPDefinitions) SMS_WSUS_SYNC_MANAGER
Refreshing package CS100006 (EPDefinitions) SMS_WSUS_SYNC_MANAGER
For more information about cleanup of Expired Updates and Content, refer to this blog post:
http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanupin-system-center-2012-configuration-manager.aspx
In order to maintain performance of the WSUS Database, it is recommended that you routinely
perform the WSUS Cleanup Wizard actions on the WSUS database (SUSDB) as well as the reindex of the WSUS Database (SUSDB) on each WSUS server that is hosting a Software Update
Point role within the Configuration Manager environment. The important thing to remember when
performing WSUS Cleanup Wizard actions in a multi-level hierarchy is that you run the cleanup
process on the lowest tier of WSUS servers first, then move up to the next higher tier to run the
cleanup wizard actions, and continue up the hierarchy until you reach the top tier WSUS server.
When you do the cleanup wizard actions, you are removing data from the WSUS servers and
should remove from the bottom of the hierarchy and move up. The WSUS maintenance can be
performed simultaneously on multiple servers in the same tier. Although the re-index can be
performed in any order on any WSUS servers SUSDB, it is recommended to perform the cleanup
and reindex on each WSUS server together with the re-index being run first followed by the
cleanup wizard actions (i.e. Tuning the performance of the susdb first via the re-index will allow
the cleanup wizard actions to run more quickly).
HOW IT WORKS
NOTE:
All log excerpts in this section are from Configuration Manager 2012 R2 environment with
Verbose & Debug Logging Enabled. To see how to enable verbose & debug logging, see How to
enable Verbose & Debug Logging.
To see some of the SQL queries being executed in the logs on the Configuration Manager Site
Server, you would need to enable SQL Tracing in the logs. To see how to do this, see How to
enable SQL Tracing for Configuration Manager Logs.
Installation is initiated by adding the Software Update Point Role. When the Software Update
Point Role is installed, an instance of SMS_SCI_SysResUse class is created.
SMSProv.log:
PutInstanceAsync SMS_SCI_SysResUse SMS Provider 2/9/2014 10:53:16 PM
5804 (0x16AC)
CExtProviderClassObject::DoPutInstanceInstance
SMS Provider 2/9/2014 10:53:16 PM
5804
(0x16AC)
INFO: 'PR1SITE.AWESOME.COM' is a valid FQDN.
SMS Provider 2/9/2014 10:53:16 PM
5804
(0x16AC)
Site Component Manager detects the change in Site Control Information, and initiates the
installation of the Software Update Point Role.
SiteComp.log:
Parsed the master site control file, serial number 3559422579.
SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
4460 (0x116C)
Synchronizing server table and polling servers as needed... SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
4460 (0x116C)
Synchronizing component server PR1SITE.AWESOME.COM...
SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
4460 (0x116C)
Installing component SMS_WSUS_CONTROL_MANAGER... SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
6040 (0x1798)
INFO: 'PR1SITE.AWESOME.COM' is a valid FQDN.
SMS_SITE_COMPONENT_MANAGER 2/9/2014
10:53:23 PM
6040 (0x1798)
Creating registry keys Operations Management\SMS Server Role\SMS Software Update Point on
server PR1SITE.AWESOME.COM. SMS_SITE_COMPONENT_MANAGER 2/9/2014 10:53:23 PM
6040
(0x1798)
Updated WSUS Configuration for PR1SITE.AWESOME.COM. SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
6040 (0x1798)
The component is being installed on the site server, no files need to be installed in the
"E:\ConfigMgr" directory because the files are already there. SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
6040 (0x1798)
All files installed.
SMS_SITE_COMPONENT_MANAGER 2/9/2014 10:53:23 PM
6040
(0x1798)
Starting bootstrap operations...
SMS_SITE_COMPONENT_MANAGER 2/9/2014 10:53:23 PM
6040 (0x1798)
Installed service SMS_SERVER_BOOTSTRAP_PR1SITE.
SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:23 PM
6040 (0x1798)
Once the role installation is started by Site Component Manager, SUPSetup.log is created which
contains information regarding the role installation.
SUPSetup.log:
<02/09/14 22:53:28>
==============================================================
======
<02/09/14 22:53:28> SMSWSUS Setup Started....
<02/09/14 22:53:28> Parameters: E:\ConfigMgr\bin\x64\rolesetup.exe /install /siteserver:PR1SITE
SMSWSUS 0
<02/09/14 22:53:28> Installing Pre Reqs for SMSWSUS
<02/09/14 22:53:28>
======== Installing Pre Reqs for Role SMSWSUS ========
<02/09/14 22:53:28> Found 1 Pre Reqs for Role SMSWSUS
<02/09/14 22:53:28> Pre Req SqlNativeClient found.
<02/09/14 22:53:28> SqlNativeClient already installed (Product Code: {D411E9C9-CE62-4DBF-9D924CB22B750ED5}). Would not install again.
<02/09/14 22:53:28> Pre Req SqlNativeClient is already installed. Skipping it.
<02/09/14 22:53:28>
======== Completed Installation of Pre Reqs for Role SMSWSUS
========
<02/09/14 22:53:28> Installing the SMSWSUS
<02/09/14 22:53:28> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 +
KB2734608)
<02/09/14 22:53:28> Checking runtime v2.0.50727...
<02/09/14 22:53:28> Did not find supported version of assembly
Microsoft.UpdateServices.Administration.
<02/09/14 22:53:28> Checking runtime v4.0.30319...
<02/09/14 22:53:28> Found supported assembly Microsoft.UpdateServices.Administration version
4.0.0.0, file version 6.2.9200.16384
<02/09/14 22:53:28> Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file
version 6.2.9200.16384
<02/09/14 22:53:28> Supported WSUS version found
<02/09/14 22:53:28> Supported WSUS Server version (6.2.9200.16384) is installed.
<02/09/14 22:53:28> CTool::RegisterManagedBinary: run command line:
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" "E:\ConfigMgr\bin\x64\wsusmsp.dll"
<02/09/14 22:53:44> CTool::RegisterManagedBinary: Registered E:\ConfigMgr\bin\x64\wsusmsp.dll
successfully
<02/09/14 22:53:44> Registered DLL E:\ConfigMgr\bin\x64\wsusmsp.dll
<02/09/14 22:53:44> Installation was successful.
<02/09/14 22:53:44> ~RoleSetup().
After the role is installed, Site Component Manager removes the Bootstrap service that is created
to perform the installation.
SiteComp.log:
"E:\ConfigMgr\bin\x64\rolesetup.exe /install /siteserver:PR1SITE.AWESOME.COM" executed
successfully on server PR1SITE.AWESOME.COM.
SMS_SITE_COMPONENT_MANAGER 2/9/2014
10:53:46 PM
6040 (0x1798)
Bootstrap operation successful. SMS_SITE_COMPONENT_MANAGER 2/9/2014 10:53:46 PM
6040 (0x1798)
Deinstalled service SMS_SERVER_BOOTSTRAP_PR1SITE. SMS_SITE_COMPONENT_MANAGER
2/9/2014 10:53:46 PM
6040 (0x1798)
Bootstrap operations completed. SMS_SITE_COMPONENT_MANAGER 2/9/2014 10:53:46 PM
6040 (0x1798)
WSUS Configuration Manager connects to the WSUS Server once every hour and configures the
WSUS Server with the settings that are defined for the Software Update Point in the Configuration
Manager console. WSUS Configuration Manager uses the WSUS APIs to connect to the WSUS
Server, which is the reason WSUS Administration Console is required on the Configuration
Manager Site Server since the WSUS Administration Console installs the APIs that are used to
connect to the WSUS Server. It is important that the WSUS Administration Console also has
KB2734608 installed which is a pre-requisite for the Software Update Point Role.
WCM.log:
Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)
SMS_WSUS_CONFIGURATION_MANAGER
Checking runtime v2.0.50727... SMS_WSUS_CONFIGURATION_MANAGER
Did not find supported version of assembly Microsoft.UpdateServices.Administration.
SMS_WSUS_CONFIGURATION_MANAGER
Checking runtime v4.0.30319... SMS_WSUS_CONFIGURATION_MANAGER
Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version
6.2.9200.16384 SMS_WSUS_CONFIGURATION_MANAGER
Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version
6.2.9200.16384 SMS_WSUS_CONFIGURATION_MANAGER
Supported WSUS version found SMS_WSUS_CONFIGURATION_MANAGER
If the products/classifications defined for the Software Update Point are modified, SMS Provider
makes changes in the appropriate CI_ tables in the database. For instance, when a product is
selected for Synchronization SMS Provider updates rows in CI_CategoryInstances and
CI_UpdateCategorySubscription tables. SMS Database Monitor monitors these tables and after
detecting an update, drops a CSB file in the WSUSMgr.box notifying WCM to update the WSUS
Server Configuration.
SMSDBMon.log:
RCV: UPDATE on CI_CategoryInstances for CategoryNotify_iud [177 ][14252]
SMS_DATABASE_NOTIFICATION_MONITOR 2/9/2014 6:21:50 PM 3472 (0x0D90)
RCV: UPDATE on CI_UpdateCategorySubscription for SubNotify_iu_WCM [177 ][14253]
SMS_DATABASE_NOTIFICATION_MONITOR 2/9/2014 6:21:50 PM 3472 (0x0D90)
SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\177.CTN [14252]
SMS_DATABASE_NOTIFICATION_MONITOR 2/9/2014 6:21:50 PM 3472 (0x0D90)
SND: Dropped E:\ConfigMgr\inboxes\WSUSMgr.box\177.CSB [14253]
SMS_DATABASE_NOTIFICATION_MONITOR 2/9/2014 6:21:51 PM 3472 (0x0D90)
WCM wakes up after getting notified and connects to the WSUS Server to ensure that WSUS
Server is configured with the options defined in the Configuration Manager console.
WCM.log:
File notification triggered WCM Inbox. SMS_WSUS_CONFIGURATION_MANAGER
Setting new configuration state to 4 (WSUS_CONFIG_SUBSCRIPTION_PENDING)
SMS_WSUS_CONFIGURATION_MANAGER
Attempting connection to WSUS server: CE1SITE.AWESOME.COM, port: 8530, useSSL: False
SMS_WSUS_CONFIGURATION_MANAGER
Successfully connected to server: CE1SITE.AWESOME.COM, port: 8530, useSSL: False
SMS_WSUS_CONFIGURATION_MANAGER
Subscribed Update Categories <?xml version="1.0" ?>~~<Categories>~~
<Category
Id="Product:a105a108-7c9b-4518-bbbe-73f0fe30012b"><![CDATA[Windows Server
2012]]></Category>~~ <Category Id="Product:fdfe8200-9d98-44ba-a12a-772282bf60ef"><!
Using WSUS APIs to connect to the WSUS Server works by connecting to the ApiRemoting30
virtual directory on the WSUS Website. It is important that you specify the correct port
configuration when installing the Software Update Point role for this to work.
SYNCHRONIZATION
The software updates synchronization process at the top-level site retrieves from Microsoft
Update the software updates metadata that meet the criteria that you specify in Software Update
Point Component properties. You configure the criteria only at the top-level site. Starting in
Configuration Manager SP1, at the top-level site, you can specify as the synchronization source
instead of Microsoft Update an existing WSUS server that is not in the Configuration Manager
hierarchy.
The following list describes the basic steps for the synchronization process on the top-level site:
Details:
When synchronization is initiated manually from the Console, WSyncMgr is notified to initiate
a sync by executing the SyncNow Method in the SMS_SoftwareUpdate WMI Class. This method
updates the Update_SyncStatus table in the Site Database, and sets the value of SyncNow to
SELF which triggers SMS Database Notification Monitor (SMSDBMON) to drop SELF.SYN file in
the WSyncMgr.box which causes WSyncMgr to wake up and initiate a synchronization.
SMSProv.log:
ExecMethodAsync : SMS_SoftwareUpdate::SyncNow
(0x0CB0)
3248
WSyncMgr then reads the list of Software Update Points from the Site Control File (SCF).
WSyncMgr would first synchronize the SUP that was installed as the first SUP in the site, and
then synchronize the remaining SUPs. All additional SUPs are configured as Replicas of the
first SUP.
WsyncMgr.log:
Read SUPs from SCF for CS1SITE.AWESOME.COM
SMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49
PM
Found 1 SUPs
SMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PM
Found active SUP CS1SITE.AWESOME.COM from SCF File.
SMS_WSUS_SYNC_MANAGER1/16/2014
2:19:49 PM
TIP:
To manually initiate the sync, you can also drop a 0 Kb file named SELF.SYN in the
WSyncMgr.box directory on the CAS or Standalone Primary Site Server.
WSUS synchronizes software updates metadata from Microsoft Update, and any
changes are inserted or updated in the WSUS database.
WSUS starts synchronizing with MU, and WSyncMgr starts monitoring the synchronization
progress.
WSyncMgr.log:
sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER1/16/2014 1:53:58 PM
sync: WSUS synchronizing updates
SMS_WSUS_SYNC_MANAGER1/16/2014 1:54:00 PM
sync: WSUS synchronizing updates, processed 122 out of 130 items (93%), ETA in 00:00:03
SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:01 PM
sync: WSUS synchronizing updates, processed 130 out of 130 items (100%)
SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:04 PM
sync: WSUS synchronizing updates, processed 130 out of 130 items (100%)
SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:08 PM
Following entries in the logs indicate that WSUS has finished synchronizing with MU.
SoftwareDistribution.log:
2014-01-16 18:55:05.166 UTC Info
WsusService.15
EventLogEventReporter.ReportEvent
EventId=384,Type=Information,Category=Synchronization,Message=Synchronization completed
successfully.
2014-01-16 18:55:06.307 UTC Info
WsusService.31
CatalogSyncAgent.SetSubscriptionStateWithRetry Firing event SyncFinish...
WSyncMgr.log:
Done synchronizing WSUS Server <SERVERFQDN>
PM
SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:08
Sleeping 2 more minutes for WSUS server sync results to become availableSMS_WSUS_SYNC_MANAGER
1/16/2014 1:55:08 PM
Set content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site CS1 to 33
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PM
WSyncMgr reads categories and updates from the WSUS Database, and inserts/updates the
Configuration Manager database. Software Update metadata for each update is stored in the
site database as a Configuration Item (CI).
WSyncMgr.log:
sync: SMS synchronizing categories
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PM
...<log entries truncated>
sync: SMS synchronizing categories, processed 223 out of 223 items (100%)
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:10 PM
sync: SMS synchronizing updates
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:10 PM
...<log entries truncated>
Synchronizing update af5eb87e-cdd6-40bf-984f-5d0630406de8 - Definition Update for Microsoft
Endpoint Protection - KB2461484 (Definition 1.165.1945.0) SMS_WSUS_SYNC_MANAGER1/16/2014
1:57:12 PM
...<log entries truncated>
sync: SMS synchronizing updates, processed 5 out of 5 items (100%)
SMS_WSUS_SYNC_MANAGER
1/16/2014 1:57:39 PM
...<log entries truncated>
Done synchronizing SMS with WSUS Server cs1site.awesome.com SMS_WSUS_SYNC_MANAGER
1/16/2014 1:57:46 PM
Set content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site CS1 to 34
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
After synchronization of site database is complete, the content version of the update source is
updated in the database if any changes were made to the site database. After
synchronization finishes successfully, WSyncMgr creates Status Message ID 6702 (WSUS
Synchronization done).
WSyncMgr.log:
STATMSG: ID=6702 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER"
SYS=<SERVEFRFQDN> SITE=CS1 PID=432 TID=3404 GMTDATE=Thu Jan 16 18:57:46.304 2014
ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""
NUMATTRS=0
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
Sync succeeded. Setting sync alert to canceled state on site CS1
SMS_WSUS_SYNC_MANAGER
1/16/2014 1:57:46 PM
Updated 130 items in SMS database, new update source content version is 34
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
Sync time: 0d00h03m53s
SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
For a stand-alone Primary site running System Center 2012 Configuration Manager
SP1 or R2 only: WSUS Synchronization Manager sends a request one at a time to
WSUS running on other software update points at the site
The WSUS servers on the other software update points are configured to be replicas of WSUS
running on the default software update point at the site.
WsyncMgr.log:
Synchronizing replica WSUS servers
SMS_WSUS_SYNC_MANAGER
STATMSG: ID=6706 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER"
SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 19:17:13.575 2014
ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""
NUMATTRS=0
SMS_WSUS_SYNC_MANAGER
Synchronizing WSUS server ps1sys.awesome.com ... SMS_WSUS_SYNC_MANAGER
sync: Starting Replica WSUS synchronization SMS_WSUS_SYNC_MANAGER
sync: Replica WSUS synchronizing other items SMS_WSUS_SYNC_MANAGER
sync: Replica WSUS synchronizing other items, processed 4 out of 4 items (100%)
SMS_WSUS_SYNC_MANAGER
Done synchronizing WSUS Server ps1sys.awesome.com
SMS_WSUS_SYNC_MANAGER
The software updates configuration items are sent to child sites by using database
replication.
During the software updates synchronization process on the top-level site, the software updates
configuration items are replicated to child sites by using database replication. At the end of the
process, the top-level site sends a synchronization request to the child site, and the child site
starts the WSUS synchronization. NOTE that since the Software Update Metadata (Configuration
Items) from the Site Database are replicated to the Primary sites via Database Replication,
synchronization process on the Child Primary and Secondary sites only consists of the WSUS
Synchronization phase.
The following list provides the basic steps for the synchronization process on a child primary site
or secondary site:
WSUS Synchronization Manager receives a synchronization request from the top-level site.
Software updates synchronization starts.
WSUS Synchronization Manager makes a request to WSUS running on the first software
update point to start synchronization.
WSUS running on the software update point on the child site synchronizes software
updates metadata from WSUS running on the software update point on the parent site.
For Configuration Manager with no service pack only: When there is a remote Internetbased software update point, WSUS Synchronization Manager starts the synchronization
process for WSUS running on the remote site system.
For System Center 2012 Configuration Manager SP1 and System Center 2012 R2
Configuration Manager only: WSUS Synchronization Manager sends a request one at a time to
WSUS running on other software update points (including Internet facing SUPs) at the site
When synchronization has finished successfully, WSUS Synchronization Manager creates
status message 6702.
From a primary site, WSUS Synchronization Manager sends a synchronization request to
any child secondary sites. The secondary site starts the software updates synchronization
with the parent primary site. The secondary sites SUP is configured as a replica of WSUS
running on the parent site.
Details:
WSUS Synchronization Manager receives a synchronization request from the toplevel site.
When the Sync notification sent by the parent site arrives in the inboxes\WSyncMgr.box via
File Replication, WSyncMgr wakes up and starts Synchronization.
WSyncMgr.log:
Wakeup by inbox drop SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:32 PM
2832 (0x0B10)
Found parent sync notification file CS1.SYN. SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
2832 (0x0B10)
Starting Sync
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
2832 (0x0B10)
Performing sync on parent request
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
2832
(0x0B10)
WSyncMgr then reads the list of Software Update Points from the Site Control File (SCF).
WSyncMgr would first synchronize the SUP that was installed as the first SUP in the site, and
then synchronize the remaining SUPs. All additional SUPs are configured as Replicas of the
first SUP.
WsyncMgr.log:
Read SUPs from SCF for PS1SITE.AWESOME.COM
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37
PM
Found 2 SUPs
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
Found active SUP PS1SITE.AWESOME.COM from SCF File.
SMS_WSUS_SYNC_MANAGER1/16/2014
1:58:37 PM
Found active SUP PS1SYS.AWESOME.COM from SCF File.
SMS_WSUS_SYNC_MANAGER1/16/2014
1:58:37 PM
WSyncMgr.log:
STATMSG: ID=6701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER"
SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 18:58:37.599 2014
ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""
NUMATTRS=0
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
2832 (0x0B10)
Synchronizing WSUS server PS1SITE.AWESOME.COM SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:38
PM 2832 (0x0B10)
WSUS running on the software update point on the child site synchronizes
software updates metadata from WSUS running on the software update point on
the parent site.
WSyncMgr.log:
sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:39 PM
3412
(0x0D54)
sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:46 PM
3412
(0x0D54)
sync: WSUS synchronizing updates
SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:47 PM
3412
(0x0D54)
sync: WSUS synchronizing updates, processed 130 out of 130 items (100%)
SMS_WSUS_SYNC_MANAGER1/16/2014 1:59:05 PM
3412 (0x0D54)
Done synchronizing WSUS Server ps1site.awesome.com
SMS_WSUS_SYNC_MANAGER1/16/2014
1:59:05 PM
3412 (0x0D54)
Sleeping 2 more minutes for WSUS server sync results to become availableSMS_WSUS_SYNC_MANAGER
1/16/2014 1:59:05 PM
3412 (0x0D54)
Set content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site PS1 to 34
SMS_WSUS_SYNC_MANAGER1/16/2014 2:01:05 PM
2832 (0x0B10)
For System Center 2012 Configuration Manager SP1 and System Center 2012 R2
Configuration Manager only:
WSUS Synchronization Manager sends a request one at a time to WSUS running on other
software update points (including Internet facing SUPs) at the site. The WSUS servers on the
other software update points are configured to be replicas of WSUS running on the default
software update point at the site. WSyncMgr creates Status Message ID 6706 (WSUS
Synchronization in progress. Current phase: Synchronizing Internet facing WSUS Server). Note
that even though the SUP may not be Internet Facing, the Status Message would still be 6706.
WsyncMgr.log:
Synchronizing replica WSUS servers
SMS_WSUS_SYNC_MANAGER
STATMSG: ID=6706 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER"
SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 19:17:13.575 2014
ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""
NUMATTRS=0
SMS_WSUS_SYNC_MANAGER
Synchronizing WSUS server ps1sys.awesome.com ... SMS_WSUS_SYNC_MANAGER
sync: Starting Replica WSUS synchronization SMS_WSUS_SYNC_MANAGER
sync: Replica WSUS synchronizing other items SMS_WSUS_SYNC_MANAGER
sync: Replica WSUS synchronizing other items, processed 4 out of 4 items (100%)
SMS_WSUS_SYNC_MANAGER
Done synchronizing WSUS Server ps1sys.awesome.com
SMS_WSUS_SYNC_MANAGER
SMS_WSUS_SYNC_MANAGER
COMPLIANCE
Before you can deploy software updates to the clients, the clients need to run a Software Update
Scan. It is recommended to allow enough time for clients to run a Software Update Scan and
report compliance results back so that you can review the compliance results and deploy only
the updates that are required on the clients.
When the software update point is installed and synchronized, a site-wide machine policy is
created that informs client computers that Configuration Manager Software Updates was enabled
for the site. When a client receives the machine policy, a compliance assessment scan is
scheduled to start randomly within the next two hours. When the scan is started, a Software
Updates Client Agent process clears the scan history, submits a request to find the WSUS server
that should be used for the scan, and updates the local Group Policy with the WSUS server
location.
Before a client can even attempt to scan for Software Updates, it needs the Software Updates
Update Source policy. This policy is created on the Site Server after a successful synchronization
of the Software Update Point. This section talks about how this policy is created.
Summary:
After successful sync, WSyncMgr updates the Content Version and Last Sync Time in
Database
SMSDBMON gets triggered and drops .STN file in policypv.box
Policy Provider creates/updates the UpdateSource Policy in the database.
Policy is downloaded and evaluated on the Client on next Policy Evaluation cycle.
Scan Agent is notified that the UpdateSource Policy is updated.
Details:
After successful sync, WSyncMgr updates the Content Version and Last Sync Time
in Database
After a successful synchronization on a Primary Site, WSyncMgr updates Last Sync Time and
Content Version in the database for the Software Update Point. This is done by executing
spProcessSUMSyncStateMessage Stored Procedure. In the example below, this stored procedure
is being executed to update the Content Version to 36.
SQL Profiler:
declare @Error int; exec spProcessSUMSyncStateMessage N'2014-01-17 17:59:54', N'PS1', N'{C2D17964BBDD-4339-B9F3-12D7205B39CC}', 1, 0, '36', @Error output, N'PS1SITE.AWESOME.COM'
PolicyPv.log:
Found {C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STN
SMS_POLICY_PROVIDER
1/17/2014
1:00:05 PM
2372 (0x0944)
Added Scan Tool ID {C2D17964-BBDD-4339-B9F3-12D7205B39CC}
SMS_POLICY_PROVIDER
1/17/2014 1:00:05 PM
2372 (0x0944)
Adding to delete list: E:\ConfigMgr\inboxes\policypv.box\{C2D17964-BBDD-4339-B9F312D7205B39CC}.STN
SMS_POLICY_PROVIDER
1/17/2014 1:00:05 PM
2372 (0x0944)
TIP:
To see this policy in the database, following query can be used:
SELECT CONVERT(XML, Body, 1), * FROM Policy WHERE PolicyID = (SELECT PolicyID FROM
SettingsPolicy WHERE SourceType = 'UpdateSource')
This policy contains the Content Version of the Update Server which is used to find the location of
the WSUS Server that the client can scan against. After this policy is created/updated in the
database, the clients get the new/updated Update Source policy on the next Policy Evaluation
Cycle.
PolicyAgent.log on Client:
Successfully initiated download of policy 'CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd57b0d06f0a2be}",PolicySource="SMS:PS1",PolicyVersion="40.00"'
PolicyAgent_ReplyAssignments
1/17/2014 1:57:39 PM
Policy 'CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd57b0d06f0a2be}",PolicyVersion="40.00",PolicySource="SMS:PS1"' successfully compiled
PolicyAgent_PolicyDownload 1/17/2014 1:57:41 PM
PolicyEvaluator.log on Client:
Updating policy CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd57b0d06f0a2be}",PolicySource="SMS:PS1",PolicyVersion="40.00"
PolicyAgent_PolicyEvaluator
Applied policy CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd57b0d06f0a2be}",PolicySource="SMS:PS1",PolicyVersion="40.00"
PolicyAgent_PolicyEvaluator
Policy state for [CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd57b0d06f0a2be}",PolicyVersion="40.00",PolicySource="SMS:PS1"] is currently [Active]
PolicyAgent_PolicyEvaluator
To find the PolicyID of the Update Source policy on a Client, following WQL Query can be used:
Namespace: ROOT\ccm\Policy\Machine\RequestedConfig
Query: SELECT * FROM CCM_Policy_Policy5 WHERE PolicyCategory = 'UpdateSource'
Once this policy is compiled on the client, the Update Source information is stored in the
following WMI Class:
Namespace: ROOT\ccm\Policy\Machine\ActualConfig
Class: CCM_UpdateSource
TIP:
If you compare the instance of CCM_UpdateSource class on the client with the XML Body
retrieved from the Policy table, you will notice that the content of the XML looks identical to the
instance.
ScanAgent.log on Client:
Inside CScanAgent::Notify() ScanAgent
1/17/2014 1:57:42 PM
2996 (0x0BB4)
CScanAgent::OnPolicyChange- Policy __InstanceModificationEvent notification received
1/17/2014 1:57:42 PM
2996 (0x0BB4)
ScanAgent
After the client receives the Update Source policy, it is ready to do a Scan for Software Updates
Compliance. At this point, the client needs to find out the location of the WSUS Server with the
Content Version specified in the policy. This process is very similar to the way client finds the
location of a Distribution Point for a specific Package & Version.
Summary:
Scan Agent creates a Scan request based on the available Policy.
Scan Agent sends a request for WSUS Location to Location Services
Location Services sends the location request to the MP
CCM Messaging sends the location request message to the MP
MP parses the request, gets the WSUS Location from the database and sends a response back
CCM Messaging receives the response, and gives it back to Location Services
Location Services parses the response and gives the location back to Scan Agent
Scan Agent notifies WUAHandler to add the Update Source to registry
Scan Agent initiates the scan
Details:
ScanAgent.log:
CScanAgent::ScanByUpdates- Policy available for UpdateSourceID={C2D17964-BBDD-4339-B9F312D7205B39CC} ContentVersion=38
ScanAgent
1/20/2014 11:59:52 AM
CScanAgent::ScanByUpdates- Added Policy to final ScanRequest List UpdateSourceID={C2D17964-BBDD4339-B9F3-12D7205B39CC}, Policy-ContentVersion=38, Required-ContentVersion=38ScanAgent
1/20/2014 11:59:56 AM
Scan Agent now requests the WSUS Server Location from Location Services and waits for a
response. In this instance, the Location Request ID is {C2BB9710-C548-49D0-9DF8-5F9CFC5F3862}
ScanAgent.log:
Inside CScanAgent::ProcessScanRequest() ScanAgent
1/20/2014 12:18:09 PM
CScanJobManager::Scan- entered ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Initialize- entered
ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Scan- entered
ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::RequestLocations- entered
ScanAgent
1/20/2014 12:18:09 PM
- - - - - -Requesting WSUS Server Locations from LS for {C2D17964-BBDD-4339-B9F3-12D7205B39CC}
version 38
ScanAgent
1/20/2014 12:18:09 PM
- - - - - -Location Request ID = {C2BB9710-C548-49D0-9DF8-5F9CFC5F3862} ScanAgent
1/20/2014
12:18:09 PM
CScanAgentCache::PersistInstanceInCache- Persisted Instance CCM_ScanJobInstance ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): - - - - - -Locations requested for
ScanJobID={4CD06388-D509-46E4-8C00-75909EDD9EE8} (LocationRequestID={C2BB9710-C548-49D09DF8-5F9CFC5F3862}), will process the scan request once locations are available.
ScanAgent
1/20/2014 12:18:09 PM
Location Services creates a Location Request and sends it to the Management Point. The
package ID for a WSUS Server location request is the Update Source Unique ID.
LocationServices.log:
CCCMWSUSLocation::GetLocationsAsyncExLocationServices
1/20/2014 12:18:09 PM
Attempting to persist WSUS location request for ContentID='{C2D17964-BBDD-4339-B9F312D7205B39CC}' and ContentVersion='38'
LocationServices
1/20/2014 12:18:09 PM
Persisted WSUS location request
LocationServices
1/20/2014 12:18:09 PM
1596 (0x063C)
Attempting to send WSUS Location Request for ContentID='{C2D17964-BBDD-4339-B9F312D7205B39CC}'
LocationServices
1/20/2014 12:18:09 PM
WSUSLocationRequest : <WSUSLocationRequest SchemaVersion="1.00"><Content ID="{C2D17964BBDD-4339-B9F3-12D7205B39CC}" Version="38"/><AssignedSite SiteCode="PS1"/><ClientLocationInfo
OnInternet="0"><ADSite Name="CM12-R2-PS1"/><Forest Name="AWESOME.COM"/><Domain
Name="AWESOME.COM"/><IPAddresses><IPAddress SubnetAddress="192.168.2.0"
Address="192.168.2.62"/></IPAddresses></ClientLocationInfo></WSUSLocationRequest>
LocationServices
1/20/2014 12:18:09 PM
Created and Sent Location Request '{C2BB9710-C548-49D0-9DF8-5F9CFC5F3862}' for package
{C2D17964-BBDD-4339-B9F3-12D7205B39CC} LocationServices
1/20/2014 12:18:09 PM
CcmMessaging.log:
Sending async message '{76453CC6-76BA-4B68-BE30-BA70754570BB}' to outgoing queue 'mp:
[http]mp_locationmanager' CcmMessaging
1/20/2014 12:18:09 PM
1596 (0x063C)
Sending outgoing message '{76453CC6-76BA-4B68-BE30-BA70754570BB}'. Flags 0x200, sender account
empty CcmMessaging
1/20/2014 12:18:09 PM
2520 (0x09D8)
MP parses the request, gets the WSUS Location from the database and sends a
response back
MP Parses this request and calls MP_GetWSUSServerLocations stored procedure to get the WSUS
Locations from the database:
MP_Location.log:
MP LM: Message Body : <WSUSLocationRequest SchemaVersion="1.00"><Content ID="{C2D17964BBDD-4339-B9F3-12D7205B39CC}" Version="38"/><AssignedSite SiteCode="PS1"/><ClientLocationInfo
OnInternet="0"><ADSite Name="CM12-R2-PS1"/><Forest Name="AWESOME.COM"/><Domain
Name="AWESOME.COM"/><IPAddresses><IPAddress SubnetAddress="192.168.2.0"
Address="192.168.2.62"/></IPAddresses></ClientLocationInfo></WSUSLocationRequest>
MP_LocationManager 1/20/2014 12:18:09 PM
548 (0x0224)
MP LM: calling MP_GetWSUSServerLocations
MP_LocationManager 1/20/2014 12:18:09 PM
548
(0x0224)
SQL Profiler:
exec MP_GetMPSitesFromAssignedSite N'PS1'
exec MP_GetSiteInfoUnified N'<ClientLocationInfo OnInternet="0"><ADSite Name="CM12-R2PS1"/><Forest Name="AWESOME.COM"/><Domain Name="AWESOME.COM"/><IPAddresses><IPAddress
SubnetAddress="192.168.2.0" Address="192.168.2.62"/></IPAddresses></ClientLocationInfo>'
exec MP_GetWSUSServerLocations N'{C2D17964-BBDD-4339-B9F312D7205B39CC}',N'38',N'PS1',N'PS1',N'0',N'AWESOME.COM'
After getting the results from the stored procedure, the MP sends a response back to the client:
MP_Location.log:
MP LM: Reply message body:
<WSUSLocationReply SchemaVersion="1.00"><Sites><Site><MPSite
SiteCode="PS1"/><LocationRecords><LocationRecord WSUSURL="http://PS1SITE.AWESOME.COM:8530"
ServerName="PS1SITE.AWESOME.COM" Version="38"/><LocationRecord
WSUSURL="https://PS1SYS.AWESOME.COM:8531" ServerName="PS1SYS.AWESOME.COM"
Version="38"/></LocationRecords></Site></Sites></WSUSLocationReply> MP_LocationManager
1/20/2014 12:18:09 PM
CCM Messaging receives the response, and gives it back to Location Services
CcmMessaging.log on the client shows that a reply was received. This message was delivered to
Location Services.
CcmMessaging.log:
Message '{76453CC6-76BA-4B68-BE30-BA70754570BB}' got reply '{8E6D05EF-B77F-4AD0-AF641C6F3069A29C}' to local endpoint queue 'LS_ReplyLocations'
CcmMessaging
1/20/2014 12:18:09
PM
2520 (0x09D8)
OutgoingMessage(Queue='mp_[http]mp_locationmanager', ID={76453CC6-76BA-4B68-BE30BA70754570BB}): Delivered successfully to host 'PS1SYS.AWESOME.COM'.
CcmMessaging
1/20/2014 12:18:09 PM
2520 (0x09D8)
Message '{8E6D05EF-B77F-4AD0-AF64-1C6F3069A29C}' delivered to endpoint 'LS_ReplyLocations'
CcmMessaging
1/20/2014 12:18:09 PM
3680 (0x0E60)
Location Services parses the responds and gives the location back to Scan Agent
LocationServices.log:
Processing Location reply message LocationServices
1/20/2014 12:18:09 PM
WSUSLocationReply : <WSUSLocationReply SchemaVersion="1.00"><Sites><Site><MPSite
SiteCode="PS1"/><LocationRecords><LocationRecord WSUSURL="http://PS1SITE.AWESOME.COM:8530"
ServerName="PS1SITE.AWESOME.COM" Version="38"/><LocationRecord
WSUSURL="https://PS1SYS.AWESOME.COM:8531" ServerName="PS1SYS.AWESOME.COM"
Version="38"/></LocationRecords></Site></Sites></WSUSLocationReply> LocationServices
1/20/2014 12:18:09 PM
Calling back with the following WSUS locations
LocationServices
1/20/2014 12:18:09 PM
3680
(0x0E60)
WSUS Path='http://PS1SITE.AWESOME.COM:8530', Server='PS1SITE.AWESOME.COM', Version='38'
LocationServices
1/20/2014 12:18:09 PM
WSUS Path='https://PS1SYS.AWESOME.COM:8531', Server='PS1SYS.AWESOME.COM', Version='38'
LocationServices
1/20/2014 12:18:09 PM
Calling back with locations for WSUS request {C2BB9710-C548-49D0-9DF8-5F9CFC5F3862}
LocationServices
1/20/2014 12:18:09 PM
Scan Agent now has the Policy and the Update Source location with the appropriate Content
Version. Scan Agent notifies WUAHandler to add the update source. WUAHandler adds the
update source to the registry, and initiates a group policy refresh (if the client is in domain) to
see if the group policy overrides the Update Server that we just added.
ScanAgent.log:
*****WSUSLocationUpdate received for location request guid={C2BB9710-C548-49D0-9DF85F9CFC5F3862}
ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::OnLocationUpdate- Received
Location=http://PS1SITE.AWESOME.COM:8530, Version=38
ScanAgent
1/20/2014 12:18:09 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Execute- Adding
UpdateSource={C2D17964-BBDD-4339-B9F3-12D7205B39CC}, ContentType=2,
ContentLocation=http://PS1SITE.AWESOME.COM:8530, ContentVersion=38
ScanAgent
1/20/2014
12:18:09 PM
WUAhandler.log on a New Client showing new Update Source being added:
Its a WSUS Update Source type ({C2D17964-BBDD-4339-B9F3-12D7205B39CC}), adding it. WUAHandler
1/20/2014 12:18:09 PM
Its a completely new WSUS Update Source.
WUAHandler 1/20/2014 12:18:09 PM
1800
(0x0708)
Enabling WUA Managed server policy to use server: http://PS1SITE.AWESOME.COM:8530
WUAHandler
1/20/2014 12:18:09 PM
Policy refresh forced. WUAHandler 1/20/2014 12:18:09 PM
Waiting for 2 mins for Group Policy to notify of WUA policy change...
WUAHandler 1/20/2014 12:18:09
PM
Waiting for 30 secs for policy to take effect on WU Agent. WUAHandler 1/20/2014 12:18:11 PM
Added Update Source ({C2D17964-BBDD-4339-B9F3-12D7205B39CC}) of content type: 2
WUAHandler
1/20/2014 12:18:41 PM
WindowsUpdate.log:
2014-01-20 12:18:11:520 968 9d0
Agent * WSUS server: http://PS1SITE.AWESOME.COM:8530
(Changed)
2014-01-20 12:18:11:520 968 9d0
Agent * WSUS status server:
http://PS1SITE.AWESOME.COM:8530 (Changed)
2014-01-20 12:18:11:520 968 9d0
AU
Sus server changed through policy.
WUAHandler.log on existing client showing content version getting incremented:
Its a WSUS Update Source type ({C2D17964-BBDD-4339-B9F3-12D7205B39CC}), adding it. WUAHandler
WSUS update source already exists, it has increased version to 38.
WUAHandler
After the update sources is successfully added, Scan Agent raises a State Message and initiates
the scan.
ScanAgent.log:
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): Raised UpdateSource ({C2D17964-BBDD-4339B9F3-12D7205B39CC}) state message successfully. StateId = 2 ScanAgent
1/20/2014 12:18:42 PM
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Execute - successfully requested Scan,
ScanType=1 ScanAgent
1/20/2014 12:18:42 PM
After the Update Source policy and the Update Source location is available, Scan Agent initiates
the scan. Software Update Scan is actually performed by the Windows Update Agent.
Configuration Manager Client however interacts with the Windows Update Agent to perform a
scan and get the scan results back. This interaction is handled by the Windows Update Agent
Handler (WUAHandler) component which communicates with the Windows Update Agent.
Summary:
Scan Agent requests the scan, and WUAHandler initiates the scan
Windows Update Agent (WUA) starts the scan against WSUS Server (SUP)
WUAHandler receives results back from Windows Update Agent
WUAHandler parses the scan results
Update Store records the status and raises a State Message for each update in WMI
State Messages are sent to the Management Point
Details:
Scan Agent requests the scan, and WUAHandler initiates the scan
Scan Agent requests the Scan from WUAHandler, which uses the Windows Update Agent API to
request a Software Update Scan from the Windows Update Agent.
ScanAgent.log:
ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Execute - successfully requested Scan,
ScanType=1 ScanAgent
1/20/2014 12:18:42 PM
WUAHandler.log:
Scan results will include superseded updates only when they are superseded by service packs and
definition updates. WUAHandler 1/20/2014 12:18:42 PM
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND
Type='Driver')WUAHandler 1/20/2014 12:18:42 PM
Running single-call scan of updates.
WUAHandler 1/20/2014 12:18:42 PM
Async searching of updates using WUAgent started.
WUAHandler 1/20/2014 12:18:42 PM
Windows Update Agent (WUA) starts the scan against WSUS Server (SUP)
Windows Update Agent starts a Scan after receiving a request from Configuration Manager Client
(CcmExec). As the Windows Update Server was already set to the Software Update Point server,
this scan will be performed against the WSUS Server with SUP Role installed.
WindowsUpdate.log:
2014-01-20 12:18:42:694 3856 708
COMAPI
-- START -- COMAPI: Search [ClientId = CcmExec]
2014-01-20 12:18:42:752 3856 708
COMAPI
<<-- SUBMITTED -- COMAPI: Search [ClientId =
CcmExec]
2014-01-20 12:18:47:511 968 f58
PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4BB43877BCB1B7}, Server URL = http://PS1SITE.AWESOME.COM:8530/ClientWebService/client.asmx
2014-01-20 12:18:48:662 968 f58
Agent ** START ** Agent: Finding updates [CallerId =
CcmExec]
2014-01-20 12:18:48:662 968 f58
Agent * Include potentially superseded updates
2014-01-20 12:18:48:662 968 f58
Agent * Online = Yes; Ignore download priority = Yes
2014-01-20 12:18:48:662 968 f58
Agent * Criteria = "(DeploymentAction=* AND
Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2014-01-20 12:18:48:662 968 f58
Agent * ServiceID = {3DA21691-E39D-4DA6-8A4BB43877BCB1B7} Managed
2014-01-20 12:18:48:662 968 f58
Agent * Search Scope = {Machine}
Windows Update Agent now scans against the WSUS server and reports the results back to
CcmExec (specifically WUAHandler).
WindowsUpdate.log:
2014-01-20 12:18:49:175 968 f58
PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4BB43877BCB1B7}, Server URL = http://PS1SITE.AWESOME.COM:8530/ClientWebService/client.asmx
2014-01-20 12:18:52:680 968 f58
Agent * Added update {4AE85C00-0EAA-4BE0-B81BDBD7053D5FAE}.104 to search result
.
.
2014-01-20 12:18:52:683 968 f58
Agent * Added update {57260DFE-227C-45E3-9FFC2FC77A67F95A}.104 to search result
2014-01-20 12:18:52:694 968 f58
Agent * Found 163 updates and 70 categories in search;
evaluated appl. rules of 622 out of 1150 deployed entities
2014-01-20 12:18:52:745 968 f58
Agent ** END ** Agent: Finding updates [CallerId = CcmExec]
2014-01-20 12:18:52:755 3856 708
COMAPI
>>-- RESUMED -- COMAPI: Search [ClientId =
CcmExec]
2014-01-20 12:18:53:137 3856 708
COMAPI
- Updates found = 163
2014-01-20 12:18:53:137 3856 708
COMAPI
-- END -- COMAPI: Search [ClientId = CcmExec]
WUAHandler receives results back from Windows Update Agent and marks Scan as
Completed.
WUAHandler.log:
Async searching completed. WUAHandler 1/20/2014 12:18:53 PM
3548 (0x0DDC)
Finished searching for everything in single call.
WUAHandler 1/20/2014 12:18:53 PM
(0x0708)
1800
WUAHandler then parses the results, which includes the applicability state for each update. As
part of this process, superseded updates are pruned out.
WUAHandler.log:
Pruning: update id (70f4f236-0248-4e84-b472-292913576fa1) is superseded by (726b7201-862a-4fde9b12-f36b38323a6f). WUAHandler 1/20/2014 12:18:53 PM
1800 (0x0708)
.
.
Update (Installed): Security Update for Windows 7 for x64-based Systems (KB2584146) (4ae85c00-0eaa4be0-b81b-dbd7053d5fae, 104)
WUAHandler 1/20/2014 12:18:53 PM
1800 (0x0708)
Update (Missing): Security Update for Windows 7 for x64-based Systems (KB2862152) (505fda07-b4f345fb-83d9-8642554e2773, 200)
WUAHandler 1/20/2014 12:18:53 PM
1800 (0x0708)
.
.
Successfully completed scan.
WUAHandler 1/20/2014 12:18:54 PM
1800 (0x0708)
Update Store records the status and raises a State Message for each update in
WMI
Once the scan results are available, these results are stored in the Updates Store. Update Store
records the current state of each update and creates a State Message for each update. These
State Messages are forwarded to the Site Server in bulk at the end of Status Message Reporting
cycle (Set to 15 minutes by default).
UpdateStore.log showing state for Missing Update (KB2862152) being recorded and a State
Message being raised:
Processing update status from update (505fda07-b4f3-45fb-83d9-8642554e2773) with ProductID =
0fa1201d-4330-4fa8-8ae9-b877473b6441 UpdatesStore 1/20/2014 12:18:55 PM
1800 (0x0708)
Update status from update (505fda07-b4f3-45fb-83d9-8642554e2773) hasn't been reported before,
creating new instance.
UpdatesStore 1/20/2014 12:18:55 PM
1800 (0x0708)
Successfully raised state message for update (505fda07-b4f3-45fb-83d9-8642554e2773) with state
(Missing).
UpdatesStore 1/20/2014 12:18:55 PM
1800 (0x0708)
Successfully added WMI instance of update status (505fda07-b4f3-45fb-83d9-8642554e2773).
UpdatesStore 1/20/2014 12:18:55 PM
1800 (0x0708)
StateMessage.log showing state messaged being recorded with State ID 2 (Missing):
Adding message with TopicType 500 and TopicId 505fda07-b4f3-45fb-83d9-8642554e2773 to WMI
StateMessage 1/20/2014 12:18:55 PM
1800 (0x0708)
State message(State ID : 2) with TopicType 500 and TopicId 505fda07-b4f3-45fb-83d9-8642554e2773 has
been recorded for SYSTEM StateMessage 1/20/2014 12:18:55 PM
1800 (0x0708)
For each update, an instance of CCM_UpdateStatus class is created/updated which stores the
current Status of the update. CCM_UpdateStatus class is located within the
ROOT\CCM\SoftwareUpdates\UpdatesStore namespace.
Similarly, an instance of CCM_StateMsg class is created/updated which stores the current State of
the update. CCM_StateMsg class is located within the ROOT\CCM\StateMsg namespace.
As mentioned above, state Messages are sent to the MP based on the State Message reporting
cycle schedule, which is configured to 15 minutes by default. Once a state message is sent to the
MP, the MessageSent property for the State Message instance in CCM_StateMsg class is set to
True.
StateMessage.log:
StateMessage body: <XML Report Body Truncated>
StateMessage
Successfully forwarded State Messages to the MP StateMessage 1/20/2014 12:32:01 PM
Heres how the State Message Body looks like for our update above. Note that normally this XML
body would be too large for the log, and will get truncated in CMTrace, but you can see it in
Notepad.
StateMessage.log:
StateMessage body: <?xml version="1.0" encoding="UTF-16"?>
<Report><ReportHeader><Identification><Machine><ClientInstalled>1</ClientInstalled><ClientType>
1</ClientType><ClientID>GUID:A1006D0E-CF56-41D1-A0066330EFC39381</ClientID><ClientVersion>5.00.7958.1000</ClientVersion><NetBIOSName>PS1WIN7X64
</NetBIOSName><CodePage>437</CodePage><SystemDefaultLCID>1033</SystemDefaultLCID><Priori
ty>5</Priority></Machine></Identification><ReportDetails><ReportContent>State Message
Data</ReportContent><ReportType>Full</ReportType><Date>20140120194656.903000+000</Date><
Version>1.0</Version><Format>1.0</Format></ReportDetails></ReportHeader><ReportBody><State
Message MessageTime="20140120171855.573000+000" SerialNumber="232"><Topic ID="505fda07b4f3-45fb-83d9-8642554e2773" Type="500" IDType="3" User="" UserSID=""/><State ID="2"
Criticality="0"/><UserParameters Flags="0"
Count="1"><Param>200</Param></UserParameters></StateMessage></ReportBody></Report>
StateMessage 1/20/2014 2:46:56 PM
3508
We now know how a State Message is recorded and the WMI Location where these State
Messages are stored. We also know that unsent State Messages on a client are sent to the MP
every 15 minutes by default, as per the State Message Reporting Cycle. This schedule can be
modified in the Custom or Default Client Settings > State Messaging section.
Once StateMessage.log reports that it Successfully forwarded State Messages to the MP, State
Message component is not actually sending these messages itself. All messages sent and
received from the MP are handled by the CCM Messaging component on the Client. CCM
Messaging is the actual component which communicates with the MP for sending/receiving data.
Management Point has various queues defined to handle different kinds of incoming traffic. For
State Messages, the queue that handles this traffic is the MP_RelayEndpoint queue.
Summary:
Details:
StateMessage.log:
StateMessage body: <?xml version="1.0" encoding="UTF-16"?>
<Report><ReportHeader><Identification><Machine><ClientInstalled>1</ClientInstalled><ClientType>
1</ClientType><ClientID>GUID:A1006D0E-CF56-41D1-A0066330EFC39381</ClientID><ClientVersion>5.00.7958.1000</ClientVersion><NetBIOSName>PS1WIN7X64
</NetBIOSName><CodePage>437</CodePage><SystemDefaultLCID>1033</SystemDefaultLCID><Priori
ty>5</Priority></Machine></Identification><ReportDetails><ReportContent>State Message
Data</ReportContent><ReportType>Full</ReportType><Date>20140120194656.903000+000</Date><
Version>1.0</Version><Format>1.0</Format></ReportDetails></ReportHeader><ReportBody><State
Message MessageTime="20140120171855.573000+000" SerialNumber="232"><Topic ID="505fda07b4f3-45fb-83d9-8642554e2773" Type="500" IDType="3" User="" UserSID=""/><State ID="2"
Criticality="0"/><UserParameters Flags="0"
Count="1"><Param>200</Param></UserParameters></StateMessage></ReportBody></Report>
StateMessage 1/20/2014 2:46:56 PM
Successfully forwarded State Messages to the MP StateMessage 1/20/2014 2:46:56 PM
3508
(0x0DB4)
CCM Messaging sends a message containing the State Message XML Body to the
MP
CCM Messaging sends a message to the MP_RelayEndpoint queue successfully. This message did
not have a reply, unlike the one we noticed earlier in the WSUS Location Request section where
the message with the Location Request got a Reply back.
CcmMessaging.log:
Sending async message '{95F79010-D0EB-49A6-8A1E-3897883105F2}' to outgoing queue
'mp:mp_relayendpoint'
CcmMessaging
1/20/2014 2:46:56 PM
3508 (0x0DB4)
Sending outgoing message '{95F79010-D0EB-49A6-8A1E-3897883105F2}'. Flags 0x200, sender account
empty CcmMessaging
1/20/2014 2:46:57 PM
3004 (0x0BBC)
POST: Host=PS1SYS.AWESOME.COM, Path=/ccm_system/request, Port=443, Protocol=https, Flags=512,
Options=480 CcmMessaging
1/20/2014 2:46:57 PM
3004 (0x0BBC)
Message '{95F79010-D0EB-49A6-8A1E-3897883105F2}' doesn't have reply
CcmMessaging
1/20/2014 2:46:57 PM
3004 (0x0BBC)
OutgoingMessage(Queue='mp_mp_relayendpoint', ID={95F79010-D0EB-49A6-8A1E-3897883105F2}):
Delivered successfully to host 'PS1SYS.AWESOME.COM'. CcmMessaging
1/20/2014 2:46:57 PM
3004 (0x0BBC)
Message is received on the MP and MP_Relay processes the message and creates a
SMX file
As all messages are sent using HTTP/HTTPS, the message is received by IIS. In this instance, this
request is made to the CCM_System virtual directory.
IIS Log:
192.168.2.12 CCM_POST /ccm_system/request - 443 - 192.168.2.62 ccmhttp - 200 0 0 542 31
Once the message is received on the MP successfully, MP_Relay component processes this
message, converts the message into SMX file, and moves the SMX file to appropriate location
depending on whether the MP is co-located on the site server or not.
On Remote MP: \SMS\mp\outboxes\StateMsg.box.
MP co-located on Site Server: \inboxes\auth\StateSys.box\incoming
MP_Relay.log on MP co-located on Site Server:
Mp Message Handler: start message processing for Relay. ----------------------MP_RelayEndpoint
Mp Message Handler: FileType=SMX
MP_RelayEndpoint
Message Body : <XML Body Truncated> MP_RelayEndpoint
Relay: Outbox dir: E:\ConfigMgr\inboxes\auth\statesys.box\incoming
MP_RelayEndpoint
Priority in the message = 5 MP_RelayEndpoint
State Priority Directory = E:\ConfigMgr\inboxes\auth\statesys.box\incoming
MP_RelayEndpoint
Inv-Relay: Task completed successfully
MP_RelayEndpoint
In our example, the MP is remote to the Site Server so the MP_Relay component moves the file to
\SMS\Outboxes\StateMsg.box directory. Also note that the XML body looks identical to what was
logged in StateMessage.log on the Client.
MP_Relay.log on Remote MP:
Mp Message Handler: start message processing for Relay. ----------------------MP_RelayEndpoint
1/20/2014 2:46:57 PM
Mp Message Handler: FileType=SMX
MP_RelayEndpoint
1/20/2014 2:46:57 PM
Message Body :
<?xml version="1.0" encoding="UTF-16"?>
<Report><ReportHeader><Identification><Machine><ClientInstalled>1</ClientInstalled><ClientType>
1</ClientType><ClientID>GUID:A1006D0E-CF56-41D1-A0066330EFC39381</ClientID><ClientVersion>5.00.7958.1000</ClientVersion><NetBIOSName>PS1WIN7X64
</NetBIOSName><CodePage>437</CodePage><SystemDefaultLCID>1033</SystemDefaultLCID><Priori
ty>5</Priority></Machine></Identification><ReportDetails><ReportContent>State Message
Data</ReportContent><ReportType>Full</ReportType><Date>20140120194656.903000+000</Date><
Version>1.0</Version><Format>1.0</Format></ReportDetails></ReportHeader><ReportBody><State
Message MessageTime="20140120171855.573000+000" SerialNumber="232"><Topic ID="505fda07b4f3-45fb-83d9-8642554e2773" Type="500" IDType="3" User="" UserSID=""/><State ID="2"
Criticality="0"/><UserParameters Flags="0"
Count="1"><Param>200</Param></UserParameters></StateMessage></ReportBody></Report>
MP_RelayEndpoint
1/20/2014 2:46:57 PM
Inv-Relay Task: Processing message body MP_RelayEndpoint
1/20/2014 2:46:57 PM
Relay: Outbox dir: C:\SMS\mp\outboxes\StateMsg.box
MP_RelayEndpoint
1/20/2014 2:46:57 PM
Priority in the message = 5 MP_RelayEndpoint
1/20/2014 2:46:57 PM
State Priority Directory = C:\SMS\mp\outboxes\StateMsg.box
MP_RelayEndpoint
1/20/2014 2:46:57
PM
Inv-Relay: Task completed successfully
MP_RelayEndpoint
1/20/2014 2:46:57 PM
MP File Dispatch Manager sends the SMX file to the Site Server (Only when MP is
not co-located on Site Server)
When the MP is remote to the Site Server, after the file arrives in the outboxes\StateMsg.box, MP
File Dispatch Manager (MPFDM) is responsible for moving these files to the inboxes\StateMsg.box
on the Site Server. When the MP is co-located on the Site Server, these files are directly moved to
the appropriate inbox directory, so MPFDM is not involved.
MPFDM.log on a Remote MP:
Moved file C:\SMS\MP\OUTBOXES\statemsg.box\TAZGYTSJ.SMX to
\\PS1SITE.AWESOME.COM\SMS_PS1\inboxes\auth\statesys.box\incoming\TAZGYTSJ.SMX
SMS_MP_FILE_DISPATCH_MANAGER 1/20/2014 4:17:07 PM
In order for MPFDM to move the files to the appropriate inbox, Remote MP needs to be able to
access the Registry of the Site Server to determine the Inbox Source Locations. For this to work,
Remote Registry service needs to be running, and Registry Access should not be blocked via
Group Policy. MPFDM determines the Inbox locations by accessing the following key on the Site
Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source
StateSys component on Site Server processes the State Message to the Database
After the file arrives in \inboxes\auth\StateSys.box on the Site Server, State System Manager
(StateSys) component wakes up and processes the SMX file(s).
StateSys.log with Verbose Logging:
Inbox notification triggered, pause for 10 seconds....
SMS_STATE_SYSTEM
Found new state messages to process, starting processing thread
SMS_STATE_SYSTEM
Thread "State Message Processing Thread #0" id:4316 started
SMS_STATE_SYSTEM
total chucks loaded (1)
SMS_STATE_SYSTEM
CMessageProcessor - Processing file: YCE2H3VD.SMX
SMS_STATE_SYSTEM
CMessageProcessor - Processed 1 records with 0 invalid records. SMS_STATE_SYSTEM
CMessageProcessor - Processed 1 message files in this batch, with 0 bad files. SMS_STATE_SYSTEM
total chucks loaded (0)
SMS_STATE_SYSTEM
Thread "State Message Processing Thread #0" id:4316 terminated normally
SMS_STATE_SYSTEM
StateSys.log without Verbose Logging:
Found new state messages to process, starting processing thread
4:47:19 PM
3068 (0x0BFC)
SMS_STATE_SYSTEM 1/20/2014
Thread "State Message Processing Thread #0" id:1988 started SMS_STATE_SYSTEM 1/20/2014 4:47:19
PM
1988 (0x07C4)
total chucks loaded (1)
SMS_STATE_SYSTEM 1/20/2014 4:47:19 PM
1988 (0x07C4)
total chucks loaded (0)
SMS_STATE_SYSTEM 1/20/2014 4:47:19 PM
1988 (0x07C4)
Thread "State Message Processing Thread #0" id:1988 terminated normally
SMS_STATE_SYSTEM
1/20/2014 4:47:19 PM
1988 (0x07C4)
NOTE that the StateSys.log doesnt log the file name unless Verbose Logging is enabled for State
System Manager. For steps on Enabling Verbose Logging for State System Manager, see
Procedure C.
The SMX file that is moved to the StateSys.box contains the Message Body XML. When StateSys
processes this file, it calls spProcessStateReport Stored Procedure, and passes on this XML body
to the stored procedure as a parameter.
SQL Profiler:
exec dbo.spProcessStateReport N'<?xml version="1.0" encoding="UTF-16"?>
<Report><ReportHeader><Identification><Machine><ClientInstalled>1</ClientInstalled><ClientType>
1</ClientType><ClientID>GUID:A1006D0E-CF56-41D1-A0066330EFC39381</ClientID><ClientVersion>5.00.7958.1000</ClientVersion><NetBIOSName>PS1WIN7X64
</NetBIOSName><CodePage>437</CodePage><SystemDefaultLCID>1033</SystemDefaultLCID><Priori
ty>5</Priority></Machine></Identification><ReportDetails><ReportContent>State Message
Data</ReportContent><ReportType>Full</ReportType><Date>20140120220131.071000+000</Date><
Version>1.0</Version><Format>1.0</Format></ReportDetails></ReportHeader><ReportBody><State
Message MessageTime="20140120171855.573000+000" SerialNumber="239"><Topic ID="505fda07b4f3-45fb-83d9-8642554e2773" Type="500" IDType="3" User="" UserSID=""/><State ID="2"
Criticality="0"/><UserParameters Flags="0"
Count="1"><Param>200</Param></UserParameters></StateMessage></ReportBody></Report>'
spProcessStateReport is a CLR Stored Procedure, and the CLR definition has the logic to
determine the type of State Message is being processed, and depending on the type of the State
Message it processes the State Message appropriately and inserts the data in the database.
TIP:
Friendly Names of all State Message Topic Types and IDs can be found by querying
SR_StateNames table:
SELECT * FROM SR_StateNames
Before Software Update Compliance data can be presented in the console or reports, the
Software Update compliance data needs to be summarized because console and reports usually
display only summarized data. State System component on the Site Server performs the
software update summarization along with performing summarization for other components
which include Applications, DCM Deployments, Client Health, etc. Information about all the
summarization tasks that State System performs can be found by querying vSR_SummaryTasks
view in the Configuration Manager database. State System runs these tasks on configured
schedule and logs detail about the task.
StateSys.log:
For most of these tasks, the status logged by StateSys.log is not an error code, but instead the
count of the number of rows returned by the appropriate SQL stored procedure which performs
the summarization.
Summarization tasks specified to Software Updates are:
SUM Assignment Compliance Evaluator Runs every 1 hour by default
Summarizes state messages for all Software Update Group Assignments (Deployments). This
task can be initiated manually for a specific deployment by going to Configuration Manager
Console > Monitoring pane > Deployments > Right click on the Deployment and select Run
Summarization
SUM Update Group Status Summarizer Runs every 1 hour by default
Summarizes status of Update Groups. This task can be initiated manually for a specific Update
Group by navigating to Configuration Manager Console > Software Library pane > Software
Updates > Software Update Groups > Right click on the Update Group and select Run
Summarization. You can also change the schedule of this task by right clicking on Software
Update Groups or selecting Schedule Summarization in the ribbon area.
SUM Update Status Summarizer - Runs every 1 hour by default
Summarizes status of updates for all clients. This task can be initiated manually by navigating to
Configuration Manager Console > Software Library pane > Software Updates node, and selecting
Run Summarization. You can also change the default schedule by selecting Schedule
Summarization.
SUM Migrate Update Status Runs every 24 hours by default
Migrates update status internally within the database. This task cannot be initiated manually
from the Console.
SUM Delete Aged Status Runs every 24 hours by default
Deletes aged status from Software Update specific tables in the database. This task cannot be
initiated manually from the console.
Starting with Configuration Manager 2012 SP1, a site can have multiple Software Update Points
which provides fault tolerance for situations when the Software Update Point stops working. The
process of Software Update Points Failover and Switching is described in detail here:
http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update-points-incm2012sp1.aspx
http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUPSwitching
DEPLOYMENT
When you create a Software Update Group in the Configuration Manager console, an instance of
the SMS_AuthorizationList class is created. This instance contains information about the Software
Update Group, and has relationships with the Software Updates that are in the Software Update
Group.
SMSProv.log:
CSspClassManager::PreCallAction, dbname=CM_PS1
SMS Provider 1/23/2014 1:19:36 PM
1060
(0x0424)
PutInstanceAsync SMS_AuthorizationList SMS Provider 1/23/2014 1:19:36 PM
1060 (0x0424)
CExtProviderClassObject::DoPutInstanceInstance SMS Provider 1/23/2014 1:19:36 PM
1060
(0x0424)
Updating SDM content definition. SMS Provider 1/23/2014 1:19:36 PM
1060 (0x0424)
Try to sync permission table : Declare @Ids RBAC_Object_Type;insert into @Ids (ObjectKey, ObjectTypeID)
values (N'ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC480749AB8D90A',34);exec spRBAC_SyncPermissions @ObjectIds=@Ids,@RoleIDs=N'',@AdminIDs=N''
SMS Provider 1/23/2014 1:19:41 PM
1060 (0x0424)
Successfully synced permission table
SMS Provider 1/23/2014 1:19:41 PM
1060 (0x0424)
Auditing: User AWESOME\Admin created an instance of class SMS_AuthorizationList. SMS Provider
1/23/2014 1:19:42 PM
1060 (0x0424)
As part of the Software Update Group creation, SMSProv inserts data in appropriate CI_ tables,
which include:
CI_ConfigurationItems
CI_ConfigurationItemRelations
CI_ConfigurationItemRElations_Flat
CI_DocumentStore
CI_CIDocuments
CI_LocalizedProperties
SMSDBMON monitors when data is inserted into these tables, and drops CI Notification (CIN) files
in objmgr.box.
SMSDBMon:
RCV: INSERT on CI_ConfigurationItems for CINotify_iud [16777264 ][60216]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908 (0x0F44)
RCV: UPDATE on CI_ConfigurationItems for CINotify_iud [16777264 ][60217]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908 (0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60218] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60219] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60220] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60221] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60222] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud
[16777264 ][60223] SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908
(0x0F44)
RCV: UPDATE on CI_ConfigurationItems for CINotify_iud [16777264 ][60224]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 1:19:47 PM
3908 (0x0F44)
Object Replication Manager wakes up when files are dropped in the objmgr.box and processes
the Software Update Group.
ObjReplMgr.log:
File notification triggered.
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:47 PM
3380
(0x0D34)
+++Begin processing changed CIN objects
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014
1:19:52 PM
3380 (0x0D34)
***** Processing AuthorizationList ScopeId_FC8FCC38-4BB1-4245-92F59CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A *****
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380 (0x0D34)
Deleting notification file E:\ConfigMgr\inboxes\objmgr.box\16777264.CIN
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380 (0x0D34)
+++Begin collecting targeting information for Affected CIs
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380 (0x0D34)
+++Completed collecting targeting information for Affected CIs SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380 (0x0D34)
Affected CIs (1): 16777264 SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380
(0x0D34)
CI 16777264 is NOT Targeted
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:53 PM
3380 (0x0D34)
Successfully processed AuthorizationList ScopeId_FC8FCC38-4BB1-4245-92F59CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:54 PM
3380 (0x0D34)
Set last row version for Configuration Item to 0x0000000000296047
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 1:19:54 PM
3380 (0x0D34)
The changes to the CI_* tables are then replicated to the child sites via Database Replication
allowing the Software Update group to show up on the child site(s).
Software Update Groups are Configuration Items themselves and CI Type ID for Software Update
Groups is 9. You can view the Software Update Groups by running the following SQL Query:
SELECT * FROM vSMS_ConfigurationItems WHERE CIType_ID = 9
To see the Relationships from a Software Update Group CI to the Software Update CIs, you can
run the following SQL query:
SELECT CIR.* FROM CI_ConfigurationItemRelations CIR
JOIN CI_ConfigurationItems CI ON CIR.FromCI_ID = CI.CI_ID
WHERE CI.CIType_ID = 9
SMS Provider
Updates are then downloaded to the specified Packages Source directory by the Software
Updates Patch Downloader component.
PatchDownloader.log in %TEMP% directory:
Trying to connect to the root\SMS namespace on the PS1SITE.AWESOME.COM machine.
Software
Updates Patch Downloader 1/23/2014 3:31:34 PM
1400 (0x0578)
Connected to \\PS1SITE.AWESOME.COM\root\SMS Software Updates Patch Downloader
1/23/2014
3:31:34 PM
1400 (0x0578)
Trying to connect to the \\PS1SITE.AWESOME.COM\root\sms\site_PS1 namespace on the
PS1SITE.AWESOME.COM machine. Software Updates Patch Downloader
1/23/2014 3:31:34 PM
1400 (0x0578)
Connected to \\PS1SITE.AWESOME.COM\root\sms\site_PS1
Software Updates Patch Downloader
1/23/2014 3:31:34 PM
1400 (0x0578)
Download destination = \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51baaeca7b7d7e1.1\windows6.1-kb2807986-x86.cab .
Software Updates Patch Downloader
1/23/2014 3:31:34 PM
1400 (0x0578)
Contentsource =
http://wsus.ds.download.windowsupdate.com/msdownload/update/software/secu/2013/02/windows6.1kb2807986-x86_83d5bb38d8c50d924f3dcd024b20fe33afbd9d14.cab . Software Updates Patch
Downloader 1/23/2014 3:31:34 PM
1400 (0x0578)
Downloading content for ContentID = 471, FileName = windows6.1-kb2807986-x86.cab.
Software
Updates Patch Downloader 1/23/2014 3:31:34 PM
1400 (0x0578)
Download
http://wsus.ds.download.windowsupdate.com/msdownload/update/software/secu/2013/02/windows6.1kb2807986-x86_83d5bb38d8c50d924f3dcd024b20fe33afbd9d14.cab to
C:\Users\Admin\AppData\Local\Temp\2\CABBA79.tmp returns 0 Software Updates Patch Downloader
1/23/2014 3:31:36 PM
5736 (0x1668)
Successfully moved C:\Users\Admin\AppData\Local\Temp\2\CABBA79.tmp to
\\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1\windows6.1-kb2807986x86.cab
Software Updates Patch Downloader
1/23/2014 3:31:36 PM
5736 (0x1668)
Renaming \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1 to
\\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1 Software Updates Patch
Downloader 1/23/2014 3:31:36 PM
1400 (0x0578)
Successfully moved \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1 to
\\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1 Software Updates Patch
Downloader 1/23/2014 3:31:36 PM
1400 (0x0578)
After the updates get downloaded, SMS Provider adds each update to the specified package.
SMSProv:
Requested class =SMS_SoftwareUpdatesPackage SMS Provider 1/23/2014 3:31:36 PM
4060
(0x0FDC)
Requested num keys =1
SMS Provider 1/23/2014 3:31:36 PM
4060 (0x0FDC)
CExtProviderClassObject::DoExecuteMethod AddUpdateContent
SMS Provider 1/23/2014 3:31:36
PM
4060 (0x0FDC)
*** SspPackageInst::AddUpdateContent ***
SMS Provider 1/23/2014 3:31:36 PM
4060
(0x0FDC)
CObjectLock::UserHasLock: ********** User AWESOME\Admin has lock for object
SMS_SoftwareUpdatesPackage.PackageID="PS100001" with LockID: DCE6F1B5-1EE8-47CB-85A73027E51119A7 ********** SMS Provider 1/23/2014 3:31:36 PM
4060 (0x0FDC)
CObjectLock::ReleaseLock: ********** User AWESOME\Admin has released lock for object
SMS_SoftwareUpdatesPackage.PackageID="PS100001" with LockID: DCE6F1B5-1EE8-47CB-85A73027E51119A7 ********** SMS Provider 1/23/2014 3:31:36 PM
4060 (0x0FDC)
After all the updates are added to the Package, SMS Provider updates the package:
SMSProv.log:
CExtUserContext::EnterThread : User=AWESOME\Admin
Sid=0x01050000000000051500000068830AA65AAB72A155BCE9324F040000 Caching
IWbemContextPtr=00000000036B7E50 in Process 0xc68 (3176) SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: SMSAppName=Configuration Manager Administrator console SMS Provider 1/23/2014 3:31:44
PM
1060 (0x0424)
Context: MachineName=PS1SITE.AWESOME.COM SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
Context: UserName=AWESOME\Admin
SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: ObjectLockContext=c00c315d-b15d-4b0e-9844-017205cc2443
SMS Provider 1/23/2014
3:31:44 PM
1060 (0x0424)
Context: ApplicationName=Microsoft.ConfigurationManagement.exe
SMS Provider 1/23/2014 3:31:44
PM
1060 (0x0424)
Context: ApplicationVersion=5.0.7958.1000
SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
Context: LocaleID=MS\0x409
SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: __ProviderArchitecture=32SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: __RequiredArchitecture=0 (Bool) SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: __ClientPreferredLanguages=en-US,en SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
Context: __GroupOperationId=755382
SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
Context: __WBEM_CLIENT_AUTHENTICATION_LEVEL=6
SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
CExtUserContext : Set ThreadLocaleID OK to: 1033
SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
CSspClassManager::PreCallAction, dbname=CM_PS1
SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
ExecMethodAsync : SMS_SoftwareUpdatesPackage.PackageID="PS100001"::RefreshPkgSource
SMS
Provider
1/23/2014 3:31:44 PM
1060 (0x0424)
Requested class =SMS_SoftwareUpdatesPackage SMS Provider 1/23/2014 3:31:44 PM
1060
(0x0424)
Requested num keys =1
SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
CExtProviderClassObject::DoExecuteMethod RefreshPkgSource
SMS Provider 1/23/2014 3:31:44
PM
1060 (0x0424)
Auditing: User AWESOME\Admin called an audited method of an instance of class
SMS_SoftwareUpdatesPackage.
SMS Provider 1/23/2014 3:31:44 PM
1060 (0x0424)
CExtUserContext::LeaveThread : Releasing IWbemContextPtr=57376336
SMS Provider 1/23/2014
3:31:44 PM
1060 (0x0424)
When the Update Group Assignment is created, SMS Provider inserts information about the
Assignment in the CI_Assignments table, which then triggers SMSDBMON which notifies Object
Replication Manager to process the Update Group Assignment by dropping a .CIA file in
objmgr.box.
SMSDBMON.log:
RCV: INSERT on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60916]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: INSERT on CrpChange_Notify for CrpChange_Notify_ins [14 ][60917]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60920]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60921]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60923]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60924]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60926]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60927]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\16777222.CIA [60916]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\14.CRP [60917]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:37 PM
3908 (0x0F44)
RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60929]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:47 PM
3908 (0x0F44)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16786995.PAC [60929]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:47 PM
3908 (0x0F44)
RCV: INSERT on PkgNotification for PkgNotify_Add [PS100001 ][60930]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:52 PM
3908 (0x0F44)
SND: Dropped E:\ConfigMgr\inboxes\distmgr.box\PS100001.PKN [60930]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:31:52 PM
3908 (0x0F44)
RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60931]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:32:02 PM
3908 (0x0F44)
RCV: UPDATE on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60932]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:32:02 PM
3908 (0x0F44)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16786995.PAC [60931]
SMS_DATABASE_NOTIFICATION_MONITOR 1/23/2014 3:32:02 PM
3908 (0x0F44)
After Object Replication Manager detects the CIA file in the objmgr.box, it processes the file and
creates the policy for the Software Update Assignment.
ObjMgr.log:
File notification triggered.
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 3:31:37 PM
3380
(0x0D34)
+++Begin processing changed CIA objects
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014
3:31:37 PM
3380 (0x0D34)
***** Processing Update Group Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745} *****
SMS_OBJECT_REPLICATION_MANAGER
1/23/2014 3:31:37 PM
3380 (0x0D34)
After getting notified by the Object Replication Manager, Policy Provider finally updates the policy
for the clients.
PolicyPv.log:
File notification triggered.
SMS_POLICY_PROVIDER
1/23/2014 3:31:37 PM
5568 (0x15C0)
Found 14.CRP SMS_POLICY_PROVIDER
1/23/2014 3:31:37 PM
1800 (0x0708)
Adding to delete list: E:\ConfigMgr\inboxes\policypv.box\policytargeteval\14.CRP
SMS_POLICY_PROVIDER
1/23/2014 3:31:37 PM
1800 (0x0708)
SMS_RULE_ENGINE
2/6/2014
Deployment creation
SMSDBMON.log:
RCV: INSERT on CI_CIAssignments for CIAssignmentNotify_iu [16777228 ][66190]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:01 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\16777228.CIA [66190]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:01 PM 3484 (0x0D9C)
ObjReplMgr.log:
+++Begin processing changed CIA objects
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014
3:09:13 PM
6868 (0x1AD4)
***** Processing Update Group Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d} *****
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Deleting notification file E:\ConfigMgr\inboxes\objmgr.box\16777228.CIA
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
CI Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d} has 1 Targeted CI(s)
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
PolicyID {2ba787b6-4ee9-4b33-b0ff-8663d181c84d} PolicyVersion 1.00 PolicyHash
SHA256:0C6D50CBFB36750CCA381B61E014A6C55D821001487C824F9112DAA1C64BAD32
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Notifying policy provider about changes in policy content/targeting
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Successfully created policy for CI Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d}
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Notifying policy provider about changes in policy content/targeting
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Successfully updated Policy Targeting for CI Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d}
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Found file trigger for E:\ConfigMgr\inboxes\objmgr.box\16777228.CIV
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868 (0x1AD4)
Assigned CIs: [ 16777275 ] SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868
(0x1AD4)
Begin processing Assigned CI: [16777275] SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM
6868 (0x1AD4)
Creating VersionInfo policy for CI 16777275
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014
3:09:13 PM
6868 (0x1AD4)
Creating VersionInfo policy ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_4d3480d5-de124864-b872-187479e2b381/VI
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:13 PM 6868
(0x1AD4)
16777275 Referenced CIs: [ 1395 1396 1397 1398 1399 1400 1401 3013 3014 3015 3016 3017 3018
3019 3020 3021 3959 3960 3961 4112 4113 4114 4115 4116 4117 4118 4502 4503 4504 4505 4506
4507 4508 4509 4510 4511 4512 4513 4514 ]
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014
3:09:13 PM
6868 (0x1AD4)
VersionInfo policy for CI 16777275 is Machine type
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:17 PM 6868 (0x1AD4)
PolicyID ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_4d3480d5-de12-4864-b872187479e2b381/VI PolicyVersion 1.00 PolicyHash
SHA256:01BECBBF2B3EE56BD5B0742A04404C1C895A4C87B6915D55078AB157FEBA1E0F
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:17 PM 6868 (0x1AD4)
Notifying policy provider about changes in policy content/targeting
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:17 PM 6868 (0x1AD4)
Updated dependent policy references to CIA {2ba787b6-4ee9-4b33-b0ff-8663d181c84d}
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:17 PM 6868 (0x1AD4)
STATMSG: ID=5800 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OBJECT_REPLICATION_MANAGER"
SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=6176 TID=6868 GMTDATE=Thu Feb 06 20:09:17.989 2014
ISTR0="ADR_Test" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9=""
NUMATTRS=1 AID0=414 AVAL0="{2ba787b6-4ee9-4b33-b0ff-8663d181c84d}"
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:17 PM 6868 (0x1AD4)
Successfully updated CRCs for CI Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d}
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:18 PM 6868 (0x1AD4)
Successfully processed Update Group Assignment {2ba787b6-4ee9-4b33-b0ff-8663d181c84d}
SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:18 PM 6868 (0x1AD4)
Set last row version for CI Assignment to 0x0000000000487EB6 SMS_OBJECT_REPLICATION_MANAGER
2/6/2014 3:09:18 PM 6868 (0x1AD4)
+++Completed processing changed CIA objects SMS_OBJECT_REPLICATION_MANAGER
2/6/2014
3:09:18 PM
6868 (0x1AD4)
Policy Creation
SMSDBMON.log:
RCV: INSERT on CrpChange_Notify for CrpChange_Notify_ins [15 ][66199]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:16 PM 3484 (0x0D9C)
RCV: INSERT on RBAC_ChangeNotification for Rbac_Sync_ChangeNotification [399 ][66200]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:16 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\15.CRP [66199]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:16 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\hman.box\399.RBC [66200]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:16 PM 3484 (0x0D9C)
RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16787957 ][66201]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:26 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16787957.PAC [66201]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:26 PM 3484 (0x0D9C)
RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16787957 ][66202]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:41 PM 3484 (0x0D9C)
RCV: UPDATE on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16787957 ][66203]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:41 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16787957.PAC [66202]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:41 PM 3484 (0x0D9C)
SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16787957.PAC [66203]
SMS_DATABASE_NOTIFICATION_MONITOR 2/6/2014 3:09:41 PM 3484 (0x0D9C)
PolicyPv.log
File notification triggered.
SMS_POLICY_PROVIDER
2/6/2014 3:09:26 PM 2308 (0x0904)
--Process Collection Changes
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
Building Collection Change List from Collection Change Notification files
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
--Process Collection Member Changes
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860
(0x16E4)
Building Collection Change List from Collection Member Notification files
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
--Handle PolicyAssignment Resigning
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860
(0x16E4)
Found the certificate that matches the SHA1 hash.
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM
5860 (0x16E4)
Completed batch with beginning PADBID = 16787957 ending PADBID = 16787958.
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
--Process Policy Changes
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
Found some Policy changes, returning New LastRowversion=0x0000000000487EB7
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
Processing Updated Policies SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
Building Collection Change List from New and Targeting Changed Policies
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
--Update Policy Targeting Map
SMS_POLICY_PROVIDER
2/6/2014 3:09:31 PM 5860 (0x16E4)
After the Deployment and the Deployment policy has been created on the server, client receives
the policy on the next policy evaluation cycle. Before reviewing the Deployment Evaluation
process, its important to find the Deployment Unique ID of the deployment by adding the
Deployment Unique ID column in the console. For the deployment were going to focus on in the
log excerpts below, the Deployment Unique ID is B040D195-8FA8-48D3-953F-17E878DAB23D.
PolicyEvaluator.log:
Initializing download of policy 'CCM_Policy_Policy5.PolicyID="{B040D195-8FA8-48D3-953F17E878DAB23D}",PolicySource="SMS:PR1",PolicyVersion="1.00"' from
'http://PR1SITE.AWESOME.COM/SMS_MP/.sms_pol?{B040D195-8FA8-48D3-953F17E878DAB23D}.SHA256:0EE489DB3036BE80BB43676340249A254278BEBDDD80B6004C11FF10F12BC9
D6'
PolicyAgent_ReplyAssignments
2/9/2014 7:05:01 PM 2572 (0x0A0C)
Download of policy CCM_Policy_Policy5.PolicyID="{B040D195-8FA8-48D3-953F17E878DAB23D}",PolicySource="SMS:PR1",PolicyVersion="1.00" completed (DTS Job ID: {D53DAB18ED97-4373-A3BE-3FBA5DB3C6C6})PolicyAgent_PolicyDownload 2/9/2014 7:05:01 PM 2572 (0x0A0C)
After the policy is evaluated, the Scheduler for the Deadline is evaluated. This is done by
scheduler component. In this case, the deadline randomization is disabled in the Computer Agent
client settings, so the Deployment Evaluation would initiate on deadline without randomization.
Scheduler.log:
Initialized trigger ("3E692B0000080000") for schedule 'Machine/DEADLINE:{B040D195-8FA8-48D3953F-17E878DAB23D}':
Conditions=1 with deadline 4320 minutes
Allow randomization override=1
HasMissedOccurrence=FALSE
ScheduleLoadedTime="02/09/2014 19:05:947"
LastFireTime="00/00/00 00:00:00"
CurrentTime="02/09/2014 19:05:947"
Scheduler
2/9/2014 7:05:01 PM 3260 (0x0CBC)
Processing trigger '3E692B0000080000' for scheduler 'Machine/DEADLINE:{B040D195-8FA8-48D3-953F17E878DAB23D}'. MaxRandomDelay = 120, MissedOccur = 0, RandomizeEvenIfMissed = 1,
PreventRandomizationInducedMisses = 0 Scheduler
2/9/2014 7:05:01 PM 3260 (0x0CBC)
Randomization is disabled in client settings and this schedule is set to honor client setting. Scheduler
2/9/2014 7:05:01 PM 3260 (0x0CBC)
SMSTrigger '3E692B0000080000' for scheduler 'Machine/DEADLINE:{B040D195-8FA8-48D3-953F17E878DAB23D}' will fire at 02/09/2014 07:15:00 PM without randomization.
Scheduler
2/9/2014 7:05:01 PM 3260 (0x0CBC)
At the scheduled deadline, Scheduler notifies Updates Deployment Agent to initiate the
Deployment Evaluation.
Scheduler.log:
Sending message for schedule 'Machine/DEADLINE:{B040D195-8FA8-48D3-953F-17E878DAB23D}' (Target:
'direct:UpdatesDeploymentAgent', Name: '')
Scheduler
2/9/2014 7:15:00 PM 3216 (0x0C90)
SMSTrigger '3E692B0000080000' (Schedule ID: 'Machine/DEADLINE:{B040D195-8FA8-48D3-953F17E878DAB23D}', Message Name: '', Target: 'direct:UpdatesDeploymentAgent') will never fire again.
Scheduler
2/9/2014 7:15:00 PM
3216 (0x0C90)
UpdatesDeployment.log:
Message received: '<?xml version='1.0' ?>
<CIAssignmentMessage MessageType='EnforcementDeadline'>
<AssignmentID>{B040D195-8FA8-48D3-953F-17E878DAB23D}</AssignmentID>
</CIAssignmentMessage>' UpdatesDeploymentAgent 2/9/2014 7:15:00 PM
3216
(0x0C90)
Updates Deployment Agent starts the Deployment Evaluation process by requesting a Software
Update Scan to ensure that the deployed Updates are still applicable.
UpdatesDeploymentAgent.log:
Assignment {B040D195-8FA8-48D3-953F-17E878DAB23D} has total CI = 3
UpdatesDeploymentAgent
2/9/2014 7:15:00 PM 3216 (0x0C90)
Deadline received for assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:00 PM 3216 (0x0C90)
Detection job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}) started for assignment ({B040D1958FA8-48D3-953F-17E878DAB23D}) UpdatesDeploymentAgent 2/9/2014 7:15:00 PM 3216 (0x0C90)
UpdatesHandler.log:
Successfully initiated scan for job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}).
UpdatesHandler
2/9/2014 7:15:04 PM 3696 (0x0E70)
Scan completion received for job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}).
UpdatesHandler
2/9/2014 7:15:04 PM 3696 (0x0E70)
Initial scan completed for the job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}).
UpdatesHandler
2/9/2014 7:15:04 PM 3696 (0x0E70)
Evaluating status of the updates for the job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}).
UpdatesHandler
2/9/2014 7:15:04 PM 3696 (0x0E70)
CompleteJob - Job ({99ADA372-0738-44E4-9C4D-EBA30F23E9FD}) removed from job manager list.
UpdatesHandler
2/9/2014 7:15:04 PM 3696 (0x0E70)
At this point, the Scan request is handled by Scan Agent component. Scan Agent requests
WUAHandler to perform a scan, and hands the results back to Updates Handler and Updates
Deployment Agent. For more information on the Scan process, see Software Update Scan on
Clients. After the scan completes, Updates Deployment Agent is notified.
UpdatesDeploymentAgent.log:
DetectJob completion received for assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
Making updates available for assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_e06056e3-0199-4c68-8ac3-bdddff356a0a)
Name (Security Update for Windows Server 2008 R2 x64 Edition (KB2698365)) ArticleID (2698365) added
to the targeted list of deployment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_ada7cf51-66b0-4a00-b37b-68d569d6ff8b)
Name (Security Update for Windows Server 2008 R2 x64 Edition (KB2712808)) ArticleID (2712808) added
to the targeted list of deployment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_3cbcf577-5139-49b8-afe8-620af5c52f95)
Name (Security Update for Windows Server 2008 R2 x64 Edition (KB2705219)) ArticleID (2705219) added
to the targeted list of deployment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
At this point, Updates Deployment Agent raises State Messages for the Deployment to update
the current Evaluation and Compliance State.
UpdatesDeploymentAgent.log:
Raised assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D}) state message successfully.
TopicType = Evaluate, StateId = 2, StateName = ASSIGNMENT_EVALUATE_SUCCESS
UpdatesDeploymentAgent 2/9/2014 7:15:04 PM 3696 (0x0E70)
Raised assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D}) state message successfully.
TopicType = Compliance, Signature = 5e176837, IsCompliant = False
UpdatesDeploymentAgent
2/9/2014 7:15:04 PM 3696 (0x0E70)
Updates Deployment Agent now starts a Download job to download the software update files
from the Distribution Point.
UpdatesDeploymentAgent.log:
DownloadCIContents Job ({C531FD04-FADA-4F75-A399-EEA2D3EDB56C}) started for assignment
({B040D195-8FA8-48D3-953F-17E878DAB23D}) UpdatesDeploymentAgent
Progress received for assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D})
UpdatesDeploymentAgent
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_e06056e3-0199-4c68-8ac3-bdddff356a0a)
Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0
UpdatesDeploymentAgent
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_ada7cf51-66b0-4a00-b37b-68d569d6ff8b)
Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0
UpdatesDeploymentAgent
Update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_3cbcf577-5139-49b8-afe8-620af5c52f95)
Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0
UpdatesDeploymentAgent
UpdatesHandler.log:
Initiating download for the job ({C531FD04-FADA-4F75-A399-EEA2D3EDB56C}). UpdatesHandler
Update Id = 3cbcf577-5139-49b8-afe8-620af5c52f95, State = StateDownloading, Result = 0x0
UpdatesHandler
Update Id = ada7cf51-66b0-4a00-b37b-68d569d6ff8b, State = StateDownloading, Result = 0x0
UpdatesHandler
Update Id = e06056e3-0199-4c68-8ac3-bdddff356a0a, State = StateDownloading, Result = 0x0
UpdatesHandler
Timeout Options: Priority = 2, DPLocality = 1048578, Location = 604800, Download = 864000,
PerDPInactivity = 0, TotalInactivityTimeout = 0, bUseBranchCache = True, bPersistOnWriteFilterDevices =
True, bOverrideServiceWindow = False UpdatesHandler
Updates Handler initiates the Download request from Content Access Service for the three
actionable updates listed above. Note that the Download job is started for the child update in the
bundle, and the Content ID is logged.
UpdatesHandler.log:
Bundle update (3cbcf577-5139-49b8-afe8-620af5c52f95) is requesting download from child updates
for action (INSTALL) UpdatesHandler
Content Text = <Content ContentId="fbb5724a-aa0f-47f9-908a-47068fd8ad6f"
Version="1"><FileContent Name="windows6.1-kb2705219-v2-x64.cab"
Hash="8E8E0175D46B5A8D52C4856FA3D282FAA12ACD63" HashAlgorithm="SHA1"
Size="199093"/></Content>
Bundle update (ada7cf51-66b0-4a00-b37b-68d569d6ff8b) is requesting download from child updates for
action (INSTALL)
UpdatesHandler
Content Text = <Content ContentId="3e9b1132-9ccd-439d-b32a-5cefd19735d1"
Version="1"><FileContent Name="windows6.1-kb2712808-x64.cab"
Hash="060B60401B3DE3DCE053A68C65E9EB050874EB80" HashAlgorithm="SHA1"
Size="805071"/></Content>
Bundle update (e06056e3-0199-4c68-8ac3-bdddff356a0a) is requesting download from child updates for
action (INSTALL)
UpdatesHandler
Content Text = <Content ContentId="d2a9ee23-9cab-4843-b040-e2da1cc167e9"
Version="1"><FileContent Name="windows6.1-kb2698365-x64.cab"
Hash="BF20BB36FC73C0D1F53EA1E635B8AA46C71D7B1F" HashAlgorithm="SHA1"
Size="2496330"/></Content>
Content Access Service starts a download job for each of these updates and creates a Content
Transfer Manager Job. Note that a CTM Job is created for each update separately and CAS.log
looks similar to below for each update.
CAS.log:
Requesting content fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1, size(KB) 0, under context System with
priority Medium
ContentAccess
2/9/2014 7:15:05 PM 3216 (0x0C90)
Created and initialized a DownloadContentRequest
ContentAccess
2/9/2014 7:15:05 PM 3216
(0x0C90)
Target location for content fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1 is C:\Windows\ccmcache\1
ContentAccess
2/9/2014 7:15:05 PM 3216 (0x0C90)
CDownloadManager::RequestDownload fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1.System
ContentAccess
2/9/2014 7:15:05 PM 3216 (0x0C90)
Submitted CTM job {E0452CF4-5B04-4A1A-B8EB-10B11B063249} to download Content fbb5724aaa0f-47f9-908a-47068fd8ad6f.1 under context System
ContentAccess
2/9/2014 7:15:05 PM
3216 (0x0C90)
Successfully created download request {856FA4CA-D02A-4E2C-841E-841ED3C7EC01} for content
fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1 ContentAccess
2/9/2014 7:15:05 PM 3216 (0x0C90)
Created and submitted a new Content Request for fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1.System
ContentAccess
2/9/2014 7:15:05 PM 3216 (0x0C90)
Content Transfer Manager now starts work on the Download job and the first thing that it does is
request the location for the content we need to download. This location request is handled by
Location Services, which sends the Location Request to the MP, and gets the location response
and hands it back to the Content Transfer Manager.
ContentTransferManager.log:
Starting CTM job {E0452CF4-5B04-4A1A-B8EB-10B11B063249}. ContentTransferManager
2/9/2014 7:15:05 PM 3216 (0x0C90)
CTM job {E0452CF4-5B04-4A1A-B8EB-10B11B063249} entered phase
CCM_DOWNLOADSTATUS_DOWNLOADING_DATA ContentTransferManager
2/9/2014 7:15:05 PM 3216
(0x0C90)
Queued location request '{C56C01F2-2388-4710-BF3B-A526DB40E35F}' for CTM job '{E0452CF45B04-4A1A-B8EB-10B11B063249}'.
ContentTransferManager
2/9/2014 7:15:05 PM 3216
(0x0C90)
CCTMJob::EvaluateState(JobID={E0452CF4-5B04-4A1A-B8EB-10B11B063249}, State=RequestedLocations)
ContentTransferManager
2/9/2014 7:15:05 PM 3216 (0x0C90)
LocationServices.log:
Created filter for LS request {C56C01F2-2388-4710-BF3B-A526DB40E35F}.
LocationServices
2/9/2014 7:15:05 PM 3216 (0x0C90)
ContentLocationReply : <ContentLocationReply SchemaVersion="1.00"><ContentInfo
PackageFlags="0"><ContentHashValues/></ContentInfo><Sites><Site><MPSite SiteCode="PR1"
MasterSiteCode="PR1" SiteLocality="LOCAL" IISPreferedPort="80"
IISSSLPreferedPort="443"/><LocationRecords><LocationRecord><URL
Name="http://PR1SITE.AWESOME.COM/SMS_DP_SMSPKG$/fbb5724a-aa0f-47f9-908a-47068fd8ad6f"
Signature="http://PR1SITE.AWESOME.COM/SMS_DP_SMSSIG$/fbb5724a-aa0f-47f9-908a47068fd8ad6f.1.tar"/><ADSite Name="Default-First-Site-Name"/><IPSubnets><IPSubnet
Address="192.168.10.0"/><IPSubnet Address=""/></IPSubnets><Metric
Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property Name="SSLState"
Value="0"/></Capabilities><ServerRemoteName>PR1SITE.AWESOME.COM</ServerRemoteName><DPTy
pe>SERVER</DPType><Windows
Trust="1"/><Locality>LOCAL</Locality></LocationRecord></LocationRecords></Site></Sites><Related
ContentIDs/></ContentLocationReply>
LocationServices
2/9/2014 7:15:05 PM 3532 (0x0DCC)
Distribution Point='http://PR1SITE.AWESOME.COM/SMS_DP_SMSPKG$/fbb5724a-aa0f-47f9-908a47068fd8ad6f', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities
SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>',
Signature='http://PR1SITE.AWESOME.COM/SMS_DP_SMSSIG$/fbb5724a-aa0f-47f9-908a47068fd8ad6f.1.tar', ForestTrust='TRUE', LocationServices
2/9/2014 7:15:05 PM 3532 (0x0DCC)
Calling back with locations for location request {C56C01F2-2388-4710-BF3B-A526DB40E35F}
LocationServices
2/9/2014 7:15:05 PM 3532 (0x0DCC)
Content Transfer Manager receives the Distribution Point location for the requested Content, and
starts a Data Transfer Service job to initiate the download of the file.
ContentTransferManager.log:
CCTMJob::UpdateLocations({E0452CF4-5B04-4A1A-B8EB-10B11B063249})
ContentTransferManager
2/9/2014 7:15:05 PM 3532 (0x0DCC)
CTM_NotifyLocationUpdate ContentTransferManager
2/9/2014 7:15:05 PM 3532 (0x0DCC)
At this point, Data Transfer Service creates a BITS job to download the file and monitors the
download progress.
DataTransferService.log:
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} created to download from
'http://PR1SITE.AWESOME.COM:80/SMS_DP_SMSPKG$/fbb5724a-aa0f-47f9-908a-47068fd8ad6f' to
'C:\Windows\ccmcache\1'. DataTransferService 2/9/2014 7:15:05 PM 3532 (0x0DCC)
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} in state 'DownloadingManifest'.
DataTransferService 2/9/2014 7:15:05 PM 3216 (0x0C90)
CDTSJob::ProcessManifestCallback - processing manifest for job '{594E9A72-43D1-48D1-A639D18DF7D286A2}'.
DataTransferService 2/9/2014 7:15:05 PM 3532 (0x0DCC)
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} in state 'RetrievedManifest'.
DataTransferService 2/9/2014 7:15:05 PM 3532 (0x0DCC)
Execute called for DTS job '{594E9A72-43D1-48D1-A639-D18DF7D286A2}'. Current state:
'RetrievedManifest'. DataTransferService 2/9/2014 7:15:05 PM 3532 (0x0DCC)
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} in state 'PendingDownload'.DataTransferService
2/9/2014 7:15:05 PM 3532 (0x0DCC)
Starting BITS download for DTS job '{594E9A72-43D1-48D1-A639-D18DF7D286A2}'. DataTransferService
2/9/2014 7:15:05 PM 3532 (0x0DCC)
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} set BITS job to use default credentials.
DataTransferService 2/9/2014 7:15:06 PM 3532 (0x0DCC)
Starting BITS job '{38E74FCB-4397-4CA9-94AE-BDD49F550EC9}' for DTS job '{594E9A72-43D148D1-A639-D18DF7D286A2}' under user 'S-1-5-18'. DataTransferService 2/9/2014 7:15:06 PM 3532
(0x0DCC)
DTS::SetCustomHeadersOnBITSJob - setting custom headers on DTS job '{594E9A72-43D1-48D1-A639D18DF7D286A2}':
<none>
DataTransferService 2/9/2014 7:15:06 PM 3532 (0x0DCC)
DTS::AddTransportSecurityOptionsToBITSJob - Removing security info from DTS job '{594E9A72-43D148D1-A639-D18DF7D286A2}'.
DataTransferService 2/9/2014 7:15:06 PM 3532 (0x0DCC)
DTSJob {594E9A72-43D1-48D1-A639-D18DF7D286A2} in state 'DownloadingData'. DataTransferService
2/9/2014 7:15:06 PM 3532 (0x0DCC)
Job: {594E9A72-43D1-48D1-A639-D18DF7D286A2}, Total Files: 1, Transferred Files: 0, Total Bytes: 199093,
Transferred Bytes: 5760
DataTransferService 2/9/2014 7:15:06 PM 2656 (0x0A60)
After the download is complete, CTM and CAS are notified and mark the download jobs as
completed. CAS performs a hash verification of the downloaded content to ensure the integrity of
the downloaded file. Note that this process occurs for each file. This example is just focused on a
single update getting downloaded.
ContentTransferManager.log:
CCTMJob::EvaluateState(JobID={E0452CF4-5B04-4A1A-B8EB-10B11B063249}, State=Success)
ContentTransferManager
CCTMJob::EvaluateState(JobID={E0452CF4-5B04-4A1A-B8EB-10B11B063249}, State=Complete)
ContentTransferManager
CAS.log:
Download completed for content fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1 under context System
ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
The hash we are verifying is SDMPackage:<Content ContentId="fbb5724a-aa0f-47f9-908a-47068fd8ad6f"
Version="1"><FileContent Name="windows6.1-kb2705219-v2-x64.cab"
Hash="8E8E0175D46B5A8D52C4856FA3D282FAA12ACD63" HashAlgorithm="SHA1"
Size="199093"/></Content>
ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
CContentAccessService::NotifyDownloadComplete Start Content Hashing ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
Hashing file c:\windows\ccmcache\1\windows6.1-kb2705219-v2-x64.cab
ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
Hash matches
ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
Hash verification succeeded for content fbb5724a-aa0f-47f9-908a-47068fd8ad6f.1 downloaded
under context System
ContentAccess
2/9/2014 7:15:12 PM 3532 (0x0DCC)
On download completion, Updates Deployment Agent raises a State Message to update the
current Enforcement state and starts the Installation of the updates.
UpdatesDeploymentAgent.log:
Raised assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D}) state message successfully.
TopicType = Enforce, StateId = 8, StateName =
Windows Update Agent Handler copies the downloaded binaries to the Windows Update Agent
cache (C:\Windows\SoftwareDistribution\Download) directory and instructs Windows Update
Agent to start the install.
WUAHandler.log:
Adding file to list for CopyToCache(): C:\Windows\ccmcache\1\windows6.1-kb2705219-v2-x64.cab
WUAHandler 2/9/2014 7:15:25 PM 3216 (0x0C90)
CopyToCache() for update (fbb5724a-aa0f-47f9-908a-47068fd8ad6f) completed successfully WUAHandler
2/9/2014 7:15:26 PM 3216 (0x0C90)
Adding file to list for CopyToCache(): C:\Windows\ccmcache\2\windows6.1-kb2712808-x64.cab
WUAHandler 2/9/2014 7:15:26 PM 3216 (0x0C90)
CopyToCache() for update (3e9b1132-9ccd-439d-b32a-5cefd19735d1) completed successfully
WUAHandler 2/9/2014 7:15:26 PM 3216 (0x0C90)
Adding file to list for CopyToCache(): C:\Windows\ccmcache\3\windows6.1-kb2698365-x64.cab
WUAHandler 2/9/2014 7:15:26 PM 3216 (0x0C90)
CopyToCache() for update (d2a9ee23-9cab-4843-b040-e2da1cc167e9) completed successfully
WUAHandler 2/9/2014 7:15:26 PM 3216 (0x0C90)
Update(s) downloaded to WUA file cache, starting installation. WUAHandler 2/9/2014 7:15:26 PM 3216
(0x0C90)
Async installation of updates started. WUAHandler 2/9/2014 7:15:26 PM 3216 (0x0C90)
Update 1 (3cbcf577-5139-49b8-afe8-620af5c52f95) finished installing (0x00000000), Reboot Required? Yes
WUAHandler 2/9/2014 7:15:29 PM 2840 (0x0B18)
Update 2 (ada7cf51-66b0-4a00-b37b-68d569d6ff8b) finished installing (0x00000000), Reboot Required?
Yes
WUAHandler 2/9/2014 7:15:30 PM 996 (0x03E4)
Update 3 (e06056e3-0199-4c68-8ac3-bdddff356a0a) finished installing (0x00000000), Reboot Required?
Yes
WUAHandler 2/9/2014 7:15:39 PM 268 (0x010C)
Async install completed. WUAHandler 2/9/2014 7:15:39 PM 2396 (0x095C)
Installation of updates completed. WUAHandler 2/9/2014 7:15:39 PM 2604 (0x0A2C)
WindowsUpdate.log:
2014-02-09 19:15:26:130 800 ed0
Agent ** START ** Agent: Installing updates [CallerId =
CcmExec]
2014-02-09 19:15:26:130 800 ed0
Agent * Updates to install = 3
2014-02-09 19:15:26:254 1048 84c
Handler
Starting install of CBS update FBB5724A-AA0F47F9-908A-47068FD8AD6F
2014-02-09 19:15:29:218 1048 84c
Handler
Completed install of CBS update with type=3,
requiresReboot=1, installerError=0, hr=0x0
2014-02-09 19:15:29:265 1048 84c
Handler
Starting install of CBS update 3E9B1132-9CCD439D-B32A-5CEFD19735D1
2014-02-09 19:15:30:435 1048 84c
Handler
Completed install of CBS update with type=3,
requiresReboot=1, installerError=0, hr=0x0
2014-02-09 19:15:30:451 1048 84c
Handler
Starting install of CBS update D2A9EE23-9CAB4843-B040-E2DA1CC167E9
2014-02-09 19:15:39:296 1048 84c
Handler
Completed install of CBS update with type=3,
requiresReboot=1, installerError=0, hr=0x0
2014-02-09 19:15:39:327 788 9f8
COMAPI
- Reboot required = Yes
2014-02-09 19:15:39:327 788 9f8
COMAPI
-- END -- COMAPI: Install [ClientId = CcmExec]
After the updates are installed, Updates Deployment Agent checks whether any updates require
a reboot and notifies the user if client settings are configured to allow notifications.
UpdatesDeployment.log:
No installations in pipeline, notify reboot. NotifyUI = True UpdatesDeploymentAgent 2/9/2014 7:15:39 PM
3216 (0x0C90)
Notify reboot with deadline = Sunday, Feb 09, 2014. - 19:15:39, Ignore reboot Window = False,
NotifyUI = True
UpdatesDeploymentAgent 2/9/2014 7:15:39 PM 3216 (0x0C90)
Raised assignment ({B040D195-8FA8-48D3-953F-17E878DAB23D}) state message successfully.
TopicType = Enforce, StateId = 5, StateName = ASSIGNMENT_ENFORCE_PENDING_REBOOT
UpdatesDeploymentAgent 2/9/2014 7:15:39 PM 2604 (0x0A2C)
After the machine reboots, a post-reboot detection scan is started for the deployment to verify
updates are installed and to raise state messages for the update and deployment indication that
updates are installed and enforcement was successful.
UpdatesDeployment.log:
CTargetedUpdatesManager::DetectRebootPendingUpdates - Total Pending reboot updates = 3
UpdatesDeploymentAgent 2/9/2014 7:18:56 PM 2780 (0x0ADC)
Initiated detect for pending reboot updates after system restart - JobId = {53F4851F-7E63-4C7E-952D78345039FFFC}
UpdatesDeploymentAgent 2/9/2014 7:18:56 PM 2780 (0x0ADC)
CUpdatesJob({53F4851F-7E63-4C7E-952D-78345039FFFC}): Job completion received.
UpdatesDeploymentAgent 2/9/2014 7:19:19 PM 2436 (0x0984)
CUpdatesJob({53F4851F-7E63-4C7E-952D-78345039FFFC}): Detect after reboot job completed with
result = 0x0 UpdatesDeploymentAgent 2/9/2014 7:19:19 PM 2436 (0x0984)
Raised update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_e06056e3-0199-4c68-8ac3bdddff356a0a) enforcement state message successfully. StateId = 10, StateName =
CI_ENFORCEMENT_SUCCESSFULL
UpdatesDeploymentAgent 2/9/2014 7:19:19 PM 2436
(0x0984)
Raised update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_ada7cf51-66b0-4a00-b37b68d569d6ff8b) enforcement state message successfully. StateId = 10, StateName =
CI_ENFORCEMENT_SUCCESSFULL
UpdatesDeploymentAgent 2/9/2014 7:19:19 PM 2436
(0x0984)
Raised update (Site_D3A5F7EA-25D4-4C6B-B47C-C74997522A76/SUM_3cbcf577-5139-49b8-afe8620af5c52f95) enforcement state message successfully. StateId = 10, StateName =
CI_ENFORCEMENT_SUCCESSFULL
UpdatesDeploymentAgent 2/9/2014 7:19:19 PM 2436
(0x0984)
Throughout the Deployment phase, multiple State Messages are raised to indicate the current
state of the update(s) and the Deployment itself. Once these state messages are raised, they get
processed the same way as described earlier in the State Message Processing Flow.
NOTE:
Suppress system restart option takes precedence over other options
Deployment Configuration:
Deployment Required
Available Time As soon as possible
Deadline In Future
User notifications Display in Software Center & show all notifications
Deadline behavior for Maintenance Windows Software Update installation and System restart
unchecked.
Suppress Servers & Workstations unchecked
Maintenance Window None
End User Experience:
User gets a balloon pop up notification after the policy arrives on the client and assignment is
activated:
Based on the deadline reminders configured in the Computer Agent client settings, the user gets
the above balloon notification at configured intervals. On clicking the notification, following
dialog box is displayed. Note that the balloon pop-ups appear as long as the user doesn't open
the Dialog and closes it by hitting the X button as that instructs Software Center not to display
any further reminders. If the user clicks on 'Remind me later', the user would continue to get
reminders based on the configured settings.
Updates are downloaded and installed at deadline (with a max randomization time of 2 hours)
and user gets a restart notification balloon popup stating that a system restart is required.
If user clicks on the notification, they see the restart notification timer as configured in
Computer Restart client settings which the user can hide. If the user clicks on Hide, the user
is not reminded again until the final countdown timer is reached.
After the timer reaches the Final countdown timer configured in Computer Restart client
settings, the user cannot hide the restart notification pop up.
Deployment Configuration:
Deployment Required
Available Time As soon as possible
Deadline In Future
User notifications Display in Software Center & show all notifications
Deadline behavior for Maintenance Windows Software Update installation and System restart
unchecked.
Suppress Servers & Workstations checked
Maintenance Window None
Based on the deadline reminders configured in the Computer Agent client settings, the user gets
the above balloon notification at configured intervals. On clicking the notification, following
dialog box is displayed. Note that the balloon pop-ups appear as long as the user doesn't open
the Dialog and closes it by hitting the X button as that instructs Software Center not to display
any further reminders. If the user clicks on 'Remind me later', the user would continue to get
reminders based on the configured settings.
Updates are downloaded and installed at deadline (with a max randomization time of 2 hours if
deadline randomization is enabled) and user gets a restart notification balloon popup stating that
a system restart is required.
In this instance, as the restart was suppressed the user gets the following dialog on clicking the
balloon notification pop up. The user continues to get the restart reminder balloon popup (shown
above) based on the time selected in the dialog box, unless they click on Cancel or close the
dialog box by clicking X.
Deployment Configuration:
Deployment Required
Available Time As soon as possible
Deadline Current Time
User notifications Display in Software Center & show all notifications
Deadline behavior for Maintenance Windows Software Update installation checked and System
restart checked.
Suppress Servers & Workstations unchecked
Maintenance Window In future
End User Experience:
User gets a balloon pop up notification after the policy arrives on the client and assignment is
activated:
Updates are downloaded and installed at deadline (with a max randomization time of 2 hours if
deadline randomization is enabled) and user gets a restart notification balloon popup stating that
a system restart is required.
If user clicks on the notification, they see the restart notification timer as configured in
Computer Restart client settings which the user can hide. If the user clicks on Hide, the user
is not reminded again until the final countdown timer is reached.
After the timer reaches the Final countdown timer configured in Computer Restart client
settings, the user cannot hide the restart notification pop up.
BEST PRACTICES
http://blogs.technet.com/b/sus/archive/2011/08/15/best-practices-for-securing-wsus-with-ssl.aspx
http://technet.microsoft.com/en-us/library/hh508771.aspx
TROUBLESHOOTING
SYNCHRONIZATION
Before troubleshooting Synchronization issues, verify that the following pre-requisites are met:
If using WSUS 3.0 SP2, KB2734608 must be installed on the WSUS Server. To check if
KB2734608 is installed, see How to check WSUS Server Version.
When the software update point is installed on a remote site system server, the Windows
Server Update Services (WSUS) Administration console must be installed on the site server. If
using WSUS 3.0 SP2, KB2734608 needs to be installed on top of the WSUS Administration
console as well.
After installing KB2734608 (remote or local), a reboot may be required.
Verify that the WSUS running on the Software Update Point is not incorrectly configured to be
a Replica. For more information, see Procedure: Check the Update Source Settings in WSUS.
Verify that the Update Services service is running on the WSUS Server.
Verify that the Default Website or WSUS Administration website is running on the WSUS
Server.
RELEVANT DATA
WSUS Configuration Manager (WCM) configures the WSUS Server once every hour to ensure that
the settings configured in WSUS match the setting specified in the Configuration Manager
console. If WCM fails to configure the WSUS Server, synchronization attempts would result in
below error. In most cases, there wouldnt be any extra information in the WsyncMgr.log and you
would need to review WCM.log for errors.
WsyncMgr.log on Site Server shows:
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details. Source:
CWSyncMgr::DoSync
Sync failed. Will retry in 60 minutes
Verify that the Update Services service is running on the WSUS Server.
Verify that the Default Website or WSUS Administration website is running on the WSUS
Server.
Verify that the fully qualified domain name (FQDN) for the software update point site system
server is correct and accessible from the Site Server.
If Software Update Point is remote from the Site Server, verify you can connect to the WSUS
Server from the Site Server. For more information, see How to Test Connectivity from Site
Server to WSUS.
Check the port settings configured for the software update point, and verify that they are the
same as the port settings configured for the Web site used by WSUS running on the software
update point. For more information, see Procedure: How to determine the Port Settings used
by WSUS.
Verify the Proxy Configuration & Account for the Software Update Point is correct. For more
information, see Procedure: How to configure Proxy Settings for the Software Update Point.
Verify that the Software Update Point connection account is configured if required, and has
rights to connect to the WSUS Server. For more information, see Procedure: How to configure
WSUS Server Connection account for the Software Update Point.
Verify that the permissions on the ApiRemoting30 Virtual Directory are set correctly. For more
information, see Procedure: Check Permissions on ApiRemoting30 Virtual Directory.
If the Software Update Point is configured for SSL, verify that WSUS is properly configured for
SSL. For more information, see Procedure: Configure Software Update Point for Secure Sockets
Layer (SSL).
Review WSUSCtrl.log for errors. For more information, see WSUS Control Manager (WSUSCtrl)
reports an error.
Verify that the Update Services service is running on the WSUS Server.
Verify that the Default Website or WSUS Administration website is running on the WSUS
Server.
Check the port settings configured for the software update point, and verify that they are the
same as the port settings configured for the Web site used by WSUS running on the software
update point. For more information, see Procedure: How to determine the Port Settings used
by WSUS.
Review WSUSCtrl.log for errors. For more information, see WSUS Control Manager (WSUSCtrl)
reports an error.
Synchronization fails due to SSL Issues: The remote certificate is invalid according to
the validation procedure
Verify that the certificate configured for the WSUS Website is configured with proper FQDN. If
the certificate doesnt have the proper FQDN, refer to KB931351 for steps on adding a Subject
Alternate Name to a certificate.
Verify that the certificate has not expired.
For more information, see Procedure: Configure Software Update Point for Secure Sockets Layer
(SSL).
Review SoftwareDistribution.log on the WSUS Server to find out why the EULAs are not
getting downloaded. You can look for .txt in the log to find relevant entries in the log.
Verify that the firewall is configured to allow communication with Microsoft Update. For more
information, see Configure the Firewall.
Verify proxy configuration. For more information, see Procedure: How to configure Proxy
Settings for the Software Update Point.
You can run %ProgramFiles%\Update Services\Tools\wsusutil.exe reset command to instruct
WSUS to re-download the missing Content including EULAs.
Unlike WCM and WSyncMgr, WSUS Control Manager resides on the Software Update Point itself
so if SUP is remote, WSUSCtrl.log would be present on the SUP instead of the Site Server. WSUS
Control Manager periodically checks WSUS to make sure WSUS components are healthy. If WSUS
is unhealthy, WCM and WSyncMgr would not be able to communicate with WSUS. In most cases,
errors in WCM.log would be similar to WsyncMgr.log however an exception to this could be when
SUP is remote to the Site Server. If WSUS components are healthy, WSUSCtrl.log on the remote
SUP would not report any errors. However, if Site Server is unable to connect to the WSUS Server
remotely you would see errors in WCM.log and/or WSyncMgr.log even though WSUS itself is
healthy.
To check whether WSUS is functioning as expected, run the following command on the WSUS
Server and review the Application Event Log for errors:
%ProgramFiles%\Update Services\Tools\wsusutil.exe check health
To check connectivity from the Site Server to the WSUS server, see How to Test Connectivity from
Site Server to WSUS.
COMPLIANCE
RELEVANT DATA
SCAN FAILURES
When troubleshooting scan failures, the logs you would want to look at are WUAHandler.log and
WindowsUpdate.log. As WUAHandler simply reports what Windows Update Agent reported, the
error in the WUAHandler would be the error that was reported by the Windows Update Agent
itself and more information about the error could be found in the WindowsUpdate.log. To
understand how to read the WindowsUpdate.log, see How to read the WindowsUpdate.log file.
There could be a number of reasons Software Update scan could fail. Some common reasons for
the scan failures involve communication and/or firewall issues between the client and the
Software Update Point Server. You can find the complete list of Windows Update error codes here:
http://support.microsoft.com/kb/938205
Scan failures due to missing or corrupt components: 0x80245003, 0x80070514,
0x8DDD0018, 0x80246008, 0x80200013, 0x80004015, 0x800A0046, 0x800A01AD,
0x80070424, 0x800B0100, 0x80248011.
A number of issues with Software Update scan can be caused by missing or corrupt
files/registry keys, component registrations, etc. You can run the Windows Update
Troubleshooter to detect and fix these issues. For more information, see How to use Windows
Update Troubleshooter and update the Windows Update Agent.
Reset the Windows Update Agent Data Store. For more information, see How to reset the
Windows Update Agent Data store.
Verify proxy settings on the client and make sure they are configured correctly. For more
information, see How to check Proxy Settings on a Client
Verify connectivity with WSUS Server. See How to verify connectivity on a client against the
WSUS Server.
Review IIS Logs on the WSUS Server to confirm that the HTTP errors are being returned from
the WSUS Server. If WSUS Server doesnt return the error, then the issue is likely with an
intermediate Firewall/Proxy returning the error.
Verify Proxy Settings. See How to check Proxy settings on a client.
Verify WSUS Server Ports are accessible. See How to check if WSUS Server Ports are
accessible from the client.
The software updates feature automatically configures a local Group Policy setting for the
Configuration Manager client so that it is configured with the software update point source
location and port number. Both the server name and port number is required for the software
updates client to find the software update point.
If an Active Directory Group Policy setting is applied to computers for software update point
client installation, this overrides the local Group Policy setting. Unless the value of the setting is
exactly the same (server name and port), this causes the Configuration Manager Software
updates feature to fail on the client.
WUAHandler.log would show:
Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server
and Policy ENABLED
Solution
The software update point for client installation and software updates must be the same server,
and specified in the Active Directory Group Policy setting with the correct name format and with
the port information (for example, http://server1.contoso.com:80 if the Software Update Point is
using the default Web site).
Verify that the client is receiving policies by reviewing PolicyAgent.log on the client.
Verify that Software Update Synchronization is successful on the Software Update Point. If
Synchronization fails, see Troubleshooting Synchronization.
Review WUAHandler.log and WindowsUpdate.log to make sure Software Update Scans are
successful. If the scan fails, see Troubleshooting Scan Failures.
If WUAHandler.log does not exist and does not get created after initiating a Scan Cycle, the
issue is likely because either Software Update Scan policy or WSUS Server Location is not
available. Review Software Update Scan Policy and Clients are unable to find the WSUS
Source Location.
If the scan is successful, the client should send State Messages to the MP to indicate the
update status. To understand how State Messages Processing works, see State Message
Processing flow.
To understand the flow of obtaining the WSUS Server location, review WSUS Server Location
and review the client and Management Point logs.
Enable verbose and debug logging on the client and MP by following these steps.
Verify there are no communication errors in CcmMessaging.log on the client.
If the MP returns empty WSUS Server location response, this could be due to mismatch in the
Content Version of WSUS Server which could be a result of failed Synchronization. You can
find the Content Version of the Software Update point by navigating to Configuration Manager
Console > Monitoring pane > Software Update Point Synchronization Status.
Review the data in CI_UpdateSources, WSUSServerLocations and Update_SyncStatus tables
and verify that the Update Source Unique ID and Content Version matches across these
tables.
DEPLOYMENT
RELEVANT DATA
Check to see if Scan failed during the deployment evaluation. For troubleshooting scan errors,
see Scan Failures.
Review WUAHandler.log and WindowsUpdate.log to find the errors received during update
installation.
Try to install the update manually or from Microsoft Update (if possible) to see if the update
installation is successful.
Most .NET update failures are caused due to corrupt .NET installations. In these cases,
attempt to install the update manually. If the install fails, you can refer steps in KB976982 to
repair the .NET installation.
If possible, enable verbose & debug logging if the issue can be reproduced. See, How to
enable verbose and debug logging for the Configuration Manager client.
Review ServiceWindowManager.log and identify the service windows available. For more
information, see How to review ServiceWindowManager.log.
Review UpdatesDeployment.log and locate the line below to see if the Deployment was set to
Ignore maintenance window or not.
Notify reboot with deadline = Sunday, Feb 09, 2014. - 21:30:17, Ignore reboot Window = True,
NotifyUI = True
Review MaintenanceCoordinator.log and locate the line below to see if Deployment was set to
Ignore maintenance window or not. A value of 1 for swoverride means ignore maintenance
window was set.
Review SCNotify.log and look for the following lines to identify if the user clicked on the restart
notification to initiate a restart.
ConfirmRestartDialog: User chose to restart/logoff.
(Microsoft.SoftwareCenter.Client.Pages.ConfirmRestartDialog at ButtonRestart_Click)
ConfirmRestartDialog: user is allowed to restart
(Microsoft.SoftwareCenter.Client.Pages.ConfirmRestartDialog at ButtonRestart_Click)
The user is allowed to restart the computer. Initiating restart.
(Microsoft.SoftwareCenter.Client.Data.WmiDataConnector at RestartComputer)
Check the Deployment properties in the Configuration Manager console to confirm if the
Deployment is set to override maintenance windows. If the deployment is not set to override
maintenance windows, but the client logs suggest that override maintenance window was set,
review the Audit status messages to see if the Deployment was modified by someone. See,
How to review the Audit Status messages to find if a Deployment was modified.
PROCEDURES
A. LOGGING
HOW TO ENABLE VERBOSE & DEBUG LOGGING ON THE CONFIGURATION MANAGER CLIENT &
MANAGEMENT POINT
HOW TO ENABLE VERBOSE LOGGING FOR STATE SYSTEM COMPONENT ON THE SITE SERVER
To turn on verbose logging, add the following registry key with two values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007
Value name: Level
Value type: REG_DWORD
Value data: 00000004
This registry key turns on an extended tracing to the %systemroot%\Windowsupdate.log file.
Additionally, this registry key turns on an extended tracing to any attached debuggers.
NOTE:
Super Verbose logging can be enabled by setting the value of Flags to 17 instead of 7 however this would
result in the size of the WindowsUpdate.log getting very large.
In some cases, you may need to run a SQL Profiler to find the call to MP_GetWSUSServerLocation
stored procedure and see what parameters are being passed to this stored procedure. In order to
do this, you can configure the SQL Profiler as below:
B. SYNCHRONIZATION
When there is a proxy server between the WSUS server and the upstream update source, the
proxy settings must be configured for the Site System as well as the Software Update Point Role.
The proxy server settings are site system specific, which means that all site system roles use the
proxy server settings that you specify. For more information, see Technical Reference for
Accounts used in Configuration Manager.
To check the currently configured proxy settings for the computer, see How to Check Proxy
Configuration on a Computer.
2. In the bottom pane, right-click Software Update Point, and then click Properties.
3. Go to the Proxy And Account Settings tab, and select Use a proxy server when synchronizing
software updates.
4. (Optional) To configure ADRs to use Proxy, go to Proxy And Account Settings tab, and select Use a
proxy server when downloading content by using automatic deployment rules.
Review the proxy configuration for the logged in user by running the below command:
netsh winhttp show proxy
To review the proxy configuration for the SYSTEM account, launch a command prompt using
psexec by running the command:
psexec -s -i cmd
In the new command window, type whoami to confirm that the command windows is running
under System account. Run the netsh command again and review the proxy configuration for the
System Account. You can also launch Internet Explorer from this command window, and review
the proxy configured in IE. In some cases, you may have to uncheck "Automatically Detect
Settings" and set the correct proxy.
To force WinHTTP to use Proxy Configuration from IE, you can run the below command:
netsh winhttp import proxy source =ie
For more help on Netsh WinHTTP Commands, review below link:
http://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx
HOW TO CONFIGURE WSUS SERVER CONNECTION ACCOUNT FOR THE SOFTWARE UPDATE
POINT
If the Software Update point is remote to the Site Server and the Site Server computer account
doesnt have rights to connect to the WSUS Server, you need to specify a WSUS Server
connection account which Configuration Manager can use to connect to the WSUS Server. This
account is used by WCM and WSyncMgr and must be a local administrator on the computer
where WSUS is installed, and be part of the local WSUS Administrators group. For more
information, see Technical Reference for Accounts used in Configuration Manager.
To configure WSUS Server connection account for the Software Update Point
1. In the Configuration Manager console, navigate to Administration pane > Site Configuration >
Servers and Site System Roles, and click on the <SiteSystemName> on the right pane
2. In the bottom pane, right-click Software Update Point, and then click Properties.
3. Go to the Proxy And Account Settings tab, and specify the connection account under WSUS Server
Connection Account.
Port settings are configured when creating the software update point site system role. These port
settings must be the same as the port settings used by the WSUS Web site, or WSUS
Synchronization Manager will fail to connect to WSUS running on the software update point to
request synchronization. The following procedures provide information about how to verify the
port settings used by WSUS and the software update point.
To determine the WSUS port settings used in IIS 7.0 and above
1.
2.
In the Configuration Manager console, navigate to Administration pane > Site Configuration >
Servers and Site System Roles, and click on the <SiteSystemName> on the right pane
2.
In the bottom pane, right-click Software Update Point, and then click Properties.
3.
Go to the General tab, and specify/verify WSUS Configuration port numbers.
When WSUS Synchronization Manager on child sites receives a synchronization request from the
parent site, anonymous access must be enabled on the DssAuthWebService virtual directory for
the WSUS Web site in Internet Information Services (IIS). Use the following procedure to configure
anonymous access and verify that it is enabled on the virtual directory.
When WSUS Synchronization Manager initiates synchronization, the computer and Administrator
accounts must have access to the ApiRemoting30 virtual directory under the WSUS Web site in
Internet Information Services (IIS). Use the following procedure to check the permissions for this
virtual directory.
Synchronize from Microsoft Update: This setting should generally be selected when you are
in the WSUS console on the software update point for the top-level site. Note that starting with
Configuration Manager 2012 SP1, you can specify an existing WSUS server as the upstream
synchronization source location for the top-level site. If you have specified an existing WSUS
Server as the upstream source location, then this option should not be selected.
Synchronize from another Windows Server Update Services server: This setting should
generally be selected when you are in the WSUS console for:
Software Update Point for top-level site if an upstream source location is specified instead of
Microsoft Update
Software Update Point for a Primary site
Additional Software Update Points installed in the Primary Site
Internet-based Software Update Point
Software Update Point for a Secondary Site
Server name: The fully qualified domain name (FQDN) name of the upstream update source
should be displayed.
For the first Software Update Point in the Primary site, this should be the software update
point for the parent site.
For additional Software Update Points in the site, this should be the first software update
point on the same site.
For an Internet-based software update point, this is the first software update point on the
same site.
Port number: This should display the port number for the upstream WSUS Server. To
determine the port number being used on the upstream WSUS Server, see Procedure: How to
determine the port settings used by WSUS.
Use SSL when synchronizing update information: When the Software Update Point is in
HTTPS mode, this setting must be selected. When using SSL for software updates, several
requirements apply. For more information, see Procedure: Configure Software Updates for
Secure Sockets Layer (SSL).
This server is a replica of the upstream server: This setting should never be selected on
the Software Update Point for the Top-Level site or the first Software Update Point for the
Primary Site. This setting should be selected on:
Internet based Software Update Point
Additional Software Update Points for the Primary Site.
If the WSUS Server is remote to the Site Server, WSUS Administration Console needs to be
installed on the Site Server. This is because the WSUS Administration Console installs the
required APIs which are used by Configuration Manager to connect to the WSUS Server. A good
way to test if Configuration Manager can connect to the WSUS Server is to use the locally
installed WSUS Administration Console.
Connect.
It is important that you specify the FQDN of the Server and the correct Port Number for
connection. If you dont know the Port number, see How to determine the Port Settings used by
WSUS.
To check the WSUS Server Version, launch the WSUS Console and then click on the Server
Name. You will find the Server Version under Overview > Connection > Server Version
Table 1: List of current WSUS Server Versions
WSUS
WSUS
WSUS
WSUS
WSUS
WSUS
WSUS
WSUS
WSUS
WSUS
3.0 SP1
3.0 SP2
3.0 SP2 + KB2530678
3.0 SP2 + KB2720211
3.0 SP2 + KB2734608
3.0 SP2 + KB2828185
on Server 2012
on Server 2012 + KB2838998
on Server 2012 + KB2819484
on Server 2012 R2
3.1.6001.65
3.2.7600.226
3.2.7600.236
3.2.7600.251
3.2.7600.256
3.2.7600.262
6.2.9200.16384
6.2.9200.16384 (does not increment)
6.2.9200.16553
6.3.9600.16384
NOTE:
If you review the Version in WSUS Console > Help > About Update Services, the version may not
reflect the installed updates. Refer to the steps above to determine the version correctly.
When the site is configured in HTTPS only mode, the Software Update Point is automatically
configured to use SSL. When the site is in HTTPS or HTTP mode, you can chose to configure the
Software Update Point to use SSL. When the Software Update Point is configured to use SSL,
WSUS Server must be explicitly configured to use SSL as well. Before you configure SSL, review
the Certificate Requirements and ensure that a Server Authentication certificate is installed on
the Software Update Point server.
In the Configuration Manager console, navigate to Administration pane > Site Configuration >
Servers and Site System Roles, and click on the <SiteSystemName> on the right pane
2.
In the bottom pane, right-click Software Update Point, and then click Properties.
3.
Go to the General tab, and select Require SSL communication to the WSUS Server.
To verify that the WSUS running on the Software Update Point is configured for
SSL
1.
2.
3.
4.
Open the WSUS console on the software update point for the site.
Click Options in the console tree pane.
Click Update Source and Proxy Server in the display pane.
Verify that Use SSL when synchronizing update information is selected.
C. COMPLIANCE
Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server
between the client and the WSUS Server, the proxy settings must be configured properly on the
clients to allow them to communicate with the WSUS Server using FQDN.
In case of proxy issues, WindowsUpdate.log could report following errors:
0x80244021 or HTTP Error 502 - Bad gateway
0x8024401B or HTTP Error 407 - Proxy Authentication Required.
0x80240030 - The format of the proxy list was invalid
0x8024402C - The proxy server or target server name cannot be resolved.
In most cases, you can bypass proxy for local addresses as the WSUS Server would be in
Intranet. However, if the client is on Internet you would need to ensure that the proxy server is
configured to allow communication.
To view WinHTTP Proxy Settings, you can run:
On Windows XP: proxycfg.exe
On Windows Vista or above: netsh winhttp show proxy
WinHTTP Proxy settings are not the same as the proxy settings configured in Internet Explorer,
since the proxy settings configured in IE are part of WinINET proxy settings. However if the proxy
settings are set correctly in IE, you can import the Proxy configuration from IE.
To import proxy configuration from IE, you can run:
On Windows XP: proxycfg.exe -u
On Windows Vista and above, you can run: netsh winhttp import proxy source =ie
For more information, see How the Windows Update client determines which proxy server to use
to connect to the Windows Update Web site
HOW TO CHECK IF WSUS SERVER PORTS ARE ACCESSIBLE FROM THE CLIENT
WSUS Server can be configured to use either of the following ports: 80, 443 or 8530, 8531. In
order for clients to communicate with the WSUS Server, appropriate ports need to be allowed on
the Firewall on the WSUS Server. To determine the ports used by the Software Update Point, see
How to determine the port settings used by WSUS.
To check port connectivity from the client:
telnet SUPSERVER.CONTOSO.COM <PortNumber>
Example, telnet SUPSERVER.CONTOSO.COM 8530
If the port is not accessible, telnet would return an error similar to below suggesting Firewall rules
need to be configured to allow communication for the WSUS Server Ports:
Could not open connection to the host, on port <PortNumber>
HOW TO VERIFY CONNECTIVITY ON A CLIENT AGAINST THE WSUS (SOFTWARE UPDATE POINT)
SERVER
During a scan, the Windows Update Agent needs to communicate with the ClientWebService and
SimpleAuthWebService virtual directories on the WSUS Server in order to perform a scan. If the
client is unable to communicate with the WSUS Server, the scan would fail. This can happen due
to a number of reasons which include Port configuration, Proxy configuration, Firewalls, Network
connectivity, etc.
To find the URL of the WSUS Server, you can check the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Access the following URL to verify connectivity between the client and the WSUS Server.
http://SUPSERVER.CONTOSO.COM:8530/Selfupdate/wuident.cab
To check if the client can access the ClientWebService virtual directory, you can try to access the
following URL:
http://SUPSERVER.CONTOSO.COM:8530/ClientWebService/wusserverversion.xml
To check if the client can access the SimpleAuthWebService, you can try to access the following
URL:
http://SUPSERVER.CONTOSO.COM:8530/SimpleAuthWebService/SimpleAuth.asmx
If
HOW TO USE WINDOWS UPDATE TROUBLESHOOTER AND UPDATE THE WINDOWS UPDATE
AGENT TO THE L ATEST VERSION
Windows Update Troubleshooter can help resolve some common windows update issues caused
by corrupt or missing components. You can find Windows Update Troubleshooter along with the
list of Error Codes it detects here:
http://support.microsoft.com/kb/2714434
For information on how to update the Windows Update Agent, please visit:
http://support.microsoft.com/kb/949104
D. DEPLOYMENT
To find a list of the available maintenance windows (service windows) on a client, pull up the
ServiceWindowManager.log and look for the string Refreshing Service Windows. Immediately
following this line, you will see a list of the Service Windows Applicable on the machine, which
looks similar to this:
Refreshing Service Windows.....
ServiceWindowManager
Populating instance of ServiceWindow with ID=7cb56688-692f-4fae-b398-0e3ff4413adb,
ScheduleString=02C159C0381A200002C159C0381B200002C159C0381C200002C159C0381D200002C159
C0381E2000, Type=6
ServiceWindowManager
This is a one shot Service Window that has already finished.
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 00, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=90a5f436-364c-48c7-8dc7-c5014abcbea8,
ScheduleString=00084AC028592000, Type=6
ServiceWindowManager
StartTime is 02/09/14 00:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 1, hours: 05, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=45dca355-3249-4845-b8aa-72d0e604548e,
ScheduleString=02C24AC0381C2000, Type=6
ServiceWindowManager
StartTime is 02/12/14 22:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 07, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=87e4759c-2884-45e6-9261-c33ba53f596c,
ScheduleString=02C24AC0381D2000, Type=6
ServiceWindowManager
StartTime is 02/13/14 22:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 07, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID={1E957DDD-0A26-434C-952A-586F3E31E319},
ScheduleString=00302B0018192000, Type=1
ServiceWindowManager
StartTime is 02/16/14 01:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 03, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=36da6950-3d1e-4027-be0e-7b16a4daee7e,
ScheduleString=02C24AC0101E2000, Type=6
ServiceWindowManager
StartTime is 02/14/14 22:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 02, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=028bfbc0-7120-4081-a268-0e664a92ac4a,
ScheduleString=00074AC0005F2000, Type=6
ServiceWindowManager
StartTime is 02/15/14 00:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 1, hours: 00, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=49fd80be-ac4b-4877-974d-ecd09958926d,
ScheduleString=02C24AC0381B2000, Type=6
ServiceWindowManager
StartTime is 02/11/14 22:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 07, mins: 00, secs: 00
ServiceWindowManager
Populating instance of ServiceWindow with ID=ad27b0ca-8c74-43c7-8200-1f601880bd75,
ScheduleString=02C24AC0381A2000, Type=6
ServiceWindowManager
StartTime is 02/10/14 22:00:00
ServiceWindowManager
Duration for the Service Window is Total days: 0, hours: 07, mins: 00, secs: 00
ServiceWindowManager
Generally, Service Windows with IDs containing all lowercase alpha-numeric characters are nonbusiness hours (NBH) maintenance windows that are based on business hours configured in
Software Center, however Service Windows with ID containing all uppercase alpha-numeric
characters are Maintenance Windows defined for the Collection in the Configuration Manager
console. From the log excerpt above, all Service Windows are non-business hour windows except
HOW TO REVIEW THE AUDIT STATUS MESSAGES TO FIND IF A DEPLOYMENT WAS MODIFIED
To review the Audit Status messages, go to Configuration Manager Console > Monitoring pane >
System Status > Status Message Queries. Right click on All Status Messages, and click on Show
Messages, then select the timeframe and click Ok. In the Configuration Manager Status Message
Viewer window, go to View > Filter, and filter for Message ID = 30197.
If the Deployment was modified, you would see a Status Message similar to below:
Severity
Type Site code
Date / Time System
Component Message ID Description
Information Audit PR1 2/9/2014 11:57:49 PM
PR1SITE.AWESOME.COM
Microsoft.ConfigurationManagement.exe
30197User "DOMAIN\User" modified
updates assignment 4 ({BAFB1BDB-7A6C-4DCF-9866-6C22DF92346A}).
Although the Status Message does not tell you what was modified, in most cases comparing the
timestamps in the logs with the Status Message is enough to know that deployment was
modified suggesting override maintenance window was either set or unset.
FAQ
http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUMCapacity
WHATS THE MAXIMUM NUMBER OF UPDATES YOU CAN HAVE IN A DEPLOYMENT?
http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUMCapacity
CAN I MANAGE SOFTWARE UPDATES FOR CLIENTS IN AN UNTRUSTED FOREST?
http://technet.microsoft.com/en-us/library/gg712701.aspx#Plan_Com_X_Forest
http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUP_CrossForest