Software Updates - Deployment Status: Non-Compliant

Hadjer YAHIAOUI 156 Reputation points
2021-11-18T15:18:50.66+00:00

Hello , I have a problem with the deployment of monthly updates with SCCM (it always worked before). Computers remain in the Non-compliant state! Nothing seems problematic on the logs apart from the error "AddDefaultPortalToTrustedSites: GetZoneAttributes failed: 80004003" which I found on the UpdateTrustedSites.log. I've looked at the attached Logs and nothing jumps out at me.  SCCM version: 2006: console (5.2006.1026.2000) site (5.0.9012.100)  SCCM Server OS : Win Server 2012 R2.  SQL 2017 version (Availability group)  Flow authorized on the Firewall (test on the mm VLAN as the SCCM server)  No antivirus installed  Windows Firewall Disabled  IIS Certificate is Valid  The deployment package is distributed correctly to the distribution group  No maintenance windows is configured  The updates are deployed as "required" As soon As possible  I can't see the updates in Software Center on the VMs  Boundaries & Boundary Groups Checked  Deployment does not even work locally on SCCM server as a client. Troubshooting already tried but without success:  Deleting the deployment, the package and the software update group and then re-creating ALL. Ccmexec, wuauserv and BITS services shutdown -> deletion of ccmcache and Software distrubution folders -> restart of services then a rescan initiated a machine policy scan and update deployment scan on the client.  Reinstallation of the sccm client.  Restarting the sccm server. Thank you in advanced for Help ! Best regards. Hadjer YH [150705-sccm-logs.txt][1] [1]: /api/attachments/150705-sccm-logs.txt?platform=QnA

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,207 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
970 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 40,881 Reputation points Microsoft Vendor
    2021-11-19T06:31:51.723+00:00

    Hi, anonymous user
    Thank you for posting in Microsoft Q&A forum.

    It seems the updates started downloading on the clients but did not finish the downloading, your CAS.log and UpdateDeployment.log are not on the same timeline, you may need to check UpdatesDeployment.log, UpdatesHandler.log, CAS.log, and ContentTransferManager.log follow this guidance to troubleshooting:

    https://learn.microsoft.com/en-US/troubleshoot/mem/configmgr/track-software-update-deployment-process#deployment-evaluation-and-update-installation-on-clients

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Limitless Technology 39,396 Reputation points
    2021-12-16T17:11:12.55+00:00

    Thank you for your question and reaching out.

    1. Please check if Windows Defender ATP is blocking the connection with SCCM updates using any Protection (Surface Protection)
    2. Please check Application deployment , Software Center and the SCCM site server is in IE Trusted Sites added.
    3. Please also try to power-cycle your SCCM servers and Client machine to see if it helps.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments