question

ShashiDubey-3691 avatar image
0 Votes"
ShashiDubey-3691 asked saldana-msft edited

Software update not installed but SUG is showing compliant from SCCM

HI Everyone,

Hope everyone is safe and sound.

I have been facing an issue with the monthly software updates where i have created a SUG consisting of 23 to 13 patches for the month of April.

From the SCCM side it shows the machine is compliant with that SUG however those patches are not installed on the machines and the machine hasn't been patched for months missing previous updates.

Upon checking the policy agent.log the policy is coming for that SUG and the update store.log shows no patches are missing and needed for that machine and it is compliant where in practicality it hasn't received any patches for months.

Can someone help me understand why a machine that hasn't been patched for months shows it doesn't need any patches and shows compliant? We have checked the product and category and everything appears to be absolutely fine with this SUG.

Hope someone's experience could help me figure out the reason behind this.

Thanking in advance.
Shashi Dubey

mem-cm-updates
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered

Hi @ShashiDubey-3691,

Please check if these patches are required by these machine, for example:

200050-59.png

And then click the tab of 'view required', we will check which client need the patch.

200060-591.png

If the tab of required of these patches shows 0 or not these patches, we should select appropriate update for these patches from the SUP.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



59.png (6.0 KiB)
591.png (3.3 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShashiDubey-3691 avatar image
0 Votes"
ShashiDubey-3691 answered Amandayou-MSFT commented

HI Amanda,

Thanks for the reply !!

Yes, as checked these patches are required on the machine as when we try to install the patches manually it just gets installed without any issues. However, from the SCCM perspective scanning of some of the servers says that they don't need the patches.

Also, the questioned server is window server 2012R2 and hasn't been patched for more than 7 months but in scanning, it just shows it doesn't need any patch.

Hope I am not missing anything and should be able to identify where to look?

Regards,
Shashi Dubey

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image Amandayou-MSFT ·

Hi,

Please check CcmMessaging.log, it records activities related to communication between the client and management points, if there is no error in it, we could uninstall one of the windows server 2012R2, and then re-install the client to see if the issue could be solved.

0 Votes 0 ·
ShashiDubey-3691 avatar image ShashiDubey-3691 Amandayou-MSFT ·

HI Amandayou,

Thanks for your reply !!

There is no error we would see in the CCMmessaging log as all the applications and packages are getting installed without any issue on these machines only the issue appears with the software update being deployed.

Regards,
Shashi Dubey

0 Votes 0 ·
Amandayou-MSFT avatar image Amandayou-MSFT ShashiDubey-3691 ·

Hi,

Could we know the version of SCCM and client? If the version is lower, it is better to upgrade them.

Besides, is there any error in updatesdeployment.log?

Updates Deployment Agent starts the deployment evaluation process by requesting a software update scan to make sure that the deployed updates are still applicable. In UpdatesDeployment.log, we will see similar record in it:

201407-512.png

Best regards,
Amanda


0 Votes 0 ·
512.png (92.6 KiB)
ShashiDubey-3691 avatar image
0 Votes"
ShashiDubey-3691 answered ShashiDubey-3691 commented

HI Amandayou,

Thanks a lot for the reply !!

The SCCM version we are using is 2107 and we have deployed the latest client package to most of the clients and they are running with the same and latest SCCM client package.

While checking the updatedeployment.log it clearly indicates the deployment successfully gets evaluated and IT shows the number of CI inside it. However, the actionable items appear to be showing 0.

It's just so confusing cause we could see this for sure it had all the March month patches and clearly needs April month updates but it indicates that it doesn't need it.

As per some of the Technet articles, we have installed the latest SSU also on the affected server but the issue remains the same.

Regards,
Shashi Dubey

· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image Amandayou-MSFT ·

Hi,

Yes, it is so strange. Please uninstall one of the windows server 2012R2, and then re-install the client to see if the issue could be solved.

Best regards,
Amanda

0 Votes 0 ·
ShashiDubey-3691 avatar image ShashiDubey-3691 Amandayou-MSFT ·

HI Amandayou,

Thanks a bunch for the reply !!

The details provided are extremely helpful and we would be proceeding in the same direction to isolate one probability one at a time.

Again I appreciate your assistance and guidance on this to help narrow it down.

Hope to have your assistance also on this going ahead with other issues.

Regards,
Shashi Dubey

0 Votes 0 ·
Amandayou-MSFT avatar image Amandayou-MSFT ShashiDubey-3691 ·

Hi,

I am glad to the advice could help. As we are proceeding in the same direction to isolate one probability, if we have other issue, please post it and we can discuss together.

Best regards,
Amanda

0 Votes 0 ·
Show more comments