Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SOLVED Software Updates - Not pushing or reporting

  • Thread starter Thread starter crinehart
  • Start date Start date
  • Replies Replies 5
  • Views Views 13K
Status
Not open for further replies.

crinehart

New Member
Messages
4
Solutions
1
Reaction score
0
Points
1
Hello Everyone,

We are pushing software updates, Windows Patches and O365 updates to all workstations and servers. However, all Software Updates are reporting at 0% compliance and all devices are reporting as unknown. This is a fresh SCCM installation. We are also using PKI Certs on all clients. I have the Workstation and Server Client Settings configured for Software Updates as well. (Screenshots below) I have reviewed the following logs and their findings but still have not been able to make any headway on this issue:
  • SUPSetup.log - Installation Successful
  • wsyncmgr.log - Successfully pulling updates
  • WCM.log - Successfully connects with WSUS.
  • WUAHandler.log on client - Did show, "Failed to Remove Update Source from WUAgent ({6323E94A-A819-4195-B088-D6644AF8980B}). Error = 0x87d00691." for a little bit back when we first installed WSUS, however, has not shown it since on any of the machines. That error last surfaced on 12/16/23, the day of the WSUS/SUP role install.


The odd thing is, all application deployments are reporting just fine, and deployments are going out as they should. It is just the SU at this point that are not working. Is there a log by chance that could point me in the right direction, or has anyone seen something like this before?

1705495769853.png
1705495794911.png

1705495645532.png
 
Solution
We ended up stumbling across the solution to this, at least for our environment. The issue we found was that the SUP was not in the list of Site System Servers within the Boundary Group we created. due to this, it was not communicating correctly. Once added, things just began working almost immediately.

So, to resolve: Administration > Hierarchy Configuration > Boundary Groups > My created boundary group for all DP's > Properties > References > Add SUP to Site System Servers
Would anyone have any ideas on this? I have also tried uninstalling the SUP role and installing it again. Again, SCCM is able to pull in all updates from WSUS, however, the package is deployed, no updates are being pushed or reporting back in to SCCM.
 
I am facing with the same issue with one customer.
I have tried and looked at everything that I know with no luck, sadly.
Let's hope someone has faced this issue before.
 
Hello Everyone,

We are pushing software updates, Windows Patches and O365 updates to all workstations and servers. However, all Software Updates are reporting at 0% compliance and all devices are reporting as unknown. This is a fresh SCCM installation. We are also using PKI Certs on all clients. I have the Workstation and Server Client Settings configured for Software Updates as well. (Screenshots below) I have reviewed the following logs and their findings but still have not been able to make any headway on this issue:
  • SUPSetup.log - Installation Successful
  • wsyncmgr.log - Successfully pulling updates
  • WCM.log - Successfully connects with WSUS.
  • WUAHandler.log on client - Did show, "Failed to Remove Update Source from WUAgent ({6323E94A-A819-4195-B088-D6644AF8980B}). Error = 0x87d00691." for a little bit back when we first installed WSUS, however, has not shown it since on any of the machines. That error last surfaced on 12/16/23, the day of the WSUS/SUP role install.


The odd thing is, all application deployments are reporting just fine, and deployments are going out as they should. It is just the SU at this point that are not working. Is there a log by chance that could point me in the right direction, or has anyone seen something like this before?

View attachment 5830
View attachment 5831

View attachment 5829
Are these win 10 or win 11 clients? Are they o. Domain? Have you looked at Group Policy? I had a similar situation where win 10 client were receiving updates but win 11 were not. Turned out to be GPO setting.
 
Serjape, this is a combination of W10/11 clients, and they are all domain joined. We do have a group policy in place. It is solely configured to push the below settings. I have also confirmed that these settings are applying to machines, but yet none of them are reporting in.


Set the intranet update service for detecting updates:
Set the intranet statistics server:
Set the alternate download server:
(example: https://intranetupd01)
Download files with no Url in the metadata if alternate download server is set.Disabled
Do not enforce TLS certificate pinning for Windows Update client for detecting updates.Enabled
Select the proxy behavior for Windows Update client for detecting updates:Only use system proxy for detecting updates (default)
 
We ended up stumbling across the solution to this, at least for our environment. The issue we found was that the SUP was not in the list of Site System Servers within the Boundary Group we created. due to this, it was not communicating correctly. Once added, things just began working almost immediately.

So, to resolve: Administration > Hierarchy Configuration > Boundary Groups > My created boundary group for all DP's > Properties > References > Add SUP to Site System Servers
 
Solution
Status
Not open for further replies.
Back
Top