What's new
Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

PENDING A number of servers will not patch correctly

  • Thread starter Thread starter SAS_Mark
  • Start date Start date
  • Replies Replies 10
  • Views Views 1K
S

SAS_Mark

Member
Messages
5
Reaction score
0
Points
1
Hi All,

I currently have around 100 Servers (Server 2016 and Server 2022) but have an issue with 4 not patching correctly. Quick overview:

We have 4 device groups (1st Wed, 2nd Wed, 3rd Wed, 4th Wed)
Devices are added to these via an AD security group
All devices are showing correctly in the device group apart from these 4
Previously these 4 servers were just added to the device groups manually.
I have tried deleting these servers from SCCM, ran the AD scan, the server would be readded and added to the correct device groups.
When the SCCM client was pushed to the server and the heartbeat would run it would delete it from the device group.
Checked through the boundary groups and all seems correct (All ranges within the same boundary group)
Checked over the MP which they connect to and followed the logs from the problem server to the database.

Any help would be greatly appreciated,
Mark
 
Last edited:
Sort by date Sort by votes
Prajwal Desai said:
Can you check if the client agent is installed on these problematic servers?
Click to expand...
Hi,

Yes the agent has been fully reinstalled on the servers and heartbeat being sent back to the server.

(Also thanks for all your posts over the years, they have been super helpful)
 
Upvote 0 Downvote
SAS_Mark said:
Hi,

Yes the agent has been fully reinstalled on the servers and heartbeat being sent back to the server.

(Also thanks for all your posts over the years, they have been super helpful)
Click to expand...
Hi SAS_Mark

Did you check whether these 4 Servers have the same SMBiosGuid or the same SCCM-Guid (myabe by cloning in VSphere or similar virtuel enivronement).

khluz
 
Upvote 0 Downvote
khluz said:
Hi SAS_Mark

Did you check whether these 4 Servers have the same SMBiosGuid or the same SCCM-Guid (myabe by cloning in VSphere or similar virtuel enivronement).

khluz
Click to expand...
Hi Kluz,

Thank you for your reply, the 4 servers are 1 Physical, 2 Microsoft Hyper V machines and 1 Azure VM. All very different. I checked the to running on Microsoft Hyper V and they have different SMBiosGuids.

Cheers
Mark
 
Upvote 0 Downvote
SAS_Mark said:
Hi Kluz,

Thank you for your reply, the 4 servers are 1 Physical, 2 Microsoft Hyper V machines and 1 Azure VM. All very different. I checked the to running on Microsoft Hyper V and they have different SMBiosGuids.

Cheers
Mark
Click to expand...
Are these servers in same AD OU and getting the same group policies?
 
Upvote 0 Downvote
vshewale said:
Are these servers in same AD OU and getting the same group policies?
Click to expand...
Hi,

3 of the servers are in the same OU with same group policies. They are also in the same OU as another 80 odd servers which are patching fine. One problem server is in a slightly different OU but its still with other servers which are patching fine.

I maybe barking up the wrong tree and all 4 have separate issues. But seems very strange how all 4 wont add to the correct device groups as they should be (Picked up from AD security groups). They show in the right groups until i install the client agent, get a heartbeat and then they are removed. Even when added to the correct patching device groups manually still wont patch.
 
Upvote 0 Downvote
SAS_Mark said:
Hi,

3 of the servers are in the same OU with same group policies. They are also in the same OU as another 80 odd servers which are patching fine. One problem server is in a slightly different OU but its still with other servers which are patching fine.

I maybe barking up the wrong tree and all 4 have separate issues. But seems very strange how all 4 wont add to the correct device groups as they should be (Picked up from AD security groups). They show in the right groups until i install the client agent, get a heartbeat and then they are removed. Even when added to the correct patching device groups manually still wont patch.
Click to expand...
Hi SAS_Mark
Could you post the WMI Query of these Device Collections?
khluz
 
Upvote 0 Downvote
khluz said:
Hi SAS_Mark
Could you post the WMI Query of these Device Collections?
khluz
Click to expand...
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "XXXX\\SCCM MW Servers A - 2nd Wed"

All four device groups have the same style query, any machines in a security group.
 
Upvote 0 Downvote
SAS_Mark said:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "XXXX\\SCCM MW Servers A - 2nd Wed"

All four device groups have the same style query, any machines in a security group.
Click to expand...
This query will use Heartbeat discovery to populate the collections. How often is heartbeat discovery running? Also keep in mind that it will not show up until after the device knows that it belongs to a sec group (reboot) and heartbeat discovery take place.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • PENDING Problems after Upgrading to ConfigMgr 2503
  • PENDING CMG certificate issue HRESULT = 0x80072f8f
  • SOLVED Server 2025 doesn't show any updates
  • PENDING Problem With Co-Management
  • PENDING Windows 11 Deployment with SCCM

    • Forum statistics

    Threads
    7,138
    Messages
    27,877
    Members
    18,165
    Latest member
    sifou

    Latest posts

    Trending content
    Back
    Top