Stanollieyeti
New Member
- Messages
- 3
- Reaction score
- 1
- Points
- 3
SCCM 2012 - Deployment Status - 142 Downloaded, 75 Non-Compliant
Here we go again, everything works fine, then someone in our environment changes something.
The 3rd Wednesday of each month we patch our Non-Production servers. There are many collections for these 230 servers. We group them in collections based on there applications and roles in the enterprise but also each collection has it's own powershell reboot script that is scheduled to run after patching.
These collections are grouped in 6 larger collections that we apply maintenance windows to so that we have different start times, 15 minutes apart, so the systems are not all trying to patch at the same time. These are all VMs and we saw performance issues when we first tried patching all of them at the same time a couple years ago. The 6 larger collections are then members of one collection called "NP-Patch-Deployment" and it is this collection which we deploy to.
Everything works great until something changes in our environment. Typically a firewall change is made for servers inside a protected PCI environment and we don't see issues until we go to patch.
All though the actual patching takes place on Wednesday night, I schedule the deployment on Tuesday and make the updates available at 10:00 PM. For the last couple of months, I've come in Wednesday morning to see 99% of the servers "In Progress" and "Downloaded updates".
This morning I have:
142 - "In Progress" and "Downloaded updates"
75 - "In Progress" and "Non-compliant"
From the list of servers that are showing as Non-Compliant, they appear to be ones that are behind the internal firewall.
If I log onto a Non-Compliant server and launch Software Center, they show the updates as "past due - will be installed". If I check the CCMcache, I see that that the updates were downloaded.
The same shows for the servers that are reporting "In Progress" and "Downloaded updates".
What would cause the 75 to not show as "In Progress" and "Downloaded updates" like the other 142?
BTW - I have sent an email to the Firewall admin to see if anything has changed during the last month.
Thanks for any advice.
Here we go again, everything works fine, then someone in our environment changes something.
The 3rd Wednesday of each month we patch our Non-Production servers. There are many collections for these 230 servers. We group them in collections based on there applications and roles in the enterprise but also each collection has it's own powershell reboot script that is scheduled to run after patching.
These collections are grouped in 6 larger collections that we apply maintenance windows to so that we have different start times, 15 minutes apart, so the systems are not all trying to patch at the same time. These are all VMs and we saw performance issues when we first tried patching all of them at the same time a couple years ago. The 6 larger collections are then members of one collection called "NP-Patch-Deployment" and it is this collection which we deploy to.
Everything works great until something changes in our environment. Typically a firewall change is made for servers inside a protected PCI environment and we don't see issues until we go to patch.
All though the actual patching takes place on Wednesday night, I schedule the deployment on Tuesday and make the updates available at 10:00 PM. For the last couple of months, I've come in Wednesday morning to see 99% of the servers "In Progress" and "Downloaded updates".
This morning I have:
142 - "In Progress" and "Downloaded updates"
75 - "In Progress" and "Non-compliant"
From the list of servers that are showing as Non-Compliant, they appear to be ones that are behind the internal firewall.
If I log onto a Non-Compliant server and launch Software Center, they show the updates as "past due - will be installed". If I check the CCMcache, I see that that the updates were downloaded.
The same shows for the servers that are reporting "In Progress" and "Downloaded updates".
What would cause the 75 to not show as "In Progress" and "Downloaded updates" like the other 142?
BTW - I have sent an email to the Firewall admin to see if anything has changed during the last month.
Thanks for any advice.
