Sadly I cannot attach any screenshots due to classification issues, so I will try to be as detailed as possible. Our network just recently on-boarded with a new WSUS customer for our patching updates. Prior to this, we utilized a different customer that provided updates without requiring SSL being enabled. Our WSUS infrastructure went from being on port 8530 to 8531 and the update server name in-turn changed. Our structure as of right now is as follows:
- WSUS instance is located on the same server as our SCCM instance.
- WSUS reaches out to our new customer for available updates. *Note - This currently works, showing all current and recent updates available.
- SCCM is linked to WSUS. *Note - Again, it appears that SCCM and WSUS are syncing together, since updates are showing up under Software Library -> Software Updates -> All Software Updates.
- End-point devices connect to SCCM server via the client agent to receive updates and patches.
Issues that I am running into:
End-point devices show up as active in SCCM and application deployments go out just fine, showing up in software center and installing just fine. The problem comes in when new Windows updates and patches are available. Under Software Library -> Software Updates -> All Software Updates, workstations and servers are not showing up as requiring any updates, which is incorrect. In WSUS, all workstations and servers are also showing up under the Computers section as "Computers with no status" and when I look at the computer lists, there are yellow triangles with an explanation mark in it to show an issue. When I hover over the issue icon, it shows the message "This computer has not yet contacted".
The process that we would generally take to gather required updates is as follows:
- Open Software Library -> Software Updates -> All Software Updates
- In the top toolbar select Saved Searches -> Manage for Current Node -> Filter by Required - Not Downloaded
- This brings up a list of updates that systems are requiring and I collect the Unique Update IDs, run them through a PowerShell script that loops through each Unique Update ID running "get-wsusupdate -UpdateId $UniqueID | Approve-WsusUpdate -Action Install -TargetGroupName "OurNetworkComputers" -Verbose"
- I can track the progress in WSUS and once the downloads are completed, I can go back into SCCM.
- In SCCM, I go back to Software Library -> Software Updates -> All Software Updates, in the top toolbar select Saved Searches -> Manage for Current Node -> Filter by Downloaded - Not Deployed
- This brings up all of the updates that I just downloaded and I select them all and package them up in the deployment package.
- Once I complete all of the previous steps, I am able to create deployments to my various collections.
I am at a loss as to why our end-devices are showing up as not requiring any of these updates, please help!!
- WSUS instance is located on the same server as our SCCM instance.
- WSUS reaches out to our new customer for available updates. *Note - This currently works, showing all current and recent updates available.
- SCCM is linked to WSUS. *Note - Again, it appears that SCCM and WSUS are syncing together, since updates are showing up under Software Library -> Software Updates -> All Software Updates.
- End-point devices connect to SCCM server via the client agent to receive updates and patches.
Issues that I am running into:
End-point devices show up as active in SCCM and application deployments go out just fine, showing up in software center and installing just fine. The problem comes in when new Windows updates and patches are available. Under Software Library -> Software Updates -> All Software Updates, workstations and servers are not showing up as requiring any updates, which is incorrect. In WSUS, all workstations and servers are also showing up under the Computers section as "Computers with no status" and when I look at the computer lists, there are yellow triangles with an explanation mark in it to show an issue. When I hover over the issue icon, it shows the message "This computer has not yet contacted".
The process that we would generally take to gather required updates is as follows:
- Open Software Library -> Software Updates -> All Software Updates
- In the top toolbar select Saved Searches -> Manage for Current Node -> Filter by Required - Not Downloaded
- This brings up a list of updates that systems are requiring and I collect the Unique Update IDs, run them through a PowerShell script that loops through each Unique Update ID running "get-wsusupdate -UpdateId $UniqueID | Approve-WsusUpdate -Action Install -TargetGroupName "OurNetworkComputers" -Verbose"
- I can track the progress in WSUS and once the downloads are completed, I can go back into SCCM.
- In SCCM, I go back to Software Library -> Software Updates -> All Software Updates, in the top toolbar select Saved Searches -> Manage for Current Node -> Filter by Downloaded - Not Deployed
- This brings up all of the updates that I just downloaded and I select them all and package them up in the deployment package.
- Once I complete all of the previous steps, I am able to create deployments to my various collections.
I am at a loss as to why our end-devices are showing up as not requiring any of these updates, please help!!
Last edited:
