SOLVED Updates shown as not required, when they are required

[jrubios]

Hello! Hope Someone can help me
Just Inherited the SCCM server of my company that has not been maintained in Years
We haven't recieved an update since 28/07/2024 in some servers or workstations
Since the situation was really bad, with corrupted WSUS database, Dual scan enabled, loads of things that made me re-configure WSUS and SCCM Software Update Point
My configuration is exactly the same as shown in the guide, except the DEV Collections, and not creating Baselines to cumulative update catalog products (only created Baseline for Windows Server 2008 R2 and Windows Server 2012 R2) The rest of the products are managed by ADR's (Server 2016, Server 2019, Server 2022, W10 and W11)
The problems i'm experiencing is that when I preview the updates that should be deployed Based on the criteria I specified on the ADR's, the Updates are shown, But then on The Software Update Groups All updates appear as not required, and clients don't have them installed, and the criteria Specified on ADR and client match.
Some times client appear as not active even tho they are active
I Don't know if it will have to do with Client settings

I Force Clients to Evaluate machine policies and scan schedule everytime y try to see if an update is deployed, but it still remains the same
Thanks in advance!

 

[Prajwal Desai]

You'll have to start by fixing the problem where the client appears to be inactive. The clients should show up in the console as active if they are online.

 

[jrubios]

You'll have to start by fixing the problem where the client appears to be inactive. The clients should show up in the console as active if they are online.

I think I haven't Expressed my self correctly
Client activity appears as active, but the green check appears for some time, lets say 1 minute and then disappears, i dont't know if this is a normal behavior
On Summary Tab, in general information Client Check Result appears as No Results

 

[jrubios]

On UpdateStore.log i coulnd't find any errors. WuaHandler doesn't have any errors, only one that happened because i deleted gpt.ini file to be generated by the client cleanly

The Softwrae Update Group created by the ADR has Plenty of updates that a 21h2 workstation would need, for example KB5037035
The two KB's that Appear on the UpdateStore.log are already installed, but not the rest, The Only One that was installed by SCCM was KB5031539
The Workstations have W10 Version 21H2 19044.3208
The only thing i found was this on LocationServices.log

 

[Garth]

On UpdateStore.log i coulnd't find any errors. WuaHandler doesn't have any errors, only one that happened because i deleted gpt.ini file to be generated by the client cleanly
View attachment 7044
The Softwrae Update Group created by the ADR has Plenty of updates that a 21h2 workstation would need, for example KB5037035
The two KB's that Appear on the UpdateStore.log are already installed, but not the rest, The Only One that was installed by SCCM was KB5031539
The Workstations have W10 Version 21H2 19044.3208
The only thing i found was this on LocationServices.log
View attachment 7046

Grab the Rescan script from here. https://www.recastsoftware.com/resources/my-two-favorite-configmgr-run-scripts/

Then run it agaist this computer. Wait 30+ minutes does ConfigMgr see the updated results? do the local logs show that the SU is required? if the local logs don't show that they are required then it is a MS issue and you will need to updated a support case with them.

 

[jrubios]

Grab the Rescan script from here. https://www.recastsoftware.com/resources/my-two-favorite-configmgr-run-scripts/

Then run it agaist this computer. Wait 30+ minutes does ConfigMgr see the updated results? do the local logs show that the SU is required? if the local logs don't show that they are required then it is a MS issue and you will need to updated a support case with them.

The ADR filter seems to be the problem, when i deleted superseeded=no parameter on the ADR, it installed KB5037035 and KB5039211, so i'm on june 2024 update currently and build number 19044.4529.
The ADR doesn't find any Superseeded updates Between 2024/06 and 2025/1 and the 2025/1 update KB5050188 won't install

Thanks in advance

 

[Garth]

The ADR filter seems to be the problem, when i deleted superseeded=no parameter on the ADR, it installed KB5037035 and KB5039211, so i'm on june 2024 update currently and build number 19044.4529.
The ADR doesn't find any Superseeded updates Between 2024/06 and 2025/1 and the 2025/1 update KB5050188 won't install
View attachment 7053
Thanks in advance

You mean they show up within the console, right? That is to be expected. Those sw updated have been supersede by another sw update. Why would you want to deploy old sw updates?

 

[jrubios]

You mean they show up within the console, right? That is to be expected. Those sw updated have been supersede by another sw update. Why would you want to deploy old sw updates?

I need the workstations to be up to date and have the latest cumulative update possible, in this case the cumulative of march 2025 KB5053606
This Updates don't appear as required to the devices that require that update, and was thinking it was because it needed previous Updates for that latest cumulative update to be deployed
In the release notes of the latest cumulative Update (KB5053606) it says it needs SSU from August 2021 (KB5005260) or latest, and my workstations have october 2023 SSU (KB5031539) installed.
When i supressed the Superseeded=No filter on my ADR, April and June 2024 cumulative updates where deployed, (KB5037025) and (KB5039211).
Since the only thing that worked and deployed the updates was the supesedence filter, i thought this could be the cause too
If i perform a Scan against windows Update, the Update will install, so the workstation needs it
The updates installed on my test workstation are:

Thanks

 

[jrubios]

I have seen on this old tread, of this forum, https://forums.prajwaldesai.com/threads/sccm-server-2019-not-showing-updates.5997/
The problem was having Ad Sites on Boundary Groups
Will try removing them tomorrow
Thanks

 

[jrubios]

Tried to delete the AD site from the boundary group where the SUP is located, and it keeps happening
I'm pulling my hair out
Thanks

 

[Garth]

Tried to delete the AD site from the boundary group where the SUP is located, and it keeps happening
I'm pulling my hair out
Thanks

Back up, did you run the script that I like too above? Have you reviewed the logs on one of the devices to see if the su is detected? Have you deployed all required su to that device?

 

[jrubios]

Back up, did you run the script that I like too above? Have you reviewed the logs on one of the devices to see if the su is detected? Have you deployed all required su to that device?

I did run the script on the device, but locally since when I tried to do it with Run Script Feature on the console, it wouldn't run. I Waited all day and nothing changed. On the logs did not see any changes.
The Device is member of a collection where the software update group is deployed and has the "required updates" that need to be instlaled, it is created by the ADR, so the Updates are deployed to that collection.
I will try to run the script again on other Device
Does it need to be ran via the Run Script utility from the console or can it be executed locally?
This is happening with all OS updates, not only with w10.
Thanks in advance

 

[jrubios]

Back up, did you run the script that I like too above? Have you reviewed the logs on one of the devices to see if the su is detected? Have you deployed all required su to that device?

I Re ran the script on other computer and found on Update Store.log that updates that were detected as allready exist, then appeared as missing, but still won't install or appear on Available UpdatesWhen i re ran Machine Policy evaluation and Software Update evaluation and deployment after exectuing your script, the same updates that appeared as missing, then appear as already existingI uploaded the log just in case
Ran your script at 11:52 and at 12:52 i re ran Machine Policy evaluation and Software Update evaluation and deployment

 

[Garth]

I did run the script on the device, but locally since when I tried to do it with Run Script Feature on the console, it wouldn't run. I Waited all day and nothing changed. On the logs did not see any changes.
The Device is member of a collection where the software update group is deployed and has the "required updates" that need to be instlaled, it is created by the ADR, so the Updates are deployed to that collection.
I will try to run the script again on other Device
Does it need to be ran via the Run Script utility from the console or can it be executed locally?
This is happening with all OS updates, not only with w10.
Thanks in advance

In the UpdatesStore.log, when you force the script you will see a list of SU listed as Missing. Then compare the GUID to the GUIDs within ConfigMgr to fine each SU. Now you will know exactly what the device thinks is missing.

 

[jrubios]

In the UpdatesStore.log, when you force the script you will see a list of SU listed as Missing. Then compare the GUID to the GUIDs within ConfigMgr to fine each SU. Now you will know exactly what the device thinks is missing.

I think i narrowed down the issue.
Most of my devices have w10 21h2
Updates listed as 22h2 even tho tey're applicable to 21h2, won't install, only are shown as required the few computers i have on 22h2
Could it be because it searches by the version number, and since the version number is 21h2 instead of 22h2 won't list de devices as required?
All non superseeded updates that have 21h2 on the title have been installed succesfully
If you search updates via windows update, the latest cumulative update (KB5053606) will install, and install correctly, so the Update is applicable to 21h2 builds

 

[jrubios]

The solution was the ADR filter, the product that has to be selected if you want to patch any LTSC version is to select the LTSB product Filter