by Mark | Feb 27, 2016 | How To, SCCM
SCCM Clients failing to install windows updates
Microsoft System Center Configuration Manager (SCCM) is a popular tool used for managing and deploying updates to Windows clients in an organization. However, sometimes SCCM clients can encounter issues while installing Windows updates, resulting in failed installations. This can be a frustrating experience for IT professionals who are responsible for maintaining a secure and up-to-date environment. In this article, we will explore common causes of SCCM clients failing to install Windows updates and provide solutions to troubleshoot and resolve these issues.
Common Causes of SCCM Clients Failing to Install Windows Updates:
There can be various reasons why SCCM clients may fail to install Windows updates. Here are some common causes:
- Inadequate Disk Space: If the SCCM client has insufficient disk space, it may fail to install updates.
- Connectivity Issues: The SCCM client must have a stable and reliable connection to the network and the SCCM server to download and install updates. Any connectivity issues can cause the installation to fail.
- Corrupted Update Files: Sometimes, the update files downloaded by the SCCM client can become corrupted, leading to a failed installation.
- Incorrect Permissions: If the user account used to run the SCCM client does not have sufficient permissions to install updates, the installation may fail.
- Conflicting Software: Sometimes, other software installed on the client machine can interfere with the installation of Windows updates.
Troubleshooting SCCM Clients Failing to Install Windows Updates:
Now that we have identified some common causes of SCCM clients failing to install Windows updates, let’s look at some troubleshooting steps to resolve these issues.
- Check Disk Space: Verify that the SCCM client has sufficient disk space to install updates. Clear any unwanted files or increase the disk space if needed.
- Check Connectivity: Ensure that the SCCM client has a stable network connection to the SCCM server. Check for any firewall or network configuration issues that may be affecting the connection.
- Clear the Software Distribution Folder: Sometimes, clearing the contents of the Software Distribution folder on the SCCM client can help resolve update installation issues. To do this, stop the Windows Update service, delete the contents of the C:WindowsSoftwareDistribution folder, and then restart the Windows Update service.
- Verify Permissions: Ensure that the user account used to run the SCCM client has sufficient permissions to install updates. The user account should be a member of the local Administrators group on the client machine.
- Uninstall Conflicting Software: If other software is interfering with the installation of Windows updates, uninstall the software and attempt the update installation again.
The most common cause of Windows Update Failures
If you find no issues while looking at the Client and SCCM server Windows Updates logs and you determine that it isnt something else (as above), it maybe worth checking the following on the clients with the issues.
If you have issues with SCCM client machines during an update deployment, an issue that could be causing the problem is a proxy value has been set within the registry.
Open Regedit and navigate to the following key location
HKEY_LOCAL_MACHINE – SOFTWARE – Microsoft – Windows – CurrentVersion – Internet Settings – Connections – WinHttpSettings
Delete the WinHttpSettings value
Close Regedit and reboot the server.
FAQs
How can I tell if an SCCM client failed to install updates?
You can check the SCCM console to view the update deployment status. If the update installation has failed, you will see an error message with details of the failure.
What should I do if an SCCM client repeatedly fails to install updates?
Try the troubleshooting steps mentioned in this article to resolve the issue. If the issue persists, you may need to investigate further and seek assistance from Microsoft support.
What should I do if an SCCM client reports a download failure for an update?
First, check the client’s internet connectivity and ensure that there is no firewall or proxy server blocking the download. If the issue persists, try clearing the Software Distribution folder or restarting the Windows Update service on the client machine.
How can I troubleshoot an SCCM client that is stuck in “Downloading” or “Installing” updates?
Check the client’s connectivity to the SCCM server and ensure that there is enough disk space on the client machine. You can also try clearing the Software Distribution folder or restarting the Windows Update service on the client machine.
What are some common errors that occur when SCCM clients fail to install updates?
Some common errors include “Failed to install updates,” “Error 0x80070003,” and “Error 0x8007000e.” The specific error message can provide clues to the underlying issue.
How can I troubleshoot an SCCM client that is reporting a Windows Update error?
Check the client’s internet connectivity, ensure that there is enough disk space on the client machine, and verify that the user account used to run the SCCM client has sufficient permissions to install updates. You can also try restarting the Windows Update service or clearing the Software Distribution folder on the client machine.
How can I prevent SCCM clients from failing to install Windows updates in the future?
Ensure that the client machines are regularly maintained and have enough disk space available. Keep the SCCM server up-to-date with the latest updates and patches. Additionally, consider implementing a regular update schedule and enforcing compliance policies to ensure that updates are installed on a timely basis.
Conclusion:
SCCM clients failing to install Windows updates can be a frustrating issue to deal with, but with the right troubleshooting steps, it can be resolved. In this article, we have outlined some common causes of update installation failures and provided solutions to troubleshoot and resolve these issues. By following these steps, you can ensure that your SCCM clients stay up-to-date and secure.
by Mark | Feb 10, 2016 | How To, Patch Management, Patch Releases, SCCM
The following thirteen Patch Tuesday updates / patches have been released by Microsoft for the Febuary 2016 Update deployment.
Are you ready to start deploying and remove the patching risk using SnaPatch Patch Management Software?
MS16-009 – Critical
Cumulative Security Update for Internet Explorer (3134220)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-011- Critical
Cumulative Security Update for Microsoft Edge (3134225) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-012 – Critical
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.
MS16-013 – Critical
Security Update for Windows Journal to Address Remote Code Execution (3134811)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS16-014 – Important
Security Update for Microsoft Windows to Address Remote Code Execution (3134228) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
MS16-015 – Important
Security Update for Microsoft Office to Address Remote Code Execution (3134226) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-016 – Important
Security Update for WebDAV to Address Elevation of Privilege (3136041) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.
MS16-017 – Important
Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
MS16-018 – Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-019 – Important
Security Update for .NET Framework to Address Denial of Service (3137893) This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms..
MS16-020 – Important
Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.
MS16-021 – Important
Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.
MS16-022 – Important
Security Update for Adobe Flash Player (3135782) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
by Mark | Dec 14, 2015 | How To, Patch Management, Patch Releases, SCCM
The Ultimate Patch Management Strategy to Alleviate Your Pain
Are you tired of experiencing patch management pain every time you need to update and patch your servers? If yes, then you are not alone. Many administrators have found themselves in a daunting task of keeping their servers and workstations up to date. Fortunately, creating a great patch management strategy is not as complicated as you might think. In this article, we will show you how to implement an effective patch management strategy that will remove the pain from your process.
Infrastructure is Key
The first step towards having an effective patch management strategy is having the correct infrastructure in place. Fortunately, there are several fantastic tools that have been developed by Microsoft, such as Microsoft System Centre Configuration Manager (SCCM), Windows Update Services (WSUS), and Windows Update for Business (WUB). These tools can be used to keep your servers and workstations up to date, and they all report on patching compliance. Additionally, you can set them to deploy updates as you define, which makes the process more manageable
The Ideal World
In an ideal world, where you have Development/Test, UAT, and Production environments that mimic one another, you can successfully deploy security updates to the lower environments. This allows you to perform successful UAT to ensure that no new issues are introduced by any of the patches. Should a patch cause an issue, you can stop deployment to your Production servers, delaying deployment until a fix has been released that will address the issue or not deploying the patch at all.
The Real World
Unfortunately, not everyone has the luxury of lower environments that match the Production environment. The ability to successfully UAT patches prior to deployment to Production systems isn’t available to most administrators, making the patch deployment process fraught with risk. Administrators would have to manually confirm all backups were successful prior and perform and confirm a successful snapshot of their virtual servers for added confidence. Only then could they deploy the updates to their client servers, typically outside of business hours. If there was an issue that arose from a patch, many late-night hours would be spent either trying to uninstall the patch (if that worked) or restoring from tape backup. Either way, it was many hours and weekends late at night keeping everything up to date.
How We Can Help
We understand the pain that comes with patch management, and we have a solution to help you. SnaPatch Patch Management Software interfaces with Microsoft’s SCCM and VMWare’s vCentre and Microsoft’s System Centre Virtual Machine Manager, also known as SCVMM. This software automates the patch deployment process and allows administrators to have their weekends back. With the SnaPatch console, you can choose the servers you want to patch, what patches you want to deploy, what servers you require to be snapshotted, and what time you would like this all scheduled (a maintenance window will be set for this deployment). SnaPatch will automate all this and alert you with progress emails. Should a server’s snapshot not be successful, you will be alerted by email, and that server will be excluded from patch deployment. Should an issue arise with one of the deployed patches, you can either uninstall the patch, revert to the snapshot created by SnaPatch, or restore from backup tape.
SnaPatch – Your Solution
SnaPatch is the best patch management add-on for Microsoft’s SCCM that will help you alleviate the patching risk. With our software, you can simplify your patch management process and enjoy your weekends without the hassle of patching. Like our motto says, “Let’s make Administration EASY!” Contact us today to learn more about how SnaPatch can help you.
by Mark | Dec 11, 2015 | How To, Patch Management, Patch Releases
How to Fix Outlook 2010 Only Starting in Safe Mode Issue (KB3114409)
If you are experiencing issues with Outlook 2010 only starting in Safe Mode, you are not alone. The recent Microsoft Patch releases have caused an issue that was meant to be prevented instead of fixed. Fortunately, there is a way to address this problem.
The KB3114409 update, which was released on Patch Tuesday, was designed to prevent Outlook 2010 from starting in Safe Mode. However, it appears to have caused the opposite effect, forcing all users to use Safe Mode for Outlook and not retaining display preferences. This issue has affected many users and is still very fresh, meaning there may be other issues associated with this release.
While the core objective of the above fix was to limit Outlook 2010 opening in Safe Mode, a feature released in KB3114305, it appears as though the patch has caused unintended consequences. If you have installed the KB3114409 update, you may have found that Outlook 2010 only starts in Safe Mode, and display preferences are not being retained.
The good news is that there is a workaround. To fix the issue, you will need to uninstall or prevent the hotfix from being installed. This will return the functionality in those cases where the fix has caused issues.
For sites using Outlook 2010 with SCCM ADRs to deploy patches, it is advisable to disable this update. However, sites using Lotus Notes are not affected, as this update is specific to Outlook (and not Office) 2010.
Conclusion
If you are experiencing issues with Outlook 2010 only starting in Safe Mode, the KB3114409 update may be the culprit. Fortunately, there is a workaround to fix this problem. By uninstalling or preventing the hotfix from being installed, you can restore the functionality of Outlook 2010. Remember, if you are using SCCM ADRs to deploy patches, disable this update to avoid issues. With these simple steps, you can fix the issue and get back to using Outlook 2010 without any problems.
If you want more information about this update, visit the Microsoft site links below
https://support.microsoft.com/en-us/kb/3114409
While the core objective of the above fix was (to provide a means) to limit Outlook 2010 opening in Safe Mode, a feature released in KB3114305: https://support.microsoft.com/en-us/kb/3114305
by Mark | Aug 18, 2015 | How To, Patch Management, Patch Releases
Microsoft patches KB3177725 & KB3176493 causing printing issues
Two recently released patches from Microsoft (in the August Patch Tuesday Release) seem to be causing some issues. The problematic security updates are KB3177725 and KB3176493 both which were to patch security vulnerabilities that could allow remote code execution on both Windows 7, 8, 8.1 and 10 as well as server editions of their software, Windows server 2008, 2008 R2, 2012 and 2012 R2. The risk of not deploying these two security updates, could allow elevation of privileges, if an attacker finds an affected system and then runs some software which would then exploit these vulnerabilities and finally take control of the affected system.
So what is the issue?
The issue caused by these two security patches is the inability to print more than one page at a time. Others are reporting that it corrupts all print jobs with an error. Microsoft have reported initially that the problem is incompatibility issues between Windows and Printer Drivers, but have recently come out and acknowledged that it was in fact caused by these two updates.
Now this is quite a substantial problem, can you imagine having all your users calling your service desk with this issue???
Now, what is the fix?
UPDATE: Previously we mentioned the only work around is to uninstall either or both KB3177725 and KB3176493.
Well Microsoft have come through and have released another patch that will fix the issues caused by these two security updates. KB3187022 – Print functionality is broken after any of the MS16-098 security updates are installed
Patch is available to download from the Microsoft site https://support.microsoft.com/en-us/kb/3187022
There has been other issues this month, caused by the August Security Patches. Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers and KB3176934 breaks Windows 10 Powershell
Additionally, If you are lucky enough to be one of our many customers and are using SnaPatch, you can easily and quickly roll back your virtual machines to the prior security update deployment snapshot.
To learn more about what SnaPatch offers and how you can avoid further issues like this, click this link.
