by Mark | Feb 27, 2016 | How To, SCCM
SCCM Log files for Software Updates
System Center Configuration Manager (SCCM) is a powerful tool used by administrators for managing large-scale deployments. SCCM software updates provide a simple way to keep client systems up to date with the latest security and feature updates. SCCM log files contain valuable information about the software updates deployment process and can help administrators troubleshoot issues. In this article, we will discuss the important SCCM log files for software updates and how to analyze them to troubleshoot issues.
SCCM Log files overview
What are SCCM Log files?
SCCM log files are text files that contain information about the various processes and actions taken by SCCM. These log files are created by SCCM components during their operation and provide valuable insights into the workings of SCCM.
Why are SCCM Log files important?
SCCM log files are crucial for troubleshooting issues that may arise during software updates deployment. They contain detailed information about the actions taken by SCCM components and can help administrators identify the root cause of an issue.
SCCM Log files for Software Updates
The following are the important SCCM log files for software updates:
| Log Name |
Description |
Server Side or Client Side |
CcmExec.log
|
Records actions taken by the SCCM client on the local machine, such as software deployments, inventory scans, and software update installations. |
Client Side |
UpdatesDeployment.log
|
Records details of the deployment process for software updates, including whether they were successfully installed or failed. |
Client Side |
WUAHandler.log
|
Records the communication between the SCCM client and Windows Update Agent (WUA), which is responsible for checking for and installing updates. |
Client Side |
PatchDownloader.log
|
Records the download process for software updates, including the location from which updates were downloaded and whether they were successfully downloaded. |
Client Side |
SiteComponentManager.log
|
Records the status of SCCM components and their installation or uninstallation. This log is useful for troubleshooting SCCM server component issues. |
Server Side |
SMS_AZUREAD_CONNECTOR.log
|
Records actions taken by the SCCM Azure Active Directory (AAD) Connector, which is responsible for syncing user and device data between SCCM and AAD. This log is useful for troubleshooting AAD sync issues. |
Server Side |
CAS.log
|
Records actions taken by the SCCM Central Administration Site (CAS), which is responsible for managing multiple primary sites. This log is useful for troubleshooting issues that affect multiple primary sites. |
Server Side |
MP_Location.log
|
Records actions taken by the SCCM Management Point (MP), which is responsible for managing client communications and data. This log is useful for troubleshooting MP issues. |
Server Side |
Wsyncmgr.log
|
Records the synchronization process for software updates between the SCCM server and the WSUS server. This log is useful for troubleshooting update synchronization issues. |
Server Side |
DataTransferService.log
|
Records the transfer of data between the SCCM server and client machines, including software updates and packages. This log is useful for troubleshooting issues related to data transfer. |
Client Side |
UpdatesHandler.log
|
Records actions taken by the SCCM software update handler, which is responsible for coordinating the download and installation of software updates on the client machine. This log is useful for troubleshooting update installation issues. |
Client Side |
UpdatesStore.log
|
Records the location and status of software updates stored on the client machine. This log is useful for troubleshooting issues related to software update storage. |
Client Side |
UpdatesAssignments.log
|
Records details of software update assignments, including which updates are assigned to which client machines. This log is useful for troubleshooting update assignment issues. |
Server Side |
ContentTransferManager.log
|
Records the transfer of content between the SCCM server and client machines, including software updates and packages. This log is useful for troubleshooting issues related to content transfer. |
Client Side |
RebootCoordinator.log
|
Records actions taken by the SCCM reboot coordinator, which is responsible for coordinating system reboots after software update installations. This log is useful for troubleshooting reboot-related issues. |
Client Side |
Supersedence.log
|
Records details of software update supersedence, including which updates supersede which other updates. This log is useful for troubleshooting update supersedence issues. |
Server Side |
PolicyEvaluator.log
|
Records actions taken by the SCCM policy evaluator, which is responsible for enforcing client policies and settings. This log is useful for troubleshooting policy-related issues. |
Client Side |
Analyzing SCCM Log files
Analyzing SCCM log files is crucial for troubleshooting issues related to software updates deployment. Here are the steps for analyzing SCCM log files:
- Identify the relevant log file(s) for the issue at hand.
- Open the log file using a text editor such as Notepad++.
- Search for the relevant error or warning messages in the log file.
- Analyze the messages to identify the root cause of the issue.
- Take the necessary actions to resolve the issue based on the root cause identified.
Common SCCM Update issues and their resolutions
Here are some common issues related to software updates deployment in SCCM and their resolutions:
- Software updates are not showing up in the SCCM console: Check the synchronization status of the software update point and ensure that the latest software updates are synchronized.
- Software updates are failing to install on client systems: Check the relevant log files to identify the root cause of the issue and take the necessary actions to resolve it.
- Software updates are getting stuck in the downloading phase: Check the ContentTransferManager.log and PatchDownloader.log files to identify the root cause of the issue and take the necessary actions to resolve it.
SCCM Logs FAQs
What is SCCM software updates deployment?
SCCM software updates deployment is a process of deploying the latest software updates to client systems in a managed environment.
What are SCCM log files?
SCCM log files are text files that contain information about the various processes and actions taken by SCCM components.
Why are SCCM log files important?
SCCM log files are important for troubleshooting issues related to software updates deployment in SCCM.
How do I analyze SCCM log files?
To analyze SCCM log files, you need to identify the relevant log file(s), open them using a text editor, search for the relevant error or warning messages, and analyze the messages to identify the root cause of the issue.
What are some best practices for analyzing SCCM log files?
Some best practices for analyzing SCCM log files include using a log file viewer, taking regular backups of the log files, and understanding the structure and messages contained in the log files.
How can I automate a Snapshot prior to deploying patches to my virtual servers?
Use SnaPatch to automate the whole update process to your virtual machines.
Where are the SCCM Log files located?
The SCCM (System Center Configuration Manager) log files are located in different directories on the SCCM server and client computers. On the SCCM server, the log files are typically located in the “Logs” folder within the SCCM installation directory. The default installation directory is “C:Program FilesMicrosoft Configuration ManagerLogs”.
On the client computers, the log files are located in the “CCMLogs” folder within the Windows directory. The default path is “C:WindowsCCMLogs”. The log files are named according to the component or feature they relate to. For example, the “ClientLocation.log” file logs information about the client’s location, while the “SoftwareCenter.log” file logs information about the Software Center feature.
SCCM Logs – Conclusion
SCCM log files are crucial for troubleshooting issues related to software updates deployment. In this article, we discussed the important SCCM log files for software updates and how to analyze them to troubleshoot issues. We also discussed some common issues related to software updates deployment in SCCM and their resolutions. By following the best practices for SCCM log file analysis, administrators can ensure a smooth and successful software updates deployment process.
by Mark | Feb 10, 2016 | How To, Patch Management, Patch Releases, SCCM
The following thirteen Patch Tuesday updates / patches have been released by Microsoft for the Febuary 2016 Update deployment.
Are you ready to start deploying and remove the patching risk using SnaPatch Patch Management Software?
MS16-009 – Critical
Cumulative Security Update for Internet Explorer (3134220)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-011- Critical
Cumulative Security Update for Microsoft Edge (3134225) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-012 – Critical
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.
MS16-013 – Critical
Security Update for Windows Journal to Address Remote Code Execution (3134811)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS16-014 – Important
Security Update for Microsoft Windows to Address Remote Code Execution (3134228) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
MS16-015 – Important
Security Update for Microsoft Office to Address Remote Code Execution (3134226) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-016 – Important
Security Update for WebDAV to Address Elevation of Privilege (3136041) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.
MS16-017 – Important
Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
MS16-018 – Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-019 – Important
Security Update for .NET Framework to Address Denial of Service (3137893) This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms..
MS16-020 – Important
Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.
MS16-021 – Important
Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.
MS16-022 – Important
Security Update for Adobe Flash Player (3135782) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
by Mark | Jan 13, 2016 | Features, Patch Management, Patch Releases, SCCM
Microsoft’s January 2016 Patch Releases
The following nine Patch Tuesday updates / patches have been released by Microsoft for the January 2016 Update deployment.
MS16-001 – Critical
Cumulative Security Update for Internet Explorer (3124903)
This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-002- Critical
Cumulative Security Update for Microsoft Edge (3124904)
This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-003 – Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-004 – Critical
Security Update for Microsoft Office to Address Remote Code Execution (3124585)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-005 – Critical
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.
MS16-006 – Critical
Security Update for Silverlight to Address Remote Code Execution (3126036)
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker’s website.
MS16-007 – Important
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
MS16-008 – Important
Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-010 – Important
Security Update in Microsoft Exchange Server to Address Spoofing (3124557)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
by Mark | Dec 9, 2015 | Patch Management, Patch Releases, SCCM
Microsoft’s December 2015 Patch Releases
The following twelve Patch Tuesday updates / patches have been released by Microsoft for the December 2015 Update deployment.
MS15-112 – Critical
Cumulative Security Update for Internet Explorer (3104517)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-125 – Critical
Cumulative Security Update for Microsoft Edge (3116184)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-126 – Critical
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.
MS15-127 – Critical
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
MS15-128 – Critical
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
MS15-129 – Critical
Security Update for Silverlight to Address Remote Code Execution (3106614)
This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
MS15-130 – Critical
Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
MS15-131 – Critical
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-132 – Important
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.
MS15-133 – Important
Security Update for Windows PGM to Address Elevation of Privilege (3116130)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default.
MS15-134 – Important
Security Update for Windows Media Center to Address Remote Code Execution (3108669)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-135 – Important
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.
