Download presentation
Presentation is loading. Please wait.
Published byPrimrose Wood Modified over 9 years ago
0
© 2014 Microsoft Corporation. All rights reserved.
Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
1
System Center 2012 Configuration Manager Concepts & Administration
Lesson 7: Deploying Software Updates Your Name Premier Field Engineer Microsoft © 2014 Microsoft Corporation
2
Conditions and Terms of Use
Microsoft Confidential This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited. The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non- infringement. Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Copyright and Trademarks © 2014 Microsoft Corporation. All rights reserved. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. For more information, see Use of Microsoft Copyrighted Content at Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. © 2014 Microsoft Corporation Microsoft Confidential
3
Microsoft Confidential
Overview Introduction to Software Updates Management Features available Reporting and troubleshooting This lesson covers the basic management process required to deploy updates in the infrastructure using System Center 2012 Configuration Manager, as well as an introduction to Endpoint Protection in System Center 2012 Configuration Manager. As an introduction to SUM in System Center 2012 Configuration Manager, we will look into the patch management process workflow, pre-requisites for a SUP installation and some capacity planning. We will discuss the features involved in SUM such as superseded updates, RBA, content library, client settings, deployments, updates groups, end user experience and discuss migration from Configuration Manager 2007. SUM in System Center 2012 Configuration Manager comes with many native reports. We will look at how these reports can be useful for troubleshooting and follow up on updates compliance. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
4
Microsoft Confidential
Objective After completing this lesson, you will be able to: Install and configure a Software Update Point Understand the different features involved in patch management and how to manage them Create manual and automated update deployments Use reports to check update compliance states and deployment status Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
5
Introduction to Software Update Management
Patch Management process Prerequisites Capacity planning Installation Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
6
Software Updates End-to-End Workflow
Configure software update components Enable and configure Software Updates Client Agent Enable and configure Active SUP Start Optional: Configure multiple SUP using NLB Monitor deployment using reports Synchronize with WSUS server Optional: Create Software Update Groups that contain defined sets of updates. Are software Updates required? Yes Analyze whether software updates are required Create a deployment using Deployment Software Updates Wizard or use Automatic Deployment Rule (new) Flowcharts for software updates - Optional: Download software updates and provision the updates on DP using Download Updates Wizard. No © 2014 Microsoft Corporation Microsoft Confidential
7
Software Update Point Prerequisites
Server prerequisites: Windows Server Update Service (WSUS) 3.0 SP2 WSUS Administration Console if SUP is remote Network Load Balancing (optional, see capacity planning) Note : This is Pre-SP1 Requirement. With SP1 you can have 4 SUPs per site. SRS Reporting Point Client prerequisites: Latest version of Windows update agent WSUS : Software updates require WSUS for software updates synchronization and for the software update compliance assessment scan on clients. The WSUS server must be installed before you create the software update point site system role. The software update point handles synchronization requests to WSUS, inserting synchronized software updates metadata into the site server database and sending state messages to indicate the current status. Clients connect to the WSUS server when performing compliance assessment scans for software updates. The Windows Update Agent (WUA) on the client computer connects to the WSUS server to retrieve the relevant software updates metadata to perform the scan. WSUS is available for download on the Microsoft Download Center Web site. WSUS Admin Console: The WSUS Administration Console is required on the Configuration Manager site server when the active software update point is on a remote site system server and WSUS is not already installed on the site server. The site server depends on the local WSUS installation to communicate with the WSUS server on the remote active software update point, allowing the site server to configure WSUS settings and synchronize software updates. WUA: The WUA client is required on clients to connect to the WSUS server and retrieve the list of software updates that need to be scanned for compliance. When running the Configuration Manager installation, the latest version of the WUA is downloaded, and then when the Configuration Manager client is installed the WUA is upgraded if necessary. When the installation fails, the WUA will need to be upgraded using a different method. Site Server communication with active SUP : There could be configuration settings that must be addressed depending on the software update point infrastructure and Configuration Manager site settings. NLB: Each software update point can support up to 100,000 client computers when it is installed on a remote site system server running WSUS 3.0 SP2 and less when it is co-located with the site server. When you expect that more client computers will connect to the active software update point, WSUS and the active software update point must be configured for NLB. SRS: The SRS reporting point site system role must be installed before software updates reports can be displayed. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
8
Microsoft Confidential
Capacity Planning The number of supported clients is dependent on the version of Windows Server Update Services (WSUS) that runs on the Software Update Point and on whether the Software Update Point site system role co-exists with other site system roles. Role Limit SUP co-exists with another site system role Up to 25,000 SUP on a separate box (without any other site server role) Up to 100,000 Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
9
Microsoft Confidential
Installation Installed as site system role SUP can be installed on: CAS site Primary Site Secondary Site The first SUP must be installed on the CAS. If CAS does not have access to the internet then you can use export/import functions of WSUSUtil tool to synchronize software updates metadata. (New in Sp1) - You can install multiple SUP* at a site to support untrusted forest scenario as well as remove NLB** requirements for fault tolerance. The software update point is required for software updates on the central administration site and primary sites, is optional on secondary sites, and is installed as a site system role in the Configuration Manager console. The software update point site system role must be created on a server running Windows Server Update Services (WSUS). The SUP installed onto the CAS requires access to the internet in order to synchronize its catalog with Microsoft update site , if CAS does not have access to the internet then you can use the process defined for synchronizing software update from a disconnected SUP - At a secondary site, you have the option of installing an active software update point for the site. Having a software update point at a secondary site provides local access to client computers when scanning for software updates compliance. When the secondary site does not have a configured software update point, client computers will connect to the active software update point on the parent site. You will need to determine whether client computers at the remote site have sufficient connectivity to WSUS running on the parent site or whether WSUS running on a local software update point is required. The software update point is optional on a secondary site. When you install a software update point on a secondary site, the WSUS database is configured as a replica instead of an autonomous WSUS instance that is used when installing the software update point on a primary site or central administration site. *You cannot install more than one SUP at a Secondary site even in SP1. Starting with Configuration Manager SP1, the first software update point that you install at a primary site is the default software update point. Additional software update points at the site are configured as replicas of the default software update point. ** You no longer have an option to SUP as an NLB in Sp1 but you can use PowerShell CmdLet “Set-CMSoftwareUpdatePoint” to setup the NLB. Before you upgrade from RTM to SP1, you MUST remove the NLB for your active SUP. The active Software Update Point concept is deprecated in Configuration Manager Sp1. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
10
New in Configuration Manger 2012 Sp1
You can specify existing WSUS server (which is not part of the Configuration Manager hierarchy) as the upstream Synchronization source for the top-level site. New Deployment Templates Definition Updates template Patch Tuesday New WSUS Server connection account for SUP You can select multiple software updates from the Software Center to install as a group. Disable Software Update randomization option Windows Embedded devices – Control the behavior of the write filter when you deploy Software Updates using the new feature “Commit changes at deadline or during a maintenance windows (requires restarts)”. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
11
New in Configuration Manger 2012 R2
New Maintenance Windows for Software Updates only. Ability to control Software update Installation separately from Software Distribution and Operating System Deployment. Modify Deployment package for Existing Automatic Deployment Rules. Ability to modify the deployment package ADR downloads to allow for better control before a deployment package becomes too large. Preview Software Updates in the Automatic Deployment Rule while building the property filters. Allows a preview of Software updates found while building filters for the ADR. Gives the ability to validate the filter rules were built correctly. New maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window. For more information about maintenance windows - You can now preview software updates that meet the property filters and search criteria that you define in an automatic deployment rule. Software updates preview lets you review the software updates before you create the deployment. The Preview button is located on the Software Updates page in the Automatic Deployment Wizard and on the Software Updates tab in the properties for the automatic deployment rule. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
12
Installing the SUP Role on a Secondary Site
Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
13
Installation Recommendations
Ensure that clients managed by a site with an active SUP are not targeted by a WSUS GPO. If you are using Software Update-based client installation on a fresh image, you must configure and assign a Group Policy Object (GPO) in AD to specify the SUP server name from which the computer will obtain software updates*. Use GP Preferences** rather than GPO for setting the WSUS server for initial client installation to make use of failover SUP***. Do not re-use an existing WSUS infrastructure Do not configure the WSUS Server Consider using a custom web site for SUP More info - To use software update-based installation, you must use the same WSUS server for client installation and software updates. This server must be the active SUP in a Primary site. If a computer does not have the System Center 2012 Configuration Manager client installed, you must configure and assign a Group Policy Object (GPO) in Active Directory Domain Services to specify the software update point server name from which the computer will obtain software updates. You cannot add command-line properties to a software update-based client installation. If you have extended the Active Directory schema for System Center 2012 Configuration Manager, client computers automatically query Active Directory Domain Services for installation properties when they install. If you have not extended the Active Directory schema, you can use Group Policy to provision client installation settings to computers in your site. These settings are automatically applied to any software update-based client installations. For more information, see How to Provision Client Installation Properties (Group Policy and Software Update-Based Client Installation) and How to Assign Clients to a Site in Configuration Manager. Use the following procedures to configure computers without a System Center 2012 Configuration Manager client to use the software update point for client installation and software updates, and to publish the System Center 2012 Configuration Manager client software to the software update point. Use the Group Policy Management Console to open a new or existing Group Policy Object. In the console, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update. Open the properties of the setting Specify intranet Microsoft update service location, and then click Enabled. In the box Set the intranet update service for detecting updates, specify the name of the software update point server that you want to use and the port. These must match exactly the server name format and the port being used by the software update point: If the Configuration Manager site system is configured to use a fully qualified domain name (FQDN), specify the server name by using FQDN format. If the Configuration Manager site system is not configured to use a fully qualified domain name (FQDN), specify the server name by using a short name format. Note: To determine the port number that is being used by the software update point, see How to Determine the Port Settings Used by WSUS. Example: In the box Set the intranet statistics server, specify the name of the intranet statistics server that you want to use. There are no specific requirements for specifying this server. It does not have to be the same computer as the software update point server, and the format does not have to match if it is the same server. Assign the Group Policy Object to the computers on which you want to install the Configuration Manager client and receive software updates. =============================================================================== ** More info on different between GPO and GPP - *** Group Policy Preferences and Software Updates and SUP in Configuration Manager 2012 Sp1 Documents - Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
14
New Text-Only Slide (Hidden)
Scenario Overview I use client publishing through WSUS and set the WSUS server through Group Policy. However, after the client is installed, I also want to take advantage of the new SUP Failover design, which will allow my clients to failover to another SUP as needed. How do I accomplish this without using NLB since I'm only able to set a single, logical WSUS server reference with group policy? That single WSUS server set through group policy will not allow Configuration Manager local policy to set an alternative SUP for failover. Solution There is a fairly easy way to apply a WSUS server for Configuration Manager client-publishing using group policy, and to still take advantage of SUP Failover after the client is installed, and without an NLB dependency. To achieve this, you need to use Group Policy Preferences (GPP) to set the WSUS server only when the Configuration Manager client doesn't exist, or isn't running. GPP allows you to easily set conditional logic to configure specific settings. As an example, you can use GPP to ONLY set a specific WSUS server if the Configuration Manager client is NOT installed. If the Configuration Manager client exists, group policy will NOT set the WSUS server, freeing up Configuration Manager local policy to set the appropriate SUP as needed. This avoids the domain and local policy conflict, and allows SUP failover to work as designed. In general, using GPP is a best practice in any Configuration Manager scenario where local and group policy might conflict, and you want local group policy to trump domain policy on a particular condition. First, let me provide a little background on GPP. GPP is available from the Group Policy Management console running on Windows Server 2008, or higher and Windows Vista SP1 or higher. GPP will work on those same operating systems, and Windows XP SP3 is also updated with the required client-side extensions. In short, you should be all ready to begin using GPP--there's no dependency on upgrading domain controllers to Windows Server 2008 R2, or having all Windows 7 clients or higher. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
15
PowerShell Cmdlets for Software updates
Multiple PowerShell Cmdlets are available for Software updates. Example to Perform a full Sync for Software updates Sync-CMSoftwareUpdate Sync-CMSoftwareUpdate -FullSync <Boolean> [ <CommonParameters>] This command retrieves metadata for all software updates. PS C:\> Sync-CMSoftwareUpdate -FullSync $True Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
16
Lab: Software Update Point Installation and Configuration
Scenario You are the administrator of the Contoso Configuration Manager hierarchy. You wish to install and configure SUP into your hierarchy Goals Ensure prerequisites are met Install and configure a software update point. Configure client agent settings Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
17
Microsoft Confidential
Lesson Review Why is the WSUS admin console required on the site server when installing the SUP ? What should I do if I plan to manage more than 25,000 clients when using a SUP ? Version RTM? Version SP1? Why is the WSUS admin console required on the site server when installing SUP ? Because System Center 2012 Configuration Manager does uses the Admin Console’s API to communicate with WSUS server What should I do if I plan to manage more than 25,000 clients when using SUP ? Install WSUS Server 3.0 SP2 on a dedicated machine for SUP or use NLB. If using SP1 Deploy multiple SUPs. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
18
Microsoft Confidential
Lesson Summary In this lesson, you learned: How to plan for a SUP installation, including the required components How to complete a SUP installation Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
19
Microsoft Confidential
Objective After completing this lesson you will learn: How to manage updates How to create update groups How to create update deployments Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
20
Microsoft Confidential
Features Available Superseded update support SUM admin role (with RBA) Client agent settings Simplified update groups Automated deployments End user experience Content library and cleanup Migration from Configuration Manager 2007 Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
21
Superseded Updates Support
Publisher can expire or supersede software updates Configuration Manager 2007 automatically expires superseded updates System Center 2012 Configuration Manager can: Persist Configuration Manager 2007 behavior Configure System Center 2012 Configuration Manager to not automatically expire superseded updates Software updates in Configuration Manager 2007 were automatically expired during the full software updates synchronization process for a site. This prevented you from deploying superseded software updates because they were expired and Configuration Manager does not allow you to deploy expired software updates. In Configuration Manager, you can choose whether to manage superseded software updates as it is in Configuration Manager 2007 or you can configure a specified period of time where the software update is not automatically expired after it is superseded. That allows you to deploy superseded software updates when necessary. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
22
SUM Administration Role (with RBA)
SUM Admin can initiate specific actions (role) . . . . . . on a specific set of objects (scope) Example: SUM admin for servers can manage all software updates for just the server collection Role-based management for software updates Configuration Manager provides the Software Update Manager built-in security role. This role grants permissions to define and deploy software updates. Administrative users who are associated with this role can create collections, software update groups, deployments, templates, and enable software updates for Network Access Protection (NAP). You can also create a custom role to limit the specific actions that users can take on a specific set of objects. For example, you could create a new role that provides the user the ability to manage all software updates actions for just a specific collection. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
23
Client Agent Settings for SUM
New UI for client agents settings Settings can be applied per Collection so software updates can be enabled or disabled on select systems Explain the different kind of settings available for client agent in SUM. Schedule scan and installation Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
24
Simplified Update Groups
Improved search to find updates Update groups replace lists and deployments New updates added to groups are automatically deployed Groups can be used for compliance or deployment [PFE] : <Instructor Note: Take some time to talk about the differences from SCCM 2007 (update list that does not exist anymore) > Improved search New search and the ability to provide expanded criteria is available when software updates are listed in the Configuration Manager console. You can add a set of criteria that make it very easy to find the software updates that you need. You can then save the search criteria to use later. For example, you can set criteria for all critical software updates for Windows 7, and released in the last year. After you filter for the updates that you need, you can select the software updates and review compliance information per software update, create a software update group that contains the software updates, manually deploy the software updates. Software update groups Software update groups are new in System Center Configuration Manager and replace update lists and deployments that are used in Configuration Manager 2007. Software update groups provide a more effective method for you to organize software updates in your environment. You can manually add software updates to a software updates group or software updates can be automatically added to a new or existing software update group by using an automatic deployment rule. You can also deploy a software update group manually or automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and they will automatically be deployed. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
25
Automated Deployments (new)
Automatic approval of selected updates Scheduled or manually run Useful for Patch Tuesday and Endpoint Protection Objects created by rules are interactive: Deployments Rules can be enabled/disabled Deployment can be added/removed from groups Updates can be added/removed from groups Deployment templates Automatic deployment rules provide the ability to automatically approve and deploy software updates. You specify the criteria for software updates (for example, all Windows 7 software updates released in the last 1 week), the software updates are added to a software update group, you configure deployment and monitoring settings, and choose whether to deploy the software updates in the software update group. You can deploy the software updates in the software update group or retrieve compliance information from devices for the software updates in the software update group without deploying them. There is no longer a Deployment Templates node in the Configuration Manager console to manage your templates. Deployment templates can be created only in the Automatic Deployment Rules Wizard or Deploy Software Updates Wizard. Deployment templates store many of the deployment properties that might not change from deployment to deployment, and they can save a lot of time for administrators when deploying software updates. Deployment templates can be created for different deployment scenarios in your environment. For example, you can create a template for expedited software update deployments and planned deployments. The template for the expedited deployment can suppress display notifications on client computers, set the deadline for 0 days from the deployment schedule, and allow system restarts outside of maintenance windows. The template for a planned deployment can allow display notifications on client computers and set the deadline for 14 days from the deployment schedule. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
26
Microsoft Confidential
End User Experience Uses the new Software Center user interface End user has better control of their own experience: Install/schedule updates Use non-business hours Admin can choose to hide just pop-ups, or hide all end user notifications Configuration Manager provides users more control over when software updates are installed on their device. Configuration Manager Software Center is an application that installs when the Configuration Manager client is installed. Users run this application from the Start menu to request software and manage the software that is deployed to them, including software updates. Software Center allows users to schedule software update installation at a convenient time before the deadline and install optional software updates. For example, you can configure your business hours and have software updates run outside of those hours to minimize lost productivity. When the deadline is reached for a software update, the installation for the software update is initiated. These settings are machine policies. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
27
Content Library and cleanup
Software updates stored in the Content Library Maintenance task deletes expired updates and content Software update files are stored in the content library The content library in System Center 2012 Configuration Manager is the location where all content files are stored for software updates, applications, operating system deployment. The content library is located on the site server and each Distribution Point. The content library provides advantages over content management functionality in Configuration Manager For example, in Configuration Manager 2007 you might deploy the same content files multiple times using different deployments and deployment packages. The result was that the same content files were stored on the site server and Distribution Points multiple times. The content library in Configuration Manager provides a single instance store for content files. This means that before content files are downloaded and copied to Distribution Points, System Center 2012 Configuration Manager checks to see if the content file is already in the content library, and if so, the existing content file is used. Expired Updates: Scheduled synchronizations perform full synchronization, but using the Run Synchronization action performs only delta synchronization. Please note that software updates are marked as expired if they are superseded by another software update or marked as expired in the catalog, but are marked as expired only during scheduled synchronization. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
28
Migration from Configuration Manager 2007
Migrate existing SUM objects: Preserve existing update lists or deployments Persist use of update content on Distribution Points (through Distribution Point sharing or pre-staging) SUP configuration for products and classifications must be the same on both infrastructures SCUP updates cannot be migrated SCUP objects must be re-created and published Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
29
Features that have not Changed from Configuration Manager 2007
Maintenance Windows Update will not be installed until next available service window Potential system restart time period is factored into evaluation If client is member of multiple collections – all applicable maintenance windows will be honored One time maintenance windows can prevent future update deployments Can be overridden Internet-based client support Wake-On-LAN integration Selective download of binaries Time remaining is re-evaluated upon each update installation Once update starts, if actual install time exceeds maintenance window, install is allowed to continue “Ignore Window” option exists for emergency deployments Use “max run time” property to assess whether update can be installed in maintenance window. Admin defines whether a system restart should be allowed or deferred to the next available maintenance window One time maintenance windows can prevent future update deployments SUM deployments assess whether a maintenance window exists No check whether the window has already been exceeded Client will return failure status message – “NO_SERVICEWINDOW” Update deployments initiated via SUM Client UI are not bound by Maintenance Window constraints. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
30
Lab: Software Update deployment
Scenario You are the administrator of the Contoso Configuration Manager hierarchy and you wish to deploy an update group to your clients Goals Create an update group Create a manual and an automated deployment Check deployment status Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
31
Microsoft Confidential
Lesson Review What are the two types of update deployments? Where does Configuration Manager store software updates? How do you configure different software update policies for servers and clients? Name two type of updates deployment . Manual and Automated Where does Configuration Manager store software updates ? Inside the content library How to configure different software update policy for servers and clients ? By assigning different client agent settings to collections Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
32
Microsoft Confidential
Lesson Summary In this lesson, you learned: How to manage updates How to create update groups How to create update deployments Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
33
Microsoft Confidential
Objective In this lesson, you will learn: How to use reports for software updates How to troubleshoot software updates Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
34
Reporting and Troubleshooting
Key compliance and deployment views Detailed state of all deployments and assets Error codes are interpreted Software update synchronization status monitoring Alerts for software issues Extensive update states available in out-of-box reports Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
35
Key Compliance Reports
Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
36
Deployment Status and Asset Views
[EDITOR] Rushi Faldu: Explain how this view can be useful to get quick information about a deployment (targeted devices , deployment state) Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
37
Using Reports for Troubleshooting
[EDITOR] Rushi Faldu: (Friday, April 27, 2012) Talk about reports available for troubleshooting , how they can provide important information about issues during update deployment or installation. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
38
Software Update Point Synchronization Status
This view allows you to check the sync status for each server. You can check the sync status from the CAS to Microsoft update, SUP on a primary child with the SUP on the CAS and so on. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
39
Alerts for software update issues
[EDITOR] Rushi Faldu: Alerts view should have already been explained in a previous module so just explain that alerts can be created when sync issues are met or updates packages are not properly deployed. Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
40
Microsoft Confidential
Server Logs Log Types of issues SUPsetup.log Installation of SUP Site Role WCM.log, WSUSCtrl.log Configuration of WSUS Server/SUP WSyncMgr.log ConfigMgr/WSUS Updates Synchronization Issues Objreplmgr.log Policy Issues for Update Assignments/CI Version Info policies RuleEngine.log Auto Deployment Rules Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
41
Microsoft Confidential
Client logs Log Types of issues UpdatesDeployment.log Deployments, SDK, UX UpdatesHandler.log Updates, Download ScanAgent.log Online/Offline scans, WSUS location requests WUAHandler.log Update status (missing/installed – verbose logging), WU interaction UpdatesStore.log Update status (missing/installed) %windir%\WindowsUpdate.log Scanning/Installation of updates C:\Windows C:\windows\CCM\logs Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
42
Microsoft Confidential
Lesson Review What tools are available for troubleshooting updates? What log should I check to verify update installation on a client? What tools are available for troubleshooting updates ? Reports , logs , sync status view , deployments status view What log should I check to update installation issue on a client? UpdateHandler.log Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
43
Microsoft Confidential
Lesson Summary In this lesson, you learned: How to use reports for software updates How to troubleshoot software updates Microsoft Confidential © 2014 Microsoft Corporation Microsoft Confidential
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.