on catall2.CI_ID=UCS.CI_ID, join v_CategoryInfo catinfo2
Scan Agent notifies WUAHandler to add the update source. Display client agent Software Update Point assignation. 1. This is important for the cumulative rollups and how they function. "I am a Microsoft Customer Engineer (CEformerly known as PFE) and a while back (years in fact) I was asked to analyze the update compliance status of a SCCM/ConfigMgr/MECM environment. left join v_CITargetedMachines ctm on ctm.CI_ID=ucs.CI_ID and ctm. WHERE ucs.Status=2 and vrs.Name0=@PC 2014-01-20 12:18:48:662 968 f58 Agent * Search Scope = {Machine}. Software update scan is actually performed by the Windows Update Agent. 2014-01-20 12:18:42:752 3856 708 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec] This work is licensed under a Creative Commons Attribution 4.0 International License. The state messages for software updates provide information about the compliance of software updates and about the evaluation and enforcement state of software update deployments. In the Configuration Manager console, navigate to Monitoring > Overview > Distribution Status > Distribution Point Configuration Status. The previous month setting is only applicable if updates are deployed with a month delay and does not rely on historical data. 31 = Service Packs
Open the SQL Server Management Studio (aka SSMS). 46 2. It can be initiated manually for a specific Update Group in Configuration Manager console > Software Library > Software Updates > Software Update Groups, right-click the update group, and then click Run Summarization. Policy 'CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}",PolicyVersion="40.00",PolicySource="SMS:PS1"' successfully compiled PolicyAgent_PolicyDownload, Updating policy CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd5- 7b0d06f0a2be}",PolicySource="SMS:PS1",PolicyVersion="40.00" PolicyAgent_PolicyEvaluator Use the following procedure to view distribution point group status. The search string looks like this:https://www.bing.com/search?q=error+0x80070005The report is basically a copy of one of the default MECM reports with some adjustments and some custom filters to filter for Deployed and missing updates, Not deployed but missing, "Missing updates with errors", All missing updates deployed or not or just All updates per device. On the Home tab, click View Status. 29 = Feature Packs
The SMX file that's moved to the StateSys.box folder contains the message body XML. IMPORTANT: Can only be used if the SQL Server hosting the MECM database is OLDER than 2016 SP1. Class: CCM_ScanJobInstance. The output will look like the following when you right-click on a device in the console, click on required updates, you will see a list of all required updates with a few columns. Mastering Configuration Manager Patch Compliance Reporting, TryOverwrite parameter first and if it does not work as expected, If set, the script will try to overwrite existing reports. Right Click on your database CM_XXX and click on 'New Query'. Array of reports which should not be set to hidden. WUAHandler CcmMessaging Byactivating report data caching you can increase report render speed especially for the compliance sub-reports (like the first sub-report). The following are logged in WUAHandler.log: Scan results will include superseded updates only when they are superseded by service packs and definition updates. SiteServer: SCCM-Server.domain.NET CScanJobManager::Scan- entered ScanAgent an even better thing is that the API is accessible via PowerShell. The StateSys.log file doesn't log the file name unless verbose logging is enabled for State System Manager. Choose the "UpdatesSummary" dataset and click on the three dots "" and choose "Manage". Managing software updates and creation of custom reports in ConfigMgr is OCEAN. - - - - - -Requesting WSUS Server Locations from LS for {C2D17964-BBDD-4339-B9F3-12D7205B39CC} version 38 ScanAgent From this view, you can monitor the synchronization status for all software update points. 2014-01-20 12:18:52:755 3856 708 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = CcmExec] I could target the fix to those machines if I knew which ones. Calling back with locations for WSUS request {C2BB9710-C548-49D0-9DF8-5F9CFC5F3862} LocationServices. when UCS.status=2
It also contains update collections and maintenance windows to help identify missing or wrong collection memberships: Figure 4: Per device update compliance report. Before you can deploy software updates to clients, the clients must run a software updates compliance scan. This task runs every 24 hours by default. Deletes aged status from software update specific tables in the database. (To much work to keep the view consistent with regular query), Added new import script parameters: "ForceLegacyCardinalitySQL2016SP1AndHigher" and "ForceLegacyCardinalityOlderThanSQL2016SP1" Read more about it, Fixed minor issues and linked all reports to the per device sub-report, Fixed wrong parameter name, updated repository with several fixes. If there is already a report that I have not found let me . Find out more about the Microsoft MVP Award Program. When the updates are superseded, they appear in orange color, if expired, they appear in red. CCM Messaging sends a message to the MP_RelayEndpoint queue successfully.
11GUID: A1006D0E-CF56-41D1-A006-6330EFC393815.00.7958.1000PS1WIN7X6443710335State Message DataFull20140120220131.071000+0001.01.0200'. UpdatesStore ResourceID = ucs.ResourceID This action takes you to a temporary node under, Starting in version 2107, you can right-click the status of a deployment and select, Starting in version 2203, you can perform client notification actions, including. Policy state for [CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}",PolicyVersion="40.00",PolicySource="SMS:PS1"] is currently [Active] PolicyAgent_PolicyEvaluator. Because the Windows Update Server value was already set to the SUP server, this scan is performed against the WSUS server that has the SUP role installed. Calling back with the following WSUS locations LocationServices One of the very common requirements or reports is, find out the missing/required updates of a device that is managed by SCCM. Hi guys, I'm looking for a couple of queries. This update to the Update_SyncStatus table triggers SMSDBMON to drop a
.STN file (STN stands for Scan Tool Notification) in policypv.box to indicate a change in the scan tool definition. The .STN file notifies Policy Provider that it should wake up and update the UpdateSource policy in the database. To verify the SCCM database has the Windows updates you need, run this query: SELECT v_Update_ComplianceStatusAll.ResourceID, Client_Version0, Distinguished_Name0, Name0, Netbios_Name0, BulletinID, ArticleID, Title FROM v_r_system inner join v_Update_ComplianceStatusAll ON v_Update_ComplianceStatusAll.ResourceID=v_r_system.resourceid case when ui.IsExpired=1 then 'Yes' else 'No' end as 'Expired' 2014-01-20 12:18:52:683 968 f58 Agent * Added update {57260DFE-227C-45E3-9FFC-2FC77A67F95A}.104 to search result The following are logged in LocationServices.log: Processing Location reply message LocationServices 1/20/2014 12:18:09 PM This task runs every hour by default. Enter your email address to subscribe to this blog and receive notifications of new posts by email. When StateSys processes this file, it calls the spProcessStateReport stored procedure and passes this XML body on to the stored procedure as a parameter. Applied policy CCM_Policy_Policy5.PolicyID="{d0855677-b0a6-4e33-9bd5- 7b0d06f0a2be}",PolicySource="SMS:PS1",PolicyVersion="40.00" PolicyAgent_PolicyEvaluator UpdatesStore You can sort the columns available in the grid window by title, superseded, expired, date posted. Right-click on any device, you will see the required updates option, click on it, it shows the missing updates. catinfo2.CategoryInstanceID
Thread "State Message Processing Thread #0" id:1988 terminated normally SMS_STATE_SYSTEM. Update store records the current state of each update and creates a state message for each update. CcmMessaging. Configuration Manager supplies many built-in reports covering many of the reporting tasks that you might want to do. Added Update Source ({C2D17964-BBDD-4339-B9F3-12D7205B39CC}) of content type: 2 WUAHandler. Edit Required.updates.xml located in folder ed9dee86-eadd-4ac8-82a1-7234a4646e62. The following registry keys are checked and set: For an existing client, we could expect to see the following in WUAHandler.log to denote when content version has incremented: Its a WSUS Update Source type ({C2D17964-BBDD-4339-B9F3-12D7205B39CC}), adding it. ui.DateLastModified[Date Posted] , Notify me of follow-up comments by email. I'm using SCCM 2012 R2. In the following sample SQL Server Profiler trace, this stored procedure is executed to update the content version to 36: declare @Error int; exec spProcessSUMSyncStateMessage N'2014-01-17 17:59:54', N'PS1', N'{C2D17964-BBDD-4339-B9F3-12D7205B39CC}', 1, 0, '36', @Error output, N'PS1SITE.CONTOSO.COM'. Sending async message '{95F79010-D0EB-49A6-8A1E-3897883105F2}' to outgoing queue 'mp:mp_relayendpoint' CcmMessaging Successfully completed scan. ScanJob({4CD06388-D509-46E4-8C00-75909EDD9EE8}): CScanJob::Initialize- entered ScanAgent To create SCCM custom report, follow these steps : Open the SCCM console and go to Monitoring / Overview / Reporting. You can use reports for that. on ws.resourceid=CS.resourceid, left
Just one question. Figure 7: Report of missing updates not yet approved. Device has no SCCM Agent/not healthy or updates scan is not successful. This right click tools is used to identify the missing updates (like a reporting) , for deployment of updates, you can create SUG groups. Figure 10: Compare update compliance report. There, you can see which servers/computers installed, in Progress or Failed the installation. select ui.Title, ui.articleid [ArticleID], Hi Bob, can you post your query here for me to look at it? This is an example of all the uncompliant systems from the first bar in the dashboard and is basically what the Excel list looked like in the early days: Figure 3: List of all uncompliant systems. It might not be a complete list, but it should cover the most common errors. 2014-01-20 12:18:48:662 968 f58 Agent * Online = Yes; Ignore download priority = Yes and catinfo2.CategoryTypeName='UpdateClassification', left
Switch parameter to not directly upload the reports to SRRS. No free updates See table at top All Reports Bundle Most Popular! Hi Jason, ui.InfoURL as InformationURL, Also, a while ago I created a report to compare the patch status of a maximum of six systems which will also be upload to your SSRS if you run the install script. To view the dashboard, navigate to Monitoring > Overview > Security > Software Updates Dashboard. The fourth sub-report is a simple list of update deployments and their state and some other useful information per system. The idea is to be able to run a report based on a Device Collection then have that report show, for each device in that collection, the compliance status of each Software Update Group deployed to that device. 2014-01-20 12:18:48:662 968 f58 Agent * Include potentially superseded updates The following are some of the reports that are useful in identifying potential issues: This report displays vendor-specific software updates in a specific updates classification that have been detected as required on clients but that have not been deployed to a specific collection. Updates will only be evaluated if they are NOT superseded. After you deploy the software updates in a software update group or deploy an individual software update, you can monitor the deployment status. = UCS.ResourceID, join v_CICategories_All catall2
Inv-Relay: Task completed successfully MP_RelayEndpoint. This policy is created on the site server after a successful synchronization of the SUP. When a client receives the machine policy, a compliance assessment scan is scheduled to start randomly within the next two hours. However, the Configuration Manager client interacts with the Windows Update Agent to perform a scan and obtain the scan results. Value: http://reportserver.domain.local/reportserver, Description:The URL of the SQL Reporting Services Server.Can be found in the MECM Console under "\Monitoring\Overview\Reporting" -> "Report Server" or in the "Report Server Configuration Manager" under "Web service URL", Value: ConfigMgr_P11/Custom_UpdateReporting. You should not use the parameter unless you really want more reports to be visible. total chucks loaded (1) SMS_STATE_SYSTEM IF EXISTS (select PADBID from PolicyAssignment where PADBID = 16777218) update PolicyAssignment set Version = N'40.00', InProcess = 1 , BodyHash = null where PADBID = 16777218 ELSE insert PolicyAssignment (PolicyAssignmentID, PADBID, Version, PolicyID) values (N'{375c8020-3cae-4736-89ca-ccf1ce6e3709}', 16777218, N'40.00', N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}'), exec sp_describe_undeclared_parameters N'UPDATE PolicyAssignment SET Body = @P1 where PADBID = 16777218', update PolicyAssignment set InProcess = 0, BodySignature = N'', TombstoneBodySignature = N'', HashAlgOID = N'1.2.840.113549.1.1.11', HashAlgId = 32780, BodyHash = N'', TombstoneBodyHash = N'' where PADBID = 16777218. Hi, You need to edit line 19 for the location of the PowerShell script. TR:DRThe report explained1st sub-reports (list of systems)2nd sub-report (per system), 5th sub-Report (updates approved)Some key facts and prerequisites:How to installScript ParametersScript Examples, Activate report data cachingAdditional reportDisclaimerResourcesChanges, The following report should help you identify update problems within a specific collection and a group of systems and is designed to work well for a few thousand clients. ScanAgent. SND: Dropped E:\ConfigMgr\inboxes\policypv.box{C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STN (non-zero) [46680] SMS_DATABASE_NOTIFICATION_MONITOR. CMessageProcessor - Processed 1 records with 0 invalid records. Does it show the updates as installed, not approved, missing? More info about Internet Explorer and Microsoft Edge. Select the package for which to view detailed status information. Hopefully someone can help me out. answered Oct 24, 2022 at 14:27. exec dbo.spProcessStateReport N' spProcessStateReport is a CLR stored procedure, and the CLR definition has the logic to determine the type of state message being processed. 11GUID: A1006D0E-CF56-41D1-A006-6330EFC393815.00.7958.1000PS1WIN7X6443710335State Message DataFull20140120194656.903000+0001.01.0200 MP_RelayEndpoint varchar(10))+
Scan Agent now requests the WSUS location from Location Services and waits for a response. We 1000+ machines which are not being patched from SCCM however, they are installed with SCCM client and the clients report to our SCCM console. You can copy the Required.updates.ps1 to your ConfigMgr admin location or anywhere that you can launch later from the console. Copy the following SQL query to find the report of a specific Software Update Group (aks SUG) Patch Deployments. Finished searching for everything in single call. You can drill through compliance statistics to see which devices require a specific Microsoft 365 Apps software update. Hi Ben, Thanks for the report. After the file arrives in \inboxes\auth\StateSys.box on the site server, the State System Manager (StateSys) component wakes up and processes the SMX file(s). Attempting to send WSUS Location Request for ContentID='{C2D17964-BBDD-4339-B9F3-12D7205B39CC}' LocationServices 2014-01-20 12:18:52:680 968 f58 Agent * Added update {4AE85C00-0EAA-4BE0-B81B-DBD7053D5FAE}.104 tosearch result Use the following procedure to view content status. The following are logged in WUAHandler.log: Pruning: update id (70f4f236-0248-4e84-b472-292913576fa1) is superseded by (726b7201-862a-4fde-9b12-f36b38323a6f). First you need to show all hidden items of your report folder by clicking on "Tiles" and "Show hidden items". Thread "State Message Processing Thread #0" id:4316 started SMS_STATE_SYSTEM I hope you like the report solution and I hope it is a good extension of what you are using right now. For each update, an instance of the CCM_UpdateStatus class is created or updated, and this stores the current status of the update. We recommend that you allow enough time for clients to complete the scan and report compliance results so that you can review the compliance results and deploy only the updates that are required on the clients. In this example, this request is made to the CCM_System virtual directory. Message '{8E6D05EF-B77F-4AD0-AF64-1C6F3069A29C}' delivered to endpoint 'LS_ReplyLocations' CcmMessaging. The following are logged in PolicyPv.log: Found {C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STN SMS_POLICY_PROVIDER In case you are looking for a SQL query to gather additional information that I could not represent in the RCT solution, is given below. IMPORTANT:If you need to re-run the script, use the -TryOverwrite parameter first and if it does not work as expecteddelete the SSRS website folder with all of its content. Applies to: Configuration Manager (current branch). The following query retrieves the article ID, bulletin ID, software update title, last enforcement state for the update, the time of the last enforcement check, and the time that the last enforcement state message was sent by the Computer1 client. Devices running an unsupported operating systems will display as compliant since there aren't applicable updates to the operating system any longer. This is necessary because the console and reports usually display only summarized data. John Marcum, I have a similary challange with a SCCM 2012 report. WUAHandler then parses the results, which include the applicability state for each update. I am not interested in the number of updates installed on a machine that doesn't have any updates missing. Select All Systems device collection. Once the scan results are available, these results are stored in the updates store. In the Configuration Manager console, navigate to Monitoring > Overview > Deployments. Adding to delete list: E:\ConfigMgr\inboxes\policypv.box{C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STN SMS_POLICY_PROVIDER, select PolicyID, PolicyAssignmentID, SourceCRC, PADBID from SettingsPolicy where SourceID = N'PS1' and SourceType = N'UpdateSource', select Version from Policy where PolicyID = N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}' 2014-01-20 12:18:48:662 968 f58 Agent * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"