The new way handling of Software Updates explained in Configuration Manager 2012 SP1 Kenny Buntinx MVP – Principal Consultant - Inovativ
Microsoft NDA Confidential
Key Takeaways1. Has already practical experience with System
Center Configuration Manager 2012 RTM/SP12. Has learned from the previous topic , how to handle
log files within Configuration Manager 2012 RTM/SP13. What is 42 ?
1. Infrastructure Changes
Infrastructure Changes since SP1 Multiple SUPs per Site with cross-forest SUP
support
Source top level SUP off of internal WSUS servers
Optional client content download from Windows Update
Windows Embedded support
3X delivery of definitions through software updates
Infrastructure needs• WSUS 3.0 SP2
WSUS-KB2720211 WSUS-KB2734608
• You are allowed to put your WSUS db on the same SQL box as where your CM db lives.
• Use a custom Web site during WSUS 3.0 installation
• Installing SP1 will reset custom ports to 80/433
• Store Updates locally = License agreement
Multiple Software Update Points per site
• Add multiple SUP’s per site (8 per Site)
• You can add SUP’s cross-forest
• NLB no longer required (but still supported through the SDK or PowerShell)
• Clients will automatically fail over to additional SUPs in the same forest if scan fails (same mechanism as MP)
Multiple Software Update Points per site
Optional client content from WU/MU
• Support for using Windows Update / Microsoft Update as an update content source for clients
• Local content sources (distribution points) are still prioritized
3x per day definitions through SUM
• Architectural changes to improve SUP synch and client scans to support delivering Endpoint Protection definition updates 3X per day (delta synchs and category scans)
• Simplified out of box templates for :
Endpoint Protection Auto Deployment Patch Tuesday
2. Operational Changes since Configuration Manager 2012 RTM / SP1
Configure: Superseded Updates
Publisher can expire or supersede
software updates
ConfigMgr 2007 did automatically
expires superseded updates
In CM12, you control supersedence
behavior
Operational Best PracticesKeep your SUG’s Limited
Keep them under 1000 Updates
Don’t split up products
Keep your SDP’s tightEnable delta replication
High priority for SDP’s
Multiple deployments of the same SUGDetail view thru reporting
Software Update Group Best Practices
• Don’t split up SUG into products.
• Split up per year and then per month !
• Stay under 1000 updates per SUG
Software Update Deployment Packages Best Practices
• Don’t split up all SDP per month.
• Split up per year and save all updates in that SDP !
• Enable “delta updates” for Distribution points
• Do the work once, also for yearly maintenance.
Deployment Best Practices • Pre-Production / Production
• Create Templates
• Set Required for workstations
• Set your Alerting Target not too high !
• Set Available for servers unless you work with workflow control (SCORCH)
• No Reboot = Not patched in most cases.
Reporting Best Practices
• Split up per year and then per month !
• Split up deployments per collection as you want to know compliance per Month/Collection
• What you see isn’t always what you get ! Look at your deployment rates. (monitoring pane)
• Reporting is quite powerful.
Troubleshooting Server Side
Log Types of issues
SUPsetup.log Installation of SUP Site Role
WCM.log, WSUSCtrl.log Configuration of WSUS Server/SUP
WSyncMgr.log SMS/WSUS Updates Synchronization Issues
Objreplmgr.log Policy Issues for Update Assignments/CI Version Info policies
RuleEngine.log Auto Deployment Rules
Troubleshooting Client Side
Log Types of issues
UpdatesDeployment.log Deployments, SDK, UX
UpdatesHandler.log Updates, Download
ScanAgent.log Online/Offline scans, WSUS location requests
WUAHandler.log Update status(missing/installed – verbose logging), WU interaction
UpdatesStore.log Update status(missing/installed)
%windir%\WindowsUpdate.log Scanning/Installation of updates
Thank You to our SPONSORS
Q and A
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.