Solved

Remove Uninstall Status from WSUS/SCCM

Posted on 2010-11-17
5
1,115 Views
Last Modified: 2013-11-21
Before synchronizing our WSUS and SCCM services, we had a Vista update in SCCM with an approval of "Approved for Removal."  Now that the synchronization has been setup and complete, the clients are successfully reporting and pulling updates through SCCM.  I've gone into WSUS and changed the approval for that update tp "Install."  I also deployed the update through SCCM.  The problem I am having is that the update is being removed afterword and is showing in the clients recent update list as "(Uninstall)."  I am guessing that the clients did not receive the approval status change in WSUS because they now report to SCCM instead.  Is there anyway to fix this?
0
Comment
Question by:abyss0208
  • 3
5 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 34162275
Why do you use SCCM and WSUS at the same time?!
0
 

Author Comment

by:abyss0208
ID: 34163245
We only manage our patches now through SCCM.  The WSUS is still required to pull the updates from Microsoft and get synched to the WSUS.
0
 
LVL 4

Expert Comment

by:fr0nk
ID: 34211519
Don't even open the WSUS console when you're using SCCM to handle your updates. It is almost impossible not to screw something when using both (SCCM and WSUS console) at the same time.

The behaviour of your client entirely depends on the policy the client gets.

When you enable the appropriate software update client component the client will create a LOCAL GPO and tries to apply it. However, if there's any GPO in your domain that is applying any different setting, the client will complain about it in the WUAHandler.log with the string:
Group policy settings were overwritten by a higher authority (Domain Controller)

So there's no way the local policy from the agent can win when a different GPO is coming from your domain.
When you enable software updates, the WSUS client is only being used for reporting the patch level, not for installing the patches.

Do the following:
- Reinstall the Software Updates Point. During the installation the SUP will configure the WSUS. Don't touch the WSUS afterwards.
- On that particular client, uninstall the agent (ccmsetup.exe /uninstall -> ccmsetup.exe is located on your Site server in the shared installation directory of SCCM inside a "Client" directory).
- Try to manually remove this particular patch on the client
- Reinstall the client agent and observe WUAhandler.log


Hope this helps
0
 

Accepted Solution

by:
abyss0208 earned 0 total points
ID: 34217099
It turns out the WSUS IIS settings had been screwed up during hardening of the settings.  Once it was fixed the clients started reporting to WSUS again and it received the reversal of the approval for that particular update.  Clients are continuing to receive new Microsoft Updates from SCCM.

Thanks for suggestions.
0
 

Author Closing Comment

by:abyss0208
ID: 34246243
Problem corrected itself after resetting permissions in IIS.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Boot PC and press F10, select storage options and change the compatibility from “AHCI” to “IDE”, save and exit 2. Boot PC and press F12 3. Upon PXE display of searching for DHCP server, press Pause break to obtain MAC address 3. Open Configu…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question