Solved

Remove Uninstall Status from WSUS/SCCM

Posted on 2010-11-17
5
1,109 Views
Last Modified: 2013-11-21
Before synchronizing our WSUS and SCCM services, we had a Vista update in SCCM with an approval of "Approved for Removal."  Now that the synchronization has been setup and complete, the clients are successfully reporting and pulling updates through SCCM.  I've gone into WSUS and changed the approval for that update tp "Install."  I also deployed the update through SCCM.  The problem I am having is that the update is being removed afterword and is showing in the clients recent update list as "(Uninstall)."  I am guessing that the clients did not receive the approval status change in WSUS because they now report to SCCM instead.  Is there anyway to fix this?
0
Comment
Question by:abyss0208
  • 3
5 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 34162275
Why do you use SCCM and WSUS at the same time?!
0
 

Author Comment

by:abyss0208
ID: 34163245
We only manage our patches now through SCCM.  The WSUS is still required to pull the updates from Microsoft and get synched to the WSUS.
0
 
LVL 4

Expert Comment

by:fr0nk
ID: 34211519
Don't even open the WSUS console when you're using SCCM to handle your updates. It is almost impossible not to screw something when using both (SCCM and WSUS console) at the same time.

The behaviour of your client entirely depends on the policy the client gets.

When you enable the appropriate software update client component the client will create a LOCAL GPO and tries to apply it. However, if there's any GPO in your domain that is applying any different setting, the client will complain about it in the WUAHandler.log with the string:
Group policy settings were overwritten by a higher authority (Domain Controller)

So there's no way the local policy from the agent can win when a different GPO is coming from your domain.
When you enable software updates, the WSUS client is only being used for reporting the patch level, not for installing the patches.

Do the following:
- Reinstall the Software Updates Point. During the installation the SUP will configure the WSUS. Don't touch the WSUS afterwards.
- On that particular client, uninstall the agent (ccmsetup.exe /uninstall -> ccmsetup.exe is located on your Site server in the shared installation directory of SCCM inside a "Client" directory).
- Try to manually remove this particular patch on the client
- Reinstall the client agent and observe WUAhandler.log


Hope this helps
0
 

Accepted Solution

by:
abyss0208 earned 0 total points
ID: 34217099
It turns out the WSUS IIS settings had been screwed up during hardening of the settings.  Once it was fixed the clients started reporting to WSUS again and it received the reversal of the approval for that particular update.  Clients are continuing to receive new Microsoft Updates from SCCM.

Thanks for suggestions.
0
 

Author Closing Comment

by:abyss0208
ID: 34246243
Problem corrected itself after resetting permissions in IIS.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now