The new way handling of Software Updates explained in Configuration Manager 2012 SP1 Kenny Buntinx MVP – Principal Consultant - Inovativ

Microsoft NDA Confidential

Key Takeaways1. Has already practical experience with System

Center Configuration Manager 2012 RTM/SP12. Has learned from the previous topic , how to handle

log files within Configuration Manager 2012 RTM/SP13. What is 42 ?

1. Infrastructure Changes

Infrastructure Changes since SP1 Multiple SUPs per Site with cross-forest SUP

support

Source top level SUP off of internal WSUS servers

Optional client content download from Windows Update

Windows Embedded support

3X delivery of definitions through software updates

Infrastructure needs• WSUS 3.0 SP2

WSUS-KB2720211 WSUS-KB2734608

• You are allowed to put your WSUS db on the same SQL box as where your CM db lives.

• Use a custom Web site during WSUS 3.0 installation

• Installing SP1 will reset custom ports to 80/433

• Store Updates locally = License agreement

Multiple Software Update Points per site

• Add multiple SUP’s per site (8 per Site)

• You can add SUP’s cross-forest

• NLB no longer required (but still supported through the SDK or PowerShell)

• Clients will automatically fail over to additional SUPs in the same forest if scan fails (same mechanism as MP)

Multiple Software Update Points per site

Optional client content from WU/MU

• Support for using Windows Update / Microsoft Update as an update content source for clients

• Local content sources (distribution points) are still prioritized

3x per day definitions through SUM

• Architectural changes to improve SUP synch and client scans to support delivering Endpoint Protection definition updates 3X per day (delta synchs and category scans)

• Simplified out of box templates for :

Endpoint Protection Auto Deployment Patch Tuesday

2. Operational Changes since Configuration Manager 2012 RTM / SP1

Configure: Superseded Updates

Publisher can expire or supersede

software updates

ConfigMgr 2007 did automatically

expires superseded updates

In CM12, you control supersedence

behavior

Operational Best PracticesKeep your SUG’s Limited

Keep them under 1000 Updates

Don’t split up products

Keep your SDP’s tightEnable delta replication

High priority for SDP’s

Multiple deployments of the same SUGDetail view thru reporting

Software Update Group Best Practices

• Don’t split up SUG into products.

• Split up per year and then per month !

• Stay under 1000 updates per SUG

Software Update Deployment Packages Best Practices

• Don’t split up all SDP per month.

• Split up per year and save all updates in that SDP !

• Enable “delta updates” for Distribution points

• Do the work once, also for yearly maintenance.

Deployment Best Practices • Pre-Production / Production

• Create Templates

• Set Required for workstations

• Set your Alerting Target not too high !

• Set Available for servers unless you work with workflow control (SCORCH)

• No Reboot = Not patched in most cases.

Reporting Best Practices

• Split up per year and then per month !

• Split up deployments per collection as you want to know compliance per Month/Collection

• What you see isn’t always what you get ! Look at your deployment rates. (monitoring pane)

• Reporting is quite powerful.

Troubleshooting Server Side

Log Types of issues

SUPsetup.log Installation of SUP Site Role

WCM.log, WSUSCtrl.log Configuration of WSUS Server/SUP

WSyncMgr.log SMS/WSUS Updates Synchronization Issues

Objreplmgr.log Policy Issues for Update Assignments/CI Version Info policies

RuleEngine.log Auto Deployment Rules

Troubleshooting Client Side

Log Types of issues

UpdatesDeployment.log Deployments, SDK, UX

UpdatesHandler.log Updates, Download

ScanAgent.log Online/Offline scans, WSUS location requests

WUAHandler.log Update status(missing/installed – verbose logging), WU interaction

UpdatesStore.log Update status(missing/installed)

%windir%\WindowsUpdate.log Scanning/Installation of updates

Thank You to our SPONSORS

Q and A

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.