4,608 questions
Are the clients not installing the updates or not evaluating the updated assignments?
SCCM: Software Updates: Automatic Deployment Rules
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 15%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Roberto
646
Reputation points
Hello.
I setup a couple of ADRs.
They run successfully and correctly update SUGs and DPs.
Problem is that clients don't get the updates even though they are in the relevant collection.
Can somebody help me debug and fix this?
Thank you and best regards.
Microsoft Security Intune Configuration Manager Other
Accepted answer
-
Rahul Jindal [MVP] 10,911 Reputation points MVP2021-04-01T12:49:03.783+00:00 -
Roberto 646 Reputation points
2021-04-01T13:12:46.907+00:00 Not installing. I tell that because I just distributed another package (sw package, not an update) to the same collection and the client got the update.
What log files should I be looking into? -
Rahul Jindal [MVP] 10,911 Reputation points MVP
2021-04-01T13:19:50.727+00:00 Then you should check whether the devices are receiving the policies for your SUG assignments. I would start by checking the deployment status report first and see what's going on there.
-
Roberto 646 Reputation points
2021-04-01T14:56:22.99+00:00 The logs show a problem in AddUpdateSource.
Please see the attached image.
Thank you.
Roberto -
Rahul Jindal [MVP] 10,911 Reputation points MVP
2021-04-01T15:14:47.467+00:00 You seem to have a GPO conflict. Either match the WSUS server name in the policy or get rid of the GPO completely. Let ConfigMgr handle the SUP policies.
Sign in to comment -
7 additional answers
Sort by: Most helpful
-
Kalyan Sundar 566 Reputation points2021-04-01T13:10:21.077+00:00 Start troubleshoot with client logs
Scanagent
updatedeploymentFor more details refer the below article, this will help to troubleshoot update deployment issue
-
Amandayou-MSFT 11,156 Reputation points2021-04-02T06:00:36.03+00:00 Hi @Roberto ,
Agree with RahulJindal, the error description for 0x87d00692 means Group policy conflict. A GPO has been configured to set the WSUS server to a different server than the ConfigMgr software update point. A GPO will take precedence over the local GPO policy the ConfigMgr client is trying to set.
So we should remove or stop targeted the group policy that is setting the policy Specify intranet Microsoft update service location. Kindly find the specific GPO name, and on domain control, turn on group policy management and find the corresponding policy, remove or stop targeted the group policy.
About the detailed operation could be referred to this article:
https://patchmypc.com/job-error-0x87d00692-received-for-assignment-id-action
Note: This is non-official Microsoft article just for your reference.Once the GPO is not applied to a client, the ConfigMgr client will set the correct software update point dynamically based on boundary groups and other site configurations.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Roberto 646 Reputation points
2021-04-02T12:55:37.057+00:00 Hi @Kalyan Sundar
Hi @Amandayou-MSFTOk. I removed conflicting policies and now the client sees the updates included in one UG.
Now clients have a local group policy (I don't know how to remove it nor if I should remove it):
"Specify intranet Microsoft update service location" is Enabled
and the intranet update service for detecting updates and the statistics server are set.
Now the client sees the updates included in one of the two UGs, but doesn't install it. Indeed, from the logs it looks like they are installed, but I cannot see them in between the installed Windows updates (control panel) nor in Software Center.
The updates included in the second UG are not even mentioned in any log.
One important thing I didn't mention, is that I don't want my clients get any updates from the wsus server. I want to control which clients will take which updates and when. That's why I was trying to delete that local group policy first and then by GPO on the DCs.
I will now go and read the links you suggested and see if I can get the updates installed on the client.
Thank you and best regards.
Roberto -
Roberto 646 Reputation points
2021-04-02T14:51:33.427+00:00 Hi @Amandayou-MSFT
Hi @Kalyan Sundar
Hi @Rahul Jindal [MVP] (sorry forgot to mention you before)I see that one UGs component are in effect already installed on that client. The names are different, but the ArticleID (KBxxx) match.
I will need to check on another client that doesn't have those updates (or remove the updates on that client) and see what happens.So, at present I still have the "Endpoint Protection" UG (see above) that doesn't get installed.
Any hints?
Roberto-
Rahul Jindal [MVP] 10,911 Reputation points MVP
2021-04-06T22:38:50.303+00:00 Do you have EP role installed and enabled in Client settings?
-
Roberto 646 Reputation points
2021-04-07T07:08:27.293+00:00 Yes. EP role is installed and enabled in Client settings.
Sign in to comment -