The SCCM Patching Software Update Deployment Process Guide is here to consume. This guide is again a video tutorial to help the IT Pros in learning the patching (a.k.a Software Update patching) process with the latest version of SCCM. Patch Software Update Deployment Process Guide.
Software updates in SCCM provide a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Patching is one of the important tasks of SCCM admin.
SCCM patching involves a lot of components, and it can become very complex if you don’t pay proper attention to the details. Windows Update for Business (WUfB) patching is much easier to set up and manage. However, there is very less control to pick and choose in WUfB. Intune Patch management options are explained in Software Update Patching Options With Intune Setup Guide.
Let’s understand how to install WSUS for ConfigMgr Software Update Point Role | SUP | SCCM and install SUP role. Also, learn how to Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr.
NOTE! – Third-Party Patching Best Practices for an Organization guide
The following video guide is the high-level Patching Guide for SCCM beginners. There is not much difference between SCCM 2012 patching and SCCM Current Branch Patching.
I have an old blog post where I discussed ConfigMgr Patch Management Pros Cons. Some of the points in this blog post are still valid. So it’s worth going through to get more grasp of the SCCM patching process and setup scenarios as well.
Starting in version SCCM 1806, deploy software updates to devices without first downloading and distributing content to distribution points. This setting is beneficial when dealing with extremely large updated content.
What is SCCM Patching?
All software applications/drivers need to go through the software release life cycle. This Software release life cycle includes bug fixing and improvements.
To fix the bugs in software and drivers, each vendor releases a patch. The process of deploying/installing these patches to one or more systems or devices is called software patching.
Patching all existing applications is mandatory for organizations. The patching process helps to keep the environment secure.
The software vendors like Microsoft, Adobe, Android, iOS, macOS, Linux, Unix OSes, etc. release patches. These patches cover bug fixes for their software.
Why a Patching Guide? Patch Software Update Deployment Process
Recently, I saw someone is looking for a video tutorial related to SCCM Software Updates in our Facebook group (which has about 11000 members now).
I thought ok, let me create a quick 25 minutes video to cover the software update process in SCCM CB. I tried to give a quick overview of the end-to-end SCCM Software Update (patching) process.
SCCM Patching Infra Setup Videos – SCCM Patching Process is Explained
The end-to-end SCCM free training is shared in the below post – Free SCCM Training Part 1 | 17 Hours Of Latest Technical Content | ConfigMgr Lab HTMD Blog (anoopcnair.com).
In this section, you learn how to set up SCCM patching-related infrastructure components such as WSUS, and Software Update point. The architecture of SCCM patching infrastructure is also discussed in this section and the video tutorial below.
- Install WSUS for ConfigMgr Software Update Point Role – Install WSUS for ConfigMgr Software Update Point Role.
Launch Server Manager, Select Destination Server, Select Server Roles, Select Features, Windows Server Update Services, Select Role Services to Install WSUS, Content-Location Selection for WSUS, Database Instance Selection, Web Server Role (IIS), Select Roles Services for IIS, Install & Confirm Installation Selection, Complete WSUS Installation, Cancel WSUS Configuration Wizard, Completion – Install WSUS for ConfigMgr SUP
- Post Installation of WSUS Failed – WSUS service is disabled?
- WSUS Reinstallation steps explained
- WSUS post-installation completed without any issues
- Install ConfigMgr Software Update Point (SUP) – Install New ConfigMgr Software Update Point Role.
Add Site Systems Roles, Select a Server to Use as a Site System, Specify Internet Proxy Server, Specify Roles for this Server, Specify Software Update Point Settings, Specify Proxy & Account Settings for Software Update Point, Specify synchronization source settings, Synchronization Settings, Select Behavior for Software Updates are Superseded, Configure WSUS Maintenance Behavior, Configure Maximum Run Time, Specify Configuration for Software Update Content, Select the Software update classifications that you want to Synchronize, Select the Products that You Want to Synchronize, Specify the Language Settings that you want to Synchronize and Confirm the Settings
- Do Not Setup up SUP with Default WSUS Product Selection ConfigMgr SCCM.
- Log files to troubleshoot SUPSetup.log, WsyncMgr.log, WCM.log, and WSUSCtrl.log.
- Initiate WSUS Sync twice – First is to update the category – products list for Software update components
- Initiate WSUS Sync second to update the KB articles metadata. This is completed only after the second sync.
The SCCM SUP Product List filtering options are useful in a scenario where you want to add a new product to the SCCM patching. This SUP product filter option is added starting from the 2203 version of SCCM.
Step 2: SCCM Software Update Patching WSUS and SUP Infrastructure Configuration
The process is explained in the Video !! Patch Software Update Deployment Process?
- WSUS
- SUP Installation log files
- Software Update Component Configuration – Classifications/Products
- Software Update Sync – Logfile WsyncMgr.log
- Selection of Patch/Software Update and Creation of Software Update Group
- Deployment of Software Update Group
- End-User Experience at Windows 10 1511 device
- What happened to WindowsUpdate.log??
- How to Speed up SCCM policy flow?
- Windows 10 SCCM Client-side logs – Reboot required? If yes reboot the Windows 10 1511 device
I would recommend reading Third-Party Patching Best Practices for an Organization guide for the non-Microsoft app patching process.
Patch Software Update Deployment Process Guide | ConfigMgr | Configuration Manager | SCCM?
STEP 3: SCCM Patch Package Creation process
Let’s check the SCCM patch package creation process in this section of the post. The following are the high-level steps that you need to complete as part of the SCCM patch package or Software Update package creation process.
- Prerequisites – New Software Update Patch Package Using SCCM
- Select Patches & Create a Software Update Group
- Create Software Update Group
- Create a New Software Update Patch Package using SCCM
- Specify the Distribution Points for this Software Update patch package
- Automatically download content when packages are assigned to distribution points
- Specify the updated language for products for SCCM Patching Guide
- Download Updates from the Internet for the SCCM Patch Package
- Logs PatchDownloader.Log to check the Download
- Results – Software Update Package Creation
- Deploy SCCM Patch Package to Windows 11 or Windows 10 devices
- SCCM Patch Deployment Settings – Available | Required
- SCCM Patch Deployment Schedule Options
- SCCM Patching Guide – Alert Options for the Patch Deployment
- SCCM Patching Process – Download Options
- Results from SCCM Patch Deployment Process
I have explained end to end process of SCCM patch package creation in the below blog post. Refer to the post linked below to get the end-to-end details of the SCCM software update patch package.
➡️How To Create Deploy New Software Update Patch Package Using SCCM | ConfigMgr
The following video explains the process – How to Create ADR Patching Client-Side Issues Application Creation Process Manual in SCCM.
Fix SCCM Patching Related Issues
The SCCM patching troubleshooting can also be very complex if you don’t understand the setup of Software Update or SCCM patching. You need to understand the entire patching process explained above as a first step.
There could be server-side and client-side issues that are related to SCCM patching or software updates. The flows which you need to check things from the client-side.
- UpdateStore.log to know the status of the updates?
- Updatedeployment.log – % of Download completed? Status = ciStateInstalling, PercentComplete = 16,
- added to the targeted list of deployment
- Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0
- Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0
- Progress: Status = ciStateInstalling, PercentComplete = 89, DownloadSize = 0, Result = 0x0
- Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0
- Progress: Status = ciStatePendingSoftReboot, PercentComplete = 0, DownloadSize = 0, Result = 0x0
- Progress: Status = ciStateInstallComplete, PercentComplete = 0, DownloadSize = 0, Result = 0x0
- Job completion received.
- CCMSDKProvider.log – Get client agent settings…Getting reboot setting whether to show dialog instead of notification
1. Locationservices.log – Check whether it’s able to find WSUS Path= and Distribution Point with patches
2. WUAHandler.log to check whether the scan is completed or not
3. Updatedeployment.log – Check for the deadline of the assignment and Software Updates client configuration policy, DetectJob completion received for assignment, Added update (Site_, PercentComplete, etc…
4. Execmgr.log – Execution is complete for program Software Updates Program
5. RebootCoordinator.log – Reboot related things
- WSUS Cleanup option | SCCM WSUS Cleanup | Fix SCCM Scan Timeout Errors
- Fix SCCM Troubleshooting Scan Errors Patching Software Update Issues
- Fix SCCM Client-Side Patching Or Software Updates Issues Troubleshooting
- Fix SCCM Patch Deployment Issue With Windows Cumulative Updates
Resources
- SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com).
- SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Hi Anoop,
I was really amazed looking at your website and the detailed SCCM setup or configuration. I have multiple sites for SCCM Distribution point and i followed the same instructions as suggested. However the deployment is getting failed. Do you give support aswell ?
hi Anoop
how to set patch level in SCCM, means we need to install patches to one windows 2012 R2 server only till july 2020 ,
It seems you will need to create a separate Software Update Group to cater to this special requirement. I can’t think of any better ways.
Hi Anoop,
I want complete information about patching nothing but windows server, windows 2003 and windows 2008 servers ,OS patching. Can you provide me please.
Thank you,
prudhvi.
Hi, You can’t patch the 2003 and 2008 servers because it’s already out of support. This is possible if you purchase the extended support for servers in the similar way Ankit explained for Windows 7 https://www.anoopcnair.com/windows-7-extended-security-update-step-by-step/
Thanks for the article. Patching is a process to repair a vulnerability or a flaw that is identified after the release of an application or software.