SCUP helped many of us to deploy third-party software updates for many years. Now, SCCM doesn’t require SCUP to deploy Third-party updates. Let’s dive into the SCCM third-party software updates setup.
***Updated 13th June 2019
Related Posts – 1. SCCM Third-Party Software Updates Setup Step by Step Guide Post Video Guide, 2. Free SCCM Catalog List – SCCM Third-Party Updates Post 2 & 3. Background Process flow with Logs – SCCM Third-Party Software Updates – Post 3
Introduction
This post is a step by step SCCM third-party software updates setup guide for all SCCM admins.
First of all, you need to analyze and understand the business requirement of third-party updates. From my perspective, third-party patching is critical for overall IT security landscape.
The following are some of the questions which will help you to get ready for third-party software update setup.
- What is the current process for patching third-party applications?
- Are you using the standard packaging process to perform third-party updates?
- How many application vendors are providing SCCM friendly “Update Catalogs” for free?
- Do you need to spec up the SCCM server hardware before enabling third-party updates?
Video Guide – SCCM Third-Party Software Updates Setup Step by Step Guide Post Video Guide
Prerequisites
You can enable third-party updates from SCCM (without SCUP integration) when you have 1806 or later version.
The SCCM third-party software updates feature allows you to subscribe to partner and custom catalogs from SCCM console and publish the updates to WSUS.
- Partner catalogs are software vendor catalogs partnered with Microsoft. The following are the two partner catalogs (DELL & HP) available with SCCM 1902 release.
- Custom Catalogs are the third-party software catalogs which you can add manually to SCCM console. You can find more detail in the below section.
NOTE! – There are only few vendors provide FREE custom catalogs. You can find more details in the blog post Free List of Catalogs SCCM Third-Party Software Updates.
The following is the quick list of pre requisites which you want to make sure before enabling the update feature.
- WSUS and SUP should be configured and Working fine.
- Updates Classification should be enabled from Software Update Point Component Properties.
- Valid Business Requirement and find sponsorship from management.
- License cost – SCCM support is free, but if you want to use other third-party products for getting the more vendor application support (via Custom Catalog), then you need to pay the extra licensing cost.
- SCCM Server Specs & Disk Space – Consider Upgrading Disk Space as per your requirement.
- Adjust your proxy and Firewall configurations – port 443, and you might need to white list all the third-party vendor URLs to download meta data, CAB files, and source files of updates.
- Check out Certificate requirements at the Server and client side. Also, you might need to adjust the Group Policy setting at the client side.
- SCCM Client Settings – Enable third party software updates policies to YES.
- Additional requirements when the SUP is remote from the top-level site server
NOTE! – Some Certificate Details – 1. WSUS (Publishers Self Signed) – Code Signing – Only WSUS Server 2. Trusted Publishers – WSUS Server & Client 3. Trusted Root Certificate – WSUS Server & Client
Enable SCCM Third-Party Software Updates
As I mentioned in the prerequisites, make sure that you have working WSUS and SUP environment before enabling the third-party updates.
The following steps should be completed from the top site either SCCM CAS or Standalone primary server. The below steps will help you to enable SCCM third-party update feature.
- In the SCCM console, go to the Administration workspace. Expand Site Configuration, and select the Sites node.
- Select the top-level site in the hierarchy. Click Configure Site Components from the ribbon menu, and select Software Update Point.
Setup SCCM Third-Party Updates – Enable third-party Updates
- Click on the Third-Party Updates tab and Select the option Enable third-party software updates from Software Update Point Component Properties.
- Select Configuration Manager manages the certificate (I selected this default option).
- I have not chosen this option – Manually manage the certificates. More details available here. This option should be used when you have a requirement to use PKI certs.
Setup SCCM Third-Party Updates – Enable third-party Software Updates
NOTE! – I would recommend using the default options of SCCM configuration wizard unless you have a specific reason to select another option. I have chosen the configuration manager managed the certificate option.
When you don’t have any PKI certificate requirements for SCCM third-party updates, then you can use the default option as I mentioned above.
You might be able to see a new certificate type “third-party WSUS Signing” (as I showed in the below picture) when you use Configuration Manager manages the certificate option from the above wizard.
Navigate to – \Administration\Overview\Security\Certificates
Third-Party WSUS Signing certificate
Subscribe to Partner Catalog
In this section, you can to subscribe partner catalogs (out of box settings as I mentioned above).
- Launch SCCM Console
- Navigate \Software Library\Overview\Software Updates\Third-Party Software Update Catalogs node
- Click on “Lenovo” partner catalog from the list on right side
- Click on Subscribe and then follow the steps explained here.
Add a Custom Catalog
Next step in setting up SCCM third-party software updates adds the custom catalogs. You can add the custom catalogs from \Software Library\Overview\Software Updates\Third-Party Software Update Catalogs node in the console.
You might already see the partner catalogs in SCCM console. HP and Dell are the only two(2) partner catalogs available for SCCM 1902 version.
You can follow the below steps to add custom catalog into SCCM.
- Navigate to \Software Library\Overview\Software Updates\Third-Party Software Update Catalogs.
- Click on Add Custom Catalog from the ribbon menu.
You have to provide the following details in the Third Party Software Updates Custom Catalogs Wizard. The following four(4) values are mandatory.
- Download URL – https://armmf.adobe.com/arm-manifests/win/SCUP/Reader11_Catalog.cab
- Publisher – Adobe
- Name – Adobe Reader 11
- Description – You can provide any text description.
NOTE! – You will be wondering how did I get the DOWNLOAD URL Details for Adobe Reader 11 Third-Party Updates? I will explain to you this in a different blog post.
Subscribe to Custom Catalogs
The Subscribe to Catalog step is the next configuration for enabling SCCM Third-Party Software Updates setup. Third-Party Software Update Catalogs node allows you to subscribe to third-party custom and partner catalogs.
The subscription of partner and custom third-party catalogs helps SCCM environments to get the regular updates (or patches) from third-party application vendors.
The following steps make sure that the SCCM environment is subscribed to the vendor’s product updates similar to Microsoft Software updates.
- Navigate to the Software Updates Library workspace from SCCM console.
- Expand Software updates, and select the Third-Party Software Update Catalogs node.
- Select the Custom Catalogs which you want Subscribe to:
- I selected Adobe Reader 11
- Click NEXT button from Third-Party Software Updates Wizard
- On the Download page of third-party software update wizard, SCCM will download the CAB file using the URL which you provided while adding a custom catalog.
NOTE! – You need to have appropriate internet connections as I mentioned in the prerequisites section above. If not, the download will fail, and you won’t be able to proceed with the third-party software update wizard. I think this wizard uses the same proxy connection which you setup in the SUP configuration.
- Review and Approve the catalog certificate from review and approve page of Third-party updates wizard
- Click on View Certificates box to view the certificate properties and review it.
NOTE! – I would recommend reviewing and install Certificate to Local Machine (Default location) – If you don’t do this, the Publishing third-party update content will fail in the later stage of this process. You can check the certificate details in the Certificates node of SCCM console as I mentioned in the above section.
- Click the OK button on certificate properties windows.
- Click on the Checkbox near to “I have read and understood” to agree and proceed further.
- Click on Next button to continue and Finish the subscription process of the third-party catalog.
Review and Approve Third-party Software Updates Wizard
- Click on NEXT on Confirm Settings page.
- FINISH the wizard to start the metadata updates synchronization on to WSUS.
- Click on Adobe Custom Catalog and initiate a Sync (Sync Now button from the ribbon) from Third-Party Software Update Catalogs node.
- Make sure the Last Sync Status is SUCCESS.
The above sync will make all the Adobe Reader 11 updates into the WSUS database. You can refer to the log file called SMS_ISVUPDATES_SYNCAGENT.log.
Sync Now to Update Metadata info into WSUS
NOTE! – The above Sync (use Sync Now button from the ribbon) from \Software Library\Overview\Software Updates\Third-Party Software Update Catalogs won’t make the meta data of adobe reader 11 updates available in SCCM console.
Products Selection
Now, you would be able to see the Adobe Reader underneath “All Products – Adobe Systems. Inc.” on Software Update Point Component Properties window.
Select the product “Abode Reader” as I showed in the below picture and click OK.
NOTE! – I have seen people complaining about some of the Abode patches are missing from SCCM console. It could be possible that Adobe changed the product name. So, it’s recommended to check whether any new products got added or not. You might need to enable those new products from software update point component properties.
Another Sync
It’s time for another Sync. But, this time it’s not from the same place. You need to follow the below steps to make all Adobe Reader 11 updates (meta data) available in SCCM console “All Software Updates” node.
- Navigate to \Software Library\Overview\Software Updates\All Software Updates.
- Click on the Synchronize Software Updates button from the ribbon menu.
- After finishing this sync successfully (WSYNCMGR.log to verify), you would be able to see all the Adobe Reader 11 related updates as you can see in the following picture.
NOTE! – Check out the BLUE color icons for Adobe Reader 11 updates metadata (metadata-only updates = BLUE). More details about the change of Third-Party Software Updates icons in the below section.
Publish Third-Party Software Update Content
Once the third-party software updates are available in the console, you can go ahead and publish those Adobe Updates to WSUS.
The following steps will help you to publish Adobe Reader Third-Party Software Update content to WSUS.
- Navigate to \Software Library\Overview\Software Updates\All Software Updates node
- Select the Abode Reader Updates you want to publish.
- Click on Publish Third-Party Software Update Content button from ribbon menu.
- Check out SMS_ISVUPDATES_SYNCAGENT.log to monitor the progress.
- The update files (for Adobe it was .MSP files) will get downloaded to a temporary folder called C:\Program Files\Microsoft Configuration Manager\ISVTemp. (the folder name ends with .mrm or .mgm or some random name – that is nice)
NOTE! – When you publish third-party software update content, any certificates used to sign the content are added to the site. I have seen that if you don’t install the certificates used to sign the third-party update content, then the publishing the content might fail.
Publish Third-Party Software Update Content
You can also check whether the certificate status is BLOCKED or UNBLOCKED status from SCCM console (\Administration\Overview \Security\Certificates). If the certificate is blocked, then there is a chance of failure in the publishing process.
- Once the publishing process is finished, you might need to perform another Sync (WSyncMGR.log) to make the software update available for SUP to deploy and to change the icon from BLUE to GREEN.
Download and Deploy SCCM Third-Party Software Updates
Now, it’s the time to download and deploy the SCCM third-party software updates to Windows devices.
Create Software Update Group
The following steps will help you create a Software Update group, Download, and Deploy the third-party updates.
- Navigate to \Software Library\Overview\Software Updates\All Software Updates node.
- Select the third-party software updates which you want to download and deploy.
- Click on Create Software Update Group.
- Enter the name of the software update group = Reader 11 0 23 (“.” is not allowed)
- Enter the description of the group.
- Click OK to finish the creation of Software Update Group.
Third-Party Software Updates Setup Guide – Create Software Update Group
Start Deploy Software Update Wizard
You have already created Software Update groups in the above section. Now, you can go ahead and start the deployment wizard for third-party updates.
In this section, you can select the name of third-party update deployment name and device collection.
- Navigate to \Software Library\Overview\Software Updates\Software Update Groups.
- Select the Reader 11 0 23 group which is created above and click on Deploy button from the ribbon button.
- Follow through the deployment wizard
- Deployment Name = Adobe Systems, Inc. Third-Party Software Updates
- Select the Collection of devices which you want to deploy Third-Party Software update and Click Next.
Deploy Third-Party Software Updates – Select Collection
Scheduling & Deployment Settings
This section helps to schedule the third-party software updates.
- Specify Deployment Settings for this deployment.
- Type of deployment = Required.
- Details level = Only Success and error messages.
- Click on Next button.
- Configure Schedule Details for this Deployment.
- Schedule Evaluation – Time Based on: Client Local Time.
- Software Available Time – As soon as possible.
- Installation Deadline – Specific Time.
- Click on Next button to continue….
User Experiences & Alerts
I selected all the default settings in the following two pages of User Experiences & Alters.
- Specify the User Experience for this Deployment – User Visual Experience.
- User Notifications – Display in Software Center and show all notifications – Default option.
- Deadline Behavior – When the installation deadline is reached, allow the following activities to be performed outside maintenance windows:
- Software update installation
- System Restart (if necessary)
- Device Restart Behavior – Some software updates require a system restart to complete the installation process. You can suppress this restart on servers and workstations.
- Suppress the system restart on the following Devices:
- Servers
- Workstations
- Suppress the system restart on the following Devices:
- Write filter handling for Windows Embedded devices
- Commit changes at deadline or during a maintenance Windows (requires restarts) – Default option
- Specify Software Update Alert Options for this deployment
- Configuration Manager Alerts
- Operation Manager Alerts
User Experience & Alerts – Third-Party Software Updates
Create Deployment Package – Third-Party Software Updates
The section will help you to understand how to create third-party software updates package.
- Specify the Package to Use page
- Create a new deployment package:
- Name – Adobe Reader 11 0 15
- Package Source – UNC Path – \SCCM_Prod\Sources\Third-Party Updates\Adobe\Reader 11 0 15
- Sending Priority – Medium
- Enable Binary Differential Replication (Not Mandatory – But Recommended settings)
- No Deployment package (NOT Mandatory Option)
- Clients download content from peers or Microsoft Cloud (NOT Suitable option for Third-Party Updates).
- Click Next to go next page
- Specify the Distribution point groups to host the content
- Add Distribution Point and click Next
- Specify the source location for the Software Update that you will download
- Download software updates from the Internet
- Create a new deployment package:
- Specify the Languages of the updates
- Product – There are two products – Windows Update and Office 365 Client Update – The language selected is English
- There is an Edit option to add another language if available from third-party software updates
- Click NEXT
- Specify Download Settings of this Deployment
- Deployment Options
- Do not install software updates
- Deployment Options
- Download and Install Software Updates from the Distribution points in site default boundary group
- Deployment Options
Setup SCCM Third-Party Updates – Create Third-Party Software Updates Package
Conclusion
Now, you deployed the third-party software updates. You can check out the content distribution status from the SCCM console. The deployment success with third-party software updates compliance report from SSRS.
Resources
- SCCM Third-Party Software Updates Setup Step by Step Guide Post Video Guide
- Free SCCM Catalog List – SCCM Third-Party Updates Post 2
- Background Process flow with Logs – SCCM Third-Party Software Updates
- Monitor software updates
- Enable third-party updates SCCM 1902
- How to Install, Configure and Integrate with SCUP 2017 with SCCM
- How to Publish 3rd Party Abode Acrobat Patches via SCCM SCUP 2017
Bonus Details
Subscribe to a custom catalog Wizard template:
Subscribe To Catalog
• Catalog Name : Adobe Reader 11
• Publisher : Adobe
• Description : More Details
• Support URL :
• Support Contact :
• Download URL : https://armmf.adobe.com/arm-manifests/win/SCUP/Reader11_Catalog.cab
Create, Download, and Deploy Third-Party Software Updates Package Template:
Updates Targeted:
• Reader 11.0.11 Update APSB15-10(Article ID)
General:
• Deployment Name: Adobe Systems, Inc. Software Updates
• Collection: Test Static Collection
Deployment Settings:
• Send wake-up packets: No
• Verbosity Level: Only success and error messages
Scheduling:
• Deployment schedules will be based on: Client local time
• Available to target computers: 13-04-2019 02:41:00
• Deadline for software update installation: 20-04-2019 00:07:00
• Delayed enforcement on deployment: No
User Experience:
• User Notifications: Display in Software Center and show all notifications
• Install software updates outside the maintenance window when deadline is reached: No
• Restart system outside the maintenance window when deadline is reached: Suppressed
• If a restart is required it will be: Allowed
• Commit changes at deadline or during a maintenance window (requires restarts): Yes
• If any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart: No
Alerts:
• On software update installation error generate a Window Event: No
• Disable Window Event while software updates install: No
Package:
The software updates will be placed in a new package:
• Adobe Reader 11 0 15
Content (1):
• SCCM_PROD.INTUNE.COM
Software updates that will be downloaded from the internet
Reader 11.0.11 Update
Windows Update Language Selection:
English
Office 365 Client Update Language Selection:
English (United States)
Download Settings:
• Computers can retrieve content from remote distribution points: No
• Download and install software updates from the fallback content source location: Yes
Hello,
I’ve followed your step by step but I’ve a strange behavoir.
I’ve tried with the “Adobe Flash Player Plugin” Update (version 32.0.0.171).
I have deployed it to a test computer with an older version installer (32.0.0.141).
The update isn’t seen from the computer and from the report it says: ALREADY COMPLIANT.
Also the required column is 0, and also the column already installed is 0.
It could be because of the issue at the client side. Are you sure you have Adobe Flash Player installed on the client machine and that requires this particular updates? Did you check the log files and event logs to confirm the same? Also, worth checking the certificates installed on the client machine.
Hello,
Yes I’m sure it’s installed.
Version actually installed is: 32.0.0.142 NPAPI
Version deployed is: 32.0.0.171 NPAPI
What I have to check exactly?
Also it’s strange that the “Required” and the “Installed” column for the update are = 0 (since the deployment says: COMPLIANT … which means…installed)
I have mentioned about Group Policy and Cert requirements in the guide and linked to https://docs.microsoft.com/en-us/sccm/sum/deploy-use/third-party-software-updates#configure-the-wsus-signing-certificate. Have you checked this requirements?
So I wanted you to check the general Software Update troubleshooting flow at the client side as explained in the below guide
https://sudheesh.azurewebsites.net/?p=34 (Check out CLIENT SIDE troubleshooting section)
Hello Anoop,
Cert is installed (although if there was a problem with the certificate, I would have problem with the installation, not the detection).
Policy is set to allow third party (also via CM Client Policy; and checked regkey it’s present and configured).
I’ve checked the client side troubleshooting section and unfortunately no clue in the logs.
Unfortunately, I don’t have any other suggestion because I don’t have any clue what is happening. I might need to test and re-pro the issue later whenever I get time.
I would still think there would some hints like whether the policy is received by client or is it evaluated by client etc … that would help you further troubleshooting
Solved 😆
my bad … this Adobe Flash update nomenclature is getting me crazy. On SCCM you have PPAPI & Plugin … I needed the Plugin one and not the PPAPI…
I will test out also Reader & Pro just to make sure it works.
Thank you in advice and sorry 😆
SCCM 3rd party patching works 🙂
Thank you for sharing your experience here
Thanks for the guide Anoop! It was helpful.
I am trying to deploy an Adobe Reader 2015 Classic Track update using your instructions.
The SMS_ISVUPDATES_SYNCAGENT log gives me this error when I try to publish third-party software update content:
Failed to publish update “07c4ec0f-71cd-49f7-94f3-aa3da81fb72b” due to missing update metadata.
Possible cause: The update may have been synchronized to WSUS outside of Configuration Manager.
Solution: Synchronize the update with Configuration Manager before attempting to publish it’s content. If an external tool was used to publish the update metadata then use the same tool to publish the update content.
I followed your instructions exactly. I did not use an external tool like the message indicates. Do you know where I might look to solve the problem?
Thanks for any insight you may have.
This could be because you have not selected the updates category from software update point component configuration
How does this work with machine updates? I installed the Lenovo.cab and it downloaded a bunch of drivers, which was my intention. I’m learning how to use SCCM to image our machines. Can I use this method for Driver Packages? If so, how would I go about doing that?
In your case the Lenovo cab should provide the driver updates via custom catalog, then only you can use this feature to update drivers on Lenovo devices. I have not tested the Lenovo catalog to confirm this behavior. I hope you have tried to add custom catalog – https://www.anoopcnair.com/list-of-free-sccm-catalogs-third-party-updates/#List_of_Free_SCCM_Catalogs_Download_URLs
Yes. I did use a custom catalog and followed the steps up to publishing the software. But I’m not sure if I need to do the steps after that since these aren’t actually software updates, they’re drivers. Would I need to do something under Operating Systems > Driver Packages for the drivers to push correctly?
Yes you need to follow the steps mentioned in the post to update the drivers which are already installed. You don’t have to perform Driver package stuff IMHO…
Sounds good. Thank you for your help and really great guide.
Thank you much. Happy to hear it helped 🙂
Hello,
Again great article.
I still have a problem with the 3rd party updates.
For Adobe Reader DC & Adobe Acrobat DC – I can sync updates but under “REQUIRED” I have 0 for every available update.
Have you tried the scan the clients and check again ?
Hello,
Again Great article.
I can get the adobe reader & adobe acrobat updates to work.
The updates are synced successfully but show that aren’t required on any machine (which obviously isn’t true).
I then checked the Report: Compliance 2 – Specific software update and break it down to my computer to see what it was showing.
I then selected “Update Class” and … I can see only Adobe Flash player as a result of “indexed” updates – no trace of a Adobe Reader or Adobe Acrobat update.
So my guess is now, is it possible that the hw inventory in some way doesn’t report back to the update point the whole software list?
I think this is to do something with scanning as you mentioned in the above comment.
Yeah but what could be possibly wrong?
I mean Flash player is seen as required.
So what could I check?
Scan agent .log might provide some details. The client side troubleshooting of 3rd party software updates is similar to normal sccm software updates troubleshooting
Hi,
Thanks for your great post.
I’ve suscribed to Dell catalog, and I notice that I’ve no Dell drivers which are required by my clients (1500 Dell machines).
Which is quite strange..
Do you think I need to enable additional hardware inventory classes in Client Settings? Or is there any reasons?
Thanks in advance
Hi, I never a heard about updating hardware inventory to cater the requirement of driver updates.
Have you checked the Dell machines and checked the requirement of driver update ?
What I’m trying to say is “are those machines require a driver update” ? Or the drivers installed on those machines are not there in the dell catalog
You need to install the dell open manage inventory agent first
Hi Anoop
This is very helpfull post to configure the third party updates, Please help to share how we can cleanup the older updates metadata and contents from SCCM site server and systems as well as content from source location. So that we can maintain our SCCM environment.
You might be able to workout something with the following blog post from Kannan https://www.anoopcnair.com/sccm-wsus-maintenance-cleanup-tasks/
Hello!
Great article! As far as the update package creation is concerned, what is the source of the files? I don’t have \SCCM_Prod\Sources\Third-Party Updates and checking the content tab of one of the Adobe updates shows another UNC path that I can’t seem to locate on my server.
Any help is appreciated!
Hello You need to create a source folder. SCCM will automatically create content for you
Hello Anoop,
The pre requisites which you have mentioned are not complete. please refer https://docs.microsoft.com/en-us/sccm/sum/deploy-use/third-party-software-updates
Thank you
Sorry can you kindly remove the server name, forgot to remove it.
I’ll remove it later before approving the comment. It’s won’t be visible or you can repost the log without that server name
thanks , Re-posted with server name.
Hi Anoop
After Turning on the SSL on update point, all the clients were stopped getting any updates. WuHandler showed error:
OnSearchComplete – Failed to end search job. Error = 0x80240440. WUAHandler 8/10/2019 2:32:10 PM 4552 (0x11C8)
Scan failed with error = 0x80240440. WUAHandler 8/10/2019 2:32:10 PM 4552 (0x11C8)
Its a WSUS Update Source type ({D3FC19DE-264D-4295-A309-0C42523AAF3E}), adding it. WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
This device is not enrolled into Intune. WUAHandler 8/10/2019 2:32:21 PM 6748 (0x1A5C)
Device is not MDM enrolled yet. All workloads are managed by SCCM. WUAHandler 8/10/2019 2:32:21 PM 6748 (0x1A5C)
SourceManager::GetIsWUfBEnabled – There is no Windows Update for Business settings assignment. Windows Update for Business is not enabled through ConfigMgr WUAHandler 8/10/2019 2:32:21 PM 6748 (0x1A5C)
Existing WUA Managed server was already set (https:SERVERNAME:8531), skipping Group Policy registration. WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
Added Update Source ({D3FC19DE-264D-4295-A309-0C42523AAF3E}) of content type: 2 WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
Search Criteria is (DeploymentAction=* AND Type=’Software’) OR (DeploymentAction=* AND Type=’Driver’) WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
Async searching of updates using WUAgent started. WUAHandler 8/10/2019 2:32:21 PM 4552 (0x11C8)
Async searching completed. WUAHandler 8/10/2019 2:32:25 PM 2824 (0x0B08)
OnSearchComplete – Failed to end search job. Error = 0x80240440. WUAHandler 8/10/2019 2:32:25 PM 4552 (0x11C8)
Scan failed with error = 0x80240440. WUAHandler 8/10/2019 2:32:25 PM 4552 (0x11C8)
Restarted the Server and client machines and still same issue. And as soon as I turned off the SSL , all start working again? Is there am misisng?
Hi Anoop,
thanks for the very good help for all of us.
How is it possible to remove third party products in: Administration – Site Configuration – Sites – Software Update Point Component Properties?
Thanks for your help
I found the solution with this wonderfull script:
https://gallery.technet.microsoft.com/Delete-3rd-Party-Updates-e5bf19fe
Hi Anoop,
Any idea how can we avoid the third party software updates [mainly the driver updates] to get install during the OSD process?
The updates are increasing the OSD time huge to complete.
Thanks you in advance!
Use windows 10 servicing instead of using In-place task sequence… it’s better in 1903 to 1909 updates … one example https://www.anoopcnair.com/windows-10-1909-deployment-enhancement/