SCCM Third-Party Updates Step by Step Background Process Guide Post 3

0
SCCM Third-Party Software Updates - Home

Historically, SCCM and SCUP were used for third-party application patching. Good news is that the SCCM 1806 or later removed the dependency of SCUP for deploying third-party software updates. In this post, you will learn the process flow of SCCM third-party updates.

This post will be your companion guide to understand end to end process with log files and the complete guide for third-party Software Updates.

[Related Post SCCM Third-Party Software Updates Setup Step by Step Guide Post 1 & Free SCCM Catalog List – SCCM Third-Party Updates Post 2]

Contents

SCCM Third-Party Updates Process Guide

You will learn how SCCM third-party updates system works in the background. You can perform troubleshooting activities based on SCCM log files. The following are the logs which I’m going to use in this post to walk through the third-party software updates in SCCM.

  • SMS_ISVUPDATES_SYNCAGENT.log
  • Wsyncmgr.log
  • WCM.log (C:\Program Files\Microsoft Configuration Manager\Logs)
  • PatchDownloader.log (%temp%)

Enable SCCM Third-Party Updates

You can enable third-party software updates from SCCM console. Follow the steps to complete the 3rd party updates.

Click Configure Site Components from your top-level server (CAS or standalone primary server), and select Software Update Point. Switch to the Third-Party Updates tab. Select the checkbox option called Enable third-party software updates.

SCCM Third-Party Updates Step by Step Background Process Guide Post 3 1
Enable Third Party Software Updates

The following entries in SMS_ISVUPDATES_SYNCAGENT.log.

Settings: Third party updates are not enabled, component is inactive.
.
.
Settings: Third-party updates are enabled.  SMS_ISVUPDATES_SYNCAGENT
Settings: DefaultWSUSServer changed to 'SCCM_Prod.Intune.com'  SMS_ISVUPDATES_SYNCAGENT
ScheduledWorkMonitor: Scheduled item (PartnerCatalogListSyncTask:00000000-0000-0000-0000-000000000000) is due in 00:00:00.
ScheduledWorkMonitor: Synchronize partner catalogs list is now due and will be addded to the work queue.
Launcher : About to start work item: SyncPartnerCatalogs.
SyncPartnerCatalogs: Downloading partner catalogs list from 'https://go.microsoft.com/fwlink/?linkid=874591'…
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 2
Third-party updates are enabled

In the WSYNCMGR.LOG, you can see third-party signing certificate validation process. I have not enabled Update Classification called “Security Updates &Upgrades”.

Requested categories: UpdateClassification=Security Updates, UpdateClassification=Upgrades
Checking WSUS for third-party signing certificate…
Getting signing certificate from WSUS server.
Inserting new signing certificate into database. Thumbprint: 8CFD91177DEEADBB56E3BDGG21E4B897F0FD96C8
Successfully downloaded and stored WSUS signing certificate with thumbprint 8CC091177CEEABBB56E3BDFF21E4B897F0FD96C8
Finished checking for third-party signing certificate.

NOTE! – You will see you need to have “Updates” classification also for SCCM third-party updates. Read-on to have more details.

In WCM.LOG, you can see WSUS update classification enabled are “Security Updates & Upgrades“.

Setting new configuration state to 4 (WSUS_CONFIG_SUBSCRIPTION_PENDING)
Subscribed Update Categories <?xml version="1.0" ?>~~<Categories>~~        <Category Id="UpdateClassification:0fa1201d-4330-4fa8-8ae9-b877473b6441"><![CDATA[Security Updates]]></Category>~~        <Category Id="UpdateClassification:3689bdc8-b205-4af4-8d4a-a63924c5e9d5"><![CDATA[Upgrades]]></Category>~~ </Categories>
Configuration successful. Will wait for 1 minute for any subscription or proxy changes 
Setting new configuration state to 2 (WSUS_CONFIG_SUCCESS)

Add Custom Catalog

You can add the custom catalogs from \Software Library\Overview\Software Updates\Third-Party Software Update Catalogs node in the console.

You need to provide the following details in the Third Party Software Updates Custom Catalogs Wizard.

  • Download URL – https://downloads.dell.com/Catalog/DellSDPCatalogPC.cab
  • Publisher – Dell
  • Name – Dell Business Client Update
  • Description – You can provide any tesxt value. URLs are not allowed

NOTE! – You will be wondering how did I get the DOWNLOAD URL Details for Third-Party Updates? The following picture will give you a clue. I will explain to you this in a different blog post.

SCCM Third-Party Updates Step by Step Background Process Guide Post 3 3
SCUP – Partner Catalogs

Subscribe to Custom Catalog

You can subscribe to the added partner catalog by right-clicking on the catalog (DELL in this example) and select Subscribe to Catalog.

You can click on Sync Now button from Software Updates\Third-Party Software Update Catalogs node to start syncing the metadata to the WSUS.

The above sync now action will initiate two (2) internal syncs. Details below:

  • Partner Catalogs Sync
  • Update Catalogs sync

The first sync is called partner catalogs sync. This Sync Now action will try to sync all the subscribed third-party partner catalogs into WSUS. SMS_ISVUPDATES_SYNCAGENT.log will have the following entries.

Launcher : About to start work item: SyncPartnerCatalogs.
SyncUpdateCatalog: SyncUpdateCatalog : f3bf16c2-3d49-41c8-ac37-42cb2a0a73df - Completed.
SyncPartnerCatalogs: Downloading partner catalogs list from 'https://go.microsoft.com/fwlink/?linkid=874591&pc=3rdPartyUpdates1806Production'...
SyncPartnerCatalogs: Download of partner catalogs list completed successfully.
SyncPartnerCatalogs: Extracted catalogs list.
SyncPartnerCatalogs: Parsing the partner catalogs list and updating the database.
SyncPartnerCatalogs: Catalog 'HP Client Updates Catalog' was not found, adding.
SyncPartnerCatalogs: Catalog 'Dell Business Client Updates Catalog' was not found, adding.
STATMSG: (SRVMSG_SMS_ISVUPDATES_SYNCAGENT_PARTNERS_SYNCED).
SyncPartnerCatalogs: Successfully updated the list of partner catalogs
SyncPartnerCatalogs: Completed update of catalogs list.
SyncPartnerCatalogs: Completed.
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 4
Third-Party Software Updates Parent Catalog Sync

The second part of the sync is called Update Catalogs sync. This sync will check for all the updates available for a particular partner catalog and get the metadata synced with WSUS.

NOTE! – Make sure that the third-party partner(s) and custom catalog(s) certificates are UNBLOCK(ed) from SCCM console. Also, you can install the certificate on the primary server.

More details entries available in SMS_ISVUPDATES_SYNCAGENT.log.

Launcher : About to start work item: SyncUpdateCatalog.
SyncUpdateCatalog: Starting download for catalog 'Dell Business Client Updates Catalog' from 'https://downloads.dell.com/Catalog/DellSDPCatalogPC.cab' …
SyncUpdateCatalog: Downloading file: 'https://downloads.dell.com/Catalog/DellSDPCatalogPC.cab' to 'C:\Program Files\Microsoft Configuration Manager\ISVTemp\q0c0kepl.sh5\DellSDPCatalogPC.cab'.
ScheduledWorkMonitor: Synchronize updates from catalog '41a7ad54-9744-4779-acd8-bf596e11e12f' is due and will be added to the work queue.
SyncUpdateCatalog: Decompressing catalog files to 'C:\Program Files\Microsoft Configuration Manager\ISVTemp\gqixdh4l.r4p' for processing…
SyncUpdateCatalog: A catalog manifest was found for use during catalog processing.
SyncUpdateCatalog: Completed parsing of catalog 'Dell Business Client Updates Catalog'
SyncUpdateCatalog: Added certificate 01E17CEBB6EABA3DDF5932EA3298BAAAC7921DA6.

NOTE! – The above “Sync Now” won’t make the SCCM third-party updates available in SCCM under All Software Updates node. Read on to get more details to get the third-party updates in SCCM console.

Third-Party Update Catalogs Sync Skipped?

I mentioned in the above section that I didn’t enable the classification called “Updates” and because that sync (SCCM Third-party Updates Catalog sync) skipped from adding the metadata to WSUS.

SCCM Third-Party Updates Step by Step Background Process Guide Post 3 5
Software Update Classification – “Updates” Enabled

SMS_ISVUPDATES_SYNCAGENT.log entries.

SyncUpdateCatalog: Skipping 'Dell Latitude 7290/7390/7490 System BIOS,1.8.0 (Update:'1126ad02-f993-449a-b2cf-e21604a6a5fe' Vendor:'Dell' Product:'Bios')' due to it's classification: 'Updates'.
STATMSG: (SRVMSG_SMS_ISVUPDATES_SYNCAGENT_CATALOG_SYNCED).
SyncUpdateCatalog: 0 updates were synchronized to WSUS succesfully, and 0 failed to publish
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 6
Skipping Third -Party Software Updates

Added the Updates classification into software update point properties. You can see the new classification category in WCM.log.

The WSUS will automatically detect the changes in the classifications without initiating the WSUS sync from SCCM console.

Third Party Update Catalogs Sync Completed

You need to re-initiate sync by clicking the “Sync Now” button from
Third-Party Software Update Catalogs node. This action will successfully update the third-party software updates metadata to WSUS.

You can check the SMS_ISVUPDATES_SYNCAGENT.log entries to confirm the successful sync.

SyncUpdateCatalog: WSUS synchronizing update: 'Broadcom 57XX Gigabit Integrated Controller Driver,12.8.0,A01 (Update:'c84906e1-010a-4269-bb55-b6011e1d8e1d' Vendor:'Dell' Product:'Drivers and Applications')'
STATMSG: (SRVMSG_SMS_ISVUPDATES_SYNCAGENT_CATALOG_PARTIAL_WARN).
SyncUpdateCatalog: 3062 updates were synchronized to WSUS succesfully, and 1 failed to publish.
Launcher : Work item SyncUpdateCatalog has completed queued time was 00:00:00.0729599 run time was 01:16:40.3197109
SyncUpdateCatalog: SyncUpdateCatalog : 41a7ad54-9744-4779-acd8-bf596e11e12f - Completed.
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 8
SCCM Third-Party Updates – Catalog Update Success

New Product listing in Software Update Point Component Properties

Once you finish the above sync from third-party update node, you would be able to see the new third-party products under Products tab of software update point component properties.

The new products available in Software update point component properties. In this example, Dell products got available in my scenario below.

I selected Dell – BIOS to make all the Dell Bios related updates available in All Software Updates node.

SCCM Third-Party Updates Step by Step Background Process Guide Post 3 9

Another WSUS Sync

You might need to initiate WSUS Sync from All Updates node of SCCM console to make Third-Party updates available in SCCM console.

You can find the following entries in WSYNCMGR.log

Full sync required due to changes in category subscriptions.
Synchronizing WSUS server SCCM_PROD …
sync: Starting WSUS synchronization
sync: WSUS synchronizing categories
Done synchronizing WSUS Server SCCM_PROD
Sleeping 120 more seconds for WSUS server sync results to become available
........
Collecting existing updates…
sync: SMS synchronizing categories
sync: SMS synchronizing categories, processed 0 out of 337 items (0%)
sync: SMS synchronizing categories, processed 337 out of 337 items (100%)
sync: SMS synchronizing updates
Collecting existing updates…
sync: SMS synchronizing updates, processed 0 out of 273 items (0%)
Synchronizing update 2337372b-fd44-45f2-b1de-3a76fd0da2f5 - Dell Latitude 3190 & 3190 2-in-1 System BIOS,1.5.0
Skipped update d3338d65-33bb-4961-bd7c-a88df159fe25 - LATITUDE E6510 SYSTEM BIOS,A09 because it was superseded.
sync: SMS synchronizing updates, processed 242 out of 273 items (88%), ETA in 00:00:31
sync: SMS synchronizing updates, processed 273 out of 273 items (100%)
Done synchronizing SMS with WSUS Server SCCM_PROD
Sync succeeded. Setting sync alert to canceled state on site PR3
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 10
WSYNCMGR.log

You can see the third party software update metadata entries in SCCM console after a successful WSUS Sync with SCCM.

SCCM Third-Party Updates Step by Step Background Process Guide Post 3 11
The Third-Party updates are visible in Console

Publish Third-Party Software Update Content

Now, the metadata is available under “All Software Updates,” you can publish third-party software updates content available in SCCM. This action should be performed before downloading the SCCM third-party software updates.

As you can see in the below picture, there are four stages to publish third-party software update content to SCCM.

NOTE! – You should go to Certificates node and right click on the blocked third-party catalog certificate and click on UNBLOCK. If you miss this step, you might get a failure message while publishing the third-party update content from WSUS to SCCM.

How to get to Certificates Node in SCCM Console - \Administration\Overview\Security 

You can find the following log entries after publishing third-party software update catalog content in SMS_ISVUPDATES_SYNCAGENT.log.

PollingWorkMonitor: There are 1 jobs that are pending in the jobs table.
PollingWorkMonitor: Starting job 72057594037927941 for subject 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0.
Creating a new SyncUpdate work item for update 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0, jobid is 72057594037927941
Launcher : About to start work item: SyncUpdate.
SyncUpdate: 'Dell XPS L421X System BIOS,A18 (Update:'32d0d4e6-58e3-4321-a0d2-586a4b4dccf0' Vendor:'Dell' Product:'Bios')' is synchronized to WSUS without content, revision to add content is required.
SyncUpdate: Checking if certificate is registered for server SCCM_PROD
SyncUpdate: 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Downloading file: 'http://downloads.dell.com/FOLDER04976362M/1/L421XA18W.exe' to 'C:\Program Files\Microsoft Configuration Manager\ISVTemp\tssug4tt.dc2\L421XA18W.exe'.
SyncUpdate: 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Download of is 12 percent completed.
SyncUpdate: 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Download of is 96 percent completed.
SyncUpdate: 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Successfully completed download of content from 'http://downloads.dell.com/FOLDER04976362M/1/L421XA18W.exe' to 'C:\Program Files\Microsoft Configuration Manager\ISVTemp\tssug4tt.dc2\L421XA18W.exe.
STATMSG: (SRVMSG_SMS_ISVUPDATES_SYNCAGENT_UPDATECONTENT_SUCCESS).
SyncUpdate: 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Completed.
SCCM Third-Party Updates Step by Step Background Process Guide Post 3 13
SCCM Third-Party Updates – Content Download

Click on Synchronize Software Updates button from All Software Updates node and check out WSYNCMGR.log file.

sync: Starting WSUS synchronization
sync: WSUS synchronizing categories
sync: WSUS synchronizing updates
Done synchronizing WSUS Server SCCM_PROD
sync: SMS synchronizing updates, processed 0 out of 1 items (0%)
Synchronizing update 32d0d4e6-58e3-4321-a0d2-586a4b4dccf0 - Dell XPS L421X System BIOS,A18
sync: SMS synchronizing updates, processed 1 out of 1 items (100%)
Done synchronizing SMS with WSUS Server SCCM_PROD
Set content version of update source {77756C2C-A568-4030-B8E4-5864C7E51302} for site PR3 to 2
  • Before publishing the content – Third-Party Software Update icon color is BLUE (#1 in the above picture)
  • After publishing the content and WSync (#2.5 in the above picture) – Third-Party Software Update icon color is GREEN (#3 in the above picture)

Download & Create Software Update Package

Quickly created a third party software update patch with one Dell BIOS update.

The following is the details of the software update package creation Wizard which I filled in. You can use my video tutorial to learn more about creating and deploying a software update package.

Package:
 The software updates will be placed in a new package:
•        Dell Bios
 Content (1):
•        SCCM_PROD.INTUNE.COM
 Distribution Settings
•        Priority: Medium
•        Enable for on-demand distribution: Disabled
•        Prestaged distribution point settings: Automatically download content when packages are assigned to distribution points

Now, you can track the download of software update package content via PatchDownloader.log. The following are some of the entries of PatchDownloader.log.

Download destination = \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0.1\552219ed-9943-4a13-a4f9-a44ad26b98d7_1.cab .
Query to run: select f.FileName, ct.ContentSource from SMS_CIToContent c join SMS_CIContentFiles f on c.ContentID = f.ContentID join SMS_Content ct on c.ContentID = ct.ContentID where c.ContentDownloaded = 1 and f.FileHash = 'SHA1:531921E13A4FBB87E74FEEE702B61EBB518B6FC9'
Downloading content for ContentID = 16777309,  FileName = 552219ed-9943-4a13-a4f9-a44ad26b98d7_1.cab.
Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-"
Download http://sccm_prod:8530/Content/C9/531921E13A4FBB87E74FEEE702B61EBB518B6FC9.cab in progress: 10 percent complete
Download http://sccm_prod:8530/Content/C9/531921E13A4FBB87E74FEEE702B61EBB518B6FC9.cab to C:\Users\anoop\AppData\Local\Temp\2\CAB15D.tmp returns 0
Download http://sccm_prod:8530/Content/C9/531921E13A4FBB87E74FEEE702B61EBB518B6FC9.cab to C:\Users\anoop\AppData\Local\Temp\2\CAB15D.tmp returns 0
Successfully moved C:\Users\anoop\AppData\Local\Temp\2\CAB15D.tmp to \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0.1\552219ed-9943-4a13-a4f9-a44ad26b98d7_1.cab
Renaming \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0.1 to \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0
Successfully moved \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0.1 to \\SCCM_Prod\Sources\Third-Party Updates\Dell\32d0d4e6-58e3-4321-a0d2-586a4b4dccf0

Conclusion

Successfully created the third-party Software update package in SCCM.

SCCM Third-Party Updates Guide
SCCM Third-Party Updates Guide

Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.