Patching Compliance issue
Question
Hi All, I am facing issue in patching. We are patching servers on Citrix & Non-Citrix envrionment. The servers on non-citrix envirionment got patched successfully but on Citrix environemnt the majority of the server’s status is Unknow after patching schedule. They are compliant under monitoring node for the same deployment but when we check in reports their status is unknow. Please advise.
Answers ( 9 )
Hopefully, are there any updates?
Try this and everything will be alright.
http://eskonr.com/2020/05/use-sccm-compliance-settings-to-detect-the-esu-activation-for-windows-7-and-server-2008/
Did you get any resolution for this issue?
No
Hi,
Deployment summary status is not refreshed on SCCM side. You can click the run summarization option in your SCCM Console under monitoring –> respective deployment and see on top corner in ribbon windows.
Inactive machines will not be captured from the deployment reports and it will be falls under unknowns status.
Given below SQL queries will help to get the overall and detailed status for respective software update deployment.
——————————————————————————————–
Declare @SoftwareUpdateGroupName as varchar(255)
Set @SoftwareUpdateGroupName = ‘All Updates SRWP2’ –Specify Software Update Group Name
Select
Vaa.AssignmentName as ‘DeploymentName’,
Right(Ds.CollectionName,3) as ‘Stage’,
Li.Title as ‘SUGroupName’,
CASE when Vaa.DesiredConfigType = 1 Then ‘Install’ when vaa.DesiredConfigType = 2 Then ‘Uninstall’ Else ‘Others’ End as ‘DepType’,
Ds.CollectionName as ‘CollectionName’,
CASE when Ds.DeploymentIntent = 1 Then ‘Required’ when Ds.DeploymentIntent = 2 Then ‘Available’ End as ‘Purpose’,
Ds.DeploymentTime as ‘AvailableTime’,
Ds.EnforcementDeadline as ‘RequiredTime’,
Ds.NumberTotal as ‘Target’,
Ds.NumberSuccess as ‘Success’,
Ds.NumberInProgress as ‘Progress’,
Ds.NumberErrors as ‘Errors’,
Ds.NumberOther as ‘Others’,
Ds.NumberUnknown as ‘Unknown’,
case when (Ds.NumberSuccess = 0) or (Ds.NumberSuccess is null) Then ‘0’ Else (round(Ds.NumberSuccess/ convert (float,Ds.NumberTotal)*100,2)) End as ‘Success%’,
DateDiff(D,Ds.DeploymentTime, GetDate()) as ‘AvailableDays’,
DateDiff(D,Ds.EnforcementDeadline, GetDate()) as ‘RequiredDays’,
DateDiff(D,Ds.CreationTime, GetDate()) as ‘CreatedDays’,
Vaa.CreationTime as ‘CreationTime’,
Vaa.LastModificationTime as ‘LastModifiedTime’,
Vaa.LastModifiedBy as ‘LastModifiedBy’
from v_DeploymentSummary Ds
left join v_CIAssignment Vaa on Ds.AssignmentID = Vaa.AssignmentID
left join v_AuthListInfo LI on LI.ModelID = Ds.ModelID
Where Ds.FeatureType = 5
and Li.Title like @SoftwareUpdateGroupName
order by Ds.DeploymentTime desc
———————————————————————————————————————————
Declare @SoftwareUpdateGroupName as Varchar(255)
Set @SoftwareUpdateGroupName = ‘SU WKS Security Updates 1803’ –Specify Software Update GroupName
select
vrs.Name0 as ‘ComputerName’,
vrs.User_Name0 as ‘LastLogonUser’,
vos.Caption0 as ‘Operating Sytem’,
a.AssignmentName as ‘DeploymentName’,
Right(Ds.CollectionName,3) as ‘Stage’,
Li.Title as ‘SUGroupName’,
CASE when Ds.DeploymentIntent = 1 Then ‘Required’ when Ds.DeploymentIntent = 2 Then ‘Available’ End as ‘Purpose’,
Ds.CollectionName as ‘CollectionName’,
Ds.DeploymentTime as ‘AvailableTime’,
Ds.EnforcementDeadline as ‘RequiredTime’,
DateDiff(D,Ds.DeploymentTime, GetDate()) as ‘AvailableDays’,
DateDiff(D,Ds.EnforcementDeadline, GetDate()) as ‘RequiredDays’,
DateDiff(D,Ds.CreationTime, GetDate()) as ‘CreatedDays’,
a.StartTime as Available,
a.EnforcementDeadline as Deadline,
sn.StateName as LastEnforcementState,
SUP.LastErrorCode as ‘LasErrorCode’,
SUP.LastScanTime as ‘LastSUPScan’,
DateDiff(D, SUP.LastScanTime, GetDate()) as ‘LastSUPScan Age’,
wks.LastHWScan,
DateDiff(D, wks.LastHwScan, GetDate()) as ‘LastHWScan Age’
from v_CIAssignment a
left join v_AssignmentState_Combined assc on a.AssignmentID=assc.AssignmentID
left join v_StateNames sn on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)
left join v_R_System vrs on vrs.ResourceID = assc.ResourceID
Left Join V_GS_Operating_System Vos on Vrs.ResourceID = vos.resourceID
left join v_GS_WORKSTATION_STATUS wks on wks.ResourceID = assc.ResourceID
left join v_UpdateScanStatus SUP on SUP.ResourceID = assc.ResourceID
left join v_DeploymentSummary Ds on Ds.AssignmentID=assc.AssignmentID
left join v_AuthListInfo LI on LI.ModelID = Ds.ModelID
where Li.Title = @SoftwareUpdateGroupName
and assc.StateType in (300,301)
order by 11 desc
———————————————————————————————————————-
Thanks
Karthikeyan
The issue I am facing is on 2008 R2 servers where we do not have ESU. These are 100+ machines and in SCCM console under Monitoring > Deployment Status it shows they are compliant but in customized report as well as in Overall Compliance report their status shows Unknown.
You don’t get better guide to troubleshoot than this from Sudheesh
SCCM Client – Software Update Troubleshooting – https://sudheesh.azurewebsites.net/?p=34
The state is unknown because scan is not completed or not able to upload the scam status to mp.
Try checking scanagent.log
Thanks Anoop, but how can we troubleshoot it.
I have checked the logs but everything looks fine. Even the status in monitoring Node shows the servers are compliant.