Distributing Cumulative Update 3 for System Center Configuration Manager (SCCM) 2012 SP1
In the last post, we addressed the concerns surrounding the deployment of Cumulative Updates in SCCM 2012. We also demystified some of the concerns related to how we should approach what might be a considerably-sized environment to make our first experiences of executing this procedure less daunting. As we wrapped up the post, I outlined the basic steps to deploy the unpackaged updates to the four different targets, but I cut short of walking you through the procedure. Feeling guilty, in this post I will cover the simple steps needed to create the collections and distribute the Cumulative Updates for System Center Configuration Manager (SCCM) 2012 SP1 to these servers, clients, and deployed consoles.
I am going to begin by first targeting the update for our SCCM Servers. This will include any server which has any of the SCCM roles installed, including the primary server, management points, distribution points, reporting, PXE, and so on. The collection we create will then be used to deploy the package that the Update Wizard created for us specifically for updating our servers.
Some deployments I have seen do not have the SCCM agent deployed to servers with these roles. You will need to fix that and deploy the client if you are going to expect SCCM to actually be able to deploy the update!
SCCM Server Collection
In the Assets and Compliance view, select a suitable folder in the Device Collections. From the ribbon, click Create Device Collection. After a few moments the wizard will appear and you can provide the following details.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
SCCM Server Update Deployment
With the package created for us by the wizard, and now a new collection to target all our servers, all we need now do is deploy the update.
In the Software Library view, select the Overview > Application Management > Packages > Configuration Manager Updates node, and locate the name of the Server Update Package for your current Update (for example, this might be 2012 SP1 Cumulative Update 3 – Server Update). Right-click the update and select Deploy.
In the deploy wizard,
- Select the new Collection Systems with SCCM Server Roles Deployed.
- Select to have the update delivered to all your relevant distribution points. (I have 40 of these, and I will send the update to every single one.)
- Purpose is Required, I don’t need to wake up servers, or worry about internet connection here.
- Schedule: Assign for As soon as Possible.
- You can decide if you will allow updates outside maintenance windows. (Remember that these are servers!)
And now we wait. SCCM will first start to distribute the package to the distribution points, unless you already addressed this, and once the distribution has completed, it will begin the updates as soon as possible (remember that maintenance window).
Remember that some systems will not require this update. In these cases I have observed the deployment status been reported back as code 1603. To check these in detail, you will find the MSI log for the update in the folder %WINDIR%\TEMP, which you can open and read with CMTrace to verify if the update is indeed not required and the 1603 in that case expected.
Consoles and Clients
Now, rather than repeat the same content for the remaining three packages, I will just call out the main differences, and you can proceed to generate the collections for these if they do not already exist.
Let’s begin with the consoles. The steps are essentially the same, as for our server work, the key difference is the Collection Query. This query basically uses a pattern match for Add/Remove Programs to determine its membership
Select SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Microsoft System Center 2012 Configuration Manager Console"
This is just as simple as the console solution. The only thing that you must remember is that you need two collections for your clients – one for X86 and the other for X64, as the update is architecture specific.
The query will do three matches. First it checks to see if the client agent is already installed, then it checks the OS architecture version. Finally, it checks whether the client agent’s version number is not already as the required level.
X86 Clients Query:
Select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SMS_ADVANCED_CLIENT_STATE on SMS_G_System_SMS_ADVANCED_CLIENT_STATE.ResourceId = SMS_R_System.ResourceId where SMS_R_System.Client = "1" and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.DisplayName = “CCM Framework” and SMS_G_System_SYSTEM.SystemType = “X86-based PC” and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version != "5.00.7804.1400"
X64 Clients Query:
Select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SMS_ADVANCED_CLIENT_STATE on SMS_G_System_SMS_ADVANCED_CLIENT_STATE.ResourceId = SMS_R_System.ResourceId where SMS_R_System.Client = "1" and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.DisplayName = “CCM Framework” and SMS_G_System_SYSTEM.SystemType = “X64-based PC” and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version != "5.00.7804.1400"