Distributing Cumulative Update 3 for System Center Configuration Manager (SCCM) 2012 SP1

In the last post, we addressed the concerns surrounding the deployment of Cumulative Updates in SCCM 2012. We also demystified some of the concerns related to how we should approach what might be a considerably-sized environment to make our first experiences of executing this procedure less daunting. As we wrapped up the post, I outlined the basic steps to deploy the unpackaged updates to the four different targets, but I cut short of walking you through the procedure. Feeling guilty, in this post I will cover the simple steps needed to create the collections and distribute the Cumulative Updates for System Center Configuration Manager (SCCM) 2012 SP1 to these servers, clients, and deployed consoles.

SCCM Servers

I am going to begin by first targeting the update for our SCCM Servers. This will include any server which has any of the SCCM roles installed, including the primary server, management points, distribution points, reporting, PXE, and so on. The collection we create will then be used to deploy the package that the Update Wizard created for us specifically for updating our servers.

Some deployments I have seen do not have the SCCM agent deployed to servers with these roles. You will need to fix that and deploy the client if you are going to expect SCCM to actually be able to deploy the update!

SCCM Server Collection

In the Assets and Compliance view, select a suitable folder in the Device Collections. From the ribbon, click Create Device Collection. After a few moments the wizard will appear and you can provide the following details.

SCCM configuration values

SCCM Server Update Deployment

With the package created for us by the wizard, and now a new collection to target all our servers, all we need now do is deploy the update.

In the Software Library view, select the Overview > Application Management > Packages > Configuration Manager Updates node, and locate the name of the Server Update Package for your current Update (for example, this might be 2012 SP1 Cumulative Update 3 –  Server Update). Right-click the update and select Deploy.

In the deploy wizard,

  • Select the new Collection Systems with SCCM Server Roles Deployed.
  • Select to have the update delivered to all your relevant distribution points. (I have 40 of these, and I will send the update to every single one.)
  • Purpose is Required, I don’t need to wake up servers, or worry about internet connection here.
  • Schedule: Assign for As soon as Possible.
  • You can decide if you will allow updates outside maintenance windows. (Remember that these are servers!)

And now we wait. SCCM will first start to distribute the package to the distribution points, unless you already addressed this, and once the distribution has completed, it will begin the updates as soon as possible (remember that maintenance window).

Remember that some systems will not require this update. In these cases I have observed the deployment status been reported back as code 1603. To check these in detail, you will find the MSI log for the update in the folder %WINDIR%\TEMP, which you can open and read with CMTrace to verify if the update is indeed not required and the 1603 in that case expected.

Consoles and Clients

Now, rather than repeat the same content for the remaining three packages, I will just call out the main differences, and you can proceed to generate the collections for these if they do not already exist.


Let’s begin with the consoles. The steps are essentially the same, as for our server work, the key difference is the Collection Query. This query basically uses a pattern match for Add/Remove Programs to determine its membership


This is just as simple as the console solution. The only thing that you must remember is that you need two collections for your clients – one for X86 and the other for X64, as the update is architecture specific.

The query will do three matches. First it checks to see if the client agent is already installed, then it checks the OS architecture version. Finally, it checks whether the client agent’s version number is not already as the required level.

X86 Clients Query:


X64 Clients Query:

Related Topics:

  • System Center

    Don't have a login but want to join the conversation? Sign up for a Petri Account