Trying to run the patch compliance report based on OU per Software update Group (For October 2014) ,report is available to download from http://eskonr.com/2014/11/sccm-configmgr-2012-patch-report-ou-based-compliance-status-per-update-group/ . Report shows some good success rate but still there are computers with unknown status .Unknown status means,these clients do not report anything to CM DB whether they required patches or not required ,no compliance information at all.
I pick one computer randomly and start looking at Software Update logs on the client side . The software update logs that helps to identify the scan issues are WUAHandler.log (CCM\logs),windowsupdate.log(%Windir%)
WUAHandler.log log shows ,client started to search for windows updates but it failed with error code 0xc8000222.
Error message : OnSearchComplete - Failed to end search job. Error = 0xc8000222.
Scan failed with error = 0xc8000222.
To know the description of this error code,tried error lookup from the CMtrace log ,but that doesn’t give me any clue.
The next log to look at is ,Windowsupdate.log ,to know more about windowsupdate.log and how to read it,please refer https://support.microsoft.com/kb/902093?wa=wsignin1.0 and http://www.updatexp.com/windows-update-log.html
Windowsupdate.log errors out with message : DtaStor FATAL: Failed to initialize datastore, error = 0xC8000222
It seems to like,the datastore or other related component from C:\windows\softwaredistribution folders are corrupted.
The solution for this issue ,is to stop windows update service,rename software distribution folder,start windows update service and then run the software update scan action.
1. Open the CMD (run as administrator) ,type net stop wuauserv to stop the windows update service
2.Type rename C:\windows\softwaredistribution softwaredistribution.old to rename
3.Type net start wuauserv to start windows update service
4.Initiate software update scan cycle from Configuration manager applet .
To run action 4,there are various scripts/tools available,like wmic,right click tools,sccm client center etc.
You can also script this solution to perform on bulk clients.
After you run action 4,monitor WUAhandler.log ,should see sync status with success.
Hope it helps!
Pingback: Troubleshoot client side software updates issue. | system center experts
Its Finding the correct software update point but all are in CAPS i guess is this because of UPPERCASE issue ?
for e:g http://SUP.DOMAIN.COM:8530
Nope, it will be uppercase and it is not case sensitive. You can try initiating the software update scan action again to see if that works
i am getting error on many servers in wuahadler.log file "OnSearchComplete - Failed to end search job. Error = 0x80244016."
Did you look at Windowsupdate. Log from c:\windows folder? What does this log says? Did it find right wsus server?
will wait for another report on v_updatescanstatus.
did you try this scan status report ? http://eskonr.com/2014/10/sccm-configmgr-2012-report-get-the-status-of-software-update-scan-results/
I am using that only.However i am trying to use the below report for a customized collection which is static ? The overall compliance has only the three states.Also some say that the overall compliance is not as effective a the deployment status . Is this correct ?
IT is effective as far i know and i never use the console deployment for monitoring the status.Always use reports to get the compliance reports.
yes,there are many 3 states that we measure the deployment status . 1)Compliant 2)Not Compliant 3)Unknown
Compliant means,the client has successfully performed scan and they are okay (could be that patches are installed or not applicable). These clients are safe
Not Compliant---clients having some problem with scanning and requires troubleshooting.
Unknown--these computers have not done anything with respect to scanning ,means,they are not assigned or some issues with SUP component.If the scanning is performed successfully,this information will be tracked in v_updatescanstatus.
I will soon post another Patch Compliance report that will give more information about the non compliant and unknown machines that will help to troubleshoot the clients .
We use one update list to which we add patches every month.This is linked to different workstation deployments.When i use report that would give status for a particular deployment it opens up the collection to which it is linked (in the deployment management). Would it be possible to get the deployment status for a customized collection ? Can this be achieved by linking any report or not possible at all ?
did you look at the default report ? patch compliance --overall compliance that give you to choose the update group and collection.