While i was checking the software update compliance reports for Microsoft and Non-Microsoft (3rd party updates ,SCUP integrated) ,i see that ,compliance report looks good for Microsoft but not for 3rd party updates.
SCCM Version: Configmgr Current Branch 1702 with SCUP integrated for 3rd party updates.
During the investigation on 1 client, found that ,it is failing to install only adobe & Java updates but rest of the 3rd party updates (Chrome, Filezilla,Firefox etc) installed successfully.
Initially when i ran the software update report and compliance % was not at at good shape ,so my thinking was ,it could be because of certificate issue but after logging to the client, found few 3rd party updates installed but not Java & Adobe.
So as part of troubleshooting ,verified the SCUP certificate imported successfully (double check though other 3rd party updates installed) ,AcceptTrustedPublisherCerts=1 set in registry correctly HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.
Next is to look at the client logs for software updates. The first log to look at is wuahandler.log .
Failed to download updates to the WUAgent datastore. Error = 0x80246002.
0x80246002 refers to A download manager operation could not be completed because the file digest was not recognized.
After seeing above error, i went to ccmcache to verify the content download was successful or not but i can see the content downloaded to ccmcache and i can extract the file (cab) to see installation file for Java.
So next step is to look at UpdatesHandler.log if i can find any other information
Failed to initiate install of WSUS updates, error = 0x80246002
Failed to start batch install through WSUS Install handler , error = 0x80246002
Next to look at windowsupdate.log ,even that has same error as above.
All the logs have same error code “file digest was not recognized”. This could be due to the hash mismatch issue so which lead me to think about re-publishing the Java and Adobe (these 2 have issues) from SCUP to SCCM ,resync the software updates ,redownload the content ,delete the existing deployments, create new deployment solve the issue.
Steps that i followed to the fix are long enough but you can give a try by simply re-distributing the content to DP ,delete the existing deployment and re-create the deployment for Adobe & java updates to see if that works for you.
How did i solve the issue ?
1. Open SCUP console, go to publications ,look at the folder that has Java & Adobe updates . Select the folder ,click on Publish Icon that you see on the top
2.During the publish option ,do select the following Sign All ,click next ,next and close . Monitor SCUP.log for any errors.
3. Go back to SCCM console ,perform software update sync ,monitor wsyncmgr.log
4. After the sync success ,re-download Java & Adobe updates to package.
5.Delete the existing deployments because client must re-download the new package that you download now else client will follow the old content that was stored in ccmcache and it will keep failing.
6.After you delete and re-create the deployments, initiate the machine policy using client notification for clients to download the new policy
7.Login to one of the problematic client ,open software center ,if there is no maintenance window to install the updates ,install the updates manually ,monitor the logs (wuahandler.log,updatesdeployment.log,updatehanlder.log & windowsupdate.log)
Hope it helps.
