Deploy custom MS updates/hotfixes in SCCM 2012 via WSUS

Some updates and enterprise hotfixes are not displayed in WSUS and therefore not applicable in WSUS. This blog post shows how to streamline these update/hotfixes in WSUS and SCCM.

The trick is that “out of the box” you can’t deploy this. Some updates do not sync to WSUS and your SCCM software update point (SUP) automatically. There are some simple steps you can take to get it there.
This example adds KB2670838 in the update list.

Lets start,
-On your central site, start the Windows Server Update Services admin console
Note that changing things in the WSUS console can mess up the WSUS integration; Do so carefully.
-Go to updates select Import Updates to launch a webpage to the Microsoft Update Catalog.
ScreenHunter_232 Nov. 27 13.17
-Search on KB2670838 and add all that you are interested in getting for your environment
-Check import directly into Windows Server Update Services is selected then hit the import button.
Another box will come up tracking the download and show success when completed
Note that the updates are feature Packs
ScreenHunter_233 Nov. 27 13.19
-Give the WSUS services a full sync by clicking Synchronize Now
ScreenHunter_234 Nov. 27 13.21

Next we are setting up the SCCM part
-Start the SCCM 2012 R2 Console
Verify that your SCCM site is set to sync “Feature Packs” classification, because that is what this is (as compared to “service packs” or “security updates”).
-Check Feature Packs in Administration, Sites, Software Update PointScreenHunter_237 Nov. 27 13.24

-Once that download is complete you can sync SCCM by clicking Synchronize Software Updates ScreenHunter_235 Nov. 27 13.22
Once the Sync is complete you should see the updates in SCCM to deploy as you would any other update

-In the Console select Software Library, Software Updates, Automatic Deployment Rules
-Choose Create Automatic Deployment Rule from the Ribbon
ScreenHunter_238 Nov. 27 13.25
-Give the ADR a name like ADR: Custom Updates, select a template, a collection.
ScreenHunter_239 Nov. 27 13.26
-Setup the ADR as a regular ADR, only choose in the software updates section, the product like Windows 7 and the article ID 2670838
ScreenHunter_241 Nov. 27 13.27
-After finishing the ADR choose Run Now to get a full Sync.
ScreenHunter_249 Nov. 27 13.39

-After the full Sync you see the updates in the WSUS directory of SCCM
 ScreenHunter_251 Nov. 27 13.39
Next part is integrating the update is the OS image

-Start the Software Library, Operating Systems and right click the media you want to update, choose Schedule Updates
ScreenHunter_252 Nov. 27 13.40
Search 2670838 in the choose update and notice that (if its applicable) the update appears in the image.
ScreenHunter_253 Nov. 27 13.41
Apply the update and notice in the OfflineServiceMgr.log the update is applied and afterwards is installed in the installed update tab on the image
ScreenHunter_255 Nov. 27 13.49
ScreenHunter_256 Nov. 27 13.59

That’s it!

Prerequisites for setting up SCCM 2012 R2 on Windows 2012 R2

When installing System Center Configuration Manager 2012 R2, there are a number of prerequisite steps which need to be taken before installing the software.
They seem simple but can take up a few day’s to finish. I just put them below so we can quickly start the SCCM installation.

1. Change the E1000 NIC to VMXNET3 NIC this to avoid a lot of headache during the rest of the setup. See

1. Change the default network to the Legacy Network Adapter. This to support WOL and PXE integration

Extend Active Directory Schema
1. Extend Active Directory Schema for SCCM 2012 Domain Controllers. Navigate to  \SMSSetup\Bin\x64\ and execute Extadsch.exe
2. Create the System Container and assign Permissions

Site Server Prerequisites
1. We are going to install a stand alone Primary Site Server. Therefore these roles are neccesary; this powershell script install’s it automaticly

This needs to turn on a elevated PowerShell (RunAs Administrator)

Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-ISAPI-Ext
Install-WindowsFeature Web-Metabase
Install-WindowsFeature Web-WMI
Install-WindowsFeature BITS
Install-WindowsFeature RDC
Install-WindowsFeature NET-Framework-Features
Install-WindowsFeature Web-Asp-Net
Install-WindowsFeature Web-Asp-Net45
Install-WindowsFeature NET-HTTP-Activation
Install-WindowsFeature NET-Non-HTTP-Activ

There is a bug in the .NET framework 3.5
You need your Windows Installation media to do this.
dism /online /enable-feature /featurename:NetFX3 /all /Source:d:\sources\sxs /LimitAccess

SQL Server considerations
1. Install the Database Engine feature for each site server, Management Tools and Reporting Services
2. Use the SQL_Latin1_General_CP1_CI_AS collation server
3. Apply SP1 and CU4 or later
4. Change MSSQLServer.exe account in services to an domain user account (best practice) account
5. Open the SQL ports for incomming traffic (1433 and 4022) and reporting (80 and 443)
6. Limit SQLServer memory to 70 – 80% of the addressable memory if the SQL is in a dedicated Server. if the SQL is co-located with the Site Server computer limit the memory to 50 – 70%.

Prerequisites for SCCM
1. Prevent SCCM from installing Files on the OS Drive (C:\) by placing no_sms_on_drive.sms in the root of the C:\ folder
2. Install WSUS on the Windows 2012 R2 server with powershell. This because there are some issues in WSUS in combination with Windows 2012
Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools
.\wsusutil.exe postinstall SQL_INSTANCE_NAME=”servername” CONTENT_DIR=”D:\Sources\WSUS\WSUS”
%programfiles%\update services\tools\wsusutil.exe postinstall CONTENT_DIR=D:\Sources\Wsus\WSUS SQL_INSTANCE_NAME=sqlservername
3. Do not configure WSUS
4. Install Windows ADK 8.1 download the new ADK to support Windows 8.1 and Server 2012 R2 from here
4. Install the ADK: User State Migration Tool (USMT), Windows Deployment Tools, Windows PreInstallation Environment (Windows PE)

That’s it, you can now start installing SCCM 2012 R2 !

Deploy all Windows Updates during the SCCM 2012 Task Sequence

I noticed that when I put Windows Updates in the SCCM 2012 Task Sequence (“Deploy” and the “Build and Capture”) some Software Updates weren’t installed. Even after updating the Operating System Images Offline the issue still remained.

Reason and solution
After some investigation the answer was relatively simple; The Configuration Manager Client caches the results of a Software Update evaluation scan.
I Noticed that this cache has a rather long TTL, longer than the Task Sequence lasted.
This post is on how to update the deployment completely by flushing the Windows Update cache.

1. Force all updates to run in the task sequence
In the Configuration Manager console, navigate to Administration, choose Software library, Operating Systems, Task Sequences, and edit the Task Sequence which you want to modify.
– After the complete installation choose Add, New Group and change the name to Windows Updates
Add another subgroup called Install Software Updates I
– Add, General, Install Software Updates
and name it Install Software Updates I
Install Updates SCCM 2012 - 1

– Add another subgroup called Install Software Updates II
– Add, General, Run Command Line 
and name it Scan for  Updates II
– In the command line type: WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000113}” /NOINTERACTIVE
Install Updates SCCM 2012 - 2

– Add, General, Run Command Line and name it Wait for Scan to Finish II
– In the Command line type: Powershell.exe -command start-sleep 30 Install Updates SCCM 2012 - 3
– Add, General, Install Software Updates and name it Install Software Updates II
Install Updates SCCM 2012 - 4
– Copy the Install Updates II folder 3 times and change the description. After this the sequence will run and install all updates.


Event ID 7000 : not a valid Win32 application during WSUS installation on SCCM 2012 SP1

Today after installing another fancy Windows 2012 SCCM Server I noticed that when I tried to configure WSUS and WDS the service crashed with the following error:
The WSUS Service failed to start due the following error: WSUS Service is not a valid Win32 application.
Event ID 7000.

About a hour ago I also had an error on File Name Warning:
There is a file or folder on your computer called “C:\program” which could cause certain applications to not function correctly. Renaming it to “C:\program2” would solve this issue.
program error
I made a note of it but did not rename it because the message wasn’t wrong, there IS a file called program (no extension) on my Systemdrive. But why?
After a deep dive in my server configuration I discovered the distmgr.log of ConfigMgr is missing quotations while saving the log file. This could be an solution; after some more digging It looks like if the “” (quotation marks) were missing in the command line for the logfile path. Windows would then go and interpret the logfile as “C:Program”.

So this looks like a bug in the installation of the SCCM 2012 Distribution Manager installation.
To be sure I opened the program file with notepad and noticed that it’s indeed a text file.

Rename or delete the c:\program file and the issue is solved.

Step by Step: Installing SCCM 2012 SP1 on Windows Server 2012 and SQL 2012 SP1

Well, after some testing with SCCM 2012 SP1 I decided to reinstall everything in my lab to the latest software. So Windows 2012, SQL 2012 RTM and of course System Center Configuration Manager 2012 SP1.

In this blog I used my laptop:
-Intel(R) i5-2410M CPU @ 2.30GHz, 2 Core(s)
-8 Gb of internal memory
-Two SSD disk (C:\ for OS and D:\ for Hyper-V)

Lab setup:
Domain Controller: Windows 2012 Enterprise; DC, DNS and certificate server
SCCM 2012; Windows 2012 Enterprise, SQL 2012 Enterprise, IIS and SCCM components

1. SQL 2012 installation
ConfigMgr 2012 SP1 Beta supports SQL 2012 RTM with a minimum of CU 2. ConfigMgr has very strict SQL collation requirement, pretty much across the entire System Center range, essentially only SQL_Latin1_General_CP1_CI_AS collation is supported.
This has to be selected during installation if you are running a non-USA regional\system OS.

– Login as the SQL admin on the SQL Server
– Launch the SQL 2012 RTM installer
Select Installation on the left navigation pane
Select New SQL Server stand-alone installation or add features to an existing installation
– Ok, Next,
and choose Accept the license terms, Next
We will open the Firewall later, so skip the warning
– Choose Next
– Select SQL Server Feature Installation

Select the following
– Database Engine Services
– Reporting Services – Native
– Management Tools – Basic
– Management Tools – Complete
Because I’m in a test environment I didn’t change the path’s. In production it’s recommended to choose alternative path’s
Next, Next

– Choose the default Default instance, and change the path’s if necessary and choose Next, Next
By default each of the services will be configured using a service-specific user account, we used NT AUTHORITY\SYSTEM

Do this for the SQL Server Agent, the SQL Server Database Engine and the SQL Server Reporting Services services
– Click Account Name, Browse, Browse locally for SYSTEM and accept
– Set the services Start-up Type to automatic
Select the Collation tab
– Double check
If SQL_Latin1_General_CP1_CI_AS is shown, otherwise Customize this, Next
Add the current user and a domain user at this point. I add the SQL admin and the local administrator, Next
– Select Install and configure, Next
Set Send Windows and SQL Server Error Reports to Microsoft, choose Next, Next
Alrighty then SQL is Ready, lets rock.

– Next we will run SQL 2012 SP1 (SCCM 2012 requires minimal CU2 to have an successful install)
Download link SP1
Download link CU1

Note If you do not install CU2 (or SP1) you’ll receive SQL Server Version Error in the Perquisites.

The Advanced logging says that the SQL server Version is not supported. So patch you’re SQL Server.

Make the nessesary Firewall Exeptions for SCCM;
– Open the settings, Control Panel, System and Security, Windows Firewall
– Choose Advanced Settings, Inbound rules
– Create a new Rule called SQL Ports,
– On Rule Type, Choose Ports, Next
– On theTCP tab 4022, 1433 and click Next
ScreenHunter_191 Jan. 25 10.08
– Choose allow the connection, Next
– On profile choose all, Next
Fill in a name (we used SQL Ports)

2. Installing the SCCM 2012 Perquisites
Open Server Manager
– Select Add Roles and features, click Next
– Choose Role Based or Feature based installation
– Select the local server, Next
Open Web Server (IIS) and ADD select the following features
HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection

.NET Extensibility
ISAPI Extensions
ISAPI Filters

Health and Diagnostics
HTTP logging
Logging tools
Request Monitor

Basic Authentication
Windows Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions

Static Content

Management Tools IIS Management Console IIS Management Scripts and Tools Management Service IIS 6 Management Compatibilty IIS 6 Metabase Compatibility IIS 6 WMI Compatibility IIS 6 Scripting Tools IIS 6 Management Console
– Select Windows Server Update Services, Add features
– Select Windows Deployment Services, Add Features

– Choose Background Intelligent Transfer Service (BITS), Add features
– Choose Remote Differential Compression
– Telnet Client (not necessary but it’s useful), Next
– On the WSUS section choose next.
– On the Role Services choose WSUS Services and Database, Next
– Choose Store updates and choose a location (This is a testlab, in production it is not recommended to save these files to the C:\ drive), Next

– Type the SQL Server name and choose Check connection

– Next, Next,
– Choose Deployment Server and Transport Server
– Next, Install

3. Install the WADK (Windows Assessment and Deployment Kit)
In Windows 2012 you no longer use WAIK, we’re now on WADK for Windows 8.
– Go to and download the ADK Setup.
– Run the ADKSetup.exe as an administrator

– I left the path’s default and choose Next
– Choose if you want to join CEIP and choose Next
Accept the Licence Agreement and choose Accept
– Check Deployment Tools, Windows Preinstallation Environment (Windows PE) and User State Migration Tools (USMT)

– Choose Next and install the Software

3. Next step is to install SCCM 2012 SP1 Beta
Ok, we are now ready to install ConfigMgr 2012 SP 1 Beta
– Launch the spash.HTA from the installation media

– First check the server is ready before we get any further into the installer Select Assess server readiness

Some minor issues but no show stoppers so lets continue
– Go back to the Splash.hta screen and click Install, Choose Next
– Because we are on one demo server we choose Install a Configuration Manager Primary Site and check the Use typical installation… Choose Next.

– Choose yes and I Agree, Next
– Accept all the licence therms and choose next

– Download the files to a folder you choose and click Next

-Choose a site code, Site name and installation folder for SCCM 2012 SP1, Next

– Hit next a couple of times and then choose Begin Install

That’s it, we are now up and running.

SP1 brings a lot of nice new stuff like the cross-platform clients, Azure Cloud DP, mobile device management through Microsoft Exchange ActiveSync amongst others.
Check out what’s new in SP1 here for a list of fun things to play around with and get to know in preparation for the actual SP1 release, as well as the release notes detailing what is knowing to be in a broken state during the Beta. You can also provide feedback to Microsoft for anything quirky that you may find during the evaluation.

Have Fun!

WSUS sync issues after installation of SCCM 2012 SP1; Event ID 6703 SMS_WSUS_SYNC_MANAGER


Today I bumped into a strange issue when upgrading SCCM 2012 to SP1. The installation went well and after checking the eventlog everything seemed to run smoothly.

After I changed the WSUS Sync setting of SCCM to every hour (because of Forefront Endpoint Protection) we noticed that the WSUS server didn’t function properly anymore. The Software Update Point gave the following error:
Log Name:      Application
Source:           SMS Server
Date:              14-1-2013 12:05:02
Event ID:         6703
Level:              Error
Keywords:       Classic
User:               N/A
Computer:       SCCM01-SUP.internal.local
Description: On 14-1-2013 12:05:02, component SMS_WSUS_SYNC_MANAGER on computer SCCM01-SUP.internal.local reported:   WSUS Synchronization failed. Message: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync. The operating system reported error 2147500037: Unspecified error

1 - Issue SCCM 2012 SP1 WSUS

After some investigation we looked into the SUP properties via Administration, Site Configuration, Servers and Site System Roles.2 - SCCM 2012 SP1 WSUS ISSUE

In the Software Update Point settings we found that SP1 has changed the 8530 and 8531 ports back into 80 and 443 (default)

Well this looked like an easy one; we changed the ports back to where we configured WSUS (8530 and 8531) on and the issue was solved.