04 September 2008

These are the reports available in SCCM for Patch Management

These are the reports available in SCCM for Patch Management

 
Software Updates - A. Compliance

Software Updates - B. Deployment Management


Software Updates - C. Deployment States

Software Updates - D. Scan

Software Updates - E. Troubleshooting

Software Updates - F. Distribution Status
 
Enjoy,
Paddy

SCCM 2007 Software Updates Reports

Software Updates Reports

Software Updates - A. Compliance

The reports in the Software Updates - A. Compliance category provide the scan results for software update compliance on client computers. More specifically, these reports provide information about what software updates are required, installed, or not required on clients. The following software updates reports are in this category:

  • Compliance 1 - Overall Compliance
    This report returns the overall compliance for the set of software updates in a specific update list and collection. The Collection ID and Update List ID are required parameters. You can drill into report "Compliance 8 - Computers in a specific compliance state for an update list <secondary>" to view the computers in the compliance state.
  • Compliance 2 - Specific software update
    This report returns the overall compliance data for a specified software update. The Collection ID and Update Title, Bulletin ID, or Article ID are required parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 3 - Update list (per update)
    This report returns the overall compliance data for software updates defined in an Update List. The Update List ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 4 - Deployment (per update)
    This report returns the overall compliance data for software updates defined in a deployment. The Deployment ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 5 -Updates by vendor/month/year
    This report returns the compliance data for software updates released by a vendor during a specific month and year. The Collection ID, Vendor, and Year parameters are required. To limit the amount of information returned, you can filter on the Update Class, Product, or Month parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 6 - Specific computer
    This report returns the software update compliance data for a specific computer. The Computer Name parameter is required. To limit the amount of information returned, you can filter on the Vendor and Update Class parameters.
  • Compliance 7 - Specific software update states <secondary>
    This report returns the count and percentage of computers in each compliance state for the specified software update. For best results, start with a compliance 2 - 5 report, and then drill into this report to return the count of computers in each compliance state. You can drill into report "Compliance 9 - Computers in a specific compliance state for an update <secondary>" to view the computers in the specific state for the update.
  • Compliance 8 - Computers in a specific compliance state for an update list <secondary>
    This report returns all computers that have a specific compliance state for the set of software updates in an update list. For best results, start with "Compliance 1 - Overall Compliance" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.
  • Compliance 9 - Computers in a specific compliance state for an update
    This report returns all computers in a specific compliance state for a software update. For best results, start with a compliance 2 - 5 report, drill into "Compliance 7 - Specific software update states <secondary>" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.

Software Updates - B. Deployment Management

The reports in the Software Updates - B. Deployment Management category provide information about the software update deployments. The following software updates reports are in this category:

  • Management 1 - Updates required but not deployed
    This report returns all vendor-specific software updates that have been detected as required on clients but that have not been deployed to a specific collection. The Collection ID and Vendor parameters are required. To limit the amount of information returned, you can specify the software update class.
  • Management 2 - Updates in a deployment
    This report returns the software updates that are contained in a specific deployment. The Deployment ID parameter is required. For each software update, you can drill down to report "States 5 - States for an update in a deployment <secondary>" to view the states for the specific software update.
  • Management 3 - Deployments that target a collection
    This report returns the deployments that have targeted a specific collection. The Collection ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 4 - Deployments that target a computer
    This report returns the deployments that have targeted a specific computer. The Computer Name parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 5 - Deployments that contain a specific update
    This report returns the deployments that contain a specific software update. The Update parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 6 - Deployments that contain an update list
    This report returns the deployments that were created using a specific update list. The Update List ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 7 - Updates in a deployment missing content
    This report returns the software updates in a specified deployment that do not have all the associated content retrieved, preventing clients from installing the update and achieving 100% compliance for the deployment. The Deployment ID parameter is required. You can drill down to report "Management 8 - Computers missing content <secondary>" to view the computers that require the software update files.
  • Management 8 - Computers missing content <secondary>
    This report returns all computers that require a specific software update contained in a specific deployment that is not provisioned on a distribution point. For best results, start with "Management 7 - Updates in a deployment missing content" to return all software updates in the deployment that do not have all the associated content retrieved, and then drill into this report to return all computers that require the software update.

Software Updates - C. Deployment States

The reports in the Software Updates - C. Deployment States category provide information about the evaluation and enforcement states on client computers for software update deployments. The following software updates reports are in this category:

  • States 1 - Enforcement states for a deployment
    This report returns the enforcement states for a specific software update deployment, which is typically the second phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 2 - Evaluation states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  • States 2 - Evaluation states for a deployment
    This report returns the evaluation state for a specific software update deployment, which is typically the first phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 1 - Enforcement states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  • States 3 - States for a deployment and computer
    This report returns the states for all software updates in the specified deployment for a specified computer. The Deployment ID and Computer Name parameters are required. You can drill into the Status Message Details page for any software update that contains an Error Record ID value.
  • States 4 - Computers in a specific state for a deployment <secondary>
    This report returns all computers in a specific state for a software update deployment. For best results, start with "States 1 - Enforcement states for a deployment " or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, and then drill into this report to return all computers in the specific state. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  • States 5 - States for an update in a deployment <secondary>
    This report returns a summary of states for a specific software update targeted by a specific deployment. For best results, start with "Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, and then drill into this report to return the state for the selected software update. You can drill down to report "States 6 - Computers in a specific enforcement state for an update <secondary>" to list the computers in the state.
  • States 6 - Computers in a specific enforcement state for an update <secondary>
    This report returns all computers in a specific enforcement state for a specific software update. For best results, start with " Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, drill into "States 5 - States for an update in a deployment <secondary>" to return the states for the selected software update, and then drill into this report to return all computers in the selected state.
  • States 7 - Error status messages for a computer <secondary>
    This report returns all status messages for a given Update or Deployment on a specific computer for a given status message. For best results, start with "States 1 - Enforcement states for a deployment" or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, drill into "States 4 - Computers in a specific state for a deployment <secondary>" to return all computers in the specific state, and then drill into this report.

Software Updates - D. Scan

The reports in the Software Updates - D. Scan category provide information about computers in a specific scan state.

Note
Scan reports do not contain any information from clients that have not submitted any scan status. To see client computers that have not submitted scan status, see the report States 2 - Evaluation states for a deployment.

Note
If an SMS 2003 client sends scan results through hardware inventory, the client will appear as an SMS 2003 client in a separate section of these reports. To see the detail information about scan status for these SMS 2003 clients, go to the Software Distribution - Advertisement report category and check run a report that will show the status of the advertisement you use for your Inventory Tool for Microsoft Updates scanning.

The following software updates reports are in this category:

  • Scan 1 - Last scan states by collection
    This report returns the count of computers in each of the compliance scan states returned by client computers in a specific collection during their last scan for software updates compliance. The Update Source ID and Collection ID parameters are required. You can drill down to report "Scan 3 - Clients of a collection reporting a specific state <secondary>" to view the computers in a specific state.
  • Scan 2 - Last scan states by site
    This report returns the count of computers in each of the compliance scan states returned by client computers assigned to a specific site during their last scan for software updates compliance. The Update Source ID and Site Code parameters are required. You can drill down to report "Scan 4 - Clients of a site reporting a specific state <secondary>" to view the computers in a specific state.
  • Scan 3 - Clients of a collection reporting a specific state <secondary>
    This report returns the computers in a specific collection that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 1 - Last scan states by collection" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  • Scan 4 - Clients of a site reporting a specific state <secondary>
    This report returns the computers assigned to a specific site that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 2 - Last scan states by site" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.

Software Updates - E. Troubleshooting

The reports in the Software Updates - E. Troubleshooting category provide information about scan and deployment errors that occur on client computers. The following software updates reports are in this category:

  • Troubleshooting 1 - Scan errors
    This report returns the count of computers for each error that occurred during the last scan for software update compliance on client computers. The Update Source ID and Collection ID parameters are required. You can drill down to report "Troubleshooting 3 - Computers failing with a specific scan error <secondary>" to view a list of computers that returned the specific scan error.
  • Troubleshooting 2 - Deployment errors
    This report returns the count of computers for each deployment error that occurred on client computers. The Deployment ID parameter is required. You can drill down to report "Troubleshooting 4 - Computers failing with a specific deployment error <secondary>" to view a list of computers that returned the specific deployment error.
  • Troubleshooting 3 - Computers failing with a specific scan error <secondary>
    This report returns all computers that have returned a specific scan error. For best results, start with "Troubleshooting 1 - Scan errors" to return the count of computers for each error that occurred during the last scan for software update compliance, and then drill into this report and then drill into this report.
  • Troubleshooting 4 - Computers failing with a specific deployment error <secondary>
    This report returns all computers that have returned a specific deployment error. For best results, start with "Troubleshooting 2 - Deployment errors" to return the count of computers for each deployment, and then drill into this report.

Software Updates - F. Distribution Status

The reports in the Software Updates - F. Distribution Status category provide distribution status data for SMS 2003 clients that are targeted in a software updates deployment. The following software updates reports are in this category:

  • Distribution 1 - Advertisement Status for SMS 2003 clients
    This report lists all software distribution advertisements for the selected update. For each advertisement, it also shows the advertisement state and count of machines in that state. This report also covers additional advertisement states available for software update advertisements. The Type and Update Title, Bulletin ID, or Article ID parameters are required. You can drill down to report "Distribution 2 - SMS 2003 clients with a specific update advertisement state" to view the computers in the state.
  • Distribution 2 - SMS 2003 clients with a specific update advertisement state
    This report shows a list of computers that are in a specific state of an advertisement. This report also covers additional advertisement states available for software update advertisements. The Advertisement ID and Distribution Status parameters are required. You can limit the results by specifying a value for the Update Distribution Status parameter. You can drill down to report "Advertisement status messages for a particular client and advertisement" to shows the status messages reported for the computer and advertisement.Enjoy,

    Enjoy,
    Paddy

 

SCCM 2007 Software Updates Reports

Software Updates Reports

Software Updates - A. Compliance

The reports in the Software Updates - A. Compliance category provide the scan results for software update compliance on client computers. More specifically, these reports provide information about what software updates are required, installed, or not required on clients. The following software updates reports are in this category:

  • Compliance 1 - Overall Compliance
    This report returns the overall compliance for the set of software updates in a specific update list and collection. The Collection ID and Update List ID are required parameters. You can drill into report "Compliance 8 - Computers in a specific compliance state for an update list <secondary>" to view the computers in the compliance state.
  • Compliance 2 - Specific software update
    This report returns the overall compliance data for a specified software update. The Collection ID and Update Title, Bulletin ID, or Article ID are required parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 3 - Update list (per update)
    This report returns the overall compliance data for software updates defined in an Update List. The Update List ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 4 - Deployment (per update)
    This report returns the overall compliance data for software updates defined in a deployment. The Deployment ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 5 -Updates by vendor/month/year
    This report returns the compliance data for software updates released by a vendor during a specific month and year. The Collection ID, Vendor, and Year parameters are required. To limit the amount of information returned, you can filter on the Update Class, Product, or Month parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  • Compliance 6 - Specific computer
    This report returns the software update compliance data for a specific computer. The Computer Name parameter is required. To limit the amount of information returned, you can filter on the Vendor and Update Class parameters.
  • Compliance 7 - Specific software update states <secondary>
    This report returns the count and percentage of computers in each compliance state for the specified software update. For best results, start with a compliance 2 - 5 report, and then drill into this report to return the count of computers in each compliance state. You can drill into report "Compliance 9 - Computers in a specific compliance state for an update <secondary>" to view the computers in the specific state for the update.
  • Compliance 8 - Computers in a specific compliance state for an update list <secondary>
    This report returns all computers that have a specific compliance state for the set of software updates in an update list. For best results, start with "Compliance 1 - Overall Compliance" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.
  • Compliance 9 - Computers in a specific compliance state for an update
    This report returns all computers in a specific compliance state for a software update. For best results, start with a compliance 2 - 5 report, drill into "Compliance 7 - Specific software update states <secondary>" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.

Software Updates - B. Deployment Management

The reports in the Software Updates - B. Deployment Management category provide information about the software update deployments. The following software updates reports are in this category:

  • Management 1 - Updates required but not deployed
    This report returns all vendor-specific software updates that have been detected as required on clients but that have not been deployed to a specific collection. The Collection ID and Vendor parameters are required. To limit the amount of information returned, you can specify the software update class.
  • Management 2 - Updates in a deployment
    This report returns the software updates that are contained in a specific deployment. The Deployment ID parameter is required. For each software update, you can drill down to report "States 5 - States for an update in a deployment <secondary>" to view the states for the specific software update.
  • Management 3 - Deployments that target a collection
    This report returns the deployments that have targeted a specific collection. The Collection ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 4 - Deployments that target a computer
    This report returns the deployments that have targeted a specific computer. The Computer Name parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 5 - Deployments that contain a specific update
    This report returns the deployments that contain a specific software update. The Update parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 6 - Deployments that contain an update list
    This report returns the deployments that were created using a specific update list. The Update List ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  • Management 7 - Updates in a deployment missing content
    This report returns the software updates in a specified deployment that do not have all the associated content retrieved, preventing clients from installing the update and achieving 100% compliance for the deployment. The Deployment ID parameter is required. You can drill down to report "Management 8 - Computers missing content <secondary>" to view the computers that require the software update files.
  • Management 8 - Computers missing content <secondary>
    This report returns all computers that require a specific software update contained in a specific deployment that is not provisioned on a distribution point. For best results, start with "Management 7 - Updates in a deployment missing content" to return all software updates in the deployment that do not have all the associated content retrieved, and then drill into this report to return all computers that require the software update.

Software Updates - C. Deployment States

The reports in the Software Updates - C. Deployment States category provide information about the evaluation and enforcement states on client computers for software update deployments. The following software updates reports are in this category:

  • States 1 - Enforcement states for a deployment
    This report returns the enforcement states for a specific software update deployment, which is typically the second phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 2 - Evaluation states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  • States 2 - Evaluation states for a deployment
    This report returns the evaluation state for a specific software update deployment, which is typically the first phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 1 - Enforcement states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  • States 3 - States for a deployment and computer
    This report returns the states for all software updates in the specified deployment for a specified computer. The Deployment ID and Computer Name parameters are required. You can drill into the Status Message Details page for any software update that contains an Error Record ID value.
  • States 4 - Computers in a specific state for a deployment <secondary>
    This report returns all computers in a specific state for a software update deployment. For best results, start with "States 1 - Enforcement states for a deployment " or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, and then drill into this report to return all computers in the specific state. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  • States 5 - States for an update in a deployment <secondary>
    This report returns a summary of states for a specific software update targeted by a specific deployment. For best results, start with "Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, and then drill into this report to return the state for the selected software update. You can drill down to report "States 6 - Computers in a specific enforcement state for an update <secondary>" to list the computers in the state.
  • States 6 - Computers in a specific enforcement state for an update <secondary>
    This report returns all computers in a specific enforcement state for a specific software update. For best results, start with " Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, drill into "States 5 - States for an update in a deployment <secondary>" to return the states for the selected software update, and then drill into this report to return all computers in the selected state.
  • States 7 - Error status messages for a computer <secondary>
    This report returns all status messages for a given Update or Deployment on a specific computer for a given status message. For best results, start with "States 1 - Enforcement states for a deployment" or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, drill into "States 4 - Computers in a specific state for a deployment <secondary>" to return all computers in the specific state, and then drill into this report.

Software Updates - D. Scan

The reports in the Software Updates - D. Scan category provide information about computers in a specific scan state.

Note
Scan reports do not contain any information from clients that have not submitted any scan status. To see client computers that have not submitted scan status, see the report States 2 - Evaluation states for a deployment.

Note
If an SMS 2003 client sends scan results through hardware inventory, the client will appear as an SMS 2003 client in a separate section of these reports. To see the detail information about scan status for these SMS 2003 clients, go to the Software Distribution - Advertisement report category and check run a report that will show the status of the advertisement you use for your Inventory Tool for Microsoft Updates scanning.

The following software updates reports are in this category:

  • Scan 1 - Last scan states by collection
    This report returns the count of computers in each of the compliance scan states returned by client computers in a specific collection during their last scan for software updates compliance. The Update Source ID and Collection ID parameters are required. You can drill down to report "Scan 3 - Clients of a collection reporting a specific state <secondary>" to view the computers in a specific state.
  • Scan 2 - Last scan states by site
    This report returns the count of computers in each of the compliance scan states returned by client computers assigned to a specific site during their last scan for software updates compliance. The Update Source ID and Site Code parameters are required. You can drill down to report "Scan 4 - Clients of a site reporting a specific state <secondary>" to view the computers in a specific state.
  • Scan 3 - Clients of a collection reporting a specific state <secondary>
    This report returns the computers in a specific collection that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 1 - Last scan states by collection" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  • Scan 4 - Clients of a site reporting a specific state <secondary>
    This report returns the computers assigned to a specific site that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 2 - Last scan states by site" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.

Software Updates - E. Troubleshooting

The reports in the Software Updates - E. Troubleshooting category provide information about scan and deployment errors that occur on client computers. The following software updates reports are in this category:

  • Troubleshooting 1 - Scan errors
    This report returns the count of computers for each error that occurred during the last scan for software update compliance on client computers. The Update Source ID and Collection ID parameters are required. You can drill down to report "Troubleshooting 3 - Computers failing with a specific scan error <secondary>" to view a list of computers that returned the specific scan error.
  • Troubleshooting 2 - Deployment errors
    This report returns the count of computers for each deployment error that occurred on client computers. The Deployment ID parameter is required. You can drill down to report "Troubleshooting 4 - Computers failing with a specific deployment error <secondary>" to view a list of computers that returned the specific deployment error.
  • Troubleshooting 3 - Computers failing with a specific scan error <secondary>
    This report returns all computers that have returned a specific scan error. For best results, start with "Troubleshooting 1 - Scan errors" to return the count of computers for each error that occurred during the last scan for software update compliance, and then drill into this report and then drill into this report.
  • Troubleshooting 4 - Computers failing with a specific deployment error <secondary>
    This report returns all computers that have returned a specific deployment error. For best results, start with "Troubleshooting 2 - Deployment errors" to return the count of computers for each deployment, and then drill into this report.

Software Updates - F. Distribution Status

The reports in the Software Updates - F. Distribution Status category provide distribution status data for SMS 2003 clients that are targeted in a software updates deployment. The following software updates reports are in this category:

  • Distribution 1 - Advertisement Status for SMS 2003 clients
    This report lists all software distribution advertisements for the selected update. For each advertisement, it also shows the advertisement state and count of machines in that state. This report also covers additional advertisement states available for software update advertisements. The Type and Update Title, Bulletin ID, or Article ID parameters are required. You can drill down to report "Distribution 2 - SMS 2003 clients with a specific update advertisement state" to view the computers in the state.
  • Distribution 2 - SMS 2003 clients with a specific update advertisement state
    This report shows a list of computers that are in a specific state of an advertisement. This report also covers additional advertisement states available for software update advertisements. The Advertisement ID and Distribution Status parameters are required. You can limit the results by specifying a value for the Update Distribution Status parameter. You can drill down to report "Advertisement status messages for a particular client and advertisement" to shows the status messages reported for the computer and advertisement.Enjoy,

    Enjoy,
    Paddy

 

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements
 

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

  • If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  • If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.
 
If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements
 

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

  • If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  • If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.
 
If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.

SCCM 2007 Client General Issues

 
Configuration Manager Client General Issues
 
Folowing are the General issues with SCCM Client issues from Microsoft Web site...This section provides general troubleshooting information to help you resolve issues when managing clients in Configuration Manager 2007, which are not specifically related to installation, assignment, or mixed or native mode.

For more information about client deployment in Configuration Manager 2007, see Planning and Deploying Clients for Configuration Manager 2007.

If Configuration Manager 2007 clients are successfully installed and assigned to a site but fail to download policy, a likely reason is that either the site has no default management point or clients cannot locate it.

Solution

Make sure that a default management point is configured for the site. For more information, see How to Configure the Default Management Point for a Site.

Clients find their default management point using one of the following service location requests:

  • Active Directory Domain Services (if the schema is extended for Configuration Manager 2007)
  • DNS (if Configuration Manager 2007 is configured for DNS publishing)
  • Server locator point
  • WINS (mixed mode only)

Ensure that one of these mechanisms is available to clients. For more information, see Configuration Manager and Service Location (Site Information and Management Points).

Configuration Manager 2007 helps to ensure that each Configuration Manager 2007 client is uniquely identified. If a duplicate hardware ID is identified, by default Configuration Manager 2007 automatically creates a new client record for the duplicate record. This setting allows you to easily upgrade or deploy clients that might have duplicate hardware IDs, without requiring manual intervention. However, with this setting, a computer that has been re-imaged or restored from backup will have a new record created, which results in all previous information about that client being no longer available for reporting purposes.

An alternative configuration is to require the administrator to manually reconcile all conflicting records when they are detected. This setting results in affected clients being unmanaged and no longer displaying in collections, but displaying in the Conflicting Records node. These clients will remain unmanaged until the administrator resolves the conflict.

For more information, see the section "Managing Client Identity" in What's New in Client Deployment for Configuration Manager.

Solution

When a new record has been created, you cannot get back previous data for the client, but you can reconfigure Configuration Manager so that it does not automatically create new records in the future.

If clients are unmanaged and missing from collections, check the Conflicting Records node so that you can manually reconcile the records by merging them, creating a new record, or blocking the new record.

For more information about how to configure the site-wide setting and how to manually resolve conflicting records, see How to Manage Conflicting Records for Configuration Manager Clients.

If you view the following reports and they do not contain client data, ensure that clients are assigned to a fallback status point:

  • Client Assignment Detailed Status Report
  • Client Assignment Failure Details
  • Client Assignment Status Details
  • Client Assignment Success Details
  • Client Deployment Failure Report
  • Client Deployment Status Details
  • Client Deployment Success Report
  • Issues by incidence detail report for a specific collection
  • Issues by incidence summary report for a specific collection
  • Issues by incidence detail report for a specific site
  • Issues by incidence summary report

Solution

Assign a fallback status point to Configuration Manager 2007 clients, and view the reports from the site in which the fallback status point is installed.

Note
SMS 2003 clients do not use these reports.

For more information, see the following:

Additionally, if you are deploying a high number of clients at the same time, there might be a delay in processing all the state messages sent from the fallback status point to the site. In this scenario, wait for the data to appear and consider configuring the throttling settings on the fallback status point. For more information about the throttling settings, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

Error conditions reported by clients might be displayed using standard Microsoft Windows error codes, without a description of the error. Or they might use error codes that are specific to Configuration Manager 2007.

Solution

For information about how to map these error codes to an error description, see http://go.microsoft.com/fwlink/?LinkId=103419.

If Configuration Manager 2007 clients fail to obtain software updates from Configuration Manager and they have an Active Directory Group Policy setting configured for software update point based client installation, a likely reason is that the Active Directory Group Policy object is incorrectly configured.

The software updates feature automatically configures a local Group Policy setting for the Configuration Manager 2007 client so that it is configured with the software update point source location and port number. Both the server name and port number are required for the software updates client to find the software update point.

If an Active Directory Group Policy setting is applied to computers for software update point client installation, this overrides the local Group Policy setting. Unless the value of the setting is exactly the same (server name and port), the Configuration Manager 2007 software updates feature will fail on the client.

The following entries appear in the software updates log file WUAHandler.log:

[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server and Policy ENABLED]LOG

Solution

The software update point for client installation and software updates must be the same server, and it must be specified in the Active Directory Group Policy setting with the correct name format and with the port information (for example, http://server1.contoso.com:80 if the site system server is not configured to use a fully qualified domain name and is using the default Web site).

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

When you switch the Configuration Manager 2007 client to a different site mode while the installation of Background Intelligent Transfer Service (BITS) is pending a restart, the client computer might not be able to send hardware inventory files to the management point. Entries similar to the following will appear in DataTransferService.log on the client computer:

DTS::AddTransportSecurityOptionsToBITSJob - Failed to QueryInterface for IBackgroundCopyJobHttpOptions. BITS 2.5+ may not be installed properly.

Solution

Restart the computer, and then reinstall the Configuration Manager 2007 client software.

When you uninstall a Configuration Manager 2007 site without first deselecting the option Enable Software Update Point Client Installation on the Software Update Point Client Installation Properties dialog box, the client will remain published as a software update in Windows Server Update Services (WSUS). If you then reinstall a Configuration Manager 2007 site with a newer client version and publish the client to WSUS, both client versions will be published.

Solution

Clear the check box Enable Software Update Point Client Installation in the General tab of the Software Update Point Client Installation Properties dialog box before uninstalling a Configuration Manager 2007 site. You can also use the WSUS console to remove published software updates.

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

Client resynchronization is triggered when the state message system believes that data is missing from a client computer. When a high number of resynchronizations occur, this might cause a backlog of state messages that adversely affects the performance of the fallback status point server and of the Configuration Manager 2007 site server.

To identify whether clients are undergoing resynchronization, use the following SQL query to discover how many clients have resynchronized in the last seven days:

select count(*) from v_ClientMessageStatistics where LastResyncIssuedTime > DateAdd( day , -7 , GetUTCDate())

For information about creating queries, see How to Create a Query.

Solution

Wait for the backlog to clear. Alternatively, consider changing the default throttle interval on the fallback status point to limit the number of state messages sent to the site server. For more information, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

Manually approving and blocking (or unblocking) a client is not supported from sites other than the client's assigned site. These options are not available when you right-click clients from sites higher in the hierarchy than their assigned site.

Solution

Perform these actions from the client's assigned site. For more information, see the following:

When Configuration Manager 2007 site systems are configured with a fully qualified domain name (FQDN) that is a CNAME (DNS alias) rather than the computer name registered in Active Directory Domain Services, the CNAME must be configured with a Kerberos service principal name (SPN) whenever Windows authentication is used. For example, Windows authentication is required in the following scenarios:

  • Users initiate content download from distribution points on site systems configured with CNAMEs, and the content is not configured for anonymous access.
  • The site is in mixed mode and configured with the option Automatically approve computers in trusted domains (recommended), and the management point site system is configured with a CNAME.

When Windows authentication fails in the preceding scenarios, the client records an HTTP 401 error in the log files Datatransferservice.log (for content download failures) and ccmexec.log (for automatic approval failures).

Note
If you see these 401 errors, even if the CNAME SPN is registered, it might be configured incorrectly. Re-register it using the procedure in the following solution.

Solution

For all site systems configured to use a CNAME, register the SPN using the Windows Setspn tool with the following syntax:

Setspn –A HTTP/CNAME_FQDN computername

The Setspn tool is included in Windows Server 2003 Support Tools. You can install Windows Server 2003 Support Tools from the Support\Tools folder of the Windows Server 2003 startup disk. By default, the support tools install in the folder C:\Program Files\Support Tools.

For more information about using SPNs with IIS, see the following article that explains how to use SPNs when you configure Web applications that are hosted on IIS 6.0: http://go.microsoft.com/fwlink/?LinkId=94785.

Important
If you have configured a network load balancing (NLB) management point with a CNAME, do not use this procedure for the cluster name. Instead, follow the instructions in the following topic: How to Configure an SPN for NLB Management Point Site Systems.

If clients assigned to the site can install software updates and run advertisements when they are directly connected to the intranet but not when they are connected over a virtual private network (VPN) connection, this is likely to be a configuration issue related to boundaries and the software update deployment or advertisement configuration.

If you haven't defined the VPN scope used by these clients as a boundary for their assigned site, the VPN connection will be considered to be within a slow network boundary. You will also see this issue if you have defined the VPN scope as a boundary but it is configured as a slow network boundary rather than a fast network boundary. In either of these scenarios, if software update deployments or advertisements are configured to not install for clients connected to a slow network boundary (the default configuration), VPN clients will not be able to access this content until they are connected directly to the intranet (on a defined, fast network boundary).

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

  • If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  • If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.

For more information about configuring boundaries, see Planning Configuration Manager Boundaries and New Boundary Dialog Box.

For more information about when roaming clients fall back to accessing content at their assigned site from remote sites, see About Client Roaming in Configuration Manager and Example Roaming Scenarios for Configuration Manager: Simple.

When a client computer requests a user policy and finds that no policy updates are available, the message Validation data missing or invalid is generated in the log file PolicyAgent.log.

Solution

None. This is a benign error message and will not interfere with the operation of a Configuration Manager 2007 site.

If the Configuration Manager 2007 client is installed using the DISABLECACHEOPT=TRUE installation property, the user is unable to change the size of the temporary program download (cache) folder. However, the Amount of disk space to use (MB) item in the Advanced tab of the Configuration Manager Properties dialog box displays the value of 0, regardless of the size the folder has been set to.

Solution

There is currently no solution or workaround for this issue.

After client installation and at every restart of the client, the following is logged in the file CCMexec.log:

Error registering hosted class '{E67DBF56-96CA-4e11-83A5-5DEC8BD02EA8}'. Code 0x80040154

For more information about client log files, see Log Files for Managing Configuration Manager Clients.

Solution

This log entry does not identify a problem with the client and can be safely ignored.

Enjoy,

Paddy

 

SCCM 2007 Client General Issues

 
Configuration Manager Client General Issues
 
Folowing are the General issues with SCCM Client issues from Microsoft Web site...This section provides general troubleshooting information to help you resolve issues when managing clients in Configuration Manager 2007, which are not specifically related to installation, assignment, or mixed or native mode.

For more information about client deployment in Configuration Manager 2007, see Planning and Deploying Clients for Configuration Manager 2007.

If Configuration Manager 2007 clients are successfully installed and assigned to a site but fail to download policy, a likely reason is that either the site has no default management point or clients cannot locate it.

Solution

Make sure that a default management point is configured for the site. For more information, see How to Configure the Default Management Point for a Site.

Clients find their default management point using one of the following service location requests:

  • Active Directory Domain Services (if the schema is extended for Configuration Manager 2007)
  • DNS (if Configuration Manager 2007 is configured for DNS publishing)
  • Server locator point
  • WINS (mixed mode only)

Ensure that one of these mechanisms is available to clients. For more information, see Configuration Manager and Service Location (Site Information and Management Points).

Configuration Manager 2007 helps to ensure that each Configuration Manager 2007 client is uniquely identified. If a duplicate hardware ID is identified, by default Configuration Manager 2007 automatically creates a new client record for the duplicate record. This setting allows you to easily upgrade or deploy clients that might have duplicate hardware IDs, without requiring manual intervention. However, with this setting, a computer that has been re-imaged or restored from backup will have a new record created, which results in all previous information about that client being no longer available for reporting purposes.

An alternative configuration is to require the administrator to manually reconcile all conflicting records when they are detected. This setting results in affected clients being unmanaged and no longer displaying in collections, but displaying in the Conflicting Records node. These clients will remain unmanaged until the administrator resolves the conflict.

For more information, see the section "Managing Client Identity" in What's New in Client Deployment for Configuration Manager.

Solution

When a new record has been created, you cannot get back previous data for the client, but you can reconfigure Configuration Manager so that it does not automatically create new records in the future.

If clients are unmanaged and missing from collections, check the Conflicting Records node so that you can manually reconcile the records by merging them, creating a new record, or blocking the new record.

For more information about how to configure the site-wide setting and how to manually resolve conflicting records, see How to Manage Conflicting Records for Configuration Manager Clients.

If you view the following reports and they do not contain client data, ensure that clients are assigned to a fallback status point:

  • Client Assignment Detailed Status Report
  • Client Assignment Failure Details
  • Client Assignment Status Details
  • Client Assignment Success Details
  • Client Deployment Failure Report
  • Client Deployment Status Details
  • Client Deployment Success Report
  • Issues by incidence detail report for a specific collection
  • Issues by incidence summary report for a specific collection
  • Issues by incidence detail report for a specific site
  • Issues by incidence summary report

Solution

Assign a fallback status point to Configuration Manager 2007 clients, and view the reports from the site in which the fallback status point is installed.

Note
SMS 2003 clients do not use these reports.

For more information, see the following:

Additionally, if you are deploying a high number of clients at the same time, there might be a delay in processing all the state messages sent from the fallback status point to the site. In this scenario, wait for the data to appear and consider configuring the throttling settings on the fallback status point. For more information about the throttling settings, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

Error conditions reported by clients might be displayed using standard Microsoft Windows error codes, without a description of the error. Or they might use error codes that are specific to Configuration Manager 2007.

Solution

For information about how to map these error codes to an error description, see http://go.microsoft.com/fwlink/?LinkId=103419.

If Configuration Manager 2007 clients fail to obtain software updates from Configuration Manager and they have an Active Directory Group Policy setting configured for software update point based client installation, a likely reason is that the Active Directory Group Policy object is incorrectly configured.

The software updates feature automatically configures a local Group Policy setting for the Configuration Manager 2007 client so that it is configured with the software update point source location and port number. Both the server name and port number are required for the software updates client to find the software update point.

If an Active Directory Group Policy setting is applied to computers for software update point client installation, this overrides the local Group Policy setting. Unless the value of the setting is exactly the same (server name and port), the Configuration Manager 2007 software updates feature will fail on the client.

The following entries appear in the software updates log file WUAHandler.log:

[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server and Policy ENABLED]LOG

Solution

The software update point for client installation and software updates must be the same server, and it must be specified in the Active Directory Group Policy setting with the correct name format and with the port information (for example, http://server1.contoso.com:80 if the site system server is not configured to use a fully qualified domain name and is using the default Web site).

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

When you switch the Configuration Manager 2007 client to a different site mode while the installation of Background Intelligent Transfer Service (BITS) is pending a restart, the client computer might not be able to send hardware inventory files to the management point. Entries similar to the following will appear in DataTransferService.log on the client computer:

DTS::AddTransportSecurityOptionsToBITSJob - Failed to QueryInterface for IBackgroundCopyJobHttpOptions. BITS 2.5+ may not be installed properly.

Solution

Restart the computer, and then reinstall the Configuration Manager 2007 client software.

When you uninstall a Configuration Manager 2007 site without first deselecting the option Enable Software Update Point Client Installation on the Software Update Point Client Installation Properties dialog box, the client will remain published as a software update in Windows Server Update Services (WSUS). If you then reinstall a Configuration Manager 2007 site with a newer client version and publish the client to WSUS, both client versions will be published.

Solution

Clear the check box Enable Software Update Point Client Installation in the General tab of the Software Update Point Client Installation Properties dialog box before uninstalling a Configuration Manager 2007 site. You can also use the WSUS console to remove published software updates.

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

Client resynchronization is triggered when the state message system believes that data is missing from a client computer. When a high number of resynchronizations occur, this might cause a backlog of state messages that adversely affects the performance of the fallback status point server and of the Configuration Manager 2007 site server.

To identify whether clients are undergoing resynchronization, use the following SQL query to discover how many clients have resynchronized in the last seven days:

select count(*) from v_ClientMessageStatistics where LastResyncIssuedTime > DateAdd( day , -7 , GetUTCDate())

For information about creating queries, see How to Create a Query.

Solution

Wait for the backlog to clear. Alternatively, consider changing the default throttle interval on the fallback status point to limit the number of state messages sent to the site server. For more information, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

Manually approving and blocking (or unblocking) a client is not supported from sites other than the client's assigned site. These options are not available when you right-click clients from sites higher in the hierarchy than their assigned site.

Solution

Perform these actions from the client's assigned site. For more information, see the following:

When Configuration Manager 2007 site systems are configured with a fully qualified domain name (FQDN) that is a CNAME (DNS alias) rather than the computer name registered in Active Directory Domain Services, the CNAME must be configured with a Kerberos service principal name (SPN) whenever Windows authentication is used. For example, Windows authentication is required in the following scenarios:

  • Users initiate content download from distribution points on site systems configured with CNAMEs, and the content is not configured for anonymous access.
  • The site is in mixed mode and configured with the option Automatically approve computers in trusted domains (recommended), and the management point site system is configured with a CNAME.

When Windows authentication fails in the preceding scenarios, the client records an HTTP 401 error in the log files Datatransferservice.log (for content download failures) and ccmexec.log (for automatic approval failures).

Note
If you see these 401 errors, even if the CNAME SPN is registered, it might be configured incorrectly. Re-register it using the procedure in the following solution.

Solution

For all site systems configured to use a CNAME, register the SPN using the Windows Setspn tool with the following syntax:

Setspn –A HTTP/CNAME_FQDN computername

The Setspn tool is included in Windows Server 2003 Support Tools. You can install Windows Server 2003 Support Tools from the Support\Tools folder of the Windows Server 2003 startup disk. By default, the support tools install in the folder C:\Program Files\Support Tools.

For more information about using SPNs with IIS, see the following article that explains how to use SPNs when you configure Web applications that are hosted on IIS 6.0: http://go.microsoft.com/fwlink/?LinkId=94785.

Important
If you have configured a network load balancing (NLB) management point with a CNAME, do not use this procedure for the cluster name. Instead, follow the instructions in the following topic: How to Configure an SPN for NLB Management Point Site Systems.

If clients assigned to the site can install software updates and run advertisements when they are directly connected to the intranet but not when they are connected over a virtual private network (VPN) connection, this is likely to be a configuration issue related to boundaries and the software update deployment or advertisement configuration.

If you haven't defined the VPN scope used by these clients as a boundary for their assigned site, the VPN connection will be considered to be within a slow network boundary. You will also see this issue if you have defined the VPN scope as a boundary but it is configured as a slow network boundary rather than a fast network boundary. In either of these scenarios, if software update deployments or advertisements are configured to not install for clients connected to a slow network boundary (the default configuration), VPN clients will not be able to access this content until they are connected directly to the intranet (on a defined, fast network boundary).

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

  • If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  • If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.

For more information about configuring boundaries, see Planning Configuration Manager Boundaries and New Boundary Dialog Box.

For more information about when roaming clients fall back to accessing content at their assigned site from remote sites, see About Client Roaming in Configuration Manager and Example Roaming Scenarios for Configuration Manager: Simple.

When a client computer requests a user policy and finds that no policy updates are available, the message Validation data missing or invalid is generated in the log file PolicyAgent.log.

Solution

None. This is a benign error message and will not interfere with the operation of a Configuration Manager 2007 site.

If the Configuration Manager 2007 client is installed using the DISABLECACHEOPT=TRUE installation property, the user is unable to change the size of the temporary program download (cache) folder. However, the Amount of disk space to use (MB) item in the Advanced tab of the Configuration Manager Properties dialog box displays the value of 0, regardless of the size the folder has been set to.

Solution

There is currently no solution or workaround for this issue.

After client installation and at every restart of the client, the following is logged in the file CCMexec.log:

Error registering hosted class '{E67DBF56-96CA-4e11-83A5-5DEC8BD02EA8}'. Code 0x80040154

For more information about client log files, see Log Files for Managing Configuration Manager Clients.

Solution

This log entry does not identify a problem with the client and can be safely ignored.

Enjoy,

Paddy