Monday 5 November 2018

SCCM 1806 Upgrade fails

While working at a client site I was assisting onsite guys to upgrade SCCM 1802 to 1806.
They did the 1710 to 1802 a few weeks back without any issues.

The prereqs passed and they started the upgrade. It failed and they decided to remove AV as they thought it might be a contributing factor. 

Tried upgrade again still fails on Install Update Files step in the setup process. I started to review the CMUpdate.log to see what errors was being written. 

I could not copy the content of the file but below is an example of what was in the log:

Cannot create D:\Program Files\Microsoft Configuration Manager\tools\UploadOfflineFeedback, [error code: 5, error message: Access is denied.]. CONFIGURATION_MANAGER_UPDATE 9/26/2018 13:35:43 1796 (0x0704)
ERROR: Failed to create directory D:\Program Files\Microsoft Configuration Manager\tools\UploadOfflineFeedback CONFIGURATION_MANAGER_UPDATE 9/26/2018 13:35:43 1796 (0x0704)
Setup has encountered fatal errors while performing file operations. CONFIGURATION_MANAGER_UPDATE 9/26/2018 13:35:43 1796 (0x0704)
Failed to install update files. CONFIGURATION_MANAGER_UPDATE 9/26/2018 13:35:43 1796 (0x0704)

So compared their setup to my LAB and everything seemed in order. Did some research and came across a Technet forum post about permissions missing on the folder.

Asked the team to confirm if Builtin\Administrators and SYSTEM had full permission on the Tools folder. They confirmed that both entries were missing. Not sure who changed permissions on the Tools folder but after adding the accounts back and retrying the update, 1806 installed without any issues.

Thursday 14 June 2018

SCCM Update Sync issue

UPDATE 15-06-2018: Microsoft has confirmed issue is resolved. We tested and our catalog has now synced successfully. If you still have issues post on the following link.

So yesterday morning we were greeted with SUP Sync failures at one of our clients.
We could not understand as the sync the previous afternoon was working fine but with the release of patch Tuesday's patches it started failing.

We tried WSUSUtil Reset to see if that might fix the issue as it looked like an update missing metadata in the SUSDB. After numerous attempts it still kept on failing. We then un-ticked all the Classifications and the sync was successful. We then added everything back and it failed again.


This was the error we saw in WSUS console:



Then we looked at the SCCM log (Wsyncmgr.log) and there we saw the following error:

Sync failed: ImportUpdateError: Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS

We then turned to the Softwaredistribution.log on the WSUS server and saw the following error:
System.Data.SqlClient.SqlException (0x80131904): Cannot insert the value NULL into column 'RevisionID', table '@AtLeastOneBundle'; column does not allow nulls. INSERT fails.

We tried to find those UpdateID's at other clients but was unable to.


We then opened a support call with Microsoft as we did not want to redo our SUP server as that felt like an extreme measure. Within 5 minutes of the call the engineer confirmed there is an issue with multiple clients at the moment regarding sync issues and they are awaiting a fix from the product group. 

As a temporary workaround we were instructed to deselect the Definition Updates classification.
We attempted the sync and it worked. We do use SCEP for AV so in the meantime we are deploying the definitions via normal software distribution method in SCCM. You can reference this blog as it is still relevant: Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2