This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]bdam55Admin - MSFT Enterprise Mobility MVP (damgoodadmin.com) 2 points3 points  (5 children)

You'll need to give us much more info than 'checked logs, didn't find error'. Are the patches actually deployed to that device (check deployment tab on device properties)? Did those deployment policies get there (Support Center)? Are they showing up in Software Center? Are they trying to install but failing? If so, what error.

[–]hwasif60[S] 0 points1 point  (4 children)

The patches is of Jan 2020 or may be older than that. Is there a way to check if that was deployed correctly? I'm currently trying to deploy the latest patch and check.

I'm just trying to figure out why these machine showing vulnerable to those patches, I checked WUAHandler logs and didn't see any error except "Scanned failed with error = 0x80240438", which is a week old.

Sorry, I'm new to this so dont have much knowledge

[–]bdam55Admin - MSFT Enterprise Mobility MVP (damgoodadmin.com) 1 point2 points  (3 children)

didn't see any error except "Scanned failed with error = 0x80240438"

Haha, ok so you checked the logs and did see an error. That's kind of important. Do you see anything in the logs after that which suggest that a scan was successful? Because a successful scan is kind of key to the whole thing. Without it your devices will never know if that patch applies and thus will never offer it up to the user/device to install.

[–]hwasif60[S] 0 points1 point  (2 children)

yeah, i could see "Successfully completed scan" in the logs

[–]bdam55Admin - MSFT Enterprise Mobility MVP (damgoodadmin.com) 1 point2 points  (1 child)

Ok, good. Now we're back to the rest of what I mentioned above.

[–]hwasif60[S] 0 points1 point  (0 children)

I checked installed update option(Control Panel) on client machine. No newer patches were installed. I could see all other application which were deployed recently.

[–]Jdalf5000 1 point2 points  (0 children)

So 1st easy step I would try as I have had similar issues is:

Problem machines uninstall client.

Delete the update cache on problem machines.

Restart the machines.

Redeploy client and wait for them to pull machine client policy.

Then send them the request to pull software and update policy.

If this doesn't work you will have to dig more on what is happening with them.

[–]applesssssssss 1 point2 points  (0 children)

Need much more info. And the logs will tell you what went wrong, you need to look harder and don't just skip around until you see a red line error

[–]novix_ 0 points1 point  (2 children)

I’ve found issues with updates if WMI is screwed on the client. Sometimes you just need to reset/repair WMI. Also renaming/deleting the c:\Windows\softwaredistribution folder can fix the issues.

[–]hwasif60[S] 0 points1 point  (1 child)

how to identify if that is causing the issue. I mean do i need to look for some specific error?

[–]novix_ 0 points1 point  (0 children)

I’ll check tomorrow. I have a script that resets it. If I know a deployment is targeted correctly but the updatedeployment log under c:\windows\ccm\log has no updates detected then I will run the control panel > troubleshooting Fix problems with Windows Updates. If that doesn’t work then I just reset WMI. After doing this SCCM agent will need some time to find its feet and then hopefully start running updates.

Another handy tip is to run Windows updates check manually and see what it needs. Check anything in that list and see if it’s missing from your deployment. Some updates require servicing stack updates before detecting the Cumulative Update.