Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Justin Chalfant

Pages: [1] 2 3
Important Update

All future feature request should be created on the following website: Ideas Website. This change is to use a platform that supports up-voting and better tracking of feature request.


Archived Feature and Product Request / RingCentral Meetings
« on: May 15, 2019, 09:23:41 AM »
New product request via email:

1. Product: RingCentral Meetings | Vendor: RingCentral, Inc.
4. /i <msi> /qn
5. (Admin Downloads section in middle of page for system based installs)

It would be great if detection could be set up to also detect the exe version (installs in user appdata) and install this msi version in it's place.  I believe the system based install given here handles ripping out the user based installs, etc.



In this knowledge base article, we will review an error you may receive when attempting to right-click a third-party software update and choosing Publish Third-Party Software Update Content.

In the SMS_ISVUPDATES_SYNCAGENT.log, you will see the following error lines in the log file.



Please review the step-by-step video guide below for information about why the SMS_ISVUPDATES_SYNCAGENT_UPDATECONTENT_NO_METADATA error occurs while publishing third-party software update content and the resolution.

This scenario is also documented on the Microsoft Docs - Third-Party Software Updates Known Issues page.
  • The third-party software update synchronization service can't publish content to metadata-only updates that were added to WSUS by another application, tool, or script, such as SCUP. The Publish third-party software update content action fails on these updates. If you need to deploy third-party updates that this feature doesn't yet support, use your existing process in full for deploying those updates.


Error: The process is not in background processing mode. ERROR: DownloadContentFiles() failed with hr=0x80070193

When attempting to download third-party software updates into an SCCM deployment package, you receive the following error message in the console: Failed to download content id <IDNumber>. Error: The process is not in background processing mode.

If you review the PatchDownloader.log file, you will see errors similar to the errors listed below:


ERROR: DownloadContentFiles() failed with hr=0x80070193

Why Does ERROR: DownloadContentFiles() failed with hr=0x80070193?

This error occurs when the WSUS Content virtual directory is configured to require SSL. In Internet Information Services (IIS) Manager, click the WSUS Administration website, click the Content virtual directly, then click SSL Settings in the right pane.

If Require SSL is checked, uncheck that option and choose to apply the changes

The WSUS Content virtual directly in IIS should not be configured to Require SSL even if your WSUS server is configured in SSL. Please see the following Microsoft documentation for more details: How to Configure the WSUS Web Site to Use SSL

If this was your issue, third-party updates should now successfully download to an SCCM deployment package.

Please include the following details in the new product request for a new product. These details will allow us to analyze new product request more efficiently.

Important Update

All future application request should be created on the following website: Ideas Website. This change is to use a platform that supports up-voting and better tracking of request products.

  • Before submitting a new application request at Ideas Website please search to ensure it's not already submitted. If it's already submitted please just use the up-vote feature
  • Please still include all the required metadata mentioned below for new idea/application submissions at Ideas Website

Requirements for New Products

1) Supports silent installation via command line
2) Install successfully under SYSTEM context
3) Public download URL for the offline installer (Note: some exceptions may be made for highly up-voted request as we can use the content repository feature for some licensed products.)
4) The products installer must be digitally signed
5) Please only include one product request per idea submission
6) Uses EXE, MSI, or MSP file download for the installer (No ZIP)

Required Details to Enter in new Product Request

1) Product and vendor name
2) Public download URL for the latest offline installer. A product whose download is behind a paywall is not supported
3) Download URL for an older versions offline installer (If Available)
4) Silent installation switch with "no restart" switch
5) Download page
6) Release notes page

Example Request:

1. Product: Notepad++ | Vendor: Notepad++ Teams
2. x64: | x86:
3. x64: | x86:
4. /S /norestart


Third-Party Update Digest Verification Fails When Publishing Outdated Updates

In this article, we will review file digest verification failures when publishing third-party software update content and the most common reason this error happens.

What Does a File Digest Failure Look Like?

If you are using Microsoft's legacy method for publishing updates through System Center Updates Publisher, you will see an error similar to the error below in the UpdatesPublishing.log or SCUP.log located in your users %temp% directory.

--- Digest verification failed on content for software update 'Google Chrome 72.0.3626.119 (x64) (UpdateId:'626b77a4-61e5-4e84-9870-3aa68abafd0e' Vendor:'Patch My PC' Product:'SCUP Updates')'.

If you are using the SCCM 1806+ third-party updates feature directly in the SCCM console, you will see the following errors in the SMS_ISVUPDATES_SYNCAGENT.log which is located on the top-level software update point in the site system logs folder.



Why Does the Digest Verification Fail When Publishing Updates?

Whenever a third-party update is being published with full-content, the update needs to pass security validation checks. The first check is the update binary downloaded from the vendor's website must match the file digest of the update we created it.When vendors use the same download URL for a product such as Google Chrome:, hash validations can fail if you are publishing an older version of the update due the the latest catalog not being imported.

Resolving Digest Verification Failures

To fix the digest validation error, you will need to import or sync the latest Patch My PC Update Catalog so you can are publish the most recent software update that will match the hash of the vendor's latest update binary.

If you are using the SCCM 1806+ third-party software update catalog feature:

You will need to perform a sync of catalog manually. In the Third-Party Software Update Catalog node in your SCCM console, right-click the Patch My PC Catalog and choose Sync now. By default, SCCM will only automatically sync a third-party software update catalog every 7 days.

You can review the catalog sync progress in the SMS_ISVUPDATES_SYNCAGENT.log. located on the top-level software update point in the site system logs folder.

Once the catalog publishing sync is complete, you can perform a sync of your software update point to have any newly released third-party updates show up in the "All Software Updates" node of the SCCM console.

sync sccm software update point for declined updates

Once the sync is complete, you should see new updates for the product, and the previous updates that were failing should become superseded. The latest version of the update should be able to publish the update content successfully.

If you are using System Center Updates Publisher:

You will need to import the latest catalog manually from the console:

Once the newest catalog is imported, you should see the latest update(s) for the product that was previously failing to publish. Choose to publish the latest software updates(s).

You Can Switch to Our Publishing Service to Reduce Hash Errors

When using System Center Updates Publisher or the SCCM 1806+ Third Party Updates feature, you will be more likely to run across hash errors, because there is a delay between when the catalog syncronizes and when you choose to manually publish the content.For example, the SCCM 1806+ catalog feature can only perform an automatic catalog sync every 7 days, and this is not currently configurable.
  • If SCCM syncronized our third-party update catalog on March 2, 2019, and on that date, Google Chrome 72.0.3626.119 (x64) was the latest version it would be published automatically to SCCM.
  • If we then released Google Chrome 72.0.3626.121 (x64) on March 3, 2019, and you hadn't previously published the content for Google Chrome 72.0.3626.119 (x64) before it was updated on Googles web server you would receive a hash error.
  • Since SCCM only syncs the catalog every 7 days, you would continue to have hash failures when trying to publish the update content until the next automatic sync occurs on March 9, 2019, or you perform a manual catalog sync in the SCCM console.
Benefits of using our publishing service with regards to hash digest errorsIf you were to switch to our publishing service, you would have complete control over how often our catalog syncronizes. The scheduling options will allow you to sync the catalog more frequently to ensure you have the most recent catalog metadata.

Our publishing service will always download the most recent catalog before downloading any third-party update content. By downloading the newest metadata, it will ensure we are pulling the most recent updates with the current file digest before performing content publishing.

There are other benefits to switching to our publishing service including full automation. You can get more details about the benefits of our publishing service below.

What's the Difference our Publishing Service and SCCM 1806+ In-Console Publishing?

What if You Receive the Hash Error when Using the Latest Catalog?

If you receive the hash digest error after verifying you have imported the latest catalog and you are publishing the latest update available, it's probably because the vendor just posted a new software update that hasn't been made available in our catalog yet.

You can let us know you are getting a hash error when publishing the latest available update by using our technical support contact form. Generally, we release updates the same day a vendor makes releases the update so it will just automatically resolve itself when we update the catalog.

Third-Party Updates Fail to Download - Error: The cloud file provider exited unexpectedly.

When attempting to download a published third-party software update, you receive the following error:

Failed to download content id <IDNumber>. Error: The cloud file provider exited unexpectedly.

Error The cloud file provider exited unexpectedly.

In PatchDownloader.log, you will also see the following error in the log.

HttpSendRequest failed HTTP_STATUS_NOT_FOUND

ERROR: DownloadContentFiles() failed with hr=0x80070194

Error 0x80070194 translates to "The cloud file provider exited unexpectedly."

Why does Error 0x80070194 Happen?

This error occurs when the published update content does not exist in the WSUSContent folder, therefore, the update is unable to be downloaded from IIS on the WSUS server to the deployment package in SCCM.

There are a variety of reason the update (.CAB) file for the published update(s) may not exist in the WSUSContent folder including:

  • Custom cleanup scripts removing content from the WSUSContent directory
  • The WSUSContent folder is configured incorrectly in IIS
  • The WSUSContent folder is pointing to a UNC network share and the appropriate configurations and permissions weren't configured

SQL Query to determine if any Deployment Packages are referencing the WSUS content directories:


PackageId, Name, PkgSourcePath



Where PkgSourcePath like '%UpdateServicesPackages%' or PkgSourcePath like '%WsusContent%'

If you are using multiple software update points in a Shared WSUS confgurtaion, please review this guide to ensure that you shared the WSUSContent folder out on all software update points 

Resolution to Error 0x80070194

Please review and video guide below to understand possible causes and resolutions for the errors listed below.

  • ERROR: DownloadContentFiles() failed with hr=0x80070194
  • HttpSendRequest failed HTTP_STATUS_NOT_FOUND

    Third-Party Updates Fail to Install with Error 0x800b0109 in SCCM

    When attempting to install third-party software updates, you receive error code 0x800b0109.


    In WUAHandler.log, you will also see the following error in the log.

    Failed to download updates to the WUAgent datastore. Error = 0x800b0109

    Why does Error 0x800b0109 Happen?

    Error code 0x800b0109 translates to:

    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    This error occurs when a client is attempting to install third-party software update(s) that are signed using a WSUS signing certificate that isn't trusted on the client devices.

    Resolution to Error 0x800b0109

    To resolve error code 0x800b0109, you need to distribute the WSUS signing certificate to the Trusted Root and Trusted Publishers certificate stores on your client devices.

    You can distribute the certificate using the third-party software updates feature in SCCM 1806+ (Microsoft Docs), or you can deploy the certificate using group policy (PDF Guide).

    We also have a detailed step-by-step video guide below that covers deploying the WSUS signing certificate using SCCM 1806+ or using group policy to resolve error 0x800b0109 on your clients.

    Requested by Sirwarlord on Slack.

    Will be added in our next update (v 1.2.3) later this week.


    Digest Mismatch Due To Download URL Being Filtered by Firewall or Web Filter

    If you received an error message in the PatchMyPC.log similar to the one shown below when publishing a third-party update this article should help.

    Digest of the downloaded update doesn't match the digest from the catalog: Hash from catalog [0Io0A82tYc06ybySLZ1osB5VYzY=] doesnÔÇÖt match downloaded update hash of [YQMfSKsyclBqVjGnvRdBuoCCcvY=]
    This error appears to be a known error. Please see our KB article for the resolution.

    Why the Hash Check?

    Whenever we download an update file from a vendor's website to publish to WSUS/SCCM, we validate the hash of the current binary downloaded matches the original hash within the catalog metadata. This check ensures that if a binary is compromised or changed on vendors website, we will not publish the software update. We have a deep dive into our security validation process here.

    Resolution to this Specific Hash Check Failure

    If you received the error message above that links our to this article, that means the hash check failed, and the downloaded file size was less than 100 kb.When the downloaded file is less than 100 kb in size, this almost always correlates to a web filter or firewall blocking the download from the server that is running our publishing service.Step 1 - Open the PatchMyPC.log from the publishing service.


    Step 2 - Copy the download URL from the PatchMyPC.log for any updates receiving this hash error.


    Step 3 - Paste the download URL into a web browser on the same server running the publishing service and check if you receive an error that a web filter is blocking the download.

    Download URL Being Filtered in Browser

    Step 4 - You will need to get exceptions created for any downloads receiving this hash error for "digest mismatch download filtered". 

    Please see for the most recent list of the domains used to download update files for our catalog.


    Please see Selectively Choose Products to Publish - Patch My PC Update Catalog for more details


    To better support the upcoming third-party software update integration in Microsoft System Center Configuration Manager (SCCM), we are adding the ability to import our catalog per-product. The SCCM third-party software update catalogs feature will publish ALL updates in a catalog with metadata only. We want to give our customers the ability to add our catalog by-product if needed. This feature will allow you to selectively publish products to  SCCM, and not have SCCM publish all 150+ Products.

    For the most recent version of this post please see

    In this video, we will demonstrate how to use Title filters in the automatic deployment rules in Microsoft Configuration Manager. This filtering can be helpful if there are specific products you need to exclude in your ADRs from our third-party software update catalog for SCCM.

    Full List of Titles for Product in Our Update Catalog

    Adobe Acrobat DC
    Adobe Acrobat Reader DC
    Adobe Air
    Adobe Digital Editions
    Adobe Flash Player 32-bit/64-bit ActiveX
    Adobe Flash Player 32-bit/64-bit Plugin
    Adobe Flash Player 32-bit/64-bit PPAPI
    Adobe Lightroom
    Adobe Shockwave Player
    AirServer Universal
    AirSquirrels Reflector
    Allway Sync
    Apache Tomcat
    Apple Application Support
    Apple Bonjour
    Apple iCloud
    Apple iTunes
    Apple Mobile Device Support
    Apple Quicktime
    Apple Safari
    Apple Software Update
    Attendant Pro
    Articulate 360
    Autodesk Design Review 2018
    Blue Jeans Outlook Addin
    Box Drive
    Box For Office
    Box Sync
    Box Tools (Box Edit)
    Citrix HDX RealTime Media Engine
    Citrix Receiver
    Citrix Workspace
    Classic Shell
    ClickShare Launcher
    Crypto Prevent
    CutePDF Writer
    ESET Endpoint Security
    ESET File Security
    ESET Remote Administrator Agent
    FastStone Capture
    FileZilla Client
    FlashBack Express
    Foxit PhantomPDF
    Foxit Reader
    Garmin Express
    Google Chrome
    Google Earth Pro
    Google Picasa
    K-Lite Basic Codec Pack
    K-Lite Mega Codec Pack
    Lenovo System Update
    LogMeIn Client
    MapInfo Pro
    MicroDicom Viewer
    Microsoft .NET Core Runtime
    Microsoft .NET Core: Runtime & Hosting Bundle
    Microsoft .NET Core SDK
    Microsoft Azure Storage Explorer
    Microsoft EMET
    Microsoft Mouse and Keyboard Center
    Microsoft Power BI Desktop
    Microsoft SQL Management Studio
    Microsoft Visual Studio Code
    Mozilla Firefox
    Mozilla Firefox ESR
    Mozilla Firefox to ESR Migration
    Mozilla SeaMonkey
    Mozilla Thunderbird
    Nextcloud Client
    Nitro Pro
    Nitro Pro Enterprise
    Node.js LTS
    OCZ SSD Utility
    Oracle Java 6/7 (x64) to Java 8 (x64) Migration
    Oracle Java 7
    Oracle Java 8
    Oracle VM VirtualBox
    PDF Split And Merge
    PDF24 Creator
    PDF-XChange Editor
    PDF-XChange PRO
    PhraseExpress Client
    Plantronics Hub
    Plex Media Player
    PowerShell Core
    ProgrammerÔÇÖs Notepad
    R For Windows
    RealTimes (RealPlayer)
    RealVNC (VNC Server)
    Remote Desktop Manager Enterprise
    Royal TS
    SketchUp Make 2016
    SketchUp Pro 2016
    SketchUp Make 2017
    SketchUp Pro 2017
    SRWare Iron
    Sublime Text
    Tableau Reader
    Telerik Progress TestStudio Ultimate
    TreeSize Free
    VitalSource Bookshelf
    VLC Media Player
    VMware Horizon Client
    VMware Tools
    VMware Workstation
    VMware Workstation Player
    VNC Enterprise
    Yahoo! Messenger
    Zoom Meetings
    Zoom Outlook Plugin

    Pages: [1] 2 3