Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - louish

Pages: [1] 2
1
HI all, were not seeing Oracle java, specifically Java 7 and 8 in our ADR previews as well as Wireshark. When looking at the deployment package we use for PatchMyPc i am not seeing it in their either. When I search our software updates within SCCM I am seeing updates for Oracle Java 7 and 8 and Wireshark from April of 2020 but that is it.


Are these not being published due to possible agreements/terms of the install or is there something else I should be looking for.


Additionally in our ADR previews were seeing Oracle java






2
Hi Cody, Yes, I have made sure that the content is downloaded, added to the appropriate Deployment package and that the deployment package has been distributed to the DPs

3
Hi all, my org has been using PatchMyPC since May and it has been performing really well. However this month I noticed an oddity. Our 3rd party application deployments are appearing to install most but not all updates thus causing our deployment compliancy data to report that non are compliant but are "in Progress" when looking at the data for each endpoint they all collectively seem to be stuck with Webex Teams Version 3.0.16605.0. When looking at one of the machines I see that the application is showing as available in software center and when attempting to install it just sits at Downloading.

I've made sure the application is downloaded to the deployment package. I've also gone in to the PatchMyPc configurator and set the webex teams installer to republish at next sync and forced a manual sync. I am testing to see if this has an impact.


 Looking at the UpdatesDeployment.log I see that the download has started but nothing seems to happen.  My work machine that is in the same testing deployment got all the updates but about 95% of all other workstations seem to have this issue.


4
Hi All,  Our weekly ADR for all third-party patching ran over the weekend. In the deployment among other apps was a Node.JS update and it looks to have broken parts of Production. My question here is in regards to roll back. I updated the deployment rule to exclude Node.JS in SUG creation. However the Node.JS update kept re-installing itself after we would revert it. I relaized that the node.JS updates still had membership to the SUGs generated by the ADR. I've edited the membership for all Node.JS updates from PatchMyPC and removed  membership  by right clicking on the software>edit membership>un-checked the SUGS that they were apart of.

Is this sufficient enough to stop the updates from installing again on the systems or is there more that I should be doing to stop the node.js updates from installing again.


Thanks,

Louis.

5
Hi Cody, I have been meaning to get back out to you. Looks like all is working now. Thanks for all of your help. I had to manually import the certificate on my end. However, my client seems to be the outlier in this equation. All other machines that I have tested with have the correct policy settings, Registry entry, and are pupating just fine. Thanks again for all of your help.

6
I've republished content and still seem to be getting the error 0x800b0109 regarding the certificate. I've looked at the updatesdeployment.log and cannot find any reference or entry to the certificate being handed out to the clients. I also do not see the certificate in the Trusted Root and Trusted Publishers folders. I have installed the certificate and placed them in both areas but have not had success. I have attached a few logs.

Additionally look at this - https://patchmypc.com/third-party-updates-fail-to-install-with-error-0x800b0109-in-sccm - Does this registry edit need to be made as well on top of everything else?


7
Hi Cody, Thanks for getting back to me. I ran a the resultant client settings check on my PC that I am testing with. I was able to confirm that Third Party Updates is enabled. I have also made sure that my client version supports SCCM 1906.  ( I had read in a previous PatchMyPC post on reddit that this could cause issues too if the client is not new enough)

I've right clicked on all the applications and toggled "Republish Updates for these products during the next sync schedule"


Just waiting for all the content to finish republishing.

Are you able to speak to how the code-signing certificate is pushed to the client machines?



Thanks,

 -Louis


8
Alright, so I was able to create a new template for Code-Signing per the youtube video mentioned earlier. I've enrolled and exported, and imported it via the PatchMyPc Publishing service.

I ran a software synchronization, and saw that the new certificate was found in the wsyncmgr log. Additionally I see that the new cert is showing under the third party updates tab on the SUP role configuration page within SCCM.

The client policies are configured to allow third party updates.

I've ran all actions on my test client, and have cleared cache and restarted. So far it looks like updates are still failing. looking at the certificate store on my PC I am testing with by running CertLM to load the snap in console I do not see this new code-signing cert  in the trusted root or the trusted publishers.

Does the content need to be republished since the cert was replaced in order for the new cert to be pushed to the clients? Are there any logs that can help from here?


Thanks for all your help!



9
Furthermore - Confirming my final comment in my last post. I watched a wonderfully insightful and helpful video from Justin regarding the cert setup for PatchMyPC.It is clear to me now that we are using a self-signed cert and need to get a code-signing cert issued from our CA. I will work this from my end and update

10
Progress!

Is your software update point remote from your Site Server? If so, there are additional steps needed in order to have the WSUS Signing certificate get transferred from your SUP / WSUS to your Site Server.

If your Site Server does not have the certificate, it will not be able to transfer it down to the clients and you will see the certificate chain errors as you've seen.

If you go to the location shown in the attached photo, do you see the certificate details populated?


Hey Cody, The SUP role is running on our primary/only site server. Yes the cert does look to be present in ConfigMgr under the SUP roles configuration. I've made sure that our client policy is also enabled to allow ThirdParty Updates.


Additionally, In hindsight I am not certain that this is the right certificate. I was not involved in the certificate creation process since this project was partially started by time it was created. So it could have been done incorrectly.



11
Thanks for everyone's help I am getting much closer to getting this off the ground.

I created a deployment package and all the content looks to have been placed there and looks to be distributed to our DP's.

Currently as of right now. Updates are being presented in Software center but look to either be timing out or getting the failure code 0x800B0109(-2146762487) which looks to be an in issue with the certificate. I have made sure that the SUP is configured to allow 3rd party updates.I have also made sure that the client policy is set to allow Third Party Updates as well not sure what could be the hiccup.  Looking at the Certificates MMC Snap-In Console on my PC I am not seeing the certificate? Should this be showing in the certificate snap-in?

Wsyncmgr log is not showing any errors. the Certificate in the PatchmyPC tool looks to be good.Not sure how long it takes for the clients to pull updated policy.

One other unusual thing is the ADR I created is failing to run. Ruleengine.log is spitting out errors however It's not clear to me in their output what the exact issue is.

The fact that updates are now showing in software center is a great start and I think i am pretty close to getting this off the ground.

12
Thanks for all the help. I guess here my blocker is identifying the creation of the Deployment Package. When creating the ADR and creating a new Deployment package am I pointing the package source to the "WSUS Content" folder?

13
First and foremost I want to say thanks to Justin and Wes. I have received great support from both of them last week and they were quick and very knowledgeable.


I am taking over my companies 3rd party patch management as we are moving away from a vendor and handling it in house. My company has purchased PatchMyPC and has mostly set it up.

I've re-ran the publisher tool as I went through the documentation on setting  it up just so I can get the hang of it. I've had the publisher service connect and view our sites database and have selected all applications we are currently using and set up the custom options for each/all applications we are wanting PatchMyPC to update for us. I then ran the publisher sync service.


I've created a device collection within SCCM and have placed 2 PC's in their to test with. Both are running outdated versions of Firefox, and Chrome that were installed manually.

I then created an ADR and point it to the test collection I created earlier. I specific the ADR to pull any and all updates from the Vendor" PatchMyPC" and then tell it there is no deployment package since these updates are stored within WSUS.  (Not sure if these is the right way to do this) and the proceed to finish building out the ADR.

I've made sure that the client settings are configured to allow third party software updates as well as made sure that the SUP is configured to allow 3rd party updates. I have unsubscribed from the PatchMyPC Third Party Software Catalog. I've synchronized the software update catalog, and ran all site actions under the configmgr client as well as cleared the cache and I am still not seeing any of the updates show up in software center.

Any insite as to what I am missing would be greatly appreciated.









14
Thanks again for the help. I will be sure to follow this documentation and go from there.

15
Alright, I un-subscribed and have re-ran the publisher. however since they updates were pulled as meta already it looks like it will not publish full content to SCCM. Looks like I may need to purge these updates from WSUS?

Pages: [1] 2