4 important steps:
1. Scanning devices
2. Check logs to see patch status
3. Remedy by providing patches
4. Patches are deployed according to protocols, but reporting shows they are not compliant

More information about:
– Manual patch deployment
– Reason why problems are reported.
– Software Center Error Codes and Description

——————————————————————————–

STEP 1: Scan the devices:
– Check the WUA handler log if the scan fails
– Full details of WUAHandler.log and fix are linked to registry.pol – check the date, rename or delete registry.pol file and run gpupdate /force and run evaluation cycle and software update scan cycle.
– Full video to troubleshoot scanning issue https://youtu.be/4ntGsLCu-7E

STEP 2: Check logs to see patch status:
– Check updatestore.log for the specific KB. We can determine if it is missing or present by its unique ID.
– Checking additional logs based on the unique IDs Updatedeployment.log, updatehandler.log, updatestore.log, WUAHandler.log and windowsupdate.log can give us good clues about errors.
– To check the Windows update log
Powershell – get-windowsupdatelog

The logs contain entries such as:
– ASSIGNMENT_EVALUATE_SUCCESS, ASSIGNMENT_ENFORCE_FAILED or other message like "Update could not be appended to the automation wrapper" = 0x87D00215.
– If the installation shows as complete (0x000000000), it means that patches are installed.
– There are currently no pending patches available. Please find the log details.
![LOG[EnumerateUpdates for action (UpdateActionInstall) – total number of actionable updates = 0]LOG]! Time=”05:02:16.837-60” Date=”02/16/2022” Component=”UpdatesDeploymentAgent” Context=”” Type=”1” Thread=”27904” File=updatesmanager.cpp:1826”

STEP 3: Remediation by deploying patches:
– Caused by some update files getting corrupted while downloading. If this happens, you can delete or rename the folder and it will be recreated in the same location.
– Some placed observed in software distribution and ccmcache
– Rename folder
– The “Software Distribution” folder is located at C://windows//
– If ccmcache, ccmcache folder or specific subfolders can be renamed if known
– Catroot2 folder under C://windows//System32
– By default this is not allowed because the services are running in the backend
. Stop the Windows Update service. Service name: wuauserv
. Stop cryptographic services. Service name: CryptSvc
. Stop the background intelligent transfer service Name: Bits
. Stop the Windows Installer services. Service name: msiserver
– Rename folder after service end
. Sometimes some services start automatically, so you need to disable this.
. Once the folders are renamed, restart/enable the above 4 services and also check the status of SMS Agent Host service
If you encounter an error while starting the Windows Installer service, check if you can unregister and re-register Windows Installer by using the following command
.Msiexec /unregister
.Msiexec /regserver
– Restart system and check
Initiate the Software Update Scan Cycle and the Software Updates Deployment Evaluation Cycle from the Configuration Manager applet.
. Check logs
– If the patches still cannot be deployed, there may be a Windows issue.
. Sfc/scannow (this is the System File Checker)
. The Windows Update troubleshooter can be accessed via Settings

STEP 4: Patches are deployed according to protocols, but reporting shows non-compliance.
– We need to make the client resend its data to the MP. This is a handy way to force some status messages.
Powershell query
. $UpdateStore = New Object –ComObject Microsoft.CCM.updateStore
. $UpdateStore.RefreshServerComplianceState()
This command allows you to update/refresh the compliance status of SCCM.
– Site code change
– Reinstall client
—————————————————————————————-
Possible reason for reporting problems:
– Offline or inactive client – bring it back to the network
– Device not in use – it has been retired from AD or SCCM
– Pending reboot
– Low storage space – Manage hard drive size / Increase HDD size
– Download corrupted
– SCCM client corrupted
– If the client does not update the current date, repair/reinstall
– GPO problem
—————————————————————————————————
Follow the following platforms to get updates:

Blog website: https://mecmworld.blogspot.com
Twitter: https://twitter.com/YagneshMalaviya
Linked In: https://www.linkedin.com/in/yagnesh-malaviya
Facebook: https://www.facebook.com/mecmworld
Instagram: https://www.instagram.com/mecm_world
Email ID: [email protected]

If you would like to share your troubleshooting or knowledge about MECM, please feel free to express your interest via email. We look forward to cooperation and knowledge sharing.

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.