Software update troubleshooting and maintenance in System Center 2012 Configuration Manager

Applies to: Microsoft System Center 2012 Configuration ManagerMicrosoft System Center 2012 Configuration Manager Service Pack 2Microsoft System Center 2012 R2 Configuration Manager


This article introduces software updates in Microsoft System Center 2012 Configuration Manager and provides guidance for understanding the process and for troubleshooting problems if they occur.

More Information

Software updates in System Center 2012 Configuration Manager provide a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and maintain the stability of the network infrastructure.

Software update synchronization in Configuration Manager uses Microsoft Update to retrieve software update metadata. The top-level site synchronizes with Microsoft Update on a predetermined schedule or when you manually start synchronization from the Configuration Manager console. When Configuration Manager finishes software update synchronization at the top-level site, software update synchronization starts at child sites if they exist. When synchronization is complete at each primary site or secondary site, a site-wide policy is created that provides client computers with the location of the software update points.

After the client receives the policy, the client starts a scan for software update compliance and writes the information to Windows Management Instrumentation (WMI). The compliance information is then sent to the management point. From there, the information is sent to the site server. For each software update, a state message is created that contains the compliance state for the update. The state messages are sent in bulk to the management point and then to the site server. There, the compliance state is inserted into the site database. The compliance state for software updates is displayed in the Configuration Manager console. In the console, you can deploy and install software updates on computers that require the updates through a deployment package.

You can use a software update deployment package to download software updates to a network shared folder and to copy the software update source files to the content library on site servers and on distribution points that are defined in the deployment. By using the Download Updates Wizard, you can download software updates and add them to deployment packages before you deploy them. This wizard lets you set up software updates on distribution points and verify that this part of the deployment process is successful before you deploy the software updates to clients. 

When you deploy downloaded software updates by using the Deploy Software Updates Wizard, the deployment automatically uses the deployment package that contains the software updates. When software updates that were not downloaded are deployed, you must specify a new or existing deployment package in the Deploy Software Updates Wizard. After you do this, the software updates are downloaded when the wizard is finished. 

After you deploy software updates, or when an automatic deployment rule runs and deploys software updates, a deployment assignment policy is added to the machine policy for the site. The software updates are downloaded from the download location, the Internet, or a network shared folder to the package source. The software updates are then copied from the package source to the content library on the site server and then copied to the content library on the distribution point.

When a client computer in the target collection for the deployment receives the machine policy, the Software Update Client Agent starts an evaluation scan. The client agent downloads the content for required software updates from a distribution point to the local client cache soon after it receives the deployment. However, it waits until after the time that is specified in the Software available time setting for the deployment before the software updates are available to install. The software updates in optional deployments (that is, deployments that do not have an installation deadline) are not downloaded until a user manually starts the installation.

When the configured deadline passes, the Software Updates Client Agent performs a scan to verify that the software updates are still required. Then, it checks the local cache on the client computer to verify that the software update source files are still available. Finally, the client installs the software updates. If the content was deleted from the client cache to make room for another deployment, the client again downloads the software updates from the distribution point to the client cache. Software updates are always downloaded to the client cache regardless of the configured maximum client cache size. When the installation is complete, the client agent verifies that the software updates are no longer required and then sends a state message to the management point to indicate that the software updates are now installed on the client.

For more information about understanding, maintaining, and troubleshooting the software update process, please see the following resources:
3090184 How to troubleshoot software update scan failures in System Center 2012 Configuration Manager
3090265 Using log files to track the software update deployment process in Center 2012 Configuration Manager 
3090264 How to troubleshoot software update deployments in System Center 2012 Configuration Manager
3090526 Software update maintenance in System Center 2012 Configuration Manager