How to manage Surface driver updates in Configuration Manager

Kehtib: System Center Configuration Manager 1710

 

Summary


Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates directly through the Configuration Manager client. The process resembles deploying regular updates. However, some additional configurations are required to get the Surface driver updates into your catalog.

Prerequisites


To manage Surface driver updates, the following prerequisites must be met:

  • You must use Configuration Manager version 1710 or a later version.

  • All Software Update Points (SUPs) must run Windows Server 2016 or a later version. Otherwise, Configuration Manager ignores this setting and Surface drivers won't be synchronized. 

Note If your environment doesn’t meet the prerequisites, refer to the alternative methods to deploy Surface driver and firmware updates in the "FAQ" section.

Useful log files


The following logs are especially useful when you manage Surface driver updates.

Log name

Description

WCM.log Records details about the software update point configuration and connections to the WSUS server for subscribed update categories, classifications, and languages.
WsyncMgr.log Records details about the software updates sync process.


These logs are located on the site server that manages the SUP, or on the SUP itself if it's installed directly on a site server.

For a complete list of Configuration Manager logs, see Log files in System Center Configuration Manager.

Enabling Surface driver updates management


To enable Surface driver updates management in Configuration Manager, follow these steps:

  1. In the Configuration Manager console, go to Administration > Overview > Site Configuration > Sites.
  2. Select the site that contains the top-level SUP server for your environment.
  3. On the ribbon, click Configure Site Components, and then click Software Update Point. Or, right-click the site, and then select Configure Site Components > Software Update Point.
  4. On the Classifications tab, select the Include Microsoft Surface drivers and firmware updates check box.

    Include Microsoft Surface drivers and firmware updates
  5. When you're prompted by the following warning message, click OK.

    Warning message
  6. On the Products tab, select the products that you want to update, and then click OK.

    Most drivers belong to the following product groups:
     
    • Windows 10 and later version drivers
    • Windows 10 and later Upgrade & Servicing Drivers
    • Windows 10 Anniversary Update and Later Servicing Drivers
    • Windows 10 Anniversary Update and Later Upgrade & Servicing Drivers
    • Windows 10 Creators Update and Later Servicing Drivers
    • Windows 10 Creators Update and Later Upgrade & Servicing Drivers
    • Windows 10 Fall Creators Update and Later Servicing Drivers
    • Windows 10 Fall Creators Update and Later Upgrade & Servicing Drivers
    • Windows 10 S and Later Servicing Drivers
    • Windows 10 S Version 1709 and Later Servicing Drivers for testing
    • Windows 10 S Version 1709 and Later Upgrade & Servicing Drivers for testing

    Note Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization.

Verifying the configuration


To verify that the SUP is configured correctly, follow these steps:

  1. Open WsyncMgr.log, and then look for the following entry:

    If either of the following entries is logged in WsyncMgr.log, recheck step 4 in the previous section:
  2. Open WCM.log, and then look for an entry that resembles the following:

    WCM.log


    This entry is an XML element that lists every product group and classification that's currently synchronized by your SUP server. For example, you might see an entry that resembles the following:


    If you can't find the products that you selected in step 6 in the previous section, double-check whether the SUP settings are saved.

You can also wait until the next synchronization finishes, and then check whether the Surface driver and firmware updates are listed in Software Updates in the Configuration Manager console. For example, the console might display the following information:

Software updates

Manual synchronization


If you don't want to wait until the next synchronization, follow these steps to start a synchronization:

  1. In the Configuration Manager console, go to Software Library > Overview > Software Updates > All Software Updates.
  2. On the ribbon, click Synchronize Software Updates. Or, right-click All Software Update, and then click Synchronize Software Update.
  3. Monitor the synchronization progress by looking for the following entries in WsyncMgr.log:
     

Deploying Surface firmware and driver updates


You can deploy Surface firmware and driver updates in the same manner as you deploy other updates. 

For more information about deployment, see System Center 2012 Configuration Manager–Part7: Software Updates (Deploy).

Frequently asked questions (FAQ)


Q1: After I follow the steps in this article, my Surface drivers are still not synchronized. Why?

A1: If you synchronize from an upstream Windows Server Update Services (WSUS) server instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database.
 

Q2: After I follow the steps in this article, some Surface drivers are synchronized, but not the expected drivers. Why?

A2: The processing time for testing drivers and confirming them for deployment through WSUS and Configuration Manager varies. Therefore, Surface driver updates are not necessarily available on the same day for both manual installation and Configuration Manager console deployment.

Additionally, there are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. Surface drivers must go through additional testing before they can be added to this list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization.
 

Q3: Is the driver allow list published? Is it downloadable?

A3: The Surface driver allow list isn't published online. This list is delivered to Configuration Manager through the update and servicing channels. If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically.

If your Configuration Manager environment is offline, a new allow list is imported every time that you import servicing updates to Configuration Manager. You will also have to import a new WSUS catalog that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment.

Another solution is to use alternative methods to deploy Surface driver and firmware updates.
 

Q4: I require the latest firmware update, and I can't wait for it to be approved for import into Configuration Manager. Can I manually import the driver into WSUS?

A4: No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list.

Another solution is to use alternative methods to deploy Surface driver and firmware updates.
 

Q5: Can I manually add a driver to the allow list?

A5: No. The list is stored in the Configuration Manager database. Any changes to the list will be overwritten the next time that the CAB file is processed.
 

Q6: What alternative methods do I have to deploy Surface driver and firmware updates?

A6: For information about how to deploy Surface driver and firmware updates through alternative channels, see Manage Surface driver and firmware updates.

If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see Keeping Surface Firmware Updated with Configuration Manager.

Additional Information