Software updates installation on Configuration Manager clients

Applies to: System Center Configuration Manager (current branch - version 1810)System Center Configuration Manager (current branch - version 1806)System Center Configuration Manager (current branch - version 1802)


This article walks you through the update process in Microsoft System Center Configuration Manager current branch, and demonstrates how things work from the client side.


When a client computer in the target collection for a deployment receives machine policy, the Software Update Client Agent starts an evaluation scan. The client agent downloads the content for required update installations from a distribution point to the local client cache at the Software available time setting for the deployment.

This process differs for software updates in optional deployments (deployments that do not have an installation deadline). This is because these updates are not downloaded until a user manually starts the installation. When the configured deadline passes, the Software Updates client agent runs a scan to verify that the software updates are still required. If they are, the agent then checks the local cache on the client computer to verify that the software update source files are still available, and then installs them.

If the content was deleted from the client cache to make room for another deployment, the client redownloads the software updates from the distribution point to the client cache. Software updates are always downloaded to the client cache regardless of the configured maximum client cache size.

After the installation is finished, the client agent verifies that the software updates are no longer required, and then sends a state message to the management point to indicate that the software updates are now installed on the client.

Taking a Closer Look

To get a better understanding of this process, let’s take a look at the client log files and track the progress as we deploy KB 3176493. The client and site server components record process information in individual log files. By default, client and server component logging is enabled in Configuration Manager. You can use the information in these log files to help you troubleshoot issues that might occur in your Configuration Manager environment. For more information about these log files, see Configuration Manager client logs.

This is what the KB 3176493 entry looks like at the start:


Software Update Scanning and Evaluation

When the Evaluation cycle is requested (manual or on schedule), entries that resemble the following are logged in the ScanAgent.log file:

On the server that is running Microsoft SQL Server, SQL profiler shows that Configuration Manager is running the stored procedure MP_GetWSUSServerLocations:

This value is then returned to LocationService.log:

ScanAgent.log also shows the following:

ScanAgent then checks the update source and Time-To-Live (TTL) settings for the last scan results, and submits a request for WSUS server location. Then, LocationService retrieves the WSUS location from the Management Point, and returns the URL and the server name. This is shown in the following example entry from ScanAgent.log:

Next, the Windows Update scan is initiated, and an entry that resembles the following is logged in ScanAgent.log:

State messages are created for each software update that changed in compliance state. Then, state messages are sent to the Management Point, as shown in StateMessage.log:

We also see entries that resemble the following in WUAHandler.log:


When a client computer in the target collection for the deployment receives the machine policy, machine policy (including new or changed deployment assignment policy) is downloaded. UpdatesDeployment.log receives a modification event, and then triggers the evaluation and installation process, as shown:

UpdatesStore checks the status of each update, and looks for the source. Then, CIDownloader determines the applicability for each update. This is shown in UpdateStore.log:

UpdatesHandler retrieves download settings and software update relationships, and then calls to download content.

Entries that resemble the following appear in UpdatesHanlder.log:

Entries that resemble the following appear in WUAHandler.log:

Then, you receive the content location, and the following entry is logged in LocationService.log:

Then software update content is downloaded to the cache, and the following entry is logged in DataTransferService.log:

UpdatesDeploymentAgent then raises a state message (download complete), and calls WUAHandler to handle the software update installation through WUA. You can see this in the following entries in UpdatesDeployment.log:

WUA then installs the updates, and you see the following in the CBS.log file:

Next, state messages are created for each software update that changed in the compliance state, and these state messages are sent to the management point, as shown in StateMessage.log:

At this point, the updates are installed, and the hierarchy is updated.

More Information

For more information about the state message and ID, refer to the following table.



Provides a detailed discussion about each process and how to troubleshoot those processes if problems occur. This discussion includes prerequisites, installation and configuration, configuring deployments, maintenance, and administrative best practices.

Note This document was originally written for Configuration Manager 2012 R2. However, most of the concepts that are explained here are also applicable to Configuration Manager, current branch

  • For more information about state messages, see the following Microsoft Docs article:

State Messages in Configuration Manager

  • For more information about software updates, see the following Microsoft Docs article:

Software Updates Deployment