Error: 80071A90
This error has been seen on Windows 8, 8.1 and Server 2012 R2. For any updates reporting this error consider trying to reboot the machine and retry the update.
The error is not seen very often and due to the fact that Configuration Manager will normally retry updates periodically it will often self correct.
07 December 2015
01 December 2015
Error 80096004
Error 80096004
Description: The signature of the certificate cannot be verified
Possible cause: This problem is often seen if the agent does not trust the certificate server used to issue the SCUP signing certificate. Often seen with SCUP updates being applied during OSD or if a manual distribution method (ie. scripts) are used to deploy certificate.
Description: The signature of the certificate cannot be verified
Possible cause: This problem is often seen if the agent does not trust the certificate server used to issue the SCUP signing certificate. Often seen with SCUP updates being applied during OSD or if a manual distribution method (ie. scripts) are used to deploy certificate.
Error 800b0004
Error 800b0004
Description: The subject is not trusted for the specific action
Possible cause: SCUP Signing Certificate is not in trusted publishers
If you see the error returned from deploying a group of updates containing a least one SCUP update (Adobe Flash, HP) then check the certificate store on the affected system.
Description: The subject is not trusted for the specific action
Possible cause: SCUP Signing Certificate is not in trusted publishers
If you see the error returned from deploying a group of updates containing a least one SCUP update (Adobe Flash, HP) then check the certificate store on the affected system.
20 November 2015
Error 80240440
Error 80240440
Description: The connection to the service endpoint died.
Possible causes
I have seen this error with various firewalls and content inspection devices. Normally the problem is related to the fact that Windows Update Agent is trying to communicate using tcp/8530 or tcp/8531 to the Configuration Manager SUP. The content inspection system thinks that using http or https against non-standard ports is suspect and blocks the connections.
Remember that even if you have configured WSUS to use https some folders is still transmitted via http.
Possible solutions
1. Modify the rule set on the inspection device/firewall
2. Add a new WSUS server using default ports (tcp/80 and tcp/443)
Description: The connection to the service endpoint died.
Possible causes
I have seen this error with various firewalls and content inspection devices. Normally the problem is related to the fact that Windows Update Agent is trying to communicate using tcp/8530 or tcp/8531 to the Configuration Manager SUP. The content inspection system thinks that using http or https against non-standard ports is suspect and blocks the connections.
Remember that even if you have configured WSUS to use https some folders is still transmitted via http.
Possible solutions
1. Modify the rule set on the inspection device/firewall
2. Add a new WSUS server using default ports (tcp/80 and tcp/443)
Configuration Manager Techincal Preview 4
Microsoft has released the last technical preview of Configuration Manager before delivering the GA bits later this year.
See http://blogs.technet.com/b/configmgrteam/archive/2015/11/19/now-available-system-center-configuration-manager-technical-preview-4.aspx for more details
See http://blogs.technet.com/b/configmgrteam/archive/2015/11/19/now-available-system-center-configuration-manager-technical-preview-4.aspx for more details
Error 800B0109
Error 800B0109
Description - Windows: A certificate chain was processed but terminated in a root certificate which is not trusted by the trust provider.
This error can been found deploying software updates originating from System Center Updates Publisher (SCUP) if the client machine does not have both the root certificate of the CA issuing the code signing certificate used by SCUP and the actual code signing certificate. It can also be seen if the client does not have the "Allow signed content from intranet Microsoft update service location" policy enabled.
To correct the problem verify that you have the root certificate of your CA and the signing certificate deployed along with a GPO with "Allow signed content from intranet Microsoft update service location" enabled
Description - Windows: A certificate chain was processed but terminated in a root certificate which is not trusted by the trust provider.
This error can been found deploying software updates originating from System Center Updates Publisher (SCUP) if the client machine does not have both the root certificate of the CA issuing the code signing certificate used by SCUP and the actual code signing certificate. It can also be seen if the client does not have the "Allow signed content from intranet Microsoft update service location" policy enabled.
To correct the problem verify that you have the root certificate of your CA and the signing certificate deployed along with a GPO with "Allow signed content from intranet Microsoft update service location" enabled
17 November 2015
Service Manager 2012 R2 RU8 released
Service Manager 2012 R2 RU8 has been released. Among the more interesting features are a new end user portal to replace the old.
For more information and download see
https://support.microsoft.com/en-us/kb/3096383
For more information and download see
https://support.microsoft.com/en-us/kb/3096383
Configuration Manager 2012 R2 CU2 Updated
CU2 for Configuration Manager 2012 SP2 and R2 SP1 has been updated. More information can be found here: https://support.microsoft.com/en-us/kb/3100144
While I have not had many issues with CU1 a few of the updates contained in CU2 is worth highlighting:
3084586 Driver package size increases in System Center 2012 Configuration Manager
Applications will not install when you use them with a dynamic variable list in a task sequence if no SMB package share was defined for the content. This affects only installations that use a dynamic variable list. Other installation methods are unaffected. Errors that resemble the following are recorded in the Smsts.log file on the client:
The build number is now 5.00.8239.1301
While I have not had many issues with CU1 a few of the updates contained in CU2 is worth highlighting:
3084586 Driver package size increases in System Center 2012 Configuration Manager
Applications will not install when you use them with a dynamic variable list in a task sequence if no SMB package share was defined for the content. This affects only installations that use a dynamic variable list. Other installation methods are unaffected. Errors that resemble the following are recorded in the Smsts.log file on the client:
The build number is now 5.00.8239.1301
10 November 2015
Error 8007000E
Error 8007000E
Out of
memory
Source: Windows
Causes
Possible
cause 1.
Windows
Update Agent is running out of memory. This is often seen on 32 bit operating
system where Windows Update Agent runs out of memory trying to scan the local
machine for software updates. The consequence of running out of memory is that
the machine will be seen as reporting unknown state for all updates.
Fix 1:
Clean up software updates. Reduce the size of the Windows Update catalog by
declining superseded updates. You can do this manually or by running the
Powershell script described here: http://blogs.technet.com/b/configurationmgr/archive/2015/04/15/support-tip-configmgr-2012-update-scan-fails-and-causes-incorrect-compliance-status.aspx
This is always
a good idea to clean up your updates to reduce the time it takes to scan your
machines.
Fix 2:
Install the updates KB3050265 – see https://support.microsoft.com/en-us/kb/3050265
Workaround:
Configure Windows Update Agent (WUA) to run it is own memory space on a 32 bit
Windows OS. This can be done by running sc.exe config wuauserv type= own
06 November 2015
Error 87D00231
Error: 87D00231 - transient error
Source: Source: System Center Configuration Manager
Causes
Possible cause 1.
Configuration Manager Management Point is configured to use https but the client does not have a valid certificate. Check if the certificate is missing or expired.
You should see errors in ClientIDManagerStartup.log and notice in the console that the client is reporting software updates as being in a unknown state.
Fix: If the certificate is missing or expired you need to issue/request a new certificate.
Source: Source: System Center Configuration Manager
Causes
Possible cause 1.
Configuration Manager Management Point is configured to use https but the client does not have a valid certificate. Check if the certificate is missing or expired.
You should see errors in ClientIDManagerStartup.log and notice in the console that the client is reporting software updates as being in a unknown state.
Fix: If the certificate is missing or expired you need to issue/request a new certificate.
Subscribe to:
Posts (Atom)