Links for Software Updates

Managing software updates in 2012

State messages

Deploy all Windows Updates during the SCCM 2012 Task Sequence

Software Update Content Cleanup in System Center 2012 Configuration Manager

House of Cards–The ConfigMgr Software Update Point and WSUS

Command to list all updates on a machine – Wmic qfe list >c:\list.txt

Updates requiring multiple reboots to exclude from TS OSD

Troubleshooting SCCM Part III …Software Updates

Object Replication Manager (objreplmgr) on child site failed to insert .CID and .SDM files

Posted 27th June by Vincent Goh

I was presented with an issue whereby software updates (configuration items) were not replicating from the central parent site down to a particular child primary site. The symptoms of this being that if a certain update list, update package, or update deployment contained one of the missing updates (CI_items) then the effected object(s) would not appear in the console, and therefore I cannot deploy the effected update(s) at the child site

In this scenario I found a backlog of .CID files in the inbox folder below, each .CID file representing an update which couldn’t be processed.


The retry is attempted 100 times and then the .CID is place in the ‘bad’ folder

When SMS_OBJECT_REPLICATION_MANAGER attempts to process the effected CI’s the following is logged to the objreplmgr.log which indicates the failure:
Processing replication file d:\Microsoft Configuration Manager\inboxes\\INCOMING\RetryGL_42586.CID in retry.

Failed to insert Object 6298a02f-0a6a-4f34-b832-08059b682b63 from replication file d:\Microsoft Configuration Manager\inboxes\\INCOMING\RetryGL_48796.CID.

On to the resolution, I found that running the following 6 SQL queries on the effected child sites resolved the issue:

Delete from CI_ConfigurationItems Where CIType_ID in (1, 6, 8);
Update CI_SDMPackages set IsDeleted = 1 where SourceSite = ‘ZZZ’;
Delete from CI_ComplianceHistory where isdetected = 1
Delete from CI_Compliancehistory where isdetected = 0
Delete from CI_SDMPackages where is deleted =1 and sourecesite = ‘ZZZ’
Exec sp_DeleteOldSDMPackageData 0;

* note: replace ZZZ with the site code of your central site (or the active SUP which is the furthest upstream’)

Running the above queries will purge Software Updates data from the effected child site.

You should then wait about 30 minutes and then restart the following services on the effected child site:


The final step is to initiate a full site replication, this can be done using the heirarchy maintenance tool (syncchild option) or by place a file called .SHA * in the on the parent site.

* .SHA – replace with the 3 digit site code of the desired child site you wish to replicate.

Allow up to 24 hours for the site replication to complete, when it finishes you should have a fully matching compliment of updates on the central site and child primary site.

You can monitor the objreplmgr.log for successful insertion of .CID and .SDM items, and you should also find that the folder \inboxes\\INCOMING\retry does not contain any items for retry.

Posted 27th June by Vincent Goh


Creating a Software Update Group based on an input file

Depending on your patching process the way you structure and create Software Update Groups in Configuration Manager 2012 may vary. At quite a few customers I see a scenario where the monthly patch review board spawns a spreadsheet with the Updates to be released into the environment. Having to create a Software Update Group based on that spreadsheet manually can be a time consuming task for the Configuration Manager administrator.

With the new powershell cmdlets available in Configuration Manager 2012 Service Pack 1 I found out it was really straightforward to automate the creation of the Software Update Groups and populating them based on a csv input file. For someone like me, having very little experience with Powershell and scripting in general, it only took a few hours of playing in my lab to accomplish this. Lets have a look at the steps I’ve walked through.

Step 1 – The input file