UX usually means ‘user experience’, but you’ve got some other key words in
there like, ‘AU’ and ‘interactive’. Do these servers have Automatic Updates
Group Policy applied anywhere?
In c:\windows\ccm\logs you should be able to see stuff around the scan in
updatesdeployment.log, scanagent.log, datatransferservice.log,
updateshandler.log, updatesstore.log and wuahandler.log to see all of the
updates.
Also, in windowsupdate.log you should see more stuff like this:
2015-05-25 19:14:24:752 5272 14f4 COMAPI
-- START -- COMAPI: Search [ClientId = CcmExec]
2015-05-25 19:14:24:752 5272 14f4 COMAPI
---------
2015-05-25 19:14:24:753 940 c14 Agent
*************
2015-05-25 19:14:24:753 940 c14 Agent ** START
** Agent: Finding updates [CallerId = CcmExec]
2015-05-25 19:14:24:753 940 c14 Agent *********
2015-05-25 19:14:24:753 940 c14 Agent *
Include potentially superseded updates
2015-05-25 19:14:24:753 940 c14 Agent *
Online = No; Ignore download priority = Yes
2015-05-25 19:14:24:753 940 c14 Agent *
Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains
'84F5F325-30D7-41C4-81D1-87A0E6535B66') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'704A0A4A-518F-4D69-9E03-10BA44198BD5') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'6248B8B1-FFEB-DBD9-887A-2ACF53B09DFE') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'1403F223-A63F-F572-82BA-C92391218055') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'041E4F9F-3A3D-4F58-8B2F-5E6FE95C4591') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'B54E7D24-7ADD-428F-8B75-90A396FA584F') OR (DeploymentAction=* AND
Type='Software' AND CategoryIDs contains
'0FA1201D-4330-4FA8-8AE9-B877473B6441'))"
2015-05-25 19:14:24:753 940 c14 Agent *
ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-05-25 19:14:24:753 940 c14 Agent *
Search Scope = {Machine}
2015-05-25 19:14:24:753 940 c14 Agent *
Caller SID for Applicability: S-1-5-18
2015-05-25 19:14:24:758 5272 14f4 COMAPI
<<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
2015-05-25 19:14:27:089 940 c14 Agent *
Added update {BDB0E301-5660-4DB8-A396-F3C9C0C10776}.201 to search result
2015-05-25 19:14:27:090 940 c14 Agent *
Added update {D391DE02-B9A1-4C5B-B8C1-7ECCA958ACDF}.203 to search result
2015-05-25 19:14:27:090 940 c14 Agent *
Added update {92504704-BF09-4CE5-8436-90B6AE8A842A}.201 to search result
2015-05-25 19:14:27:090 940 c14 Agent *
Added update {28904808-0DBB-4812-9A9A-7E9977ADE38A}.202 to search result
2015-05-25 19:14:27:090 940 c14 Agent *
Added update {09257309-72A1-4622-B9DA-610B9E037E2E}.201 to search result
2015-05-25 19:14:27:090 940 c14 Agent *
Added update {C822D00A-FEC3-4B65-8F63-6E6BEA292944}.203 to search result
That 5th column in yours shows ‘AU’ which typically means Auto Update, and not
‘Agent’ like mine above which should be your sccm client doing stuff.
Looks to me like they did what they were told, it just wasn’t SCCM. Maybe WSUS
via Group Policy?
Todd
From: [email protected] [mailto:[email protected]] On
Behalf Of Gushue, William
Sent: Monday, May 25, 2015 2:10 PM
To: myITforum SMS List ([email protected])
Subject: [mssms] Software Updates Applied to Servers Without Approval
I configured a Software Update Group to deploy to a group of servers this past
weekend. A number of other servers ended up installing the updates. I have:
1. Checked the collection (which I have since deleted) to ensure the correct
servers were added.
2. Checked the Properties of the servers that received the updates (even though
they shouldn’t have) and there were NO deployments in the Deployments tab.
3. Checked reports and they tell me the updates were required, but there was no
check mark under “Approved”
4. Checked for Duplicate GUIDs and there are none that apply.
5. Checked the Windows Update log file and see the following:
“2015-05-25 10:26:07:179 1224 5b5c AU
AU received approval from UX for 43 updates
2015-05-25 10:26:07:179 1224 5b5c AU AU
setting pending client directive to 'Progress Ux'
2015-05-25 10:26:07:303 1224 5b5c AU
BeginInteractiveInstall invoked for Download
2015-05-25 10:26:07:303 1224 5b5c AU
Auto-approving update for download, updateId =
{0087DF01-B453-4F5E-B5B4-E61911BCF5A8}.200, ApprovalIsForUx=1, UpdateOwner=UX,
HasDeadline=0, IsMinor=0” – which indicates something approved them, but I am
not sure what “UX” means.
Is there anywhere on the client itself where I can see something to the effect
“I am supposed to apply these updates and it’s because I am in this
collection”? I have been using PolicySpy and checking PolicyEvaluator and
PolicyAgent but have yet to come across why these updates got approved for
these systems. I am usually pretty good at tracking down my own mistakes, but
this one has me stumped.
Thanks.
________________________________
********************************************************************
This e-mail message is privileged, confidential and subject to
copyright. Any unauthorized use or disclosure is prohibited.
Le contenu du présent courriel est privilégié, confidentiel et
soumis à des droits d'auteur. Il est interdit de l'utiliser ou
de le divulguer sans autorisation.
********************************************************************
