0

I am in charge of deploying patches to my client with approx 3600 workstations (servers excluded from that number) in their infrastructure. I do it through SCCM, where I have everyting setup - search folders, deployment lists... everything.

When I pull out search for patches, I can see number of "required" machines on each patch... now here is the problem.

Number of "Required" doesn't match reality.

Example:

  • There is a new Silverlight patch, that has Required = 1256

  • I run a report with criteria that returns computers with version, that should be updated... the old one. The number of computers, that get reported with old version is higher ... 1874

As a proof, that this is an issue, I deploy this patch and wait for about a week, then I pull out report ID 280 in SCCM on patch deployment I use for deploying to all machines. It shows good compliance and there are about 14 machines left, that have not received this patch.

Then I go and pull report with criteria that returns computers with the old version. It is still higher than actually Required by the patch.

So the question for my problem here...

Why isn't the rest of the computers targeted by new patch of Silverlight even though they have older version of Silverlight?

jirin
  • 1
  • 1

1 Answers1

0

What's the type of the non-targeted machines (OS version, RAM, HDD...)? Also, have you updated GP by launching gpupdate /force on all of them? Force updates and start wuauclt /detectnow /force on workstations, that number may vary.

I recommend you not to use Silverlight whenever is possible to. Recent web explorers like Chrome have NPAPI plugins disabled.

antonioalopezfernandez
  • 113
  • 6
  • OS: Win 7 x86, RAM: varies, mostly 4 gigs, HDD varies too. Group policies shouldn't be connected to issues with discovery.. or? Please explain, I want to know. And from what I understand, if I run the wuauclt command, I should then check if the computer is then targeted right? – jirin Oct 15 '15 at 09:40
  • btw: I am forced to maintain their silverlight versions. They use apps and such, that require SL to be updated. – jirin Oct 15 '15 at 09:43
  • No, they aren't connected, but they may be pointing at Microsoft servers when launching their updates. That's why i would run that command. However, I feel like the problem is that WSUS server can't see properly the Silverlight version of each machine. If I had to fix that, I would run wuauclt /detectnow /force on a script that all the machines should launch at boot. That would give me the closest idea of what version of Silverlight is using every machine. – antonioalopezfernandez Oct 17 '15 at 13:48
  • I will do that once a new patch is issued by MS to get a "fresh" start. I have deployed the rest manually by package, so they are all OK right now. I have a checklist of items to check and try when new patch arrives. I'll get back to you once I have more relevant results on this issue to share with you. – jirin Oct 19 '15 at 13:48