5 Replies Latest reply on Nov 6, 2014 10:20 AM by jrodgers

    Trouble Deploying Third-Party Updates

    jrodgers Rookie

      Hi,  just getting my feet wet with SCCM 2012 and Shavlik Patch.  I had no trouble installing/configuring Shavlik Patch in Configuration Manager.  I've published a couple of updates (Adobe AIr, Flash Player and Java 7 U71).  They show up in Published Third-Party Updates.  It does say "No" under the Approved column for all the updates.

       

      When I check All Software Updates, I see the published updates.  I highlight Adobe Air 15.0.0.249, right-click and select Deploy.I go through the wizard and select my Test Collection that includes my desktop.  All seems fine.

       

      I go to Monitoring/Deployments and see the Adobe Air push listed.  After waiting for a bit and hitting refresh, It comes back saying 100.0 under Compliance%.  I check my desktop and still do not have Adobe Air installed.  I trried this with Java 7 Update 71 as well.  See attachment.

       

      Do these updates need to be approved somehow?  Not sure where to do that.  I feel like I'm missing one small step to making this work correctly.

       

      I appreciate any and all help in this matter.

       

      Jeff Rodgers

        • 1. Re: Trouble Deploying Third-Party Updates
          SupportEmployee

          Hi jrodgers,

           

          Concerning this-

          jrodgers wrote:

           

          I go to Monitoring/Deployments and see the Adobe Air push listed.  After waiting for a bit and hitting refresh, It comes back saying 100.0 under Compliance%.  I check my desktop and still do not have Adobe Air installed.


          In the instances where you see this issue, are Adobe Air and Java installed on the system previously?


          The Shavlik content for this update doesn't contain any software distribution rules and would only apply the update if an earlier version of Adobe Air was already installed.

           

          Is this possibly the issue you're running into?

           

          Thanks, - Adam

          • 2. Re: Trouble Deploying Third-Party Updates
            jrodgers Rookie

            Hi Adam,

             

            Thanks so much.  I think you are right.  I installed an older version of Adobe Air, Flash Player and Java.  I tried pushing Flash Player 15.0.0.189 for IE and Firefox.  Both failed with FlashFailure.JPG

             

            I've imported the WSUS self-signed cert to Trusted Root Certification Authorities and Trusted Publishers on my local box.  I've also enabled the "Allow signed updates from an Intranet Microsoft update service location" policy setting.  Is there a log that might help in diagnosing the failure?  Feel so close to getting over this patching hurdle.

             

            Thanks for your help!

             

            -Jeff

            • 3. Re: Trouble Deploying Third-Party Updates
              jrodgers Rookie

              Adam,

               

              Also notice this in the WindowsUpdate.log:

               

              FlashFailure_WinUpdateLog.JPG

               

              Thanks.

               

              -Jeff

              • 4. Re: Trouble Deploying Third-Party Updates
                SupportEmployee

                Hey Jeff,

                 

                It sounds as if you've taken the proper steps to meet requirements for this to work, but the error implies there's still something wrong with the certificates.

                 

                I looked up the error:

                0x800B0109 -2146762487

                 

                Which is:

                CERT_E_UNTRUSTEDROOT

                A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

                 

                Based on this it seems the issue might actually be that the root certificates need to be updated on the client system. Is the client system not connected to the internet? Generally that's the only time we see a need to manually update root certificates.

                 

                There's more info about updating root certs from this Microsoft article:

                How to get a Root Certificate update for Windows

                 

                I hope that helps.

                -Adam

                • 5. Re: Trouble Deploying Third-Party Updates
                  jrodgers Rookie

                  Hey Adam,

                   

                  My desktop is connected to the internet 24/7.  I did run the root certificate update (KB931125) just to make sure but still getting the same errors in the WindowsUpdate.log.  I've been searching for hours today but still haven't found a solution.

                   

                  WSUS cert is on the SCCM/WSUS box in the proper stores.  The cert is also in the proper stores on my desktop and the policy to allow updates from an Intranet MS update service location is enabled.

                   

                  Any other suggestions?

                   

                  Thanks again for all your help.

                   

                  -Jeff