We have an issue with business wanting to know within a 15-30 minute timeframe when the server reboots. With the maintenance windows today we can only open for installation and reboot but do not know when during the maintenance window the reboot will happen. Would it be possible to allow a setting to wait with the reboot to the end of the maintenance window. This way the reboot time would be predictable and installation would happen during the maintenance window. The option could be something like "If reboot is required wait until the end of the maintenance window to reboot" and a single checkbox.

Sometimes (one time per week) we have a failed automatic deployment rule (ADR).

Error Code:
SMSRULEENGINE
Message ID: 8706
Decription:
Content download failed.
Message: Failed to download one or more content files.
Source: SMS Rule Engine.

Most of the time it is the one of the Windows Defender Definition updates. If I Re-run (Run Now) the ADR it works perfectly. Maybe there is not enough time between sync sup and run ADR. I don't know. After I click "Run Now" it's always success.

It would be great if you can add an option "Re-run failed ADR, after X minutes, try it X times" something like that.

It would be great to have a menu item to view the specific update reports in the All Software Updates view and within the Software Updates Groups view. Currently we can ascertain the updates' status details, required count, install count etc... from the Software Update list view but this information is not interactive. To actually identify the specific list of systems these updates are needed by or installed on we have to manually run a compliance report for the software update. It would be nice to have that functionality built into the Software Library module where highlighting an update will enable a selection menu to run off reports for that update.

We create "year packages" for several products so older updates are in a "static software upgrade". But we still have to maintain these SUG periodically to remove superseeded updates.
An example:
I'd like to have an ADR which selects all updates from 2015 for all my server OS'es and checks this every month or quarter so expired updates are automatically removed and reinstated updates are added again.

In addition, I want my current ADR to select all updates from 1st of Januar till now. This is not possible at the moment because all moments are relative.

Why(?) this seems strange since the option "add to existing Software update group" the SUG cleans before adding the selected updates. This makes the "adding" variant obsolete, isn't it?

On our Primary site server, under Admin > Site System properties, we have set the proxy settings with username and password.

In our company, Domain Admins are blocked at the proxy server from accessing the internet. My colleague, who is an SCCM admin, but not a Domain Admin, can download Software Updates and add them to a Deployment Package. I am a Domain Admin, and when I try this, it fails with: "Error: Failed to download content ID 16902216. Error %1 is not a valid Win32 application."

So, that proxy setting is used by some functions of ConfigMgr, but not all.

According to Scott Breen [MSFT]:

Configuration Manager needs to connect to the Internet to download the source files for Software Updates. This process is initiated via:
- The Configuration Manager server during the execution of an Automated Deployment Rules (ADR);
- The Configuration Manager console (in the user context on the computer where the console is running) during creation of a Software Update package.

The download process requires the computer or user account where the download originates to have access direct to the internet or through a proxy server.

The proxy server configured within Configuration Manager settings is for the server initiated downloads only - NOT the console initiated downloads.

What I would like is for the admin console to have a proxy settings section, so that for software downloads, it can used a specific user account to do the downloads. In my case, using Internet Options proxy settings is not feasible, as that account doesn't have rights to logon to the server.

Desired behaviour: Either use the proxy settings set in the Site Server properties to do the downloads, OR, allow us to specify the settings in the console (including specifying user/password there).

I'd like to have the option, when pushing out software updates to have deadlines for maintenance windows. For example, you set the deadline for automatic install and reboot for sunday at 10pm and set the deadline behaviour to not do anything outside of the maintenance window. This means the patches will only automatically install during the maintenance window and wont interrupt the users during the day. However, I'd like a secondary deadline, so that say on Wednesday night I can set the patches to install outside of the maintenance window from say 6pm onward (i.e the users have had enough time to install the patches out of hours and are now getting them regardless during the business day), as this is how I initially thought the deadline behaviour worked (but obviously doesn't), as at present I have to go into all my deployments after a week and change the behaviour to install patches and reboot outside of maintenance windows (to catch all the people who turn their machines off or take laptops home etc)

Hi There,

I am wondering if we can have an option in SCCM to force restart desktop endpoints after patch installation when no user logged in. This option certainly not useful for server endpoints but for desktop endpoints, it could be a blessing for work station admins those have to chase users to restart the VDI/desktop endpoints periodically to get patches installed in an environment where admins can't define any specific restart time due to nature of the job. Possible options/ features I see:
1. Define setting in machine collection/ deployment group that if no user logged in install the patches and force restart the endpoint.
2. If the user is logged in and restart is required, the SCCM client waits for the time when the machine has no user logged in to trigger force restart.
3. Option to configure this feature only for client OS to avoid human error to force the setting in server environment.

When deploying Software Updates to your server farm, it would be great to have a centralized Dashboard or Web Interface that provides you real time statistics of the patch installation process. This would give you the ability to immediately see if a patch failed to install or a client failed to install a patch or, in the case of a few updates, that a reboot is required to the remaining patches can be installed. I know its kind of getting greedy but if this dashboard existed, and you could right click on a server and launch a remote version of Software Center and siimply initiate a retry from this Dashboard (rather then having to RDP into the server and do it manually), patching servers and workstations would be so much easier.