System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Fix the Software Update Task Sequence (built-in TS patching during OSD)

How is this still a problem? Ask any MVP and they all agree: the built-in task sequence for patching during OSD doesn't work. It doesn't survive double reboots, it has a upper patch limit before it crashes ... it's basically garbage. I don't mind making golden images in MDT, but I shouldn't _have_ to ... and yet I do. I makes SCCM feel less like a singular solution.

1,838 votes
Sign in
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Justin King shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thanks for all your suggestions and feedback, updating status to completed.

SCCM 1902 fast Ring released today

Updates added to the previous response, these documents are the first iteration and we’ll continue to add and improve.
We’d ask if you encounter issues with the Install Updates step to file a bug or engage support so we have logs etc. to work with to help diagnose and solve your issues. Also, if there’s specific asks for additions to the feature or documentation please open additional User Voice items.

Today we published a new article and related flowchart to provide some insight and guidance for using the Install Software Updates task sequence step.


Link to document:

Flowchart at full size

- Flowcharts; the install updates proved popular. We’ve had asks for the same for Peer Cache, Task Sequence Pre-cache, Software Distribution Troubleshooting and more. These are all on User Voice too, also if you’ve suggestions for flowchart please open a User Voice item.

- Task Sequence Variable SMSTSWaitForSecondReboot. I’ve this in my notes to add, this variable helps with 2nd reboot and will be added to core docs. This also works with applications that cause a second reboot. See for more.

- Hardware guidance for capture. I’ve run some tests on various hardware, though seems from the comments below Dr. Michael Kischel’s guidance is working.

- Image Capture. Asks for scripts to address removing Appx and performing other customizations. If there’s more please add.

Previous code changes
Timeout scan is now configurable
We added a new task sequence variable to allow a configurable timeout for scan. Variable name is SMSTSSoftwareUpdateScanTimeout, default is 30 minutes. Value is set in seconds so an hour is 60×60=3600
Note: We took a further change after making this configurable to set the default to 60 minutes based on feedback and findings from support cases.

Logging changes
In the SMSTS.log we list the log files to check for updates download and evaluation.
These are UpdateDeployment.log, UpdatesHandler.log, WUAHandler.log and WindowsUpdate.log

New Option for full scan
There’s a new checkbox added to the Install Updates step – ‘Evaluate software updates from cached scan results’
If the checkbox is on we use cached results, if the checkbox is off we do a full scan
Task Sequences that are upgraded will have this option checked on – this is parity with the existing behavior

Power management changes
Clients maintain active power state during OS deployment Software Updates tasks.
Some devices (Surface Pro 3 for example) were going into Connected Standby state preventing completion of deployment, this was occurring in the Install Updates step

Windows upgrade roll ups
These are now filtered from the list of applicable updates


Sign in
Password icon
Signed in as (Sign out)
  • Mattias melkersen commented  ·   ·  Flag as inappropriate

    Download the patches as cab files and apply them online using dism max 50 piece at a time. Download all double restart patches and inject them offline using dism as well or the mdt step. I will soon create a post where this all is explained and creating reference image in configmgr no matter version will not be a problem anymore. Follow me on Twitter mmelkersen

  • Ozzie Santiago commented  ·   ·  Flag as inappropriate

    I'm running to this issue exactly. This is super terrible to troubleshoot and worse when you have to explain to a customer.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Got the same Problem as James. You can see in the windows update log, that the updates have been correctly installed, but the TS agent does not seem to recognize this. Using SCCM 2012 R2 SP1 CU1.

  • James Jankowski commented  ·   ·  Flag as inappropriate

    Not sure if its related, but the "Software Update" task started to hang (stop) when we added in the January 2016 updates. The task stops at Office update (KB3054785). We tried taking the update out but then the task hung at update KB3114486 (another Office update). All signs point to the task just stopping like we would see if we had 150+ updates. Total number of updates being installed by the task is 59. Thoughts? Any viable alternatives to using the "Software Update" task?

  • Daniel Clemow commented  ·   ·  Flag as inappropriate

    This is getting ridiculous - With Windows 8.1, .Net (various versions) and Office 2013 etc etc etc, there are around 300 updates. I thought it was doing well to *finally* install 200+ updates during install and capture, but then deployed this image to a test computer, and still has another 100+ updates to install after deploy task. Grrrr!!!! Wasting sooo much time with this.

  • Paul Cunningham commented  ·   ·  Flag as inappropriate

    This problem has been around since CM 2007 RTM !!!! 8 years later and we are still talking about this. This shouldn't even need to be a suggestion. Get it fixed!

  • David O'Neil commented  ·   ·  Flag as inappropriate

    An additional comment to add (not related to patches needing a double reboot). I would like to see a new feature for SCCM packages and applications to also be able to handle double reboots. For example, in an OSD task sequence I would like to use DISM to convert the Windows Edition to a higher level if needed. After running the DISM command to do this, a double reboot is required and later breaks the task sequence completely. I know that a double reboot is also sometimes required when installing certain Roles and/or Features within the Windows OS. Not sure how to get around this.

  • Bram Vlasblom commented  ·   ·  Flag as inappropriate

    This issue is for our organization also a pain point. A build and capture task sequence with Windows 7 SP1 out of the box, some middleware and runtimes does not install all updates. Even when multiple update steps are used. Triggering a software update scan with PowerShell in between does not solve the problem either. Building images is one of the key features that are needed for a deployment of our devices. Every month the image must be regenerated. It is very frustrating that it does not work properly. We have a filed support case with number 11506081282209.

    Last weekend we tested this feature again with CU1 on SCCM 2012 R2 SP1, still the same issues.

  • joejoeinc commented  ·   ·  Flag as inappropriate

    I find the same frustration. Having to add several software update steps to make sure the build and capture works. Also double reboots cause task sequences to bug out.

  • Mike commented  ·   ·  Flag as inappropriate

    Aaron - Your comment implies that this is not a well known/established problem, a quick search online of blogs and SC communities confirms this is a known issue, which the majority of users must work around.

    When I logged this with premier support, the response was to enable continue on error on the software update step (!) and to put in multiple software update steps. This prevents the TS from failing, but renders that (critical) process unreliable. Updates performing multiple reboots also causes the process to fail as per

    Ultimately, this seems to stem from the insistence to integrate with WSUS, I can totally understand the logic behind that decision, but perhaps the priority should be reliability. The MDT approach to point at a folder full of MSUs is a simpler one and therefore more reliable.

  • Thomas Forsmark Soerensen commented  ·   ·  Flag as inappropriate

    I will be glad to explain what I am experiencing.

    1. General patching with the “Install Software Updates” task is very slow. It takes 10-15 minutes saying “Installing Software Updates” before it starts to install the actual updates.

    2. After installing the last update it stays for along time at “Installing update x og x updates”

    3. When installing a large number of updates it will break the TS. A large number of updates will be 160+ updates. If I do this it will break the “Prepare Configuration Manager Client” step as explained here

    4. Having more than one “Install Software Updates” tasks in the TS can break the TS like in 3. Removing tasks so there is only one left will make the TS run through if there are not too many updates to be installed.

  • Thomas Forsmark Soerensen commented  ·   ·  Flag as inappropriate

    I couldn't agree more. The multiple reboot problem might be fixed in the SP1 for SCCM 2012 R2 but the unstable "install Software Updates" task that cannot handle a lot of updates is making patching in a TS unusable. Please fix this.

1 3 Next →

Feedback and Knowledge Base