Category: ADR

Automatic Deployment Rules(ADR) stopped working

ADR stopped working with the following errors in ruleengine.log:
Failed to download the update content with ID 808654 from internet. Error = 12002

Issue

ADR stopped working with the following errors in ruleengine.log:

09-27-2021 16:07:24.251 SMS_RULE_ENGINE 68180 (0x10a54) Failed to download the update content with ID 808654 from internet. Error = 12002
09-27-2021 16:07:24.251 SMS_RULE_ENGINE 68180 (0x10a54) Failed to download ContentID 808654 for UpdateID 914183. Error code = 12002

Analysis

12002 refers to

Error Code: 0x2EE2 (12002)
Error Name: ERROR_WINHTTP_TIMEOUT
Error Source: WinHTTP

It should be related to network. In my case, the updates to download come from the site download.windowsupdate.com which can be identified from query in the ruleengine.log, eg.

Query to run is: SELECT CI.CI_ID FROM dbo.fn_ListUpdateCIs(1033) CI                         JOIN (SELECT B.CI_ID, SUM(CF.FileSize)/1024 AS ContentSize FROM v_UpdateInfo B                         JOIN vCIAllContents AC ON AC.CI_ID = B.CI_ID                         JOIN vSMS_CIContentFiles AS CF on CF.Content_ID = AC.Content_ID                         GROUP BY B.CI_ID) AS CS ON CI.CI_ID = CS.CI_ID                         WHERE IsExpired = 0~  and (ArticleID like N'%915597%' or ArticleID like N'%2267602%')~  and (DateRevised>=N'2021-08-28 08:32:15')~  and (IsSuperseded=0)~  and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'Product:8c3fcc84-7410-4a95-8b89-a166a0190486')))~  and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'UpdateClassification:e6cf1350-c01b-414d-a61f-263d14d133b4', N'UpdateClassification:e0789628-ce08-4437-be74-2495b842f43b')))

You may need to modify it a bit to get the update content download source url (SourceURL column), eg.

select * from vSMS_CIContentFiles
where CI_UniqueID in (SELECT CI_UniqueID FROM dbo.fn_ListUpdateCIs(1033) CI
JOIN (SELECT B.CI_ID, SUM(CF.FileSize)/1024 AS ContentSize FROM v_UpdateInfo B
JOIN vCIAllContents AC ON AC.CI_ID = B.CI_ID
JOIN vSMS_CIContentFiles AS CF on CF.Content_ID = AC.Content_ID
GROUP BY B.CI_ID) AS CS ON CI.CI_ID = CS.CI_ID
WHERE IsExpired = 0 and (ArticleID like N'%915597%' or ArticleID like N'%2267602%')
and (DateRevised>=N'2021-08-28 08:02:34') and (IsSuperseded=0)
and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'Product:8c3fcc84-7410-4a95-8b89-a166a0190486')))
and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'UpdateClassification:e6cf1350-c01b-414d-a61f-263d14d133b4', N'UpdateClassification:e0789628-ce08-4437-be74-2495b842f43b'))));

To find out the network issue, there are several ways to try with.

We can use psexec to test the download link accessibility as System user.

  1. Download psexec – PsExec – Windows Sysinternals | Microsoft Docs
  2. Open an elevated CMD window and run: psexec -s -i cmd
  3. Run whoami to confirm that the command window is running under the System account.
  4. Run: PowerShell
  5. Run: tnc download.windowsupdate.com -Port 80

An error will display if the SUP cannot make a connection to port 80 on download.windowsupdate.com site.

Another way is to launch Internet Explorer at Step 4 by running start iexplore.exe. Then visit the link SourceURL retrieved from the above query. You should see “This page can’t be displayed” error.

You can also capture a network trace but that would take more time.

Solution

Option 1:

Set proxy “Use a proxy when downloading content by using automatic deployment rules” for SUP – https://docs.microsoft.com/en-us/mem/configmgr/sum/get-started/install-a-software-update-point#proxy-server-settings

Option 2:

Set proxy for Internet Explorer in System user context

Option 3:

Use netsh to set the proxy in System user context

netsh winhttp set proxy <proxy>:<port>

After upgrading to SCCM 2103, ADR stopping working

After upgrading to SCCM 2103, ADR stopping working

One of my customers upgraded their SCCM to 2103. But none of the ADR works after that. The behaviour is quite strange: manually to run any ADR always trigger an ADR that has been deleted to run as can be seen from the ruleengine.log – 

06-09-2021 13:24:18.721 SMS_RULE_ENGINE 7708 (0x1e1c) ~CRuleHandler: Processing Rule with ID:9, Name:Windows10_1909_ADR.
06-09-2021 13:24:18.722 SMS_RULE_ENGINE 7708 (0x1e1c) ~Evaluating Update Criteria for AutoDeployment Rule 9

Checking smsprov.log, we found that the sql query that ran behind is – 

SELECT AutoDeploymentEnabled, AutoDeploymentID, SecurityKey, Description, IsServicingPlan, LastErrorCode, LastErrorTime, LastRunTime, LocaleID, Name, Schedule, Type
FROM vSMS_AutoDeployments AS SMS_AutoDeployment
WHERE (IsServicingPlan = 0)

vSMS_AutoDeployments is a view composed by 3 tables: RuleActions, RuleFilters and Rules.

We deleted the non-existent ADR ” Windows10_1909_ADR ” from the site database – 

Delete from RuleActions where RuleID = 9; -- 9 is the RuleID for ADR “Windows10_1909_ADR”
Delete from RuleFilters where RuleID = 9; -- 9 is the RuleID for ADR “Windows10_1909_ADR”
Delete from Rules where RuleID = 9; -- 9 is the RuleID for ADR “Windows10_1909_ADR”

After that, ADR started working as expected again.

Design a site like this with WordPress.com
Get started