I was helping a customer expand their SCCM 2012 SP1 Stand-alone Primary site to a new Central Administration Site (CAS), when I ran into problems with Software Updates failing to synchronize after expansion.

Microsoft describes in their documentation for expanding a stand-alone primary-site to CAS, that an existing Software Update Point on the primary site is okay, and that it will become a child to the new CAS. The documentation also states that you should install WSUS and the SUP role on the CAS Server, to continue to synchronize updates from Microsoft.

As the customers primary site already had a configured SUP, and software update packages was  deployed and working I left it as it was and began the Expansion of the site.

After a sucessful expansion of the primary site, I installed WSUS and added the SUP role to the CAS Server and was expecting everyting to be okay, but when I investigated the wsyncmgr.log to validate that sync had started, I noticed these errors:

 

Syncing all updates  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:18.052-60><thread=1172 (0x494)>
Requested categories: Product=Office 2007, Product=Office 2003, Product=Windows 8, Product=Microsoft Lync 2010, Product=Windows 8.1, Product=Office 2013, Product=Office 2010, Product=Windows Defender, Product=Forefront Endpoint Protection 2010, Product=Windows 7, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Service Packs, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:18.201-60><thread=1172 (0x494)>
sync: SMS synchronizing categories  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:18.212-60><thread=1172 (0x494)>
sync: SMS synchronizing categories, processed 0 out of 220 items (0%)  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:18.401-60><thread=1172 (0x494)>
sync: SMS synchronizing categories, processed 220 out of 220 items (100%)  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:21.889-60><thread=1172 (0x494)>
sync: SMS synchronizing categories, processed 220 out of 220 items (100%)  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:21.890-60><thread=1172 (0x494)>
sync: SMS synchronizing updates  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:21.921-60><thread=1172 (0x494)>
Collecting existing updates…  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:25.005-60><thread=1172 (0x494)>
sync: SMS synchronizing updates, processed 0 out of 2308 items (0%)  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:25.022-60><thread=1172 (0x494)>
Synchronizing update fd4edc28-9cdd-4f8f-a5ec-b806b1d7dd7d – Security Update for Windows 7 Beta (KB958690)  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:25.381-60><thread=1172 (0x494)>
Referenced configuration items are not available yet: <MissingReferences><Reference RelationType=”1″ ModelName=”Site_15F88F48-296A-4702-9647-CD73E2E793EF/SUM_94797c79-3b60-48a7-888a-9bdf7e983f99″/></MissingReferences>~  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:26.327-60><thread=1172 (0x494)>
Failed to sync update fd4edc28-9cdd-4f8f-a5ec-b806b1d7dd7d. Error: Failed to save update fd4edc28-9cdd-4f8f-a5ec-b806b1d7dd7d. CCISource error: 2. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:26.330-60><thread=1172 (0x494)>

Too many consecutive failures. Aborting sync.  $$<SMS_WSUS_SYNC_MANAGER><11-26-2013 14:44:30.710-60><thread=1172 (0x494)>

 

The log states that the WSUS server sync is successfull, but the sync to site database fails on the updates due to configuration item not being available, and the entire sync operation is aborted.

After trying many different things to get the sync up and running, including the complete removal and reinstallation of SUP roles and WSUS on both the CAS and Primary, I came to the conclusion that the problem was caused by the existing updates replicated to the CAS database durring the expansion. If I added new products or classifications to the SUP, these would sync without problems.

I came across a post on technet, where another guy had faced the same problem as me, but there was no solution posted. After contacting the poster to hear if he had solved his problem, he posted a solution from Microsoft Product Support that had solved the problem. Here is the link to the original post: SUP not syncing on CAS Thanks M. Fricke for your assistance!

 

The solution is as follows:

1. Make sure there are no outstanding references to updates.

Delete all update groups.

Delete all Automatic Deployment Rules (ADR).

Delete all software update packages.

Remove updates from any DCM baselines.

Un-publish ccm client in wsus (It’s the option to publish ccmclient or ConfigMgr client in WSUS that needs to be unchecked in ConfigMgr console).

2013-11-27 09_51_51-Coretech - konsccmcas.koncern.local - [SCCM CAS Server] - Royal TS2013-11-27 09_52_10-Coretech - konsccmcas.koncern.local - [SCCM CAS Server] - Royal TS

 

2. Uninstall Software update point (SUP) role.

give it 5 minutes to post-process

3. Run following commands one by one in the order they are below from SQL Mangement studio on the CAS database, to remove all existing update refferences.

update CI_ConfigurationItems set IsExpired=1 where CIType_ID in (1,8)

delete CI_ConfigurationItemRelations where ToCI_ID in (select CI_ID from CI_ConfigurationItems where CIType_ID in (1,8))

delete CI_AssignmentTargetedCIs where CI_ID in (select CI_ID from CI_ConfigurationItems where CIType_ID in (1,8))

delete CI_ConfigurationItems where CIType_ID in (1,8)

delete CI_CIDocuments where CI_ID not in (select CI_ID from CI_ConfigurationItems)

delete CI_DocumentStore where Document_ID not in (select Document_ID from CI_CIDocuments)

4. Install SUP role.

 

After performing these actions the sync was up and running again, as can be seen in the wsyncmgr.log:

sync: Starting SMS database synchronization  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:01.687-60><thread=2992 (0xBB0)>

requested localization languages: da,en  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:01.687-60><thread=2992 (0xBB0)>

Syncing all updates  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:01.805-60><thread=2992 (0xBB0)>

Requested categories: Product=Office 2007, Product=Windows 8, Product=Windows 8.1, Product=Office 2013, Product=Office 2010, Product=Forefront Endpoint Protection 2010, Product=SQL Server 2008 R2, Product=Windows 7, UpdateClassification=Security Updates, UpdateClassification=Service Packs, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:02.285-60><thread=2992 (0xBB0)>

sync: SMS synchronizing categories  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:02.370-60><thread=2992 (0xBB0)>

sync: SMS synchronizing categories, processed 0 out of 220 items (0%)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:02.524-60><thread=2992 (0xBB0)>

sync: SMS synchronizing categories, processed 220 out of 220 items (100%)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:15.644-60><thread=2992 (0xBB0)>

sync: SMS synchronizing categories, processed 220 out of 220 items (100%)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:15.645-60><thread=2992 (0xBB0)>

sync: SMS synchronizing updates  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:15.755-60><thread=2992 (0xBB0)>

Collecting existing updates…  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:53.577-60><thread=2992 (0xBB0)>

sync: SMS synchronizing updates, processed 0 out of 1963 items (0%)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:53.631-60><thread=2992 (0xBB0)>

Skipped update e2a4c75a-02ae-4eac-b7cb-1466f9a9ab6a – Security Update for Internet Explorer 8 for Windows 7 (KB974455) because it was superseded.  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:53.977-60><thread=2992 (0xBB0)>

Skipped update 09783536-1b07-4479-9050-2d73a66ae237 – Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB974455) because it was superseded.  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:54.360-60><thread=2992 (0xBB0)>

Synchronizing update fcadb0ea-90ce-4aad-bc95-192450f05211 – Security Update for Windows 7 (KB975467)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:37:54.380-60><thread=2992 (0xBB0)>

Synchronizing update ca62f9c5-96cd-4c58-b8f4-3682cf6d4392 – Security Update for Windows 7 for x64-based Systems (KB975467)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:38:07.196-60><thread=2992 (0xBB0)>

Synchronizing update eec264ac-fbc7-4cc4-891b-7cc6ab5bfe0e – Security Update for Windows 7 (KB974571)  $$<SMS_WSUS_SYNC_MANAGER><11-27-2013 09:38:10.235-60><thread=2992 (0xBB0)>

 

So all I had to do now, was to recreate ADRs, sofware update groups, packages and deployments.