In this video guide, we will be performing a deep dive in the software updates feature in Microsoft SCCM. This will include client and server-side components. Some topics covered are client policy, scanning, WMI, StateMessages, StateMgr, Summarization and more!
PolicyAgent.log – Records requests for policies made by using the Data Transfer Service.
PolicyEvaluator.log – Records details about the evaluation of policies on client computers, including policies from software updates.
LocationServices.log – Records the client activity for locating management points, software update points, and distribution points.
UpdatesHandler.log – Records details about software update compliance scanning and about the download and installation of software updates on the client.
RebootCoordinator.log – Records details about the coordination of system restarts on client computers after software update installations.
WUAHandler.log – Records details about the Windows Update Agent on the client when it searches for software updates.
UpdatesStore.log – Records details about compliance status for the software updates that were assessed during the compliance scan cycle.
ScanAgent.log – Records details about scan requests for software updates, the WSUS location, and related actions.
StateMessage.log – Records details about software update state messages that are created and sent to the management point.
UpdatesDeployment.log – Records details about deployments on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
statesys.log – Records the processing of state system messages. This log also shows the software update summarization task that run.
Helpful WMI Namespace and Classes
ROOT\ccm\Policy\Machine\ActualConfig:CCM_UpdateCIAssignment – This shows that we have the policy for the SUG Deployment ID
ROOT\ccm\ScanAgent:CCM_SUPLocationList – Shows SUP SCCM is set to use for scanning
ROOT\ccm\SoftwareUpdates\DeploymentAgent:CCM_TargetedUpdateEx1 – Shows all software updates targetting the device and the relevant information about the updates
ROOT\ccm\SoftwareUpdates\DeploymentAgent:CCM_AssignmentCompliance – Shows the different software update group deployments targetting the device and their compliance
ROOT\ccm\StateMsg:CCM_StateMsg – Shows all the state messages logged in WMI
Very nice summary and I enjoyed your showing us WMI locations for updates info.
Sometimes, updates do install correctly but the evaluation of them does not seem to be picked up and the compliance status always remains required. Any suggestions for rectifying such a problem?
I should have added that the evaluation is not picked up as compliant after the restart and the scheduled rescan. At the rescan it sees them as still required, it reinstalls them all and restarts. The logs show this happening daily once the SW Update Deployment hits it’s installation deadline. I have run Microsoft’s latest WU Troubleshooting tool to no avail. I have also tried a complete uninstall and reinstall of client. I guess I was wondering if there was any need of ‘clearing’ WMI entries for update compliance to allow it to start fresh. Otherwise, I guess they just go in the bin for an OS refresh.
Very thorough yet easy enough to understand. I like that you also include notes and links to the topics discussed. I’ve learned a ton from your videos so far. Keep up the good work!
My names Justin Chalfant! I'm the founder of 
Very nice summary and I enjoyed your showing us WMI locations for updates info.
Sometimes, updates do install correctly but the evaluation of them does not seem to be picked up and the compliance status always remains required. Any suggestions for rectifying such a problem?
I generally see this when a restart is needed. You would need to do a restart then the next software update scan cycle should report the results back.
I should have added that the evaluation is not picked up as compliant after the restart and the scheduled rescan. At the rescan it sees them as still required, it reinstalls them all and restarts. The logs show this happening daily once the SW Update Deployment hits it’s installation deadline. I have run Microsoft’s latest WU Troubleshooting tool to no avail. I have also tried a complete uninstall and reinstall of client. I guess I was wondering if there was any need of ‘clearing’ WMI entries for update compliance to allow it to start fresh. Otherwise, I guess they just go in the bin for an OS refresh.
That’s weird, you could try a policy reset using client center. A support case may be the best next step.
Very thorough yet easy enough to understand. I like that you also include notes and links to the topics discussed. I’ve learned a ton from your videos so far. Keep up the good work!