Enable and Configure SCCM Third-Party Software Updates

This article covers the steps to enable and configure third-party software updates using SCCM (ConfigMgr). You can use this SCCM third-party software updates deployment guide in your enterprise to setup 3rd party patching with SCCM.

The Third-Party Software Update Catalogs node in the Configuration Manager console allows you to subscribe to third-party catalogs, publish their updates to your software update point (SUP), and then deploy them to clients.

If you are planning to deploy third-party software updates using SCCM, there are a series of configurations that you require in place. I have covered the steps required to enable and configure SCCM Third-Party software updates. Refer to the guide on deploying software updates using SCCM.


https://jdm.social/viewtopic.php?t=412

https://jdm.social/viewtopic.php?t=39561

https://expectingtheunexpected.com/showthread.php?tid=1384

https://www.mcmon.ru/showthread.php?tid=7935

http://www.yypf.com/showthread.php?tid=1413

http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=1138

https://www.csoyuncu.net/showthread.php?tid=13946

http://mystrotain.free.fr/forum/showthread.php?tid=65328

https://www.openhelbreath.com/showthread.php?tid=2

http://ordemdospsicologos.org/forum/showthread.php?tid=883&pid=10323

http://forum.analysisclub.ru/index.php/topic,52329.0.html

http://forum.analysisclub.ru/index.php/topic,7053.0.html

http://forum.analysisclub.ru/index.php/topic,44124.0.html

https://tasarhoa.com/hoa/viewtopic.php?t=2855

https://tasarhoa.com/hoa/viewtopic.php?t=51464

http://www.iphoneforumz.com/forum/viewtopic.php?t=56824


Prerequisites for Setting up third-party software updates


The following are the list of prerequisites that are required for setting up the third-party software updates in SCCM.


  • Make sure there is a sufficient disk space on the top-level software update point’s WSUSContent directory to store the source binary content for third-party software updates.
  • The third-party software update synchronization service requires internet access.
  • For the partner catalogs list, download.microsoft.com over HTTPS port 443 is needed.
  • Internet access to any third-party catalogs and update content files. Additional ports apart from 443 may be needed.
  • Third-party updates use the same proxy settings as the SUP.


Steps to Enable SCCM Third-Party Software Updates


We’ll now go through the steps to enable SCCM Third-Party software updates on the server. Perform each of the steps in sequential order to configure the third-party updates.


Step 1: Enable SSL on Software Update Point


Since custom SCCM catalogs require HTTPS, you must enable SSL communication on the Software Update Point. Note that SSL must be enabled on the SUP when it’s remote.


Use the following steps to enable the SSL on Software Update Point:


  1. Go to Administration > Overview > Site Configuration > Servers and Site System Roles.
  2. Select the server and in the bottom pane, right click Software Update Point and click Properties.
  3. Under WSUS configuration, enable “Require SSL Communication to the WSUS server“.
  4. Click Apply and OK.

http://www.iphoneforumz.com/forum/poddox-the-easy-way-to-copy-your-music-to-your-ipod-t139679.html

http://www.iphoneforumz.com/forum/viewtopic.php?t=127508

http://www.iphoneforumz.com/forum/viewtopic.php?t=40051

http://junlinro520.gain.tw/viewthread.php?tid=137819&extra=

http://junlinro520.gain.tw/viewthread.php?tid=151185&extra=

http://junlinro520.gain.tw/viewthread.php?tid=340910&extra=

http://junlinro520.gain.tw/viewthread.php?tid=150718&extra=

http://huayang.eu.org/viewthread.php?tid=2094&extra=page%3D1

http://huayang.eu.org/viewthread.php?tid=3094&extra=page%3D1

http://forum.kirmash.biz/viewtopic.php?id=14785

http://forum.kirmash.biz/viewtopic.php?id=3

http://forum.kirmash.biz/viewtopic.php?id=15387

https://medtalk.info/viewtopic.php?t=811

https://medtalk.info/viewtopic.php?f=4&t=54

https://medtalk.info/viewtopic.php?t=10


Step 2: Enable third-party updates on Software Update Point


You can subscribe to third-party update catalogs in the Configuration Manager console if you enable this option. The updates can then be published to WSUS and distributed to clients. To enable and configure the feature for use, repeat the steps below once per hierarchy. If the top-level SUP’s WSUS server is ever replaced, the steps may need to be repeated.


Perform the following steps to enable third-party software updates on software update point:


  • Launch Configuration Manager console.
  • Navigate to Administration > Overview > Site Configuration > Sites.
  • Select the site, right click and then select Configure Site Components > Software Update Point.
  • Switch to Third-Party Updates tab and select the option Enable third-party software updates.
  • Click Apply and OK.


Step 3: Configure WSUS Signing Certificate

In the above step, you enabled third-party updates on SUP. The next step is to configure WSUS signing certificate. This is important because custom catalogs must use HTTPS and the updates must be digitally signed.

Under SUP Properties > Third-party updates tab, you will find two options to configure WSUS signing certificate.


  • Configuration Manager manages the certificate
  • Manually manage the certificate


Both the above options are self-explanatory. Microsoft gives you two options to manage the WSUS signing certificate. You can tell Configuration Manager to automatically manage the third-party WSUS signing certificate using a self-signed certificate. If you need to manually configure the certificate, for example use a PKI certificate, you can do that using SCUP tool.


https://forum.ezpuu.com/index.php?threads/%E8%AB%8B%E5%95%8F%E6%9C%89%E4%BA%BA%E9%81%87%E9%81%8E%E4%B8%8B%E8%BC%89%E5%A4%96%E6%8E%9B%E5%BE%8C%E6%89%93%E4%B8%8D%E9%96%8B-%E6%AA%94%E6%A1%88%E7%AE%A1%E7%90%86%E5%93%A1%E5%B1%A2%E6%AC%A1%E5%81%9C%E6%AD%A2%E9%81%8B%E4%BD%9C.48/

https://foro.iwivox.com/viewtopic.php?t=1844

https://foro.iwivox.com/viewtopic.php?t=1875

https://foro.iwivox.com/viewtopic.php?t=1854

https://www.yefeng.org/thread-4196-1-1.html

https://www.yefeng.org/thread-4601-1-1.html

https://www.yefeng.org/thread-504-1-1.html

https://www.yefeng.org/thread-2267-1-1.html


Step 4: Enable third-party software updates on the clients

In this step, you’ll learn how to enable third-party updates on the clients in the SCCM client settings. The setting sets the Windows Update agent policy for Allow signed updates for an intranet Microsoft update service location. This client setting also installs the WSUS signing certificate to the Trusted Publisher store on the client.


  • Launch Configuration Manage console.
  • Navigate to Administration > Overview > Client Settings.
  • Right-click Default Client Settings and click Properties.
  • Click Software Updates on left pane. Select Yes to Enable software updates on clients.
  • Set Enable third-party software updates to Yes. Click Apply and OK.


Steps to Configure Third-Party Updates in SCCM

After you have enabled the third-party updates in SCCM, we will look at some basic configurations which involve adding custom catalogs, synchronizing third-party updates etc.


Comments

Post a Comment

Popular posts from this blog

Fix Intune Profile Installation Failed during macOS Enrollment

While enrolling the macOS in Intune, you may encounter a warning, “Profile Installation Failed“. Could not obtain the final profile using the Encrypted Profile Service. In this article, I will show you how to resolve this error and provide you with some troubleshooting steps. When you register macOS devices into Intune, you might end up with several enrollment errors. Thankfully, the Intune portal now shows the device enrollment failures right on the dashboard. This makes it easy to troubleshoot the device enrollment errors. I recently published a guide on enrolling macOS into Intune, where I covered the steps to enroll macOS devices into Intune using the company portal app. Microsoft Intune supports enrollment on personal and company-owned devices. Only when you enroll your macOS devices in Intune, you can manage them. https://www.openhelbreath.com/showthread.php?tid=1645 https://www.mcmon.ru/showthread.php?tid=12513 https://www.csoyuncu.net/showthread.php?tid=2319 https://test.tcz.x1
Read more

2 Best Solutions: Error Can’t Connect to Windows 365

In this article, I will show you how to resolve the error can’t connect to Windows 365. If you are unable to access your Cloud PC using the Windows 365 app, there are two ways to solve this issue. I normally connect to my Cloud PC using the Windows 365 app. Note that there are multiple ways to connect and access your Cloud PCs. For instance, you can connect to a cloud PC using the Windows 365 home page, the Windows 365 App, or the Microsoft Remote Desktop client. Cloud PCs are accessible to users only after you assign Windows 365 licenses to users. Note that you should also provision Windows 365 Cloud PCs that allow users to access them from any device. In my case, the provisioning policy in place for Cloud PCs and a valid license was assigned to the user. In some cases, when you attempt to connect to Cloud PC, there may be gateway errors or connection errors. Refer to the following guide on troubleshooting Cloud PC connection errors, where I have covered solutions for Cloud PC access
Read more

2 Easy Ways to Remove Insider Preview Evaluation Copy Watermark

I’ll show you how to remove insider preview evaluation copy watermark from your Windows desktop in this article. If you don’t want the evaluation copy watermark to appear on your desktop, you can remove it using multiple methods. If you have enrolled for the Windows Insider Preview program and have installed the insider preview build, you’ll notice a watermark in the lower-right corner of the desktop. The watermark reveals the build number of the Windows insider preview. The screenshot below shows the example of insider preview evaluation copy watermark from Windows desktop. This watermark appears on all the recent installations of Windows insider preview, and there are multiple methods such as registry, ease of access settings in control panel using which you can remove this watermark on the desktop. There are three proven ways to remove the Evaluation Copy watermark from the desktop of insider preview builds: https://test.tcz.x10.mx/mybb/showthread.php?tid=24716 https://expectingtheu
Read more