Installing All Software Updates in a XP in Build and Capture TS

I had a hell of a time getting software updates to work in an XP Build and Capture Task Sequence. Things would work okay if I used ZTIUpdates, but not the ‘Install Software Updates’ TS action. A lot of people online seem to have given up, but I think I found the keys to getting things going.

The Problem

When you run an XP Task Sequence with ‘Install Software Updates’, the updates don’t actually install.

The Cause

  1. SCCM can’t scan with the XP SP3 default WUAgent because it’s too old.
  2. SCCM can’t scan for updates with IE 6 installed, which is the XP SP3 default.
  3. SCCM can’t scan for updates without the WSUS patch KB898461 installed.
  4. SCCM can’t download updates with XP SP3 unless joined to the domain.
  5. SCCM can’t communicate with the client once joined to the domain unless the XP certificate hotfix is installed.
  6. Once a software scan action is completed with the ‘install Software Updates’ step, subsequent updates are not detected because it doesn’t re-scan for new updates after every set of updates is installed.

We’ll resolve these issues below.

The Fix

Packages and Prep

This post assumes that you have MDT Integrated and can use the ZTIWindowsUpdates script.

  1. Download the IE 7 installer here: Windows Internet Explorer 7 for Windows XP.
  2. Make a package for the IE7 installer using the following command-line action.
    IE7-WindowsXP-x86-enu.exe /NoRestart /NoBackup /UpDate-No /Quiet
  3. Download the WUAgent 7.4 Installer here: Windows Update Agent 7.4.7600.226. I found the link here: Forum Post – Windows Update Agent.
  4. Create a package for the WUAgent 7.4.7600.226 installer using the following command-line action.
    WindowsUpdateAgent30-x86.exe /quiet /norestart /wuforce
  5. Download the Windows XP Certificate Enrollment hotfix here: Windows Server 2003 and Windows XP clients cannot obtain certificates
  6. Create a package for the hotfix using the following command-line action.
    WindowsXP-KB968730-x86-ENU.exe /quiet

Task Sequence Changes

  1. Open the XP Build and Capture Task Sequence.
  2. On the ‘apply network settings’ action, join a workgroup instead of a domain.
  3. Directly after the ‘Setup Windows and ConfigMgr Step’, add ‘Install Package’ actions for IE 7, WUAgent 7.4, then the Certificate Hotfix.
  4. Next, right after the certificate hotfix install, add join domain and reboot actions.
  5. Next, add a ‘set task sequence variable’ action with the variable ‘WSUSServer’ set to your site server’s WSUS URL (ex: https://sccm.domain.local:8531″).
  6. Next, add the ‘Use Toolkit Package’ and ‘ZTIUpdates’ steps. This will install the WSUS patch and update WUAgent to the latest version.
  7. Next, create an ‘Install Software Updates’ action.
  8. After that, create a new ‘Run Command-Line Action’ with the following command. This will re-scan for new updates.
    WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE
  9. Repeat the Install Software Updates and Re-Scan command line actions. This will ensure that all updates are installed, since each Install Software Updates action is hard-coded to time out after 30mins.

Here’s a screenshot of my final task sequence.

XPBuildAndCapUpdates

Enjoy!

Advertisements

One thought on “Installing All Software Updates in a XP in Build and Capture TS

  1. Pingback: Table of Contents | windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s