One of the highest voted uservoice item was to deploy third-party software updates using SCCM. When I published post on deploying software updates using SCCM, I was asked if third-party software updates can also be deployed. At that time probably there was no such solution.
In this post we will see how to add custom catalog provided by patch connect plus, which includes patches for 250+ third party applications. The list of third-party applications includes almost all the commonly used applications. The best part is you can import and use it along with SCCM.
With the release of Configuration Manager Tech preview 1806.2, Microsoft added third-party software updates support. First of all you can also subscribe to third-party catalogs. And then publish their updates to your software update point. Finally deploy third-party software updates to using SCCM to clients.
Seems like only HP Client Updates Catalog is the default one that you see in the console. There might be more such updates catalog that I would expect to get added in upcoming versions.
Patch Connect Plus – Product Information
ManageEngine has got some good products which makes the life of sysadmins easier. Their products include the following.
- Desktop Central is the main product, a complete configuration management software.
- Patch Manager Plus is an exclusive patching solution for all platforms. Supports Windows, Mac, Linux as well as third-party applications.
- Patch Connect Plus acts as an add-on for your SCCM setup. Most of all you can add catalogs for free and use it . Patch connect plus offers a free download of catalogs for notable third-party apps. You can patch limited apps for free but to patch over 250+ applications you should buy a license from them.
Patch Connect Plus – Deploy Third-Party Software Updates using SCCM
Before we see the steps to deploy third-party software updates using SCCM, some basic things first. The steps that I am performing is on my lab setup. The version of configuration manager installed is Tech Preview 1806.2. I have got the basic configuration done, I have installed and configured software update point (SUP) role.
Patch Connect Plus – Adding Custom Catalog
Launch the configuration manager console. Navigate to Software Library > Overview > Software Updates > Third-Party Software Update Catalogs. Right click and click Add Custom Catalog.
In the wizard you have to specify the download URL of catalog. Copy this URL. If you open the URL link in the browser, it downloads a cab file. You don’t need to download the cab file, only copy the URL and specify it Download URL textbox. In addition specify the publisher, name and description. Click Next.
Click Next on Summary page.
Enable third-party software updates
The next important step is to enable third-party software updates. This option is found under software update point component properties. Check the box “Enable third-party software updates“. For WSUS signing certificate configuration, select Configuration Manager manages the certificate. Click OK.
Patch Connect Plus – Subscribe PCP Third Party Catalog
In the previous step you added/imported catalog file to SCCM. We will now look at the steps to subscribe to catalog. Right click the catalog that you imported and click Subscribe to Catalog.
On the General page, the URL and description is picked up automatically. Click Next.
Note – At this step if your download fails, the error code is usually shown. However you must examine SmsAdminUI.log file for troubleshooting purpose.
Under Review and approve, you got some things to do. Before creating the subscription to third-party updates catalogs, you must first review and approve the catalog signing certificate. So follow the below steps.
- Click on View Certificate.
- On the Certificate window, click Install Certificate.
- You will now see certificate import wizard. Select Local Machine as store location.
- Select Automatically select the certificate store based on type of certificate. Click Next.
- Finally click Finish. You will see import successful message.
The catalog signing certificate is installed. Check the box I have read and understood this message. Click Next.
On the summary page, click Next.
On the Completion page, click Next. The catalog is successfully downloaded and subscribed to SCCM
Synchronize Software Updates
Once you have performed the above steps, you must now synchronize software updates. Under Software Library, click All Software Updates and click Synchronize Software Updates on top ribbon. To monitor status of updates publishing process, open SMS_ISVUPDATES_SYNCAGENT.log file. This log file is located in C:\Program Files\Microsoft Configuration Manager\Logs Directory
If the updates are synchronized successfully you will see the following lines at the end of log file.
SyncUpdateCatalog: 14 updates were synchronized to WSUS succesfully, and 0 failed to publish.
SyncUpdateCatalog: SyncUpdateCatalog : 62cff31c-a6ba-4149-bad1-1b0e3eba9cd2 - Completed.
Visit software update point component properties. Under Products tab, you will now notice new third-party products. You can enable all of them or the ones that you actually require. Click OK.
Run the software updates sync once again because you enabled new products in previous step. Go to software updates section, refresh the console and you will see the meta data of third-party apps.
Select the third-party updates and right click. You see many options here, before you deploy the updates, you must publish third-party software update content.
On the message box click Yes. When you do so you basically authorize to publish third party content.
The next steps are simple. Choose the updates that you want to deploy to your enterprise machines. Right click and click Deploy, this will bring up deploy software updates wizard. You can select the device collection and deploy the updates. You also can save the deployment template and use it for other deployments.
In conclusion patch connect plus makes it very easy to deploy third-party software updates using SCCM. While many organizations today are keen on patching their third-party apps, patch connect plus is an excellent choice. I repeat ManageEngine allows you to add catalogs for free. You can try adding catalog and deploy updates to few apps.