In this guide, I will explain how you can use Patch Connect Plus to deploy third-party updates. Patch Connect Plus integrates with Microsoft SCCM and Intune to effectively extend the scope of the two endpoint management platforms.
One of the most popular user voice items was to deploy third-party software updates using SCCM. When I published a post on deploying software updates using SCCM, I was asked if third-party software updates could also be deployed.
In this post, we will see how to add a custom catalog provided by Patch Connect Plus, which includes patches for over 250+ third-party applications. The list of third-party applications includes almost all the commonly used applications. The best part is that you can import the catalog and use it along with SCCM.
With the latest versions of Configuration Manager, Microsoft added third-party software update support. The first step is that you must import the catalog and subscribe to third-party catalogs. And then publish their updates to your software update point. When the updates are available in the SCCM console, you can deploy third-party software updates to computers.
Patch Connect Plus – Product Information
ManageEngine has got some good products which makes the life of sysadmins easier. Their products include the following.
- Desktop Central is the main product, a complete configuration management software.
- Patch Manager Plus is an exclusive patching solution for all platforms. It supports Windows, Mac, and Linux as well as third-party applications.
- Patch Connect Plus acts as an add-on for your SCCM setup. Most of all, you can add catalogs for free and use them. Patch Connect Plus offers a free download of catalogs for notable third-party apps. You can patch limited apps for free, but to patch over 250+ applications, you should buy a license from them.
Deploy Third-Party Updates using Patch Connect Plus
Before we deploy third-party updates using Patch Connect Plus, here are some important points first. You must install and configure the software update point role in Configuration Manager. The SUP configuration is not covered in this guide. Please refer to how to configure software update point role in SCCM.
1. Add Patch Connect Plus Catalog into SCCM
Perform the following steps to import or add Patch Connect plus catalog into SCCM:
- Launch the configuration manager console.
- Navigate to Software Library > Overview > Software Updates > Third-Party Software Update Catalogs.
- Right-click on Third-Party Software Update Catalogs and select Add Custom Catalog.
In the third-party software updates custom catalogs wizard, you have to specify the download URL of the catalog. You can test the URL by opening it in the browser and if it downloads a cab file, it means the URL is valid. You don’t need to download the .cab file, only copy the URL and paste it in the Download URL text box. Specify the publisher’s name, and description. Click Next.
Click Next on Summary page.
Click “Close” on the completion page. This completes the steps to import the Patch Connect Plus catalog into SCCM.
2. Enable third-party software updates
The next important step is to enable third-party software updates. This option is found under the software update point component properties. Check the box “Enable third-party software updates“. For WSUS signing certificate configuration, select Configuration Manager manages the certificate. Click OK.
After you make the above changes to the SUP, synchronize the software updates. This will now populate the third-party updates for selected products.
3. Subscribe to the Patch Connect Plus Catalog
In the previous step, we imported the Patch Connect Plus catalog into SCCM. We will now subscribe to the catalog to get the third-party updates supplied by Patch Connect Plus into SCCM. Right-click on the Patch Connect Plus catalog that you imported and select Subscribe to Catalog.
On the General page, the URL and description is picked up automatically. Click Next.
This step actually downloads the catalog from the download URL. If you see Download Successful message, click Next.
Note – At this step if your download fails, the error code is usually shown. However you must examine SmsAdminUI.log file for troubleshooting purpose.
Under Review and approve, you got some things to do. Before creating the subscription to third-party updates catalogs, you must first review and approve the catalog signing certificate. So follow the below steps.
- Click on View Certificate.
- On the Certificate window, click Install Certificate.
- You will now see certificate import wizard. Select Local Machine as store location.
- Select Automatically select the certificate store based on type of certificate. Click Next.
- Finally, click Finish. You will see import successful message.
The catalog signing certificate is installed. Check the box I have read and understood this message. Click Next.
On the summary page, click Next.
On the Completion page, click Next. The catalog is successfully downloaded and subscribed to SCCM
4. Synchronize Software Updates
Once you have performed the above steps, you must now synchronize software updates. Under Software Library, click All Software Updates and then click Synchronize Software Updates on the top ribbon. To monitor the status of the update publishing process, open the SMS_ISVUPDATES_SYNCAGENT.log file. This log file is located in C:\Program Files\Microsoft Configuration Manager\Logs Directory
If the updates are synchronized successfully, you will see the following lines at the end of log file.
STATMSG: (SRVMSG_SMS_ISVUPDATES_SYNCAGENT_CATALOG_SYNCED). SyncUpdateCatalog: 14 updates were synchronized to WSUS succesfully, and 0 failed to publish. SyncUpdateCatalog: SyncUpdateCatalog : 62cff31c-a6ba-4149-bad1-1b0e3eba9cd2 - Completed.
Visit the software update point component properties. Under the Products tab, you should find new third-party products. You can use the SUP filter products option to search for products. You can enable all of them or just the ones that you actually require. Click OK.
Run the software updates sync once again because you enabled new products in the previous step. Go to the software updates section, refresh the console, and you will see the metadata of third-party apps.
Select the third-party updates and right click. You see many options here. Before you deploy the updates, you must publish third-party software update content.
On the message box click Yes. When you do so you basically authorize to publish third party content.
Once you have the third-party application updates in the SCCM console, choose the updates that you want to deploy to your enterprise machines. This will bring up the Deploy Software Updates Wizard. You can select the device collection and deploy the updates. The best option is to use the automatic deployment rules to deploy the updates. You can also save the deployment template and use it for other deployments.
The Patch Connect Plus makes it effortless to deploy third-party updates using Configuration Manager. While many organizations today are keen on patching their third-party apps, Patch Connect Plus is an excellent choice. ManageEngine allows you to add catalogs for free, and you can try adding a catalog and deploying updates to set of apps.