For this post, we will be looking into how to use SCCM to add Microsoft Update Catalog into WSUS Server. Have you ever ran into a software update that wasn’t available in WSUS, but lo and behold, a quick internet search and you are able to manually download it via the Microsoft Update Catalog? I have. Way too often for my own liking. I published a post last week entitled How to add Latest Windows 7 Convenience Update in a SCCM Image. One reader, Dave, had a very good proposition that inspired the idea of doing this post and show you an easy way to add such updates in your WSUS database. The whole process is quite easy and pretty straightforward.
Importing the update in WSUS
So, for my last article, I was using KB3125574. In the spirit of continuity, let’s keep the ball rolling with that update. I will inject it in WSUS.
- First step, you should open your WSUS console
- From there, on the right hand side of the console, click Import Updates
- This should open up your web browser and load up the Microsoft Update Catalog.
- Type in the hotfix number in the search field and click on Search
- This should hopefully give you the required search results for the hotfix number you searched for
- Click on Add for every patch you wish to add to WSUS. In my example, I only needed it for Windows 7 x64, so that’s the one I added. When you are done, press View Basket
- Confirm your choice in your basket and finally, click on Import
- Wait for the import to be completed and press Close
Synchronize your WSUS Catalog in SCCM
- Back in your SCCM console
- Make sure you are in Software Library and click on Overview > Software Updates > All Software Updates and finally click on Synchronize Software Updates in the ribbon atop your console
- On the Run Synchronization window, click Yes
- You can wait a few minutes for the synchronization to complete, or browse to your log folders [SCCMInstallDir]Program Files\Microsoft Configuration Manager\Logs and open wsyncmgr.log. You are looking for a message saying Done synchronizing SMS with WSUS Server.
- When completed, simply refresh your view of All Software Updates. Use the search bar to type in the KB number. Voilà! Your update is now available in the console.<
Recapping how to add in to your package and deployment
I will not be going over the whole detailed patch process because it is covered in our SCCM Software Update Management Guide. However, a quick high level recap for our use case.
- Right click your update in question and click Download
- Browse to choose your Deployment Package, click Next
- On the Download Location, choose your source and press Next
- On the Language Selection tab, choose all Languages that apply to your environment, click Next
- On the Summary tab, validate all information and press Next
- Finally, on the Completion tab, press Close
- Right click your update once more, click on Edit Membership. For the purpose of this post, I am assuming you already have a Software Update Group. If not, I invite you to read up on our SCCM Software Update Management Guide
- Click on your appropriate update group and click OK
- If you have done everything as planned, you should now see the columns Downloaded/Deployed set to Yes
- Now, a quick edit on my previous How to add Latest Windows 7 Convenience Update in a SCCM Image post. You can now simply edit your Build and Capture Task Sequence.
- Disable the Convenience Rollup step or delete it
You are now all set. All your KBs should get installed via WSUS. Once more, a big thank you to reader Dave for the idea.
11 Comments on “How to use SCCM to add On-Demand Hotfix in WSUS”
You might need to approve your update in WSUS first and then Synchronize in SCCM. Works in 1906 too
This blog about SCCM Add Microsoft Update Catalog to WSUS Server
has helped me a lot, is very well written. I used this fat burner product: https://s96.me/fit and I reached the ideal weight.
Kiss you All!
I found this method doesn’t work for SCCM 2007, is there any insight ?
Hi , need help. We run tenable scan on our systems. There are few patches which are missing in sccm as well as Microsoft update catalog. But when I disconnect the systems from domain and click on check updates from internet , am able to get those updates installed from internet. Am listing few updates KB3115415 & KB3115439. Why these critical updates are missing in sccm?
This is not working in my environment. ConfigMgr 1710 on Windows Server 2016. Error in Windows Update Catalog: Import Button is disabled, and the Update Catalog Website shows: Your Version of WSUS you use is not compatible for Importing Updates. Any Idea?
Cheers
Christian
That’s a bug and here’s the official work around:
https://techcommunity.microsoft.com/t5/Windows-10-servicing/Known-issue-with-importing-updates-from-the-Microsoft-Update/td-p/163830
GREAT ARTICLE! Very straight forward. Thanks!
You have to right click on Updates from WSUS and select “Import Updates. Then install the Microsoft Update Catalog Add-On. You will also have to enable Userdata persistence under security settings in IE. Hope this helps!
It was me using firefox. Need to use IE and install applet.
Awesome!
Glad you were able to figure that out 🙂
I only see download when I go to the catalog site. I dont see a basket or add, just download.
SCCM 2012, updated to latest version.