When System Center Configuration Manager is used for patching and System Center Operations Manager is used for monitoring you may have some difficulties with alerts during a patch window. The standard option ‘Disable Operations Manager Alerts while software updates run’ in SCCM does not solve all your alerting problems. This option is improved from 2007 to 2012, but you will receive alerts from the reboots after installing the updates.

Normally this workflow will be a perfect one for Microsoft System Center Orchestrator. But if you don’t have an Orchestrator environment and you would like to solve this with SCCM and SCOM this solution can help you.

This post describes the process of patching through a SCCM task sequence. The overall process will be:
– Deploy/Advertise your updates through SCCM to your clients as available, not required
– Deploy/Advertise a task sequence to your clients as required.

This TS will have the following steps:

Prerequisites:
1. Put both the FQDN script and Maintenance Mode script in a Package. This package is needed in the steps 2,3 and
2. Activate Powershell Remoting on one of your SCOM Management Servers
3. Set a Maintenance Window on your patching collections.
4. The Maximum Run time of the task sequence needs to be shorter than your maintenance window.

Task Sequence Steps:

1. Set Powershell Execution Policy
With SCCM 2012 you could set your powershell execution policy through client settings. Then this step isn’t necessary. If you use SCCM 2007 this step is required. With this step the powershell execution policy is set to Unrestricted. The Run Command Line task is:

powershell.exe -command “& Set-ExecutionPolicy Unrestricted”

2. Set FQDN as AgentName TaskSequence Variable
In the ‘Start Maintenance Mode’ in use my own maintenance mode script. To run this script we need the FQDN of the host. Because the FQDN isn’t a standard variable we have to set it manually. I already posted the script last week.

The option Package needs to be used. Select here the package you created from the prerequisites step.

3. Start Maintenance Mode
In this step I use my own written powershell script. Look here for more information. This step will start the maintenance mode script through powershell remoting on the SCOM management Server. The commandline to run the command is:

powershell.exe -command “& Invoke-command -ComputerName ‘<< SCOM MS >>’ -FilePath ‘SCOM2012_MM_0_2.ps1′ -ArgumentList 120,’Deploying Updates’,Agent,’%AgentName%'”

The option Package needs to be used. Select here the package you created from the prerequisites step and this script needs to be run under a user which has ‘operator’ rights in your SCOM environment.

4. Install Software Updates
This uses the normal task sequence step ‘Install Updates’ with the option:

5. Restart Computer
This uses the normal task sequence step ‘Restart Computer’ with the option:

6. Stop Maintenance Mode
This step is identical to step 3. The only difference is that this step will set a maintenance mode of 1 minute.  After 1 minute of this step the maintenance of the host will end.

This TS start the Maintenance mode of a host in SCOM and then install the updates and restart the host during the maintenance window set on the collections in SCCM. After the restart of the host this TS will also end the Maintenance mode of the host.

If you have any question regarding this post please let me know!