Advertisements
Latest Posts

Third Party Applications Patch Management (ConfigMgr + Patch Connect Plus)

38742650

I would like to share a bit overview and steps taken to perform third party applications updates patching using ConfigMgr + Patch Connect Plus ( One of product developed by ManageEngine) and it supports more than 250* thirty party applications.

Architecture Overview :

Central Repository(Vendor site) is the place where all thirty party patches are available after testing and the patch connect plus will get the selected patches periodically and then publish to ConfigMgr server. From ConfigMgr Console, we will deploy the patches to the machines.

Patch Connect Plus Installation Steps:

I have configured WSUS & SUP in the ConfigMgr site server  and I am going to install patch connect plus plugin on the same server itself.

Download the trial version of  Patch Connect Plus setup from the below link and install the plugin.

https://www.manageengine.com/sccm-third-party-patch-management/download.html

 

Starting Patch connect Plus:

Once it’s installed. we can open Patch Connect Plus on the notification area of Task bar. Patch connect plus will open up in the webpage as like below and login with the below default admin credential.

Default Web port : 5020 (if you want, you can change it during installation)

User Name : admin

Password : admin

Steps to be performed after initial login:

Select Model : Choose “SCCM Infrastructure” to perform patching through ConfigMgr.

Proxy Settings : Specify Proxy server details if you have or else, leave it blank.

 WSUS Settings : If you have WSUS Server installed, it will detect automatically and no need to enter server details manually.

Certificate Settings : In this step, you will get an option to Create Self Sign Certificate or Import Certificate (third party certificate). The certificate is used to sign patch binaries.

The self signed certificate will be stored in the below location on the server and it’s mandatory to import this certificate to ‘Trusted publishers‘ and ‘Root certificate authority‘ stores to all managed computers. Please refer the below link to deploy via GPO.

https://www.manageengine.com/sccm-third-party-patch-management/kb/deploy-signing-certificates-using-gpo-how-to.html

Select Applications : Choose the required applications for patching. You can see I selected adobe applications but actually, I selected only “Java” application for testing. The below screenshot is just for your reference.

 

  SCCM Settings : SCCM server details has detected automatically since I have it on same server and you need to add credential to make the connection.

 

 Publishing and synchronization :

Once you configured the above settings, Patch connect plus will start to publish the selected applications from Central repository which is hosted in Vendor Site to the Patch Connect Plus console. Please wait until Publish in Progress completes.

Once it’s published, ConfigMgr and WSUS sync process will happen.

During sync process, you will notice Oracle Product has been listed under Products Tab in Software Update Point Components Properties and make sure you selected “Updates” Classifications before setting up third party applications patching. It will place the sync file under Inboxes\wsyncmgr.box in ConfigMgr to start syncing the updates

 

Wsyncmgr.log

Found local sync request file SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)
Starting Sync SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)
Performing sync on local request SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)
Read SUPs from SCF for CM1606-PRI.KARTHI.COM SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)
Found 1 SUPs SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)
Found active SUP CM1606-PRI.KARTHI.COM from SCF File. SMS_WSUS_SYNC_MANAGER 4/2/2017 7:47:04 PM 3020 (0x0BCC)Synchronizing update f263b883-cf75-41e6-875b-a50005ad5752 – jre-6u45-windows-i586.exe SMS_WSUS_SYNC_MANAGER 4/16/2017 3:54:28 PM 1648 (0x0670)
Synchronizing update 10eb1299-ad5b-49f2-89f2-debb17961334 – jre-6u45-windows-x64.exe SMS_WSUS_SYNC_MANAGER 4/16/2017 3:54:32 PM 1648 (0x0670)
Synchronizing update 755819cc-a02b-4d37-b5b0-5e71db7f2aaf – jre-7u79-windows-i586.exe SMS_WSUS_SYNC_MANAGER 4/16/2017 3:54:36 PM 1648 (0x0670)
Synchronizing update 6bd7bd09-b0d9-4c81-8ccd-b55310eee914 – jre-8u121-windows-i586.exe SMS_WSUS_SYNC_MANAGER 4/16/2017 3:54:42 PM 1648 (0x0670)
Synchronizing update d26e4657-fcd5-4deb-8ed0-fc181951754b – jre-8u121-windows-x64.exe SMS_WSUS_SYNC_MANAGER 4/16/2017 3:54:50 PM 1648 (0x0670)

 

Deploy published patches using SCCM:

Hope, we all well aware of how to deploy patches through SCCM  like creating software update , creating deployment package and deployment . I just put couple of screenshots before deployment and after deployment.

I have installed Java 8 Update 112 (64-bit) on one of my Windows 10 machine for testing. Deployed Java 8 Update 121 (64-bit) update through SCCM.

Before Deployment

Windows 10 Machine:

 

 

SCCM Console:

 

After Deployment:

Windows 10 Machine

 

SCCM Console

There are still more settings available in Patch Connect Plus console .. like schedule , email alert configuration. etc. and you can use of it. Finally, thanks to Dixitha Srinivasan (Content Writer at Zoho Corporation) for helping me to write a bit information about this product.

Thank you for reading this post  🙂

 

 

Advertisements

2 Comments on Third Party Applications Patch Management (ConfigMgr + Patch Connect Plus)

  1. Good one

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s