Software Update Compliance Reports – Detection State Unknown

I have been working with a number of customers recently that have had issues running their monthly Software Update compliance reports due to a high number of “DETECTION STATE UNKOWN” results reporting back long after the update deployment has successfully run.

As usual the first thing we want to identify is whether it is on the client side or server side.

State Message IDs are used to define specific state messages for each topic type. For our issue a State Message for a Software Updates has a TopicType=500 which has status Message ID state of 0, 1, 2 or 3 which would then depict the actual state of the given update on a client machine as below:

Topic Type

State Message ID

State Message Description

500

0

Detection state unknown

500

1

Update is not required

500

2

Update is required

500

3

Update is installed

To determine what information your clients are sending back to your Management Point we can use WMI queries to see what is happening on the client.

1. Open wbemtest with elevated permissions

image

2. Connect to the WMI Namespace: root\CCM\StateMsg

image

3. Select Query and run the query  SELECT * FROM CCM_StateMsg

image

image

Find any software update deployment which can be determined by looking for “TopicType=500” and what we want to check is the below values in yellow as this will determine if the client has indeed sent a message back to the MP and if so what it sent back, If we see it sent back a “0” and confirm that the KBs are installed then we know it is something on the client side, we would expect to see 1, 2 ,3 pending the state listed above

image

image

image

image

Example below:

instance of CCM_StateMsg

{ Criticality = 0;

MessageSent = TRUE;      Message is sent

                                            MessageTime = "20101027211908.749000+000";           UTC Time

                                            ParamCount = 1;

                                            StateDetails = "";

                                            StateDetailsType = 0;

StateID = 2;   Update is required

                                            TopicID = "9d4681d5-46fa-4250-bedc-480ac7bce3aa";

                                            TopicIDType = 3;

TopicType = 500;   Update Detection

                                            UserFlags = 0;

                                            UserParameters = {"102"};

Hope this helps..

Comments

  • Anonymous
    November 07, 2013
    Or if you want to automate what Ian's written in the Blog you can do something like this in Powershell. $computer = "LocalHost" $namespace = "rootccmStateMsg" Get-WmiObject -class CCM_StateMsg -computername $computer -namespace $namespace | Where-Object {$.TopicType -eq "500" –and $.StateID -eq "0"}

  • Anonymous
    July 22, 2014
    I have 2000 + clients with this status, should i do this on each and every client. Is there a better way to move these clients from status unknown to something else.

  • Anonymous
    September 10, 2015
    The comment has been removed

    • Anonymous
      June 01, 2016
      The comment has been removed
  • Anonymous
    November 08, 2015
    @Goce Dimitroski Yes, remove the SCCM Client then in PowerShell use gwmi -query "SELECT * FROM __Namespace WHERE Name='CCM'" -Namespace "root" | Remove-WmiObject #To remove WMI CCM and finally reboot the system. Then install the SCCM client and allow the system to process everything for at least a few hours. Keep an eye on C:WindowsccmsetupLogsclient.msi.log during the install.