Software Update Agent Diagnostic
|Article:HOWTO10532|||||Created: 2009-08-26|||||Updated: 2009-09-16|||||Article URL http://www.symantec.com/docs/HOWTO10532|
How do I quickly and easily troubleshoot the Software Update Agent and gather required support files?
The Software Update Agent (SUA) Diagnostic leverages the local IAD rule cache, registry, agent files and the Windows Update client on managed Software Update agent client computers to assist Symantec support and customers in maintaining and troubleshooting SUA related issues in the environment.
The SUA Diagnostic utility provides the following functionality in the current release
o Inventory Solution Integration to enable remote diagnostics to be performed across many systems and provide reporting facilities.
o Lists all bulletins currently targeted to the managed computer via Patch Management Solution.
o Resolves associated targeted rule GUIDs.
o Resolves associated targeted SUA package GUIDs.
o Reports associated targeted SUA package settings and status.
o Reports status of targeted bulletins.
o Leverages Single Rule Evaluator functionality to evaluate IsInstalled and IsApplicable rule evaluation results.
o Reports results of last vulnerability analysis for selected rule.
o Provides interface for evaluating single rules not targeted at the client via GUID.
o Leverages Microsoft Windows Update client to provide listing of all bulletins targeted by Windows update which are applicable and not installed per Windows Update logic.
o Generates a directory structure containing primary support information such as rule evaluation results, logging information, verbose rule evaluation logs and associated client policy information quickly and easily.
o Provides simple access to client package directories and the PatchInfo gathered data.
o Allows for single-click force update behavior.
o Allows single-click execution of SUA inventories.
o Allows single-click execution of SUA full Patch Cycle.
o Identifies the effective SUA policy and server of origin.
o Identifies SUA version.
o Provides formatted report output.
- Notification Server 6 client
- Software Update Agent
- Microsoft .Net Framework 2.0
1. Download the attached SUA_Diagnostic_build.exe to system meeting requirements.
2. Execute the package.
3. Package will extract to the users temp directory or any directory selected in the self extractor and execute “.\ PatchManagementDataGather.exe”.
4. From the “Bulletins Targeted To This Machine” dropdown menu, select the bulletin to be evaluated.
5. Click “Evaluate Selected”
6. Once evaluation completes, the “View Rule Processing Detail” buttons will be enabled and available for use and the data fields in the UI will populate with available information.
7. All generated and gathered files will be stored in .\SupportFiles subdirectories.
8. The standard consolidated report will be located in the .\SupportFiles directory and named Agent_Full_Report.txt.
Command line arguments for PatchManagementDataGather.exe
None – Standard UI with manual evaluation
/I - Generate inventory NSI in the default inventory directory of the agent (.\Altiris\eXpress\Inventory) for standard agent diagnostic information. This will include all agent settings and evaluation of all software updates targeted to the client.
/IS - Same as /I with added Windows Update scan of the computer with separate NSI in the standard inventory directory.
Data Elements gathered
Effective SUA Policy
Effective SUA Policy GUID
SUA Bulletins Targeted to this computer
Failed Application Count
Max Reapplication Retries Exceeded
Reboot Before Install Code
Allow Immediate Reboot
Single Rule Evaluation
IsApplicable Rule GUID
SRE IsApplicable Rule Result
IsInstalled Rule GUID
SRE IsInstalled Rule Result
Last Vulnerability Analysis Results (Results from Standard Vulnerability Analysis)
Windows Update Scan (Optional)
List of all applicable and not installed bulletins per Windows Update scan.
Inventory Solution Integration (Optional)
An additional option for this tool is to integrate the data with the standard inventory solution for use in troubleshooting. This step is optional.
When using the Inventory Solution Integration, all data elements handled will be uploaded to the Notification server and inserted to the database. Example reports are included in the package.
Data tables created:
dbo.Inv_PatchDiagWUSScan – table containing all Applicable and Not installed updates per Windows Update scan.
dbo.Inv_PatchDiagData – All data elements except the Windows update data.
Inventory Solution Integration instructions
1. Extract the contents of the attached package to the Inventory Solution Package directory on the Notification Server. Typically, .\Program Files\Altiris\Notification Server\nscap\bin\Win32\X86\Inventory Solution. Note: The provided SUADiag.ini file will default to Inventory mode only with no Windows Update Scan enabled. To enable Windows update scan in the inventory, the SUADiag.ini file will need to be edited to provide the /IS switch instead of the /I.
2. Open Tasks > Assets and Inventory > Inventory > Windows > Inventory Tasks in the Notification Server console.
3. Clone the Software Inventory task. Name the new task “SUA Diagnostic Inventory”.
4. In the newly created inventory task, click Go To Package
5. When the Inventory Agent Package comes up, Select the Programs Tab.
6. On the Programs tab, click New. Complete the fields as follows:
Name – SUA Diagnostic Inventory
Command Line - AeXInvSoln.exe /cleanbeforerun /hidden /s SUADiag.ini
(Note: CleanBeforeRun is optional but recommended)
Starting window – Normal
Run with rights – System Account
Program can run – Whether or not a user is logged in
7. Click Apply
8. Click Update Distribution points
9. Close the Inventory Agent Package, returning to the SUA Diagnostic Inventory Task
10. Refresh the browser window using the IE toolbar.
11. Using the dropdown menu for Program Name in the SUA Diagnostic Inventory task, select the SUA Diagnostic Inventory program from the package.
12. Select the target collection using the picker for Applies to collection. (Please note: All targets should have the Software update agent installed, be managed computers and if using the /IS switch, must have direct access to the internet without being prompted for credentials.
13. Set schedule, enable task and click apply.
NOTE: This is an unsupported tool and is intended to be used only as a resource.
08/25/2009 1.0.0056 - Initial Release
08/26/2009 1.0.0075 - Corrected "Bulletins Targeted To This Machine" input validation issue.
- Added exception handling logic for machines with no targeted bulletins.
08/27/2009 1.0.0076 - Consolidated support files location.
08/27/2009 1.0.0077 - UI enhancements.
08/27/2009 1.0.0078 - Relative path support and override default extraction location.
09/03/2009 1.0.0079 - Agent_Full_Report output creation and formatting.
- Inventory Solution Integration for remote diagnostics data gathering.
- Reporting capabilities with example reports.
- Command Line handlers.
Article URL http://www.symantec.com/docs/HOWTO10532