What changes take place when my Patch Management Software Update has been revised?

Article:TECH40390  |  Created: 2008-07-22  |  Updated: 2013-12-09  |  Article URL http://www.symantec.com/docs/TECH40390
Article Type
Technical Solution

Product(s)

Issue



What changes take place when my Patch Management Software Update have been revised?


Environment



Patch Management 6.2 & 7.X


Solution



When the vendor revises an update, the distribution points, and code base, for the package will be changed. This process automatically revises the share points and recreates the packages for the revised updates.

If the Revise Software Update Task is not executed, the Software Update Task / Policy will be disabled when Patch Management detects a revisory was in order. Generally displaying an error on the Task / Policy showing that the Bulletin was revised and the packages need to be recreated by running the Revise Software Update Task. 

  • Note: Running the Revise Software Update Task will update the share points, but will also disable the check box for that specific advertisement on the Software Update Task / Policy > Advanced tab. These check boxes need to be re-enabled in order to continue rolling out the update through Patch Management.
     

The Revised Software Update Task can be scheduled on the PMImport at the following locations and listed below are ways to ensure updates are still being deployed after they have been revised:

PM V6.2: Go to Console > Configuration tab > Solution Settings > Software Management > Patch Management > Server Settings > Microsoft Settings > Microsoft Patch Management Import
 Right pane - Revise Software Update Tasks heading.

  • Select - Automatically Revise Software Updates tasks after Patch Management Import
     
  • There is no setting to deploy these 'newly' added updates: may run the attached report (Tasks With Disabled Advertisements.zip) to check with Software Update Tasks.
     
    • The report can be imported from any remote Console session; however, for best results – Login with AP ID on the NS and import it directly on the server. 
       
    • Another helpful KM: TECH39772. This article outlines how to modify the Revised Software Updates Policy so that it will not uncheck the Software Advertisements.

PM V7.X: The setting: 'Enable distribution of newly added software updates' may be enabled to ensure the individual Software Update Advertisements remain in enabled.

  • Console location for PM 7.X releases are detailed further on KM: HOWTO49674
     
  • Advisory1: Once enabled; this process only affects Software Update Policies moving forward. The process is not retroactive and will not enable the advertisements for revised Software Updates prior to this setting being enabled.

    • Review the following options regarding Software Update Policies already in place prior to the enablement of this setting, for either one of them will assist with this behavior moving forward:

      • Option 1: Manually enable the advertisements for the affected Software Update Policies > Advanced tab to push tout in the environment.

        • Import the attached Custom SQL Report (Software Update Policy_Disabled Advertisements.xml) into the console to view Software Update Policies with disabled advertisements.

          • Save xml file on the SMP

          • Open the Console > Reports > All Reports > Software > Patch Management; highlight the respective folder to hold the report, right-click > Import, and select the xml saved. 

            • Note: there is a right-click option added to this report to take you directly to the affected Software Update Policy. This is not intended to display the listed names of the disabled Software Update Advertisements, for the review on the policy is still going to be in order to re-enable them, so this option is the most beneficial.

      • Option 2: Disable the affected Software Update Policies and recreate them, so they will be updated moving forward.

        • Disable the affected Software Update Policies for 3-5 days and then they can be deleted. This is to ensure you do not get every targeted client throwing an error 'Item not found' in the SMP Logs. Once all targeted clients confirm the change in status for the disabled policy; the SUP can be deleted.

        • Assistance: Disabling multiple Software Updates can be time consuming; please view the attached doc (Find & Disable Software Update Policies.sql) in the Microsoft SQL Server Management Studio to assist with disabling the unwanted Software Update Policies through the database.

          • Caution: best practice is to ENSURE CURRENT BACKUP OF THE DATABASE IS IN PLACE, for any scripts ran to update any items manually may cause adverse affects or undesirable results.

          • Note: The Console GUI may not display this status right away due to the database being altered; refresh the Console page on the browser to confirm disabled status.
             

  • Advisory2: An enhancement request has been submitted to review the naming convention of this process, for the wording '...newly added...' tends to promote the idea that the current month's released updates will be distributed.


If there are issues with the Revised Software Update Task running, the update can be restaged to recreate the distribution shares / code base as follows.

  • PM V6.2: Go to the Console > Tasks tab > Software Management > Patch Management > Manage Software Updates
     
  • PM V7.X: Go to the Console > Action > Software > Patch Remediation Center
     
  • Highlight the revised bulletin, right-click / Recreate Package, and this will download the revised updates.

 


Attachments

Report for PM 6.2: View Software Update Tasks with disabled advertisements.
Tasks With Disabled Advertisements.zip (2 kBytes)
Import this xml to the Reports; displays listing of Policies that have disabled advertisements, and the right-click > Open will allow for viewing the individual Software Update Policy. This works for PM 7.1, SP1, SP2, MP1.x & 7.5.
Software Update Policy_Disabled Advertisements.xml (9 kBytes)


PM 7.X: SQL Script that details all current Software Update Policies enabled and their respective Guid, and a SQL Script to set the status of each policy to 'disabled' where Guid = respective Guid. - Warning: ensure current backup of database is in place prior to executing scripts that manually alter console items. Note: this doc is a .sql doc to maintain integrity of the scripts.
Find & Disable Software Update Policies.sql (772 Bytes)

Legacy ID



43204


Article URL http://www.symantec.com/docs/TECH40390


Terms of use for this information are found in Legal Notices