Software Updates are generating errors for the client policy xml files.
|Article:TECH46342|||||Created: 2009-10-30|||||Updated: 2015-03-17|||||Article URL http://www.symantec.com/docs/TECH46342|
The following errors are seen on the logs and some agents with these polices will not update their configuration.
Have seen some instances where the Remediation Center displays Bulletins with Staged=False, when in fact they are Staged=True. This appears to be a visual of the issue on the Remediation Center.
Description: Unable to generate policy XML for item: [Software Update Name] [Software Update Policy Name] (Software Update Advertisement GUID)
Patch Management Solution for Windows 7.1.X & 7.5
The associations between the Software Update Package / Installation Files have become corrupt.
Specific possible cause; Import Patch Data for Windows is not running clean up tasks for Software Update Packages and deadlocking during the Download Software Updates portion of clean-up.
These associations are created on-the-fly during the creation process. The recreation process is the best method to restore these resource associations, for it would take an extensive amount of time and multiple SQL scripts just to isolate the missing associations and restore them one by one.
Moving forward: Work through the following will rebuild the Software Update Policies with the proper resource associations, run the attached performance scripts for Revise Software Updates during the PMImport, and disable unnecessary Software Update Policies (allow for clients to update configuration and receive the changes) and delete them when confirmed clients received the change. This will ensure the issue doesn't arise again as the environment could be experiencing performance issues when recreating the associations during the PMImport.
First run the 'Check Software Update Package Integrity' Job; see if the Update to Advertisement resource associations can be rebuilt through automation.
- Found on the Console > Manage > Jobs and Tasks > System Jobs and Tasks > Software > Patch Management
- Advisory: this is often not the resolution, for it will merely recreate the packages, but if the associations are unreparable; the process below will need to be performed.
Work through the following to resolve this issue and recreate the Resource Associations from the Software Update Policy to the Software Update Package and ensure they are targetable to the Client / Resources themselves:
1. On the Console > Manage > Policies > Software > Patch Management > Software Update Policies > Windows
1. Disable the affected Software Update Policies; this process alone will alleviate the errors from the SMP Logs; however, the deployment will not longer be in order, so the remainder of these 6 steps will need to be implemented.
2. Leave these policies disabled for 3-5 days; allowing for targeted Clients to Update Configuration and receive change in status, and when all targeted clients receive change in status, it should be safe to delete the unwanted policies
3. Recreate the Software Update Policy for the affected Bulletin. Keep in mind the limitations outlined in KM: HOWTO95202
2. Isolate which of the Software Updates have become corrupt:
1. Method 1: Review the SMP Log to isolate the affected Bulletins from the listed errors
2. Method 2: The SQL scripts listed below will also assist with isolating which updates have lost their resource associations
3. On the Console > Actions > Software > Patch Remediation Center:
1. Highlight and Right-Click > Disable all affected Bulletin(s)
1. Important: Right-click > List Software Updates the software KB#(s) for step 3
4. On the Console > Manage > Organizational Views > Default > All Resources > Package > Software Package
1. Utilizing the list made in step 2.1.1; highlight the affected Software Update in the list, and Right-Click > Delete, from the listed updates.
2. Repeat this process for each update, for each affected Bulletin, and this will ensure the Resource Associations are cleaned up in the database.
5. On the Console > Settings > All Settings > Software > Patch Management > Core Services
1. Ensure the current location for Package Download is displayed:
1. Note: default is at C:\Program Files\Altiris\Patch Management\Packages\Updates
2. Drill down on the File Structure to this location:
1. Physically delete the affected Software Update Package Downloads from the SMP's hard drive
6. On the Console > Actions > Software > Patch Remediation Center
1. Highlight > Right-click the Bulletin > Select 'Download Packages' to recreate the Software Updates
2. Highlight > Right-click the affected Bulletin(s) > Select 'Distribute Software Updates' to recreate the Software Update Policy for the clients to receive the packages
Advisory: The following SQL Query results will reveal a list of Bulletins and Updates for which the packages need to be recreated with a null or blank entry in PM 7.0 - 7.1 (see attached doc below for PM 7.1 SP1+):
select it.Name as Bulletin, it2.Name as [Update], it3.Name as [Superseded By]
from ItemReference ir
inner join ResourceAssociation swu_pkg
ON swu_pkg.ParentResourceGuid = ir.ChildItemGuid
and swu_pkg.ResourceAssociationTypeGuid = 'A19CED33-9E1F-4E97-98CF-0F8B339739C3'
and ir.Hint = 'swu'
left outer join ResourceAssociation pkg_fle
ON pkg_fle.ParentResourceGuid = swu_pkg.ChildResourceGuid
and pkg_fle.ResourceAssociationTypeGuid = '34f2b0fe-e63e-4b8e-b359-ff73a026fe51'
INNER JOIN vSoftwareUpdateInventoryRuleAssociations v
ON swu_pkg.ParentResourceGuid = v.SWUGuid
join Item it
on it.Guid = v.SWBGuid
join Item it2
on it2.Guid = v.SWUGuid
left outer join Item it3
on it3.Guid = v.SupersededBy
-- inner JOIN ResourceAssociation file_type
-- ON pkg_fle.ChildResourceGuid = file_type.ParentResourceGuid
-- and file_type.ResourceAssociationTypeGuid = '4d33d29b-dc9f-4e72-9a80-c5fb7cec0fb6'
where pkg_fle.ParentResourceGuid is null
Advisory: Review attached SQL Script Doc for updated script to run in PM 7.1 SP1, SP2, MP1.x and 7.5, for that will help ensure the PMImport is in order and Resource Associations are not hindered with deadlocking during that revise process.
Additionally: Review the clean-up settings for Revise and Newly as outlined on KM: TECH40390 and enable these settings if possible, for they will maintain package integrity for updates that have been revised. Note: The above steps may still be necessary once these have been implemented, for the packages may still have stale codebases and need to be recreated once more, and then the PMImport can prevent this from happening moving forward.
Article URL http://www.symantec.com/docs/TECH46342