CMS 7.x - patch mgmt support frustrations, is it just me?
Created: 15 Nov 2012 • Updated: 17 Sep 2015 | 8 comments
My biggest frustration with Symantec/CMS is the wide variety of quality of support I get for different components of the product. For some parts, like deployment, I usually am able to get actual product issues escalated into development within a reasonable amount of time.
I know that patch support has gone through some transition lately, but it is still often painful. My patching process is I look at a few baseline machines that represent my fleet and see what patches are available in win update. Then I go to CMS and start testing available patches on those machines, then send to test group, then to the fleet. My goal is to make those baseline machines show as few available patches as possible for Microsoft. I don't know if others are patching the same way - seeing what's in win update and basing which bulletins to stage off of that.
Inevitably, almost every month, there's a patch that was released (or updated) by microsoft that Win Updates says I need that is either not showing in remediation center, or it shows installed already (if it's an updated patch v2, etc) when I still need the new version. These are usually pretty straight forward PMImport issues that IF I can get the issues escalated to 'backline' - they're usually fixed, sometimes quickly, sometimes it takes a few weeks.
My problem isn't with backline sometimes taking long (although for critical security updates, waiting a few weeks is questionable). I understand that patch support must be very complicated. My complaint is getting those tickets escalated is often difficult at best. When a ticket goes in, I try to be as descriptive as possible. I've learned to include my OS, my PMIMport version, screenshots, etc. Some of these tickets are so obvious PMImport issues, but Level 1 will come back sometimes asking me to describe the issue without any indication they read the info I put in the case, and then after going back and forth for days or weeks, asking me to run through the barrage of data collection from HOWTO60789 (which I shouldn't have to do for every patch case). I get that they need XYZ in order to escalate, but I'm tired of every month going through the wringer.
I often ask if Support has a test environment, does the patch show for them, etc. One time they told me 'yup works for us' and my issue was I wasn't selecting the right Microsoft data under the 'import patch data for windows' and I should check every single MS update there. I refused, not wanting the clutter (it was an office update, I had all the office versions checked) and asked the tech to ask backline which update needed to be checked. Weeks later I got a reply that backline fixed the issue and now it works as expected without me checking anything additional in import patch data job. It was questionable to me that it ever really was working for the tech in their test environment.
I have 2 remaining tickets in for October win updates, and Level 1 tech assigned to the case seems to be doing his best, but seems to be getting the run around trying to escalate the case. He replied that backline said "If you go to Programs and Features (Add/Remove Programs) in the Control Panel. Enable see Updates, are both of these updates installed? If they are showing installed there, but Windows Update says it is not. Then something is wrong with the Windows Update tool or within those two updates themselves. That would be something Microsoft would need to address." In control panel, I don't have the win updates installed, and win upadte is correct. Really, the odds that windows update is reporting wrong and remediation center is reporting right are slim to none in my book.
Patch is the reason I chose CMS because it represented one console where I could do anything. I totally understand that PMImport issues are going to happen, but, as a customer, I am tired of feeling like the tickets I put in are inconveniencing backline and I need to do a handstand while bouncing a ball on my feet to get them to even look into it. I'm paying for support. I'm helping you to make your product better because I'd estimate 9/10 patch issues I put in are PMImport issues that must affect more than me. I don't expect anything to get fixed overnight, but I do expect to be able to feel like my ticket is in the hands of someone who understands and is working towards a resolution.
Are others getting the run around almost every time they put a patch ticket in? I used to have a great Sales Engineer contact at Symantec who would escalate any case I had issues with and it almost always lead to a quick resolution. He has left the company, and the replacement isn't answering my emails. One time on the forums I was given contact info for someone else who deals with patch issues exclusively, but he has also left the company.
Any suggestions short of looking for a new PC management suite?