Video Screencast Help

MS13-A01 patch keeps attempting to install after successful install

Created: 04 Feb 2013 | 7 comments

Hi Everyone

I need some more help. This time it is to do with Patch Management.

The system information:
NS Version - 7.1 SP2 Roll Up V3
NS Server - Server 2008 R2 Standard
SQL DB Server - Seperate server to the NS

I have sent out the patch MS13-A01 to machines during January. The patch reports as being installed successfully. But then it is trying to install again.

I have extracted the logs from a few client computers and they have had this patch installed multiple times successfully.

You can see a log below from one machine.

 

Attempt time

Update name

Update GUID

Bulletin name

Status

Command line

Exit code

24/01/2013 18:15

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

27/01/2013 18:05

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

29/01/2013 18:03

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

31/01/2013 15:04

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

3/02/2013 0:35

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

5/02/2013 11:20

rvkroots-KB2798897.exe

{816D196F-55C8-4E34-BB37-5DC80A6F52F6}

MS13-A01

Succeeded

rvkroots.exe /Q

0

This is happening on multiple machines. It seems to be limited to this patch out of the monthly bulletin releases.

Is anyone else having this problem?

I have taken a look at the compliance report this morning and it reported that 162 machine had the patch installed and there were over 300 requiring the patch. Now in the afternoon I look and it is reporting that 355 machines have the patch installed. I am going to keep an eye on this when it does its next Assessment Scan and see if the results change again. I am thinking that when the Assessment Scan runs it is reporting that the patch is NOT installed and installs it. Even though it has already been installed.

Any help would be appreciated.

Is there anything I can check?

Additional possible useful information:
My Policy is set to "No repeat" for this job.

Regards
Jason

Comments 7 CommentsJump to latest comment

mclemson's picture

When was your last PMImport?  Other products (e.g. http://thwack.solarwinds.com/thread/53780) have a similar issue with this bulletin.  Perhaps Microsoft revised it.  If you've done a new PMImport lately and restaged this patch, perhaps the new release works properly.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

oi_son's picture

Hi again mclemson

My Patch Import (incremental) runs every day at 1am. I just checked it and it has been successful each day over the past 5 days.

I have not restaged the patch though. Should I do this? I only have to "recreate" the patch right? I dont have to "distribute" the patch again do I? Because it will automatically do it from the already created policy?

I have just checked the compliance on that particular bulletin and 382 machine have the patch installed. So it seems to be ok for the time being. I am keeping my eye on it though because going off the table I provided above it is every 2 or 3 days that the patch gets re-deployed.

Regards
Jason

oi_son's picture

OK. I just checked the compliance again and MS13-A01 dropped to 250 for the the installed count. 281 being not installed.

So it seems that the scan is revealing that the patch bulletin is not installed properly but the client computers are reporting locally that it is installed.

Should I re-download the patch?

Has anyone else had any issues with this?

Thanks for your replies mclemson

Sally5432's picture

This isn't a patch my machines are showing as needed in win update (though altiris compliance thinks I need it), so I didn't push it out.  I always go by what win update reports I need first.

Does windows update say your machines need the patch (before it's patched with patch mgmt, like a freshly imaged computer)?  If so, once PM installs it once, does the patch disappear from the windows update necessary list?

If so, and PM keeps trying to reinstall, it sounds like you need to put a ticket in.  Include screenshots and your PMImport number (click on details of last time it ran and u will get a version) in the ticket to try to speed it along.

Good luck.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

EdT's picture

Might be worth a peek in the event logs of the affected machines to see what the machine "thinks" is going on.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.

oi_son's picture

Hi There Thanks for your replies so far everyone. I have now logged a job with Symantec. We will see what comes out of it. I checked Windows Update on a machine that says the patch has been installed (in Altiris) and it says (in Windows Update) that the patch still needs to be installed. I will let you know what happens when Symantec get back to me.

Windows Update.JPG
mclemson's picture

What was the response from Symantec?  Problem with their detection rule?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com