Patch Management Solution

 View Only

  • 1.  patch management the update is not applicable to your machine

    Posted Feb 08, 2012 01:14 PM

    NS7.1

     

    Hey there guys,

     

    I created a report to show me all patches that have failed on client machines.

    From the report I found a couple of failed on a machine and decided to investigate further

     

    eg:  Windows6.1-KB977074-x86.msu Failed 1 "Windows6.1-KB977074-x86.msu for MSWU

    the patch above ran 6 times on the machine, which seems correct due to my retry setting in my update policy.

    When i ran the patch manually on the machine it came up saying " the update is not applicable to your machine".

    So my questions are...

    1.Why Patch management thought the patch was applicable it's not.

    2. When a patch tries to apply itself to the maximum retry count, will that particular patch still show as non-compliant for that machine in the reports?

    3. Will the patch ever try to apply itself again?

     

    I do have a regular revise policy if that helps any.



  • 2.  RE: patch management the update is not applicable to your machine

    Posted Feb 08, 2012 06:14 PM

    I only have an answer for #1: Symantec does not always get the order of operations w/regard to prerequisites/patch order (for example, I have had patches try to apply that require a service pack for Office, yet that service pack is not installed).  This is something that Symantec has said they are working to improve but I was told in the past that it is something that is still occurring at this point.



  • 3.  RE: patch management the update is not applicable to your machine

    Broadcom Employee
    Posted Mar 05, 2012 05:43 PM

    Hi toca,

    What version of Patch do You use? 

    1. Troubleshooting of such issue depends on which Patch MAnagement Solution version You have. 

    a. 7.1 and older: navigate to this update applicability rule through Patch Remediation Center -> Bulletin Resource -> Update, etc. and check why the update is shown as required: the reason could be regisstry key or file of specific version, that is installed on system. 

    b. 7.1.SP1 and newer: Go to Client and open C:\Program Files\Altiris\Altirtis Agent\Agents\SoftwareManagement\Software Delivery\{6D41....}\cache\StPatchAssessment.xml. This file contains information why exactly this particular update is treated as required. It can be some file of specific version for example, or registry key. 

    2. Yes, patch will still be uncompliant for the machine, even if it is failed.

    3. In Case Patch Status is Red (Failed) in Client UI, it will never be re-applied. However, You can force this update installation on client by running command line: C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\AexPatchUtil.exe /F <UPDATE_GUID> 

    Regards,

    Sergei