Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Problem with unknown compliance status in for servers in Altiris 6.

Created: 26 Nov 2012 • Updated: 05 Dec 2012 | 6 comments
7ah's picture
This issue has been solved. See solution.

Hello,

I need some help trying to solve a problem with the patch management information in an old Altiris 6.0 installation. I don’t know a lot about Altiris and the person how setup up the system has left the company. It’s a large installation with many (2000+) active registered servers and clients in the system.

We are having a lot of server that don’t show up in the patch compliance reports.
It looks like they for some reason don’t get to report their compliance status – or that the notification server discarded the information.
When we look at the servers we can see that the patches in most cases are applied as they should be – but still there is no information in the reports (not even 0.00%).

There are no apparent errors in the client or server side log files – at least not that I understand.
It’s been hard to establish a pattern of why the problem occurs – as it appears spread out over new and old server, different versions of windows etc.

We can have two virtual servers that are installed two days after each other from the same automated install image – and one server shows the compliance fine – the other doesn’t.

As I’m not familiar with Altiris I’m not sure where to start troubleshooting.
For all I know there might also be multiple errors or problems with the Altiris installation.

I have tried goggling and looking at documentation – but so far it’s only confused me more.

If anybody can help in any way or point me in the right direction I would be very grateful!

Thanks!

Comments 6 CommentsJump to latest comment

Roman Vassiljev's picture

Hi 7ah,

It sounds like Client-Server communication problem, but I would recommend to start investigation from the starting point, when information about patch compliance is collected on client.
Could you please try to run AexPatchUtil.exe /I on affected client and check whatever patch inventory is collected and events are sent to NS. Please refer to another Symantec Connect topic related to similar issue : https://www-secure.symantec.com/connect/forums/compliance-report-not-updating
AeXPatchUtil tool is described in this topic as well.

Thanks,
Roman

7ah's picture

Hi Roman,

Thanks a lot for your reply.

I already did try and run the AexPatchUtil.exe tool directly on an affeated client.
It runes with out an error and in the popup window this is what is written:
 

Altiris (R) Software Update Agent
Copyright (C) Altiris Corp. 2004-2006. All rights reserved.

Software Update Agent Command Line Interface

Running All Inventory...

Done.

Press any key to continue . . .

When I check the agent.log file this is what I see (I have attached the full agent.log file from the client):

<event date='Nov 27 18:04:55' severity='4' hostName='DKSDAS32' source='CInventoryRuleAgent' module='InventoryRuleAgent.dll' process='AeXNSAgent.exe' pid='696' thread='7428' tickCount='1565702287' >
  <![CDATA[About to run all inventory]]>
</event>
<event date='Nov 27 18:04:58' severity='4' hostName='DKSDAS32' source='InventoryRulePolicy' module='InventoryRuleAgent.dll' process='AeXNSAgent.exe' pid='696' thread='1488' tickCount='1565705875' >
  <![CDATA[Running inventory policy [Default Microsoft Vulnerability Analysis Policy] - {06D80F00-9D63-4714-ACD7-CE980E8C139A} ]]>
</event>

This particaluar client is a Windows Server 2008 R2 (I'm currently only investigating problems with the servers), but we also have this problem on Windows Server 2003 with SP2 machines.
We have another server called DKSDAS31 that is virtually identical to DKSDAS32 - they are created from the same image, are in the same OU in AD etc. etc.
But DKSDAS32 (and 33) is not just not showing up in the  compliance reports on the Notification Server - eg. in the "Microsoft Compliance and Vulnerability by Computer" report. (See the attached image).

On the Notification server it does apear that we have exceed our amount of "Altiris Inventory Pack for Servers" licenses - we are getting this resolved. But I'm uncertianed if this could be the cause of the problems we are experienceing. For you reference I have attaced the output from the "Currently Installed" tab in the Altiris Solution Center console. 

Any further advice and guidance is highly appriciated.
Thank you!

Microsoft Compliance and Vulnerability by Computer 27.11.12.JPG
AttachmentSize
Agent.zip 7.16 KB
Altiris Solution versions.xls 398 KB
andykn101's picture

Check that the GUID in the agent on the two virtual servers you mention is different.

Check your Bad directories in the event queues in the nscap share on the NS, perhaps events are being dumped in there.

Check you have enough licences.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

7ah's picture

Hi Andy,

Thanks for your response!

1)
I did check that the GUID is diffrent on the two server - and it is.
The GUID reported in the agent on the servers corrosponds correctly to the GUID's reported for the recources in the Altiris console.

2)
On the NS there is currently 489 files in the Evt* folders distributed like this:
├───EvtInbox 0
├───EvtQFast 307
│   ├───Bad 307
│   │   ├───Exception 43
│   │   ├───InvalidOperationException 3
│   │   └───ItemNotFoundException 261
│   ├───Process 0
│   └───tmp 0
├───EvtQLarge 0
├───EvtQSlow 171
│   ├───Bad 171
│   │   ├───AeXException 2
│   │   ├───Exception 60
│   │   └───ItemNotFoundException 109
│   └───Process 0
├───EvtQueue 1
│   ├───Bad 1
│   │   └───AeXException 1
│   └───Process 0

I searched for the server name DKSPAS32 inside them - but it not mentioned anywere. So I guess that's not the problem eihter.

3)
We have exceted our "Altiris Inventory Pack for Servers" licenses by a small amout (50) but this is being resolved soon. However there part plenty of free "Patch Management Solution for Windows" and all other licenses avaiable. I have been wondering if this could be part of the problem - but we currently have around 300 server not reporting patch status at all (just not show up in the reports and never has - see my respons to Rolan inqury).

Any idears on how to proceed for here.
Thanks!

Roman Vassiljev's picture

Hi 7ah,

Could you please check Inventory Rule Summary on NS in order to ensure that rules are working on client?

Firstly navigate to Default Microsoft Vulnerability Analysis Policy and Default Microsoft Software Inventory Policy. Enable checkbox 'Send inventory summary' if it is disabled. Also set option report inventory to 'Always' (not 'only if changed')

After modified policies are applied to affected client and executed on client navigate to Inventory Rule Summary for this machine:
1. Tools > Resource Manager
2. Select affected computer as resource
3. In opened Resource Manager navigate to Events tab > Data Classes > Inventory Rule Management > Inventory Rule Summary
4. Check when last event(Applicable/Installed Microsoft Software Update) has been received, Number of rules returned TRUE/FALSE, number of errors

Thanks,
Roman

7ah's picture
**UPDATE - PROBLEM SOLVED**  
So we found the problem - and I'll added here just in case somebody needs it another time:
 
  
We installed this hotfix pack:  Combined fixes for known Patch Report Discrepancies, Dashboard issues etc. (http://www.symantec.com/business/support/index?pag...)
And it solved all our problems in this regards.

Thanks to Roman Vassiljev & andykn101 for input.

SOLUTION