Video Screencast Help

Update (KB2724197) failed on one managed (target) server

Created: 26 Nov 2012 • Updated: 29 Nov 2012 | 7 comments
This issue has been solved. See solution.

Hi Roman,

October update failed on one target (managed) server.

What version of Patch Data is used?

*** I do not understand what you meant Patch Data, please give me another chance to get your further explanation of this, please.

What OS(including Service Pack, bitness) is installed on affected servers?

*** Windows Server 2003 - Standard Edition - Service Pack 2, v.4998

*** Intel (R) Xeon (R) CUP - X5355 @ 2.66 GHz - 2.00 GB of RAM

What is the name of failed update?

*** KB2724197 - Release Date: 10/09/2012

What exit code is shown after failed installation?

*** I have looked into the C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent for the installLog.csv, but found no such log file. I also did a search of entire box for installLog.csv, but not found.

Did you try to start installation manually on affected machine?

*** I logged into the affected machine, but found no bubble or update prompt  (used to be at lower right corner). Up to today, there is still no bubble or update prompt.

Please attach STPatchAssessment.log & STPatchAssessment.xml from affected machine that are located at "C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\"

*** Please find attched.

Thank you,


Comments 7 CommentsJump to latest comment

Roman Vassiljev's picture

Hi Charlie,

Thank you for the attached files.

Regarding Patch Data, I meant version of MetaData imported during last Import patch data for windows task. You can see current version in compliance dashboard(Home > Patch Management portal > Compliance Dashboard > Windows Patch Configuration Summary > version of Data Catalog). BTW, according to your logs, you had Patch data 7.1.371.

You can check exit code for failed installation using Symantec Management Agent UI:
1. Navigate to Symantec Management Agent on affected Windows Server 2003 SP2
2. Find policy containing mentioned WindowsServer2003-KB2724197-x86-ENU.exe
3. Properties dialog should be opened for selected package - Open tab 'Run History'
4. Exit code should be shown for each update installation
Could you please write it in your next posting?

When I asked about manual installation I meant installation via downloaded installer(WindowsServer2003-KB2724197-x86-ENU.exe). Could you try to install it manually and check if any warning messages appears. Some messages are not shown in case of silent installation, however these messages can explain the reason of fails.


Charlie D Tran's picture

Hi Roman,

I did navigated to Symantec Management Agent on fv143 (affected Windows Server 2003 SP2), but found no trace of KB2724197 and its related. Please see attached.

There's used to be a bubble update prompt (located at lower right corner) when logged into Windows server as an administrator, but for this particular server, there is none like that. But I did found KB2724197 downloaded to fv143 at C:\WINDOWS\SoftwareDistribution\Download\6615bf70d329744983d335462fd331b1\update (see attached). I am not sure if Altiris downloaded it, can't confirm that. Anyway, I executed the update.exe and the update was successful with server restart required, and found no warning or error appeared (see attached).

Please advise if you need me to do any further, or if you found something for this scenario.

Thanks so much for your time and support,

Charlie Tran

AttachmentSize 446.45 KB
Roman Vassiljev's picture

Hi Charlie,

I am a little bit confused.
As I see on your screenshots of Symantec Management Agent, there is no Software Update policy received by client. So I may suppose that installation of KB2724197 via Patch Management Solution did not happen on this machine before. Could you please clarify what did you mean when said that "Update (KB2724197) failed on one managed server". How did you determine that update had failed?

Symantec Management Agent does not use location “ C:\WINDOWS\SoftwareDistribution\Download\” by default. It looks like Windows Update service has downloaded update to this folder.


Charlie D Tran's picture

Hi Roman,

You are right.  Our current PM program allows Windows servers to go out to internal intranet site (internal servers) to get monthly updates. These internal servers designed to get updates from Microsoft through sets of firewall and through DMZ zone. Altiris would take over this current PM program, once successfully tested.

" .... How did you determine that update had failed? ... " The subject target server (fv143) was one of the 2003 servers in a sever group (a filter, please see attached) that  I set up with October update. The other 2 was successfully patched with October update (KB2724197). Please advise if you have any further instruction.

Btw, during the pilot test, I failed to install client SMA on one server in DMZ zone. I need to request Firewall to modify the host file to allow Altiris SMP/NS server (that push the client SMA to target client) to communicate to DMZ zone servers. I would like to know what ports the Altiris SMP/NS server use to push (install) client SMA to target client, and what ports client SMA (target client)use to communicate with Altiris SMP/NS server (please see attached Altiris SMP/NS server). I have couple links below which talking about ports for Altiris PM, but not quite sure. Please advise if ports 138 and 445 or ports 80 and 443 are the ones needed to be opened (based on my guess from below links).

I'm really looking forward to hearing from you.

Thank you so very much, Roman, for your times and great support


AttachmentSize 350.21 KB
Roman Vassiljev's picture

Hi Charlie,

Thank you for your explanation.
So you have enabled SWU policy with mentioned update and affected machine(fv143) is included to policy target list,
Software Update Plug-in is installed on affected machine, Windows system assessment scan is executing successfully and, according to output logs, kb2724197 is detected as missing.
At same time this machine still does not received SWU policy with kb2724197.

Could you please check 'Windows compliance by Bulletin' report - is bulletin MS12-068 shown as Applicable / Not installed / Targeted to this machine?
1. Navigate to Reports > Software > Patch Management > Compliance > 'Windows compliance by Bulletin'
2. Search 'MS12-068'
3. Right-click on MS12-068 and select the following drill down report
- View Applicable computers by bulletin
- View Not Installed computers by bulletin
- View Targeted computers by bulletin
Your machine(fv143) should be shown in all three reports, please mention if it is not.

Also please check license for Patch Management Solution (it may be exceeded) - SWU Updates will be installed only to Computers, that have license.


Charlie D Tran's picture

Hi Roman,

Below are answer to the questions:

- View Applicable computers by bulletin *** Yes, fv143 is shown in the list.
- View Not Installed computers by bulletin *** No, fv143 is not shown in the list
- View Targeted computers by bulletin *** Yes, fv143 is shown in the list.

Please note that in your earlier email, advised to manually installed KB2724197 to see if there'd be any error warning appeared. As manually installed, none warning or error appeared.

License info is all right.

Please attached and I am looking forward to hearing from you.

Thanks so much, Roman, for your great support

Charlie Tran

Ps: Btw, is there a quick way to see if the update was actually run on a target computer by looking into Altiris SMC 7.1 console? Thanks.

AttachmentSize 673.5 KB
Roman Vassiljev's picture

Hi Charlie,

I guess KB2724197 is now installed on machine fv143, so initial issue is not observed anymore. I am not sure I can help you with this issue.

Quick way to see if the update was actually run on a target computer is to check Policy execution by computer' report:
1. Navigate to Reports > Software > Patch Management > Remediation Status > 'Windows Software Update Delivery - Details' report
This report shows status (installed/not installed) for each applicable update delivered to clients
2. Right click on any update from 'Windows Software Update Delivery - Details' report and select 'View Complete installations' or 'View Incomplete installations' - 'Policy execution by computer' report will be opened.
Please be aware that for 7.1 SP2 this report shows installation activity for the last 24 hours.