Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Windows System Assesment Scan is not running

Created: 11 Jun 2012 | 9 comments

Hi,

I am running in to the following problem.

In our environment  most of the machines not running Windows System Assesment Scan   where as the machines are reporting the updated  inventory report.

Did any one face this problem or do any one know what to do in this case ? Can any one please tell  how do I remediate those machines remotely.

 

Thanks,

 

 

Comments 9 CommentsJump to latest comment

mclemson's picture

The Windows System Assessment Scan reports vulnerability inventory for Windows updates known to the NS.    So either the computers are running the scan and reporting vulnerability inventory, or they are not running the scan and there is no inventory.  

If some computers are not running the scan, ensure they have the Software Update plug-in installed and a valid schedule exists for the Windows System Assessment Scan.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

Pravash Sahu's picture

Thanks a lot Mike,

Please note all those machines are having Software Update plug-in installed and also there is a valid schedule exists for the Windows System Assessment Scan policy. Further those machines are reporting the inventory also. Only problem is that they are not reporting Windows System Assessment Scan.

As the no. of machines are very high its also impossible for us to check individually. Please help me how can i remediate those machines or is there any troubleshooting docuements related to this.

Thanks,

 

Pravash

 

 

 

Roman Vassiljev's picture

Hi Pravash,

Could You please provide some additional details?

Have mentioned machines reported Windows System Assessment Scan results before?
You can check when Last Inventory was received from those machines in Windows System Assessment Scan summary report (All reports > Software > Patch Management > Diagnostics)

Is this issue reproducible in case of starting Windows System Assessment Scan via task(Manage > Jobs and tasks > System Jobs and Tasks > Software > Patch Management > Run System Assessment Scan for Windows)?

Is it possible to provide us with assessment log from client where issue is observed?
(STPatchAssessment.log & STPatchAssessment.xml from client directory C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\)

It would be great to check Agent logs captured when Windows System Assessment Scan is running on any of those machine as well.

Thank you,
Roman

Pravash Sahu's picture

Thanks Roman,

Answering to your queries below:

Yes, the mentioned machines reported Windows System Assessment Scan results before.

Due to some internal restcrtion we can run the Windows System Assessment Scan via task(Manage > Jobs and tasks > System Jobs and Tasks > Software > Patch Management > Run System Assessment Scan for Windows).

 

As the no. of machines are very high its not possible to provide the log file  of  C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\)

Is it possible for you to provide me some basic troubleshooting guides for the same.

 

Thanks,

 

Pravash

 

 

Roman Vassiljev's picture

Hi Pravash,

Thank you for answers. One more question - did you perform Patch Management  import for all vendors/releases or just for specific releases of some vendors?

Considering that some of your machines send Windows System Assessment Scan results to NS correctly, it is most probably that issue occurs on client machines, where  Windows System Assessment Scan should run, So to investigate cause of this issue you need to start troubleshooting from any client machine where issue is observed. Do you have opportunity to access any one of those machines?

You need to check that:
1. Windows System Assessment Scan policy is received on client machine and scheduled correctly.
2. Windows System Assessment Scan package is downloaded (Assessment scan files usually are downloaded to folder "C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\" after new patch data is imported on NS via PMImport task) You can check download history for Assessment Scan package by double click on Windows System Assessment Scan policy in Symantec Management Agent.
3. If Windows Assessment scan package is downloaded and scheduled, please check run history for Assessment Scan policy (double click on Windows System Assessment Scan policy in Symantec Management Agent)
Assessment scan should be started according to schedule. Successfully completed assessment scan has exit code = 0.
4. If assessment scan is failed please provide us exit code, try to start it again from SMA UI (Select Windows System Assessment Scan policy and click Windows System Assessment Scan under Application Tasks tab of SMA), after that check Agent logs and attach them
5. If assessment scan is completed successfully, but NS still does not receive results, please send us STPatchAssessment.log & STPatchAssessment.xml from client directory C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\

Thank you,
Roman

Pravash Sahu's picture

Thanks a lot Roman,

Answering to your question-did you perform Patch Management  import for all vendors/releases or just for specific releases of some vendors? Yes, We do perform Patch Management  import for specific vendors/releases as per our scope.

Further to get the complete idea about the Windows System Assessment Scan can you please give me some inputs about the followings:

Whats are the basic reasons for the failure of WSAS on Client?

Which logs files are generated and where  on NS regarding WSAS which client reports to NS?

What is the work flow of WSAS?

How it works from NS to Client and vice versa?

I just want to have an idea on complete end to end process of WSAS.

 

Thanks,

Pravash

 

 

Roman Vassiljev's picture

Hello Pravash,

Windows System Assessment Scan is running directly on clients where SWU Plug-in is installed according to defined schedule.
General workflow is the following:
As soon as PM Import task is completed on NS, Windows System Assessment Scan tool is downloaded to clients where SWU Plug-in is installed. This tool depends on performed PM Import task and includes information about imported updates, so WSAS tool is downloaded to clients after every PM Import task in case if tool has been updated. You can find downloaded Windows System Assessment Scan Tool package in Software Delivery tab of Symantec Management Agent on clients. Then WSAS runs on each client and detects missing updates based on information generated during last PM Import task. After Windows System Assessment Scan is completed on client, Inventory results (information about Applicable / Installed / Not installed updates) is sent to NS, where it is shown in compliance reports.

By default only delta information about missing updates is sent to NS(if nothing changed since last WSAS run, nothing will be sent to NS), This option may be changed in Windows System Assessment Scan policy using checkbox 'Sent Inventory Results Only If Changed'.

If patch inventory results are not received by NS, it is necessary to check that information about missing updates is collected on client. Client agent logs, STPatchAssessment.log and STPatchAssessment.xml should show if WSAS does not work correctly. In case if, according to these logs, everything is fine, most probably some problem occurs during sending Inventory Results to NS.

Hope this helps.

Best regards,
Roman

Snev's picture

We are having issues with machines spiking while deploying SCCM. STpatch is bogging down the endpoints.Is there a updated procedure to resolve this?

 

Roman Vassiljev's picture

Hi Snev,

May I ask to provide more details on your issue?

What version of Patch Management Solution are you using?
Could you please describe detailed steps to reproduce this issue?
Do you have any errors in log? It would be great to have Agent logs from the affected machine.

Thanks,
Roman