As suggested by the title I recently had a problem with MS revoking updates. It seems simple enough, but even though those updates are marked as disabled in the Altiris Database, the Zero-Day Patch workflow still tries to download them. This causes all kinds of problems because when the workflow can't download a patch it crashes. If you are like me you don't want to manually create and manage patches. So what do you do?
1. Figure out what database you are using. This seems simple enough, but if you have dealing with Legacy like we were it can get a little silly. CMDB is the default.
2. Check the correct tables in our case Altiris-2014. I jumped onto our SQL server and ran the following QUERY.
SELECT
TOP 1000 [Guid]
,[Enabled]
FROM [Altiris-2014].[dbo].[ItemActive]
--where Guid in ('41F066A7-0E7E-4BF1-B6A5-195573F9F3D6','BA28B8E2-289A-4FA3-8D6D-BBF99E1E5721')
3. Take note I’ve remarked out the GUIDS here. I used these to determine that I am getting disabled updates.
4. Onto the workflow. This is where things get a bit wonky.
5. Create a component. I called it Patch Disabled. You will need to make a note of the DATA connection String.
Data Source=SQL-SERVER-NAME.domain;Initial Catalog=Altiris-2014;Integrated Security=SSPI;
6.This is done from the Symantec Workflow Manager. Select New->Integration and call it whatever you want. Please note run the tool as admin or you will have issues with saving.
7. You will be asked to create a generator. I selected table generator. Go ahead and name it whatever you please.
8. At this point you will be able to setup the connection. Choose SQL Server Provider. Use the Connection String from Step 5.
9. Select the Table ItemActive. This is discussed in step 2.
10. Make sure both columns are selected. Make sure you save this. Make sure to populate the string into components and select read only. You can now import this.
11. Open Symantec.Patch.Zero.Day
12. Click Import components and select repository. You should see the component here.
13. You are ready to put this in your workflow.
14. Open the Get Bulletins Object, and then Filter Available Bulletins, yo should see 6 Elements Under Filter Model...
15. All your additions will be between Item Is In collection and Keep Value.
16. Place your Is Enabled Object after Item is in Collection.
17. Connect the True Wire to it.
18. Here is the run down for the inputs.
19 Data Type=ItemActiveObject, Result Variable Name=ItemActiveRetrieveData, GUID=[lement._ResourceGuid], Check Use GUID, Enabled Blank, Enabled Condition=Equals, Use Enabled and Throw on No Data, No Check, Connection String=You should have this from step 8 and 5, and Do Not Participate for the Transaction Configuration...
20. Make sure Data Not Found Goes to Filter Out Value
21. Make sure Data found goes to a T/F flag
22. The T/F Flag should have a value of [ItemAcitveRetrievedData[first].Enabled]
23. False goes to filter out and True Goes to keep value.
24. That's it SAVE/CHECKIN/PUBLISH
______
Here is a quick Update,
When you make this change the workflow will not download new patches. This is because by default the workflow see's new patches as disabled. In order to fix this you will need to create another object. That object will query the [vPMCore_SoftwareBulletinDownloadSummary] view. It will then make sure that the downloaded table is set to zero. If it's zero you haven't downloaded anything and you can add it to your collection. Otherwise go ahead and remove it. A small note here, if by some chance you have an undownloaded patch which you have not disabled it could get downloaded on accident.