Patch Management Solution

 View Only
Back to discussions
Expand all | Collapse all

BUG: Symantec Patch Management SWD Package does not implement new MSU-based Windows Update exit codes

  • 1.  BUG: Symantec Patch Management SWD Package does not implement new MSU-based Windows Update exit codes

    Posted Mar 30, 2015 10:35 AM

    When Symantec Patch Management executes a patch on a system, it can exit with different return codes, such as Windows Installer (MSI) or Windows Updates (MSU).

    Most notable is when a patch states 'Failed to install' and opening the package shows the exit code as 2359302.

    Per Appendix G: Windows Update Agent Result Codes (http://technet.microsoft.com/en-us/library/cc720442(v=ws.10).aspx), this is what the result code means; 'The update to be installed is already installed on the system.'

    0x240008    2359304    WU_S_ALREADY_DOWNLOADED    The update to be downloaded has already been downloaded.    
    0x240006    2359302    WU_S_ALREADY_INSTALLED    The update to be installed is already installed on the system.    
    0x240007    2359303    WU_S_ALREADY_UNINSTALLED    The update to be removed is not installed on the system.    
    0x240004    2359300    WU_S_MARKED_FOR_DISCONNECT    A callback was marked to be disconnected later because the request to disconnect     
    0x240005    2359301    WU_S_REBOOT_REQUIRED    The system must be restarted to complete installation of the update.    
    0x240002    2359298    WU_S_SELFUPDATE    Windows Update Agent updated itself.    
    0x240001    2359297    WU_S_SERVICE_STOP    Windows Update Agent was stopped successfully.    
    0x240003    2359299    WU_S_UPDATE_ERROR    Operation completed successfully but there were errors applying the updates..    

     

    Looking at the package information for any Windows Update-based patch, shows "Success codes" of 0, 3010, 3011 and 1641. These are ONLY the Windows Installer success codes. The product does not have the correct success codes for the type of package it is deploying.

    The problem with the product is that this is NOT a failure code. What's worse is that this information has been around for years, but even in these forums product users have been told this is caused by something being wrong with their environment, such as overtargeting?!

    Please fix this.



  • 2.  RE: BUG: Symantec Patch Management SWD Package does not implement new MSU-based Windows Update exit codes

    Posted Mar 31, 2015 03:25 PM

    I am seeing  a lot of 2359302 errors and also "-2145124329    SUS_E_NOT_APPLICABLE    install is not needed because no updates are applicable"

    Which is frustrating when you have to trouble shoot and give a satisfactory root cause answer to managment. Is anyone or group at Symantec looking into this?

     

     

     



  • 3.  RE: BUG: Symantec Patch Management SWD Package does not implement new MSU-based Windows Update exit codes

    Posted Apr 15, 2015 12:10 PM

    I have reviewed this in the past and found that if it is a multitude of affected updates, it is indicative that the cause is not an IsApplicable=TRUE rule logic issue, as one or two updates for a specific software may be overtargetting, but to have multiple update with the same issue; it is most likely something wrong with something hindering Patch processes.

    It has been resolved often by confirming the foundation of PMImport is in order (KM: TECH166778), for there may be hung Tasks bloating the Task Tables in the database and that can cause stale Patch Tables during the Import.

    To check for hung tasks; review SSE Reports > Server > Task > Currently Running Tasks Report (actually a report that displays tasks that do not have an end date/time and that is why they are deemed 'running') or an export of just this report can be imported from KM: HOWTO54534.

    If there are hung tasks; run the combination of clean-up from KM: TECH213686. Then follow up with a reconfiguration of Patch Management to ensure communciations to the database are in order, and end with a run of the PMImport without any settings enabled to pull a full .cab file down from SolutionSam and not bother with having to cleanup Revised or Superseded updates.

    Other fixes have been less intrusive; often I found that this was a result of having 0 members targeted by the Windows Patch Remediation Settings policy as outlined in KM: HOWTO79488. If a custom Target is implemented; the NS Core Cleanup Filter process can pull that out (currently being reviewed as outlined in that article). This can cause the associations for the Patch Filter to Clients to be lost. That scheduled task needs to run with at least one client included in the Target per the Advisory in the article cited above.

    Lastly, if the Client has communications issues to the SMP, or the NSE's are failing to process due to poor SMP to Database communications; the Client inventory could be stale. The targeting of updates could be broken due to this stale Patch Inventory processing. Review KM: HOWTO60750 to assist with troubleshooting this segment of possible causes.

    If further assistance is needed to isolate the cause; please contact Support.

    Hope this helps!