Patch Management Solution

Good Morning,

I'm new to SMP and am currently working on getting patch management setup and incorporated into our enviornment.  I am working with a group of 8 machines and testing out how patches are being delivered.  I currently have the below patch setup:

Basically I wanted it to start on the 18th, check every hour for patches, reboot after the patches are installed and allow it to the patch group.

What I'm finding is this, it immediately started to download patches and install them, then it restarted.  GREAT!  I like those results.  However now I'm running into this after the initial restart.

It's showing all of the previous updates as being installed, but it's not installing the next round of updates.  I left my machine like this over night and they were at the same spot this morning when I checked them.  I then did a "send" and "update" and nothing happend.  Then I clicked on the "Start Software Update Cycle" and BOOM things started to download and install this morning.

Now I'm at the same spot where it's showing the patches that were installed with a green check mark, I've done a "send" and "update", and tried to do the "Start Software Update Cycle" again but now it doesn't appear to be clickable, so nothing is happening.

My compliance report shows I still have 5 more patches to go until 100%.  

Has anyone run into this? Or have any guidence for me?  Like I said, I'm new at this so I apologize in advance.  I've been searching the posts here but haven't found a similar thread to my issue.  Thank you so much!

-Michael

Hi miholmes,

Miholmes: I've done a "send" and "update", and tried to do the "Start Software Update Cycle" again but now it doesn't appear to be clickable, so nothing is happening.

IP: Yes, now "Start Software Update Cycle" button is inactive, because there is no any new software update policies with new updates available.

Miholmes: My compliance report shows I still have 5 more patches to go until 100%

IP: Suspect that these 5 updates aren't distributed therefore they aren't arriving to your client PC for further installation and to be 100% In Compliance.

You can identify which updates aren't yet installed on this client computer. Open "Windows Compliance by Computers" then mouse right click menu on this client PC and click "View Not Installed Updates" -> you can select all remaining not installed updates for this client PC and via mouse right click menu perform "Distribute Packages" to download them and include in new Patch Update policy.

Regards,

IP.

Hi MiHolmes.

Per your image, your DSUP is set up to run once for 3 times if it fails and then never again.  So the last 5 patches may not have had a chance to run in the time allotted or may have a prerequisite of a patch that was installed during the software cycle but required a reboot to complete (the option to allow a reboot if needed after a specific update can be found in the policy) - Please set it up according the image below and let me know the outcome.

Also, you mentioned you are new to SMP Patch Management - please keep the attached information for future reference and feel free to call support with any issues, questions or concerns:

General Patch process is the following:

1. Assessment scan is executed on client and its result is sent to NS

2. NS receives result of assessment scan from each of client and knows which updates are applicable and not installed on clients(this information is shown in Patch Compliance reports)

3. Hidden Patch filters(filters that include machines where update is missing according to current patch compliance data) are updated for each patch from existing SWU policies. Patch Filters update interval is specified in Windows Remediation Settings(All Settings > Software > Patch Management > Windows Settings > Windows Patch Remediation Settings > Software Update Options)

4. As soon as Agent configuration is updated, agent should receive SWU policy in case if client is included to targets of SWU policy and update was detected missing.

5. Updates are downloaded to client and can be installed according to specified scheduled and options.

Best Practices

• User Guides: http://www.symantec.com/docs/HOWTO95496
• Configuring PM: http://www.symantec.com/docs/HOWTO56242
• All-encompassing PM articles: http://www.symantec.com/docs/HOWTO95496
• Patch Management Windows and Linux videos: http://www.symantec.com/docs/HOWTO101655

Trouble shooting

• Compliance reports display inaccurate information: http://www.symantec.com/docs/TECH167291
• Immediately run tasks: http://www.symantec.com/docs/HOWTO84003
• PMImport failing to download: http://www.symantec.com/docs/TECH166778
• PMImport fails: http://www.symantec.com/docs/TECH197686
• Client rebooting outside of schedule: http://www.symantec.com/docs/TECH44665
• Patch Policy shows “pending” on client: http://www.symantec.com/docs/TECH127676

Patch Information

• PMImport release dates: http://www.symantec.com/docs/HOWTO73079  (Subscribe to post)