Patch Management Solution

In my Software Bulletin Details report, I filtered for "With Some Updates Not Downloaded" where a couple older Microsoft bulletins (MS13-081 and MS13-085) popped up.  I recreated the packages to d/l everything and now the report comes up empty as expected.  Beyond this, will my existing patch policies see the previously missing updates and refresh itself accordingly or do I have to do something in the SMC to get things going?  I'm thinking perhaps the latter option because I don't see the missing updates under the Advanced tab for each of my policies.

After kicking off a "Download Packages" in Remediation Center, I'm usually good at making sure 100% of the packages get downloaded so maybe the MS bulletins got updated with new ones after my initial d/l last year?  Also, don't believe all of the individual updates that were previously missing got superseded so just trying to understand what's supposed to happen where my existing policies are concerned.

Hello Clint,

The package GUID is created on the download process, as are the resource associations from the package to the Software Update Policy, and that is referencing all targeted clients to the Patch Filter (Intersect Filter which is a correlation between the Client's Patch Inventory data referenced to the Software Update's IsApplicable=TRUE rule for the Bulletins in the Policy).

If you have a bad package, or they go stale, and you need to recreate them; generally that GUID/Resource data is stored in the database and is merely refreshed upon redownload in the Patch Remediation Center. If you are able to confirm the Software Update Policy > Advanced Tab is in order with command lines etc., then you should be good to utilize those Software Update Policies for deploying the older updates.

However, if you do have a problem regarding resource associations between the package and policies; you will most likely see errors in the SMP Log Viewer ('no rows returned' & 'unable to get config xml' regarding software updates) as detailed on KM: TECH46342. 

Hope this helps,

Joshua

Hey Joshua,

Trying to locate any errors in my SMP logs with "no rows returned" but have yet to find this string in any of my a.logs.  If I'm experiencing a resource association issue, should this error periodically show up and, if so, when?

The reason for my troubleshooting started when I was only able to find a Win 8/RT update of KB2862330 under my policy's Advanced tab which included MS13-081.  Thought recreating the package might pull them in although this hasn't happened.

Clint

Thank you for the details; MS13-081 is one of those large bulletins, containing 111 English/Variant updates, and if that update is present it should be part of the Software Update Policy created.

Go to the Patch Remediation Center; highlight the MS13-081, right-click > list software updates; see if KB2862330 is present for the Win8 flavor, for you may have problems downloading all 111 updates.

Here is what my test lab shows for the Windows8 flavor:

Next, if you highlight the MS13-081, right-click > Disable, right-click > Download; watch the Log Viewer and see if any updates are having issues download, do you see that all 111 updates have downloaded in the PRC listing of Downloaded: Yes, Updates: 111, Available Packages: 111?

I reviewed my Software Update Policy for MS13-081; found these updates are present (Windows8-RT-2012-KB2862330-x64.msu on Page 7, Windows8-RT-KB2862330-x86.msu on Page 8 and Windows8-RT-KB2862330-x64.msu on Page 10):

If they are not present for your policy; can you create a test Software Update Policy for that Bulletin, and does it display the update in the Advanced tab? Watch the Log Viewer during creation and see if there are any problems during that process.

Additionally, there is a SQL script to review the associations on that KM:TECH46342. This will help view if any Software Update Policies are having issues with resource associations to packages. You may also implement the updated Stored Procedures to enhance the performance of the PMImport, for this issue could be a problem with performance during the PMImport and refreshing update downloads during 'Revise' process.

Joshua

Curious if you're running SMP 7.5 because I don't even see a "List Software Updates" option in my right-click menu under Patch Remediation Center?  If so, sorry I failed to mention in my original post that I'm only running SMP 7.1 SP2 MP1.1.  I'd like to be running 7.5 although saw that people in the Connect forums were having some fairly major issues with 7.5 SP1 so thought I'd hold off upgrading for awhile until these were resolved.

Also, for your MS13-081 list s/w updates view, I presume you see KB2862330 updates for Win7 as well?

You may be viewing a different report. All versions of Patch Management 7.X: Go to the Console > Actions > Software > Patch Remediation Center; highlight Bulletin > right-click > List Software Updates: 

Here are the results of that listing regarding KB2862330 in general from that Bulletin:

As you can see; these updates display with 'v2' release. This means the updates were revised by Microsoft following initial release. These updates are Revised as per the setting on the Console > Manage > Jobs and Tasks > Software > Patch Management > Import Patch Data for Windows; 'Automatically revise Software Update policies after importing patch data' as follows:

You will want to ensure that is enabled, or you will need to manually redownload the Bulletin to ensure it is at the current version/release from Microsoft. You may also want to enable the setting 'Enable distribution of newly added [Revised] Software Updates' for that will ensure your policies will maintain the advertisement distribution following revision of Software Update Packages. This is detailed further in KM: TECH40390.

Hope this helps,

Joshua