KB#:  KKB000688

QUESTION

Unable to deploy "Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)" using Kaseya Patch Management. It is reported as ?Manual Install Only? in the Patch Update and Machine Update functions.

When Microsoft initially released .NET 3.5 SP1, they broke something in .NET 2.0, .NET 3.0, and .NET 3.5. So, they re-released .NET 3.5 SP1 as ".NET 3.5 SP1 and Family Update" and also released ".NET 3.5 SP1 Family Update" for those systems that had already installed the original .NET 3.5 SP1.

The problem is that the re-released "SP1 and Family Update" and the stand-alone  "Family Update" are actually separate updates (3 separate executables that must be executed in a specified order after installing SP1). Our patch system was only designed to install patches/updates/service packs as a single update package (executable). There is currently no mechanism to identify multiple executable files for a specific patch/update/service pack. That is why these two updates are marked as "Manual Install Only".

ANSWER

We are working on a design change for the next product release that will allow us to automate installation of all reported Microsoft updates.

To enable customers to deploy this set of updates, we have created a custom script.

There are a total of thirteen separate executables for the "Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)". There is a single executable for the actual .NET Framework 3.5 Service Pack 1 for all supported Windows platforms. There are four sets of three executables for specific supported Windows platforms.? The following Windows platforms are supported:

 Windows XP x86 and Windows Server 2003 x86 (248.4 MB)

 Windows XP x64 and Windows Server 2003 x64 (267.8 MB)

 Windows Vista x86 and Windows Server 2008 x86 (250.2 MB)

 Windows Vista x64 and Windows Server 2008 x64 (258.6 MB)

Rather than create canned scripts for each of the supported platforms and require users to know which script to run on which machines, we chose to dynamically create the required download and installation scripts. A single script has been created to trigger a back-end process to determine if that particular machine is missing this update. If not, no action is taken. If the update is reported as missing, the download and installation scripts are dynamically created using the same process used by the manual and automatic patch scheduling functions. While the patch source data is hard-coded in this case, the generation of the scripts is the same. This allows the use of the machine's File Source and Reboot Action configurations. So, these dynamically created scripts will behave exactly like installation scripts scheduled by Machine Update or Patch Update.

NOTE: Since this special back-end process is mimicking a manual update (Machine Update or Patch Update), patch approval polices are ignored.

 

We have deployed this special code to all customers systems via our standard hot fix mechanism. After the hot fix is deployed and after the next reapply schema, a new public script folder will appear under Public Scripts in the Scripts tab. The new folder is Patch Support Scripts. It will contain a single new script  .NET Framework 3.5 Service Pack 1 and Family Update.

 

Go to the ?Scripts? tab.? In the function list on the left, scroll down to the Public Scripts section. Locate the Patch Support Scripts folder and the .NET Framework 3.5 Service Pack 1 and Family Update script in that folder. Schedule this script as desired. DO NOT schedule this script on a recurring schedule!

This script does not contain any steps. Executing this script will automatically trigger a back-end process that will perform the work necessary to generate and execute the set of download and installation scripts. Schedule this script against any machine. If this update does not apply to the selected machine, nothing will be done. If it does apply, the generated scripts will use the correct installation packages for that machine, and it will use the configured File Source and Reboot Action for that machine. The standard credential verification scripts will also be used that are appropriate for that machine's configuration.

Important Reminders

 Please keep in mind that the generated scripts will download and install four updates that include a major service pack.

 Since this special back-end process is mimicking a manual update (Machine Update or Patch Update), patch approval polices are ignored.

 Since this special back-end process is mimicking a manual update (Machine Update or Patch Update), any currently scheduled patch installations will be canceled.

 Be sure to read the ?Microsoft .NET Framework 3.5 Service Pack 1 (SP1) Readme? at http://download.microsoft.com/download/A/2/8/A2807F78-C861-4B66-9B31-9205C3F22252/dotNet35SP1Readme.htm.

 After the .NET Framework 3.5 Service Pack 1 and Family Update is scheduled from the Scripts tab, it will almost immediately show as successfully completed. This only means the background process was successfully initiated.

o To track the progress of the patch download and installation scripts for a particular machine, go to the  Pending Scripts tab of the single machine interface (click on the machine?s icon on any screen). The patch download and installation scripts are named the same as any patch download and installation scripts.

o Total time to complete is dependent on many factors including machine and network resources available. Time to complete for a specific a machine can be between 15 and 60 minutes or more.

 The download sizes, depending on the specific Windows platform, vary between 248.4 MB and 267.8 MB. Keep this in mind when scheduling machines. Depending on the File Source configurations, downloads will take considerable time and network resources.

 Because this short term resolution works outside the normal patch management processes, installation failures will NOT be reported on the Patch Status page as a failure! The automatic patch rescan following the installation will either report Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) as either installed or missing. If it is still reported as missing after these scripts had time to complete, the installation failed.

  • Scan problems were observed on Vista x64 and Windows Server 2008 x64 machines after installing Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) manually. The installation was successfully completed without any errors, but both the Kaseya and the Microsoft Update scans still reported the update as missing. Microsoft Update was then used to perform the installation of the missing update. Both scans then reported the update as installed. So, this special back-end process will not download/install the update files specified by Microsoft for Vista x64 and Windows Server 2008 x64. Instead, the update will be installed directly from the Microsoft Update Catalog. This means that Vista x64 and Windows Server 2008 x64 will require direct Internet access in order for this update to be installed. The File Source configuration for these cases will be ignored.

 .NET service pack installations can, and often do, fail for various reasons, including:

o Latest Windows Installer not installed on machine

o Missing prerequisites

o Insufficient disk space

 Recommendations for troubleshooting a failure:

o Go to the Patch Mgmt -> File Source function and make sure the Delete package after install (from temp directory) check-box is unchecked and reapply the desired File Source configuration (Patch Source description next to the machine should now include Do not delete).

o Reschedule the .NET Framework 3.5 Service Pack 1 and Family Update from the Scripts tab.

o Verify after completion that the patch rescan once again reported missing.

o Remote control to the machine and manually run the installation packages from the agent temp directory, one at a time in the following order:

1. dotnetfx35.exe

2. NDP20SP2-KB958481-x86.exe, NDP20SP2-KB958481-x64.exe, Windows6.0-KB958481-x86.msu, or Windows6.0-KB958481-x64.msu (depending on OS)

3. NDP30SP2-KB958483-x86.exe, NDP30SP2-KB958483-x64.exe, Windows6.0-KB958483-x86.msu, or Windows6.0-KB958483-x64.msu (depending on OS)

4. NDP35SP1-KB958484-x86.exe or NDP35SP1-KB958484-x64.exe (depending on OS)

o Note any errors or warnings, and search the Microsoft KB for resolutions

o Reschedule the .NET Framework 3.5 Service Pack 1 and Family Update from the Scripts tab.

o Verify results.

Observations from Our Testing

There were several cases where the Machine History showed two entries for  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) as installed. One had the proper installation date and the other had date unknown. For some reason, two different entries (different Microsoft unique identifiers) were reported by the patch rescan. This appears to be the result of the initial scan reporting one version of this service pack and the subsequent patch rescan after the installation reporting the installation of the full package service pack installer.

For those cases where the initial attempt at installing Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) failed, we resolved the issues identified by the troubleshooting steps (see above). This resulted in the subsequent attempt succeeding.

 

APPLIES TO:

Kaseya 5.1