Since a few month back, around 50-70 of our approx. 600 servers is failing with the patches. They are all kinds of servers, all from 2008R2 to 2019. What happens is that when it sees that a patch is needed (for instance, the CU from February) it seems to try to install it but fails immediately and reboots the server (we have set "reboot immediately after patch installed). In Patch Status we can see that these servers are "missing approved" patches. When clicking the "Failed patches" it only says "Failed". Nothing else.
We have tried to reset Windows Update by deleting SoftwareDistribution-folder from Windows-folder. Restarted the servers many many times etc. We also tried to just Clear the failed patches but they come back next time it tries to install.
When we try to use "Machine Update" from Kaseya (Patch Management/Manage Updates) it also fails.
But - when we remotely enter the machine and run a ordinary Windows Update on it - it works! It finds all the missing patches and installing them works fine. When new patches arrives, the problem comes back also on those we did ran a manual WU on.
Does someone recognize this problem? Are there a solution?
Make sure the agent credentials on those servers is a member of the local administrators group. It's a requirement for patching.
Similar problem. Please post back if the local admin fix solves your problem.
We have had several patch-related ticket open for a few weeks. The upshot is that Kaseya development decided to move files needed by patch management from the working directory to a subfolder called "system". If you use the "default" working directory this doesn't matter. If you don't (like us and probably most) patching breaks. They must have hardcoded the directory for some silly reason.
We have to copy kPtchMgt2.dll to the working directory and patching is then OK.
So Jo Bowers are you saying that if our VSA working directory is C:\Kaseya and there is already a subfolder C:\Kaseya\System with "C:\Kaseya\System\kPtchMgt2.dll" in it, that we need to copy kPtchMgt2.dll to C:\Kaseya to fix this?
Yes, that is what we have had to do.
Thank you Jo Bowers
On community.kaseya.com/.../default.aspx there is a document "Patch Management Best Practices" - community.kaseya.com/.../60871.aspx In this document, among other things, it specifies that "you must still add System and Network Services accounts to the temp folder with full write access". Does anybody know if this document has any authority or if this is true that you must add these accounts to your working directory?
I have not had any incidents with patch failures as mentioned but I see where the #AgentWorkingDirectory#\System has a newer version of KPtchMgt2.dll (Shows as file version 220.127.116.11) versus the one currently in the root of the #AgentWorkingDirectory# (Shows as file version 18.104.22.168). I am going to look into this a bit more to find out if it would be prudent to update all systems or not...
Thanks for the share Jo Bowers