Kaseya Community

Patching through a Proxy

  • I have a customer who is using a Proxy, ever time I automactically patch it has the yellow warning sign(next to scan source indicates that the last scan source did not match the default scan source.) beside the Machine Name. I am thinking that it might be to do with the username that I am using through the proxy?

    Thanks
    Denis

  • Denis,

    Kaseya leverages Microsoft's Windows Update Agent (WUA) for all patch scan and some patch installations (depending on file source configuration).  WUA has some restrictions regarding its ability to work though a proxy.  Additionally, there may be some Kasyea-side adjustments you need to make for those machines patching through a proxy to allow patch downloads.  Please see this KB for detailed information about patching through a proxy:  helpdesk.kaseya.com/.../34401486-Proxy-and-Kaseya-Patch-Management

    Brande

  • Recommend you setup a server file share and patch through it instead. It'll fix the issue with your workstations proxy problems. If you're not getting messages on agent procedures for write files, then this solution should work without the proxy alert.

  • danrche,

    Using a file share will assist with most patch installs when using a proxy, though the file share will need to be able to traverse the proxy.  However, the patch scan process is between the endpoint and Microsoft - the file share is not involved in patch scan.  If the endpoint being scanned is behind a proxy and if WUA cannot reach through that proxy to the MS sites, the scan will fail over to Microsoft's offline data source (wsusscn2.cab), which severely limits the number of discoverable patches.  Wsusscn2.cab contains only the latest OS-level service packs, update rollups, and security updates, which is just a fraction of the patches MS has available via the online data source (MS Catalog).  This isn't necessarily a problem, but if you want  the full catalog of patches to be scanned and therefore available to the endpoint, the endpoint still needs to get through the proxy.  

  • I am starting to think that Patching within Kaseya does not fully work as I have check another customer and even know that the patching is saying that it is working ever month, when I check the Get File under Agent Procedures I am not able to see all machines with anything within Get Files.

  • Kaseya Patching is very stable and strong, but does have environmental requirements.  Several KBs address various possible issues with patching configuration, how patching works, how patch leverages WUA, etc., and support can assist with addressing individual issues.  

    Regarding GetFiles, what exactly are you looking for/expecting to find?  In general, patch will attempt to gather a KB install log for any patch that is reported as failed after an install attempt, but many (these days most) patches are not coded by MS to automatically create a log file, so there is nothing to gather.  If a patch is successful, GetFile does not retrieve a file from the endpoint, so there would be nothing to see within this specific function.

  • Kaseya is working in similar way as WSUS/SCCM so there is no real difference to other tools that I know it. If WSUS work, Kaseya work.