Kaseya Community

Patch management issues

  • I have two questions/issues:



    1) Why did patch N890830 come through as “approved” without us manually approving it? It has been pushed to all of our clients yet we didn’t approve it (and our policy states that all new patches require approval)? All the other patches are pending approval. Did others have this same thing happen? Microsoft says it released 890830 package on 7/10/07 yet Kaseya shows that it was "changed" in the policy approval screen on 2/1/07. Doesn't make much sense...

    2) What is the status on fixing the patch management bug that forces systems to reboot even if ALL the patches failed to install? This is causing major headaches for some users. If a patch won’t install because of a manual update required or because of an invalid credential or bad media location or whatever, it tells the user to reboot their system EVERY day because the patch attempts (and fails) every day. You need to write a simple validation logic that checks to see that at least ONE patch succeeded before requiring a reboot. If they all failed, there is no reason to require a reboot. It is a productivity (and trust) killer with our clients.




    Legacy Forum Name: Patch management issues,
    Legacy Posted By Username: kentschu
  • That's the update for the Microsoft Windows malicious software removal tool (890830). It gets updated monthly by Microsoft. Kaseya considers it an auto-approved or pre-approved update. It's been that way for months. I too would like control over all patch approvals. While this update has never caused problems, it does cause the system to request a reboot. This is annoying as it occurs whenever Kaseya has updated the patch database. So I can't align this update with myapproval of the rest of the patches. This means two reboots instead of one.I'm just trying to reduce the number of reboots and related user inconvenices.


    Legacy Forum Name: Server,
    Legacy Posted By Username: connectex
  • Yes, the reboot is my main issue as well - though I'd also just simply like to control that update rather than having Kaseya control what goes to my customers.

    Reboots are a big pain for customers, hence my issue with #2 listed below as well.

    Reboots need to be kept to a minimum. Kaseya doesn't seem very serious about doing that.


    Legacy Forum Name: Server,
    Legacy Posted By Username: kentschu
  • I get around the reboot problem by scheduling the updates to happen after-hours for my clients - then anyone who complains that they are getting reboots we know have been turning their PCs off at night and we remind them gently that this will keep happening as well as some slowness when they first turn their PCs on in the morning until they learn to leave them on at night!

    Legacy Forum Name: Server,
    Legacy Posted By Username: tom@tbkconsulting.biz
  • That is one way to work around some of the issues.

    But do you tell them that they must log off but not shutdown? If they are still logged in, they might have files left open. If they aren't logged in, some patches won't install.

    I agree that nighttime patching and reboots are a good policy. But it shouldn't be required to workaround a flaw in the patching script logic. If kaseya would simply track the success/failure of each patch and if no successes were reported, don't bother with a reboot.


    Legacy Forum Name: Server,
    Legacy Posted By Username: kentschu
  • Hi

    First, and unrelated to Kaseya, users should log out at the end of every day. If they are staying logged in that implies open files. This is a backup issue also.

    We have been teaching clients for years that one of two things happens, either shutdown or reboot. The reboot was originally there to solve the problem that Win9X needed to be restarted every day. Now, it gets the machine to a know state so that we can patch it at night. Since we patch at night, the clients dont see the reboot.

    The only place that we see the reboot issue is laptops as they come and go so we have to patch as they are avaliable.

    You can also tell Kaseya, by machine, to prompt for reboot, or to prompt for reboot and if no response after x minutes, reboot the machine.

    hc


    Legacy Forum Name: Server,
    Legacy Posted By Username: howardc