After using Kaseya for a little over a year I have several re-occuring frustrations with patch failures that I feel I am spending more time than I should be resolving. Can anyone offer a reason why I have each of the issues below, if there is anything I can do to improve the situation and if not, what is being done on Kaseya's side to improve it.
1. Patches install sucessfully on the second attempt. - This is my biggest cause of wasted time on my part with patching. I would estimate that this is the case on about 5% of my machines each patch cycle. This leads to me spending a lot of time addressing tickets for patch failures, re-scheduling patch installs and following up on each machine. I have a fairly high number of machines to manage, so this becomes a significant amount of time.
2. Patches install successfully through Windows/Microsoft Update. - The majority of patches that repeatedly fail via Kaseya, are successfully installed by manually logging on to the machine and running Windows Update. By the time I work with the user to find a convenient time, log on the the machine, scan, install updates, reboot is necessary and then scan via Kaseya I have wasted a good chunk of time. I feel that I am using Kaseya to patch to avoid the need to do this. it is frustrating to need to do this on so many machines.
3. Patches install successfully when set to download from Internet only. - I run into many patches, most often for Office, that fail repeatedly on multiple machines evebn after deleting the source file from the on site file source. If I change to patch location to download from the Internet, these patches will install without issue. Why is this? I feel I am wasting bandwidth and time downloading patches repeatedly when I should be able to download it once to the server and deploy to workstations from there.
Thanks in advance for whatever help you can provide.
1) Patches install successfully only after the second attempt - I found the most common reason for this is that a reboot is required before this patch can install. To resolve this make sure to reboot the computers after each patch event and schedule more patch events to keep on top of these patches that require a reboot
2) Patches install successfully through Windows/Microsoft Update - I feel your pain on this one sometimes the quickest ways is to identify if you have more then say 5 machines with type of issue and if so to create a scripted install to fix it else (for 5 or less machines) arrange with the customer some time during the day (when they have their lunch or tea break) to manually install it for them.
3) Patches install successfully when set to download from Internet only. - There are many possibilities for this one, a common issue is if the computers are unable to communicate with the deployment share at the time when scheduled patching is suppose to occur. Laptops for instance are commonly taken out of the Office network so they would need to be configured to download via the internet if the patch share is not available.
im highly surprised that you create alarms when a patch install fails ! and if so im not surprised your then wasting a huge amount of time on this.
We have a few different patch set-ups deepening on what the client wants.
One of these we do a scan every week and try to install them everyday and reboot them every night if needed. At no point do we use the "skip if offline"
Basically our patching works 100% yes we get some failed installs but that's not a big deal they get installed the following day or whatever. I think it's a bit hard to expect that all the patches get installed every time when the uses can be shutting their machines down and what not.
i would also like to point out that when i rebuilt my own pc i ran windows update myself which downloaded 800mb of patches and they didn't all install successfully. So i wouldn't expect kaseya to be able to install them ether.
i personally dont believe there is any thing for kaseya to fix.
i mean at the end of the day kaseya pretty much downloads the files and installs them so if they dont install it's not Kaseya's fault. If you google "windows updates and failed to install" there are heaps and heaps of people complaining about x or y update not installing So it's not fair to expect kaseya to beable to get it to work when MS can't.
You need to lower your expectations to something realistic
There certainly an issue sometimes and realy frustrating. But usually it is found to be environmental issue than Kaseta. I would like to share the way I do patching.
-patch policy>membership. added machines to respective patch policy group.
-set file source patch management>configure>file source.
-schedule patch scan.
-Run initial updates (when a new client is added. done only once) only on weekend if none of the user is working. Because machines will reboot several times without warning.
-once first scan is over disable "windows auto updates" patch management>configure>windows auto updates.
-schedule auto update. patch management>manage machines>automatic updates.
-Reboot action for workstations is to "ask reboot if user logged in but reboot if no input in 10 minutes". Server reboot is to alert to <email>.
-Patch alerts only for failed installs, agent credentials invalid or windows aut update.
-keep approving new patches per each policy group frequently. Usually you will see new patches released by MS, second tuesday of every month.
-Many of the times you will find few .net patches or service pack or roll backs not getting done automatically. So review once a month.
Hope this is helpful and also i would love see if correction are suggested.
All: thanks for the input. I appreciate the suggestions. I found that I have already tried many, but I will keep all the advice in mind when troubleshooting. Typically, I don't run into a case where the patches won't install, I just get frustrated with the busy work that it takes to resolved failed patches.
Brande: I would be more than willing to help evaluate and test a general patch troubleshooting document. I had a few other thoughts, is any of it feasible?
Would it be possible to re-run the patch install one time is failed patches are detected, then create an alert if failures are still detected? One caveat I could think of is that I may only want this to happen within a certain time frame or possibly login state. We typically install patches overnight, but do not skip if offline to make sure machines get patches when they check back in. I may not want to run a second patch cycle if the machine is in use.
Long Term, has any thought been given to using an interface with some sort of WUS link to ran patch installs via Windows Update? I may have been spoiled using WUS/SUS before. I don't know the logistics of using WUS with third party software, so it may not be possible, but it seems to have a higher success rate.