Kaseya Community

Windows 10 upgrades - patch scanning not reporting correctly?

This question is not answered

Hi, we've had a few brave end users upgrade their Windows 7 Pro systems to Windows 10 Pro.

I've run several patch scans on a couple of these and they aren't showing correct info for Windows 10 - it looks like it's still displaying info for the previous Windows installation (200+ installed patches, 20 or so missing Windows 7 patches, etc).

Has anyone else seen this happening?

Thanks.

All Replies
  • I just checked another windows 10 machine that has always been Windows 10 from day 1 (not an upgrade). It was a windows 10 insider preview that had had various builds over the last 6 months, and was upgraded to release version recently.

    No sign of a ptchscn2.xml or a KPtchMgt2.dll in the agent working directory on this machine. Again, the patch scan script reports as running without error on the VSA.

    Also, checking the generated windowsupdate.log. no sign of any reference to KPtchMgt2.

    So that makes two machnies, one an upgrade one a native install, that kaseya (apparently) fails to call WUA.api correctly.

    Also, on the first machine deleting KPtchMg2.dll and force re-running install/upgrade agent followed by patch scan does not re-create the DLL file. Is this an old file no-longer required?

  • I am seeing the same behaviour as Craig. According to the agent procedure log the patch scan script begins and completes at the exact same time - clearly no actual scan is being run. On a freshly installed Windows 10 there is no evidence of kptchmgt2.dll being written to the kworking folder.

    I have a support ticket open already (#96304) and have provided support with the URL for this thread to get them up to speed. I will post back with the results.

    Thanks.

  • Just a side note here (or request): We really need some way to quickly see the status of the latest patch scan. There are several reasons why a scan would fail like corrupt files, failing WUA agent (out of memory) etc. So without a proper way of knowing if it fails or not you cant really trust that the number of missing patches is correct....

  • ,

    Please submit a feature request here:  helpdesk.kaseya.com/.../22894198-Command-Control

    Note:  you will need to be logged in, and then can click the "Suggest an Idea" button.

    , ,

    I've rolled back my system, unininstalled all agents, reinstallled two agents (R9 and R9.1) agents, run patch scan, re-upgraded to Win10, run patch scan, uninstalled both agents, then reinstalled both agents.  Both servers are up to date at the latest patch level, and the agents on each have had a "Force Update" completed to ensure they're at the latest version.

    On the Win7 system, scans complete successfully with both agents

    On the Win10 machine after update but prior to removal of the agents, scan ran successfully (this is essentially the same testing I'd done yesterday, though I was only testing an R9.1 agent yesterday)

    On the Win10 machine with the R9 and R9.1 agent, the scans are completing successfully (after upgrade, prior to agent removal)

    On the Win10 machine _after uninstall/reinstall of the agent_, the scan is completing for the 9.0 agent but not the 9.1 agent.  With the 9.1 agent after upgrade then subsequent uninstall/reinstall of the agent, The scan is 'completing' almost immediately with only two scan-related entries in AP log:  

    3:06:37 pm 11-Aug-15 Run Now - Patch Scan

    Script Summary: Success THEN

    3:06:37 pm 11-Aug-15 Patch Scan

    There are no scan-related files are created in the working directory unique to this agent.  

    I believe this last scenario matches the behavior you're both seeing.  The difference for me is that I was only able to create this after uninstall/reinstall of the agent.  A Win7 machine running 9.1 agent then upgraded to Win10 was able to run a scan, while a "fresh" agent install to 9.1 was not.  I don't think this last part is consistent with what you're seeing, but it's possible that could be due to some quirky environmental differences.  In our small pool of testing, you guys beat me 2:1, so I'll cautiously assume the behavior I'm seeing is an outlier.

    This is certainly something that needs a ticket.   - if you would submit a ticket and post the number back here, I'll take your ticket and 's to folks internally to get some additional information.

  • You might also want to test a clean install of windows 10. I have the Win10 enterprise RTM ISO and I reformatted/re-partitioned my drive and then installed an R9.1 agent and patch scans complete successfully but do not report any patches being installed or available. I have scanned with Kaseya while looking at the Win10 update screen saying an update is available and Kaseya sees nothing.

  • ,

    Unfortunately, I do not have the ability to test a clean install of Win10.  However, Support/development will be able to do additional testing and leverage the behavior collective users are seeing to help identify the root cause.  I would highly recommend opening a ticket at customer reports of the issue will assist in identification of the cause and allocation of the appropriate resources (based on what's discovered in further

  • Ok I've got a ticket open. I honestly think just by reading it sounds like patch scans work on upgraded machines because they are somehow reading the old log file from the former windows installation.

  • I have ticket #971288 created as requested.

  • ,

    My testing doesn't support that.  I was able to get an upgraded machine, with a clean working directory, to create a fresh ptchscn2.xml file.  With that said, my testing was not fully consistent with what others are reporting, at least not as they relate to upgrades.  I am convinced, however, that a Win10 machines (certainly upgraded, and likely fresh installs) associated with an R9.1 server can run patch scan successfully as long as the agent remains at version 9 (the agent is NOT upgraded to 9.1).  

    ,

    Thanks - I'll try to get these pulled together during business hours tomorrow, associated with a master ticket, and reported up to dev.  

    If you do happen across any other related findings, please post them here or update your tickets so the info can be included in the report.

    Thanks to everyone for your efforts on this - the testing you've done and the confirmation of findings has been critical in identifying the key components of the issue.  I'm sure there's more to learn, but getting the behavior from multiple sources on a single issue really helps to direct toward root cause.

    Thanks,

    Brande

  • Hi, Folks,

    To follow up, a master ticket has been created.  , , and 's ticket have been linked to the master ticket.

    I have also been able to confirm that a R9 agent installed on a Win10 machine associated with a R9.1 server is running a patch scan - the .dll is properly invoking WUA, and WUA is collecting the scan results data.  However, not all of the data collected by WUA is making its way back to Kaseya.  The .xml results with only the installed patches, but all of the missing patches are omitted from the .xml.  This was suspected earlier, but I could not confirm until my machine qualified for some new Win10 patches.  After yesterday's Patch Tuesday, several newly released patches are available for my machine (discovered via a local scan as well as based on a Kaseya-invoked scan), but since the missing patches are not getting written into ptchscn2.xml, Kaseya/VSA doesn't know about any "missing" patches.  I suspect if I were to install those patches they may be written into the .xml and reflected as Installed within the VSA, but I'm leaving them as uninstalled for now to ensure I have missing patches for testing.  If anyone else would like to test that theory, please go ahead (but it will require you have Win10, R9 agent, and R9.1 server).

    Thanks,

    Brande

  • This issue is now being tracked at kaseya.zendesk.com/.../95767777-Windows-10-fresh-OS-Install-or-Upgrade-Cannot-complete-patch-scans