Olly,

Kaseya would report the missing pacthes based on the last patch scan.

Is there any chance that, when the last K patch scan was done, that the machine was missing the Service Pack(s). But then after that, someone manually installed the Service Pack(s) outside of Kaseya?

Lloyd

Legacy Forum Name: Patch Management,
Legacy Posted By Username: lwolf

Just to throw this out there, I've had a few machines say that they were missing SP2 and these computers definitely had SP3 installed.

One of them was a testing machjne, so for grins, I told Kaseya to install the missing SP2, and it didn't go through the install process on the workstation. But Kaseya no longer said I needed that service pack.

I did the same on the others that were "missing" SP2 and Kaseya stopped bothering me about it.

Legacy Forum Name: Patch Management,
Legacy Posted By Username: JosephM

Yeah, that worked here too. Odd.

Thanks

Legacy Forum Name: Patch Management,
Legacy Posted By Username: oliverm

Olly,

In the past, when troubleshooting how K knows whether or know a patch is neeed, I was often told by K Support to check Windows Updates - to see what that reported as missing.

So I am curios what Windows Updates reports as missing for one of these machines?

Lloyd

Legacy Forum Name: Patch Management,
Legacy Posted By Username: lwolf

Yeah I checked that. Windows update didnt show any mention of Sp2 being required. As far as I can tell, SP3 was installed with the OS from a dell WinXP Pro inc SP3 installation CD.

Legacy Forum Name: Patch Management,
Legacy Posted By Username: oliverm

hummm.... I wonder once K scans a machine and detects a patch is missing (like SP2), and this never gets installed (say a month or two goes buy). Then someone goes ahead and runs SP3 after a few months. Does K now know to remove this flag from its DB? Might be a slight flaw in the programming logic here?

Legacy Forum Name: Patch Management,
Legacy Posted By Username: boudj

In my case also, going Windows Update did not show that SP2 was missing. These were machines that have been on SP3 for several months, and Kaseya did not show SP2 missing previously. They only recently (in the last 4-6 weeks) started showing SP2 was missing.

After I posted this, I continued on through the forums....There's been a few threads recently about the legacy patches showing up under patch approval lists. I wonder if this is related to any of that mess?

Legacy Forum Name: Patch Management,
Legacy Posted By Username: JosephM

Hi JosephM,

The legacy patches is actually Kaseya working as intended, but unfortunately it's just a very annoying setup. Dominic has currently escalated this to development as an enhancement request.

I'd recommend deleting the patch xml file on the local machine of any mention that claims to be missing SP2 and re-running a patch scan to see if this helps at all.

Cheers,
-LWX

Legacy Forum Name: Patch Management,
Legacy Posted By Username: LANWorx

Hi Lloyd,
I know little about K's patching processes, but I would think that the patch database is replaced every time a machine is scanned, no? And if so, that would catch any instances where somebody manually installed a patch since the prior scan. Kind of like a full backup vs an incremental...

LANWorx

I'd recommend deleting the patch xml file on the local machine of any mention that claims to be missing SP2 and re-running a patch scan to see if this helps at all.

Legacy Forum Name: Patch Management,
Legacy Posted By Username: ReedMikel

You'd think so, right?

We've had issues where this hasn't been the case and we've had a machines patch status get 'stuck'. This is especially the case when using Initial Update (that feature fails about 90% of the time for us).

Cheers,
-LWX

Legacy Forum Name: Patch Management,
Legacy Posted By Username: LANWorx

I am glad to hear that I am not alone

On the 8 failed SP3 patches I found that running a script to delete all the various temp folders, then rescheduling the patch got it installed 2nd time around in most cases.

To help debug a few, I changed the Patch Parameters->Command Line for this SP3 patch by removing the /quiet switch. On one machine I saw the patch report it had run out of disk space. Running in quiet mode you never see it. I'm not sure if MS logs it anywhere either - so KServer never knows.

I wish I could define prepatch script(s) that run for any patch session. I'd disable KES, delete temp files, reboot... I only see that available for Initial Update... Easy enough to create such a PrePatch script - just would be nice to be integrated into Patch Mgmt.

Lloyd - what advantages are there to using Initial Update? I mean, what's the difference over just doing the patches with Machine or Patch Update? I see it says it runs it until fully updated. Don't other patch scenarios do the same? I must be missing something here (lots to learn).

Legacy Forum Name: Patch Management,
Legacy Posted By Username: ReedMikel

Hey Mikel,

I've gotta point out, Lloyd is lwolf But hey, I don't mind if you fashion me after a man with such intelligence as him!

As for the advantage of using Initial Update... This process is meant to install a wave of patches, then reboot, rescan, next wave etc. until there are no longer any patches available to install.

Automatic updates will only install one wave of patches, that is, scan, install patches found to be missing. If a patch has pre-req patches, this pre-req will be installed and then the actual patch will be left till the following scheduled Automatic Update.

I realise I'm rambling, but this is what happens on a Friday afternoon for me!

If I'm not being clear enough, let me know and I'll try to revise this information into a more readable non-ramble.

Cheers,
-LWX

Legacy Forum Name: Patch Management,
Legacy Posted By Username: LANWorx

Sorry about the name calling LWX
Thanks for the explanation - it was crystal clear! I forgot about the need to run waves of patches...

Legacy Forum Name: Patch Management,
Legacy Posted By Username: ReedMikel

It's cool, I'll let you off the hook just this once.

To be honest, in our build process we run an automatic update, then manually reboot and run another automatic update. Initial Update hangs too often for us to bother with.

Legacy Forum Name: Patch Management,
Legacy Posted By Username: LANWorx