Kaseya Community

Windows server 2008 - patches not showing, windows auto update settings

  • Hi all

    just experiencing some strange issues with some of our win 2008 servers and wondered if anyone else has seen similar behaviour or if there are any pointers to help me work out whats happening

    firstly, the 'windows auto update' setting, which we always set to disabled, seems to be setting our win 2008 servers to 'auto download and ask for permission to install' option. Shouldn't it disable windows update altogether?

    Secondly, we've seemingly installed Windows Server 2008 SP2 onto some of the servers, but there's absolutely no trace of it in the machine history page. I only realised it was installed becuase the 'thanks for installing' screen came up when logging on. What use is machine history if it doesn't accurately show what patches have been installed and when?


    Thanks
    Lee

    Legacy Forum Name: Windows server 2008 - patches not showing, windows auto update settings,
    Legacy Posted By Username: leeevans
  • Lee,

    Just a thought...By any chance, would any of these servers be on a network with a WSUS server? Sounds liek perhaps a GPO is changing the Windows automatic updates settings.

    And then, with Windows Updates enabled, patches are being installed via Microsoft Windows Updates, instead of Kaseya, which then leads to the surprise "thanks for installing" message.

    Lloyd

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • HI Lloyd

    Thanks for the reply - no, these machines aren't part of a network with WSUS. There are no GPOs with any settings remotely connected to windows update.

    If I set Kaseya back to user defined windows auto update settings, the windows update config screen reverts to full user control, which it wouldn't if there were also underlying GPOs also trying to configure it

    Thanks
    Lee

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: leeevans
  • leeevans
    HI Lloyd
    If I set Kaseya back to user defined windows auto update settings, the windows update config screen reverts to full user control, which it wouldn't if there were also underlying GPOs also trying to configure it


    True, but it would no revert until the next time the GPO is applied - which I believe is every 90 minutes for member servers and desktops/laptops, shorted I beleive for DCs. So for a short while, the settings would remain per the Kaseya settings, even if there is a GPO in place.

    Just a thought.

    Lloyd

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • That's true I suppose. Anyway, there aren't any WSUS servers and there aren't really any GPOs on this particular domain, so it definately isn't that.

    I spoke to my engineers and they said these servers might have been updated to SP2 using the 'patch update' mechanism rather than through auto update.

    Do patches deployed via patch update not show on the machine history?!

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: leeevans
  • leeevans
    Do patches deployed via patch update not show on the machine history?!


    Any patches deployed via Kasey a should be in Kaseya. You migth wnat to look at the script log. Try this...

    Select the machine group, abnd possibly set a View to only show servers. Then, go to the Reports tab, and the Logs section. Choose the following

    Choose a log to display = script log
    Display log entries for last = 30 days (or whatever makes sense)
    Script Name Filter = *
    Administrator Filter (Admin that scheduled the script) = *
    Show entries matching the following description (use * for wildcards) = *Patch*
    Preserve plain text formatting = checked
    Ignore machines without data = checked
    Enter title displayed on report header = Patches Installed Report

    click Save, and assign a name
    click Update to set the filter
    click run

    This *should* give you a list of all patched deployed via Kaseya. It will show the date/time, Script Name, Description, and the Admin who executed it.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • Hi again,

    Thank you for that - brilliant report which I'll certainly be using again in future.

    So... the patch in question shows up on the report:

    10:16:55 am 16-Sep-09 $inst$ptc1$host.group Executed patch: KB948465 - Windows Server 2008 Service Pack 2 (KB948465) *System*

    But the machine history page has absolutely no mention of KB948465

    ?!

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: leeevans
  • Glad to hear that report was helpful.

    Last night I installed SP3 for windows XP on a computer for a customer, via Kaseya patching. I jsut checked the Machine History on the Patch Mgmt tab, and in the Service Packs group, it shows
    ==================
    KB936929 Windows XP Installed on 11:32:01 pm 14-Oct-09
    Windows XP Service Pack 3 (KB936929)
    ==================

    So, at least in that case, the service pack did show up in the Machine History. I amnot sure why KB948465 - Windows Server 2008 Service Pack 2 (KB948465) is not showing in your machine hisory. Strange.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • I did a little more checking... and noticed something...

    I created a View on my Kserver for only servers running Windows Server 2008 with SP2 applied. There were 6 of them. I looked at the Machine History tab for each of them, and none of them shows KB948465 - Windows Server 2008 Service Pack 2 (KB948465) .

    Now some of them *may* have been installed using media with SP2 in the first place. But I am faily confident that at least 2 of them were a prior SP level, and had SP2 applied via Kaseya patching. There are other Service Packs listed for these servers (which are almost all terminal servers) including Office SPs and .Net Framework SPs.

    I am not sure if the Machine History report is looking at only Kaseya history, history, or if it is pulling something from a local log/database from the machine. I just checked the online K help file, and it says the following:
    =============
    The Machine History page displays the results from the most recent patch scan of managed machines. All installed and missing patches applicable to a managed machine are listed, regardless of whether the patch is approved or not.
    =============

    Unfortunately, this does not clearly state whether it is looking at only Kaseya history, history, or if it is pulling something from a local log/database from the machine.

    I suppsoe this does not answer your question. But thought I would share the extra info.

    Lloyd

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf