After receiving over 250 emails this morning for patch failures (we only currently have 108 machines under patch management) it is becoming beyond a joke as to how many patches are failing to install on machines. Including but not limited to MS11-025/037/042/043/044/046/050 and 052, plus KB976932 (service pack one onto a brand new server).
Is anyone else experiencing the same kind of issues or do I have an isolated experience?
It could be isolated
Have you raised a support request? Ours is still ticking along.Have you tried narrowing it down to a particular machine group or is it truly across the board?
I have an SQL Query i wrote that will pull every single patch ever available where the patch status is approved, then filtered out machine groups i don't care about. From there, stick it in Excel > Create a Data connection and run the query > Create a pivot chart. See some of the screens below of what i can see with the query.
select MachineName, GroupName, KBArticle, SecurityBulletin, Title, ksubscribers.dbo.vPatchStatus.description,Product, UpdateClassificationDescription, ReleaseDate, ApprovalStatusDescription, InstallationWarning, InstallDate, InstalledBy from ksubscribers.dbo.vPatchStatus
where ApprovalStatusDescription not like 'Denied'and GroupName not like '%samplemachinegroup'and GroupName not like '%samplemachinegroup1'and GroupName not like '%samplemachinegroup1'and GroupName not like '%samplemachinegroup1'order by Machine_GroupID asc
The Pivot Table:
I implore you to try this, I know it doesn't address your immediate question of "Is patch management broken", but it could help if you raise a support request.Tell them, "i tested everything, and this is what i am seeing".
I use that Pivot table as the basis for my reporting, those machines there are test machines that aren't specifically in a patch policy hence the low amount of patches installedThe spreadsheet makes for a really quick snapshot of what your patching is like across all your machines.
Let me know if you have any questions about how to set it up, google is your friend.
I notice in the last two weeks we have received a substantial increase in tickets being generated for "failed to install patch". To the point where the support team didnt know what to do because we have hardly ever received this error before. And then out of the blue we received these errors on probably 30% of our servers.
We dont do this sort of alerting for desktops.