Kaseya Community

Credential might be invalid. Patch file downloaded but failed to execute.

This question is not answered

Hello Patch-Experts.

It's a curios thing.

"Test" at "Patch Management - Patch Status" says:

Credential might be invalid. Patch file downloaded but failed to execute.

But first i got passed. After a few seconds it refreshs and the above message in red appears.


Okay - i thought, have a look at "set credentials" ...

Hey! It works. But what is wrong?

All Replies
  • Self help ... ;)

    Just looked at Agent Logs of the machines with the error ...

    17:41:41 12-Feb-12 $test$inst$ptc0$pc-boss.root.XXXXXXXXX *System*
    FAILED in processing THEN step 2, Execute File, with error Unable to execute as user, C:\MaxIT\kPmChk.exe

    Just a try ... kpmchk.exe ... klc and command-shell, but kpmchk.exe doesn't exist. Only a file kpmchk-bad.txt.

    Another TRY ... just logged on as user. Logged of, run again. Works.

    Should i log on on each machine of that network for that test?

  • Okay - it seems a bug. Every time i've logged in to a machine it works.

    Kaseya Ticket ID: CS092241

  • Did you ever get this figured out?  I've got a handful of systems with something similar.  I'm seeing the following error in the agent procedure log: "FAILED in processing THEN step 1, Execute File, with error invalid executable file, C:\HTS_Temp\kPmChk.exe".  I also don't see this executable in the directory.  If I switch my patching file source to be Pulled from system server the patch test passes with no issues.  Set it back to download from Internet and they fail.

  • kPmChk.exe (the test patch) will usually (depending on configuration) delete itself after patch test completes.  If you see a file called kPmChk-bad.txt, open the file.  It may contain the exact cause of the failure (often due to firewall, proxy, or web filter restrictions).

    Ensure your network is configured to allow anonymous browse access to the five websites listed in KKB000781.  If your file source is configured to get patches from the system server, then the KServer will use a writeFile procedure to download the test patch to the endpoint.  If the download or execution is being blocked when the file source is configured to download patches from the internet, then the test patch is (trying to) downloaded directly from a Kaseya website to the endpoint (bypassing the KServer).  I'd check firewall/web filter/proxy rules first.

    You may also want to verify that the agent has the appropriate access to the endpoint.  The credential test can pass while the patch test can fail with a credential-related error.  This is because the credential test is only checking whether the account exists, whether it's locked out, and whether the password is valid.  The credential test does not ensure that the credential has the necessary permissions to access folders, network shares, traverse the network, write to the working directory, execute files, etc. - that's part of the job of patch test.  The configuration required for the agent credential is outlined in KKB000733.  You might find that your credential has insufficient privileges, so I'd check that if the firewall/web filter/proxy isn't the issue or if the test continues to fail even after you complete necessary network-layer changes.  

    There are some additional, more detailed testing you can complete to mimic the patch test process to find the specific point of failure.  However, I'd request you open a ticket for those issues if the above doesn't resolve the problems you're having at this point.

  • like Brendon said

    Check credentials only tests if the credentials work on the local machine. This does not test if the credentials work on your servers "File Source" and i can almost guaranty that's your issue. When you try a  "manage machines\patch Status\TEST" or just leave it and wait for an update to happen you may get the message you have.

    When patching machines in a Domain you should create a Domain admin account that has rights to the servers files source and that is the credentials you put in under the Agents credentials, so when patching happens the credentials used to log into the local machine and server are the same and have rights to everything so patching works.