6 Replies Latest reply on Mar 28, 2013 11:05 AM by adamg23

    False reporting of missing patches

    Rookie

      vCenter Protect Standard 8.0.2

       

      I was recently tasked with managing security patch deployments for a segment of my company. I scan and deploy to about 800 PCs but there are 4 or so that always report missing patches, even when fully patched.

       

      I just did a security patch scan of a machine and the report says that the PC is missing 13 total patches, most of them MS patches. The deployment completed with no errors but the current patch status shows as Pending Rescan for all missing patches. I can manually run Windows Update which reports no missing patches.

       

      Any thoughts or ideas on where I can get started on this?

       

      Thanks

        • 1. Re: False reporting of missing patches
          SupportEmployee

          Hello,

           

          What patch scan template are you using when scanning? If you are using a custom template can you try one of the built in templates to see if the same issue occurs (Security Patch scan or WUscan).

           

          Is it possible to list which patches continue to show as missing?

           

          Also, verify that you have up-to-date patch definitions. You can check this in Help > About > Version Info. The version for Defintions, patch assessment and patch deployment should match what is listed at this site:

           

          http://protectessentials.shavlik.com/

           

          Help > Refresh Files should update the definitions if it appears that they are out of date.

          1 of 1 people found this helpful
          • 2. Re: False reporting of missing patches
            Rookie

            Thanks for the reply. I have been running custom templates but at your suggestion, I am currently running the security patch scan. When that completes, I'll deploy and reboot the PCs and try again tomorrow.

             

            To answer your other question, the definitions are up to date.  I'll post the results tomorrow.

             

            Mike

            • 3. Re: False reporting of missing patches
              Rookie

              Okay, I ran the  standard Security Patch Scan (after manually running updates) and the PC reported as missing 17 patches. I deployed those, the console indicated that it was successful, rebooted the PC and got the same 17 missing patches report.

               

              This is only happening with a handful of PCs though. It looks to me like an issue on the PCs, can you identify what services are involved in reporting and also which directories are used? I found that many XP machines needed to have Windows Installer re-installed but these Win7 machines are not getting the same error message, in fact getting no error message.

               

              Thanks again,

               

              Mike

               

              The missing patches:

              Q2589320

              Q2553185

              Q2589357

              Q2589243

              Q2553447

              Q2597986

              Q2687510

              Q2687501

              Q2687436

              Q2687417

              Q2597126

              Q2670410

              QSW1200112

              QJAVA6U43

              Q2687505

              Q2553501

              • 4. Re: False reporting of missing patches
                SupportEmployee

                It sounds like the patch files are either not being downloaded or are not being copied to the target system(s).

                 

                Based on this;

                 

                -Do you see the patches downloaded into your patch download directory? You can see the location this is set to under Tools > Options > Patch Downloads.

                 

                -Can you verify if the patch files are being copied to the target system(s)? The files get copied to C:WindowsPropatchesPatches during the deployment process.

                 

                -Are you using a distribution server for deployment? If so, you need to ensure that you synchronize the distribution server. (Manage > Distribution Servers > Synchronize tab > Synchronize patch downloads.

                • 5. Re: False reporting of missing patches
                  Rookie

                  The patches directory on the target PC has got patch files going back to early 2012. I don't think the issue is with the console, it patchs around 800 machines successfully, the issue seems to be with the PC itself.

                   

                  Perhaps scheduler?

                   

                  Thanks,

                   

                  Mike

                  • 6. Re: False reporting of missing patches
                    SupportEmployee

                    Yes that's a possibility. It could help to reinstall the scheduler. Here are the full steps:


                    Perform these steps on the target machine:   Manually remove the VMware Scheduler: -Open Command Prompt.  -CD to C:windowsPropatchesscheduler  -Run stschedex.exe /remove   Delete the folder: C:WindowsPropatches.  Verify that this reg key is deleted: HKEY_LOCAL_MACHINESOFTWAREShavlikScheduler   Perform these steps in Protect:   -Go to Manage > Credentials. Add credentials you wish to use as default or edit existing credentials to ensure that the password is up-to-date.  Make sure to set the proper credentials as the "default credentials".  -Go to Tools > Options > Scheduling and make sure the VMware Scheduler is chosen.  -Run a new scan to the target machine prior steps were performed on using Security Patch Scan.  -Once the scan completes deploy to this machine using the Standard deployment template. Deploying will cause the scheduler service to be reinstalled.   *The short method: You can also reinstall the service by going to Manage > Scheduled Tasks > Right click on the target machine > choose Scheduler Service > Install.