6 Replies Latest reply on Mar 28, 2013 11:05 AM by adamg23

    False reporting of missing patches


      vCenter Protect Standard 8.0.2


      I was recently tasked with managing security patch deployments for a segment of my company. I scan and deploy to about 800 PCs but there are 4 or so that always report missing patches, even when fully patched.


      I just did a security patch scan of a machine and the report says that the PC is missing 13 total patches, most of them MS patches. The deployment completed with no errors but the current patch status shows as Pending Rescan for all missing patches. I can manually run Windows Update which reports no missing patches.


      Any thoughts or ideas on where I can get started on this?



        • 1. Re: False reporting of missing patches



          What patch scan template are you using when scanning? If you are using a custom template can you try one of the built in templates to see if the same issue occurs (Security Patch scan or WUscan).


          Is it possible to list which patches continue to show as missing?


          Also, verify that you have up-to-date patch definitions. You can check this in Help > About > Version Info. The version for Defintions, patch assessment and patch deployment should match what is listed at this site:




          Help > Refresh Files should update the definitions if it appears that they are out of date.

          1 of 1 people found this helpful
          • 2. Re: False reporting of missing patches

            Thanks for the reply. I have been running custom templates but at your suggestion, I am currently running the security patch scan. When that completes, I'll deploy and reboot the PCs and try again tomorrow.


            To answer your other question, the definitions are up to date.  I'll post the results tomorrow.



            • 3. Re: False reporting of missing patches

              Okay, I ran the  standard Security Patch Scan (after manually running updates) and the PC reported as missing 17 patches. I deployed those, the console indicated that it was successful, rebooted the PC and got the same 17 missing patches report.


              This is only happening with a handful of PCs though. It looks to me like an issue on the PCs, can you identify what services are involved in reporting and also which directories are used? I found that many XP machines needed to have Windows Installer re-installed but these Win7 machines are not getting the same error message, in fact getting no error message.


              Thanks again,




              The missing patches:

















              • 4. Re: False reporting of missing patches

                It sounds like the patch files are either not being downloaded or are not being copied to the target system(s).


                Based on this;


                -Do you see the patches downloaded into your patch download directory? You can see the location this is set to under Tools > Options > Patch Downloads.


                -Can you verify if the patch files are being copied to the target system(s)? The files get copied to C:WindowsPropatchesPatches during the deployment process.


                -Are you using a distribution server for deployment? If so, you need to ensure that you synchronize the distribution server. (Manage > Distribution Servers > Synchronize tab > Synchronize patch downloads.

                • 5. Re: False reporting of missing patches

                  The patches directory on the target PC has got patch files going back to early 2012. I don't think the issue is with the console, it patchs around 800 machines successfully, the issue seems to be with the PC itself.


                  Perhaps scheduler?





                  • 6. Re: False reporting of missing patches

                    Yes that's a possibility. It could help to reinstall the scheduler. Here are the full steps:

                    Perform these steps on the target machine:   Manually remove the VMware Scheduler: -Open Command Prompt.  -CD to C:windowsPropatchesscheduler  -Run stschedex.exe /remove   Delete the folder: C:WindowsPropatches.  Verify that this reg key is deleted: HKEY_LOCAL_MACHINESOFTWAREShavlikScheduler   Perform these steps in Protect:   -Go to Manage > Credentials. Add credentials you wish to use as default or edit existing credentials to ensure that the password is up-to-date.  Make sure to set the proper credentials as the "default credentials".  -Go to Tools > Options > Scheduling and make sure the VMware Scheduler is chosen.  -Run a new scan to the target machine prior steps were performed on using Security Patch Scan.  -Once the scan completes deploy to this machine using the Standard deployment template. Deploying will cause the scheduler service to be reinstalled.   *The short method: You can also reinstall the service by going to Manage > Scheduled Tasks > Right click on the target machine > choose Scheduler Service > Install.