1 Reply Latest reply on Nov 5, 2014 8:30 AM by cwinning

    PROBLEM TOMCAT & JAVA WHEN PERFORMING WINDOWS SECURITY PATCHES

    Rookie

      Hello,

      Is there someone who can help me debugging the shavlik probleme i meet:

      I make regularly Windows security patching for our society. I meet some problems every time for which here is the summary below.

      Thank you please for your help.

      1/ - Shavlik has some limitation for the patching of tomcat or java.
      Shavlik first uninstalls tomcat or java then it installs the new version but in the default installation path.
      In our case on the “Remedy” servers, tomcat and java are installed in a specific patch on the D drive.
      For tomcat the problem is clearly identified: shavlik uninstalls tomcat from the D drive;

      the customized configuration files still remain on the D drive after the uninstallation.
      After that, shavlik installs tomcat on the C drive and when the tomcat is started, the configuration files are not found and the tomcat starts with an empty configuration.
      QUESTION : Why Shavlik doesn’t install (upgrade) in the same path were it makes the uninstallation??

      2/ after patch installation on some SLQ servers there are some services which don't work. When we restart them, we have a Time Out.
      - Some time, the applications don't work correctly after windows patching.
      Please have a look at this and help me resolving the problems
      =============================
      3/ There are two times then i rollback the patches installation on SQL server. After patches

      installation, there are some services which don't work. The last tweek i patch some servers and

      at monday morning we have many problems to restart the reporting service. We think that the patch

      2800095 has a relation with the issue but we are not sure.
      I need someone speaking french to debug this, if not let’s go in english

      =============================================================

      4/ Other message post patching

      The application-specific permission settings do not grant Local Launch permission for the COM

      Server application with CLSID
      {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
      and APPID
      {B292921D-AF50-400C-9B75-0C57A7F29BA1}
      to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This

      security permission can be modified using the Component Services administrative tool.

        • 1. Re: PROBLEM TOMCAT & JAVA WHEN PERFORMING WINDOWS SECURITY PATCHES
          cwinning CommunityTeam

          Hello,

           

          For number 1:  I believe this was answered in a case you opened with support back in July.  There are known defects with the patch installers for Tomcat and Java where the installer cannot reference alternate install directories on silent installs.  This is not an issue with Shavlik Protect, it is an issue with the vendor installers and there is nothing we can do to correct this behavior.  My recommendation is manually update Tomcat and Java on clients where the product is not installed in the default install locations.


          For number 2 and 3:  I recommend that you speak with Microsoft (or patch vendor for 3rd party)  if you are having issues after installing or uninstalling Microsoft patches.  We can help with detection and installation issues, but we cannot help if the patch causes an issue after it is installed or uninstalled from the client.  I would recommend testing patch deployments before installing in production.


          For number 4:  You are referencing a DCOM issue:  How to Configure DCOM Permissions for Configuration Manager Console Connections   The APPID B292921D-AF50-400C-9B75-0C57A7F29BA1 is for the Network Access Protection Agent.  It looks like there are numerous references to these error when searching on the internet.

           

          Thank you,

          Charles