C:\Windows\ProPatches is used for agentless deployments, so machines with this folder had an agentless deployment to it at some point. An Agent will use C:\ProgramData\LANDESK\Shavlik Protect\Agent\Patch\PatchData for storing patches.
For the scan results, are you 100% positive the agent is using the same Scan Template you agentless scan from Protect is using?
For the refresh issue. I don't quite understand 'not refreshing missing patches'. Do you have screenshot of what is happening?
Thanks for the reply. To the best of my knowledge, we have never gone with Agentless scanning. It is a fresh install and I have installed the agents at each PC, as admin. We may have tried to push out agentless scans once to test it, but after seeing requirements for what had to be enabled/opened, we decided to go with agent scans. We are going thru a large PCI Compliance initiative.
I will try to get a snip tomorrow. I am just about to go out the door for the day. I am the "early admin" here at work and quitting time is fast approaching. I guess my issues is that after a week of what appears to be successful scanning by a number of machines, they still report missing patches. I have checked the distribution server and the patches are downloaded. I can see in some logs that it finds X number of missing patches, and SPs. (I have not enable deploying SPs yet, want to get it working first.) And also, the console is now not refreshing when I switch from PC to PC, to show the missing patches, etc. I have had to close it out 4 times today in order to go from machine to machine. Seems odd.
Hopefully tomorrow I can find some snips that will help flesh out what I am poorly describing.
The C:\Windows\ProPatches is create during an agentless deployment type event, an agentless scan would not create this folder structure. Installing the Shavlik Scheduler would also create these folders. We could tell you exactly why these folders were created if Support had a copy of the C:\Windows\ProPatches\Logs folder.
Regarding the scans always showing a patch missing. It's possible you are seeing a deployment issue and not a scan detection issue, but we like to rule out a detection issue first. This is typically handle through a Support case with diagnostic trace scanning from our DPDTrace tool. We can typically determine what is causing the issue (content or environment) and have it correct by or in the next content release.
The tool with instructions: DPDTrace GUI Tool: Used to troubleshoot patch detection issues
You can log a case here: Support Portal
Additionally, you should provide your agent side logs from the same target machine you run the DPDTrace against: C:\ProgramData\LANDESK\Shavlik Protect\Logs (please zip before attaching to the case)
Where are you switching PC to PC? I'm not aware of any present or past issues with view refreshing patch information in Protect.
Hi Charles, thanks for the additional comments. Going backwards on your post, When I say switch from machine to machine to machine, I mean in Machine view in the console, looking at missing patch results for different PCs. When I click on a PC, I should see the results pane below, with patch and SP result information. Recently, that has not been happening. When it fails to refresh, I have to close the console and reopen it.
I will take a look at the DPD Trace tool and see how I do with that, and gather some logs.
I do think it is a deployment issue as I can see the missing patches as being downloaded, and existing in the distribution servers shared folder. I have tested from a number of machine and all the ones I have tested can access the share without issue. And as mentioned, it is all local agent scanning/patching at out corporate office. (Happily, my cloud deployment is working very well)
We are only testing missing patches currently, have not enabled SPs on the policy. (Kind of concerned about deploying an old .NET Framework 1.1 SP to machines which are already above that version. Any issues with that happening that you are aware of?)
I do know that after you mentioned that only agentless installs would have the Propatch folder, I looked at a few other PCs and they had the C:\ProgramData\LANDESK\Shavlik Protect\Agent\Patch\PatchData folder, but not patches in the folder. They have all been doing scans and reporting back to the console, showing missing patches/SPs. I created a test template yesterday, assigned it to a policy, and created a new group with 3 PCs in it. I assigned the new policy to that group and let it run. It worked ok from what I can see because I forgot to remove a whole lot of software distributions updates I didn't need/want on the template and all 3 machines had a large number of new apps I had to uninstall this morning......;<( Live and learn I guess. But, with that said, it still didn't download and install the missing patch from MS. I have two patches in the shared folder, one a "Delta" and the other not a delta. (Unsure what this means?)
Anyway, enough rambling for now. Let me go see what I can get done with the trace tool.
Regarding refresh issue you are seeing in View > Machines, I'm not aware of any open defects. Bring this up in the case you create with Support. Maybe they can setup a WebEx and take a look to see it first hand. One thing of note is, if you are viewing machines in the View > Machines and new results are imported, you will need to click the refresh button to see the new results. I thought I would mention that in case it's what you are seeing.
I'm not aware of any issues installing early .Net Framework patches or SPs on machines that have later versions. They run side by side and should over-write newer files. Of course Microsoft could have made a mistake somewhere so I would test on a server or two.
For the Cumulative patches like 4015217, Microsoft creates a full file (huge) that is used when a machine is more than 1 month behind on patching. The smaller Delta update includes the fixes developed since the previous cumulative update, but this means that your system already needs to be up to date before this month’s Patch Tuesday cycle. Protect automatically detect which one can be installed. Be warned the 1GB+ update takes a very long time to install.
Sorry to hear about the Software Distribution roll-out, that can be painful.