The following errors are seen on the logs and some agents with these polices will not update their configuration.

Have seen some instances where the Remediation Center displays Bulletins with Staged=False, when in fact they are Staged=True. This appears to be a visual of the issue on the Remediation Center.

Source: Altiris.NS.AgentManagement.PolicyRequest.LoadItemPolicy
Description: Unable to generate policy XML for item: [Software Update Name] [Software Update Policy Name] (Software Update Advertisement GUID)

Source: Altiris.PatchManagementCore.Policies.SoftwareUpdateAdvertisement.OnBuildClientConfigXml2
Description: SoftwareUpdateAdvertisment::BuildClientConfig2() error generating sofwtare update config No rows returned by store procedure spPMCore_GetConfigInfoForSoftwareUpdate

Source: Altiris.PatchManagementCore.Resources.PatchSoftwareUpdateResource.BuildConfigXml
Description: PatchSoftwareUpdateResource::Build config XML

Source: Altiris.PatchManagementCore.Utilities.StoredProcStubs.GetConfigInfoForSoftwareUpdate
Description: GetConfigInfoForSoftwareUpdate()::error calling stored procedure No rows returned by store procedure spPMCore_GetConfigInfoForSoftwareUpdate

Source: Altiris.PatchManagementCore.Policies.SoftwareUpdateAdvertisement.OnBuildClientConfigXml2
Description: SoftwareUpdateAdvertisement::base.OnBuildClientConfigXml2() Unable to build the client configuration XML for advertisement with guid {<GUID>}. Reason: Unable to locate the advertisement details: '<SoftwareUpdateName> for <SoftwareUpdatePolicyName>' (<GUID>).

Additional errors found on other cases resolved by this process:

Item save to DB failed: 0c4f61e5-bdd6-41c0-bc8d-59c279bcfa18, (fromClone=False, user=USERNAME\s_symantec) Attempt to get Automation policy 0c4f61e5-bdd6-41c0-bc8d-59c279bcfa18 resulted in exception: Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The item '0744f9ce-c531-46fd-b976-b56201c218ea' was loaded as readonly and cannot be saved.

Could not find a part of the path 'C:\apps\Patch Management\Packages\Updates\MS11-044\{cb4c76c4-703c-428e-a10d-7ae4378e00d5}'

Error copying package files to new location C:\apps\altiris\Patch Management\Packages\Updates\MS11-044\{cb4c76c4-703c-428e-a10d-7ae4378e00d5}. Package location will be unchanged

Unable to manage the distribution points under user [USERNAME\s_symantec] for package: 'IE11-Windows6.1-KB2976627-x86.msu' (0fd79728-18bd-8ada-b500-db127072eb53)

The associations between the Software Update Package / Installation Files have become corrupt.

Specific possible cause; Import Patch Data for Windows is not running clean up tasks for Software Update Packages and deadlocking during the Download Software Updates portion of clean-up.

These associations are created on-the-fly during the creation process. The recreation process is the best method to restore these resource associations, for it would take an extensive amount of time and multiple SQL scripts just to isolate the missing associations and restore them one by one.

Moving forward: Work through the following will rebuild the Software Update Policies with the proper resource associations, run the attached performance scripts for Revise Software Updates during the PMImport, and disable unnecessary Software Update Policies (allow for clients to update configuration and receive the changes) and delete them when confirmed clients received the change. This will ensure the issue doesn't arise again as the environment could be experiencing performance issues when recreating the associations during the PMImport.

First run the 'Check Software Update Package Integrity' Job; see if the Update to Advertisement resource associations can be rebuilt through automation.

• Found on the Console > Manage > Jobs and Tasks > System Jobs and Tasks > Software > Patch Management
• Advisory: this is often not the resolution, for it will merely recreate the packages, but if the associations are unpreparable; the process below will need to be performed.

Work through the following to resolve this issue and recreate the Resource Associations from the Software Update Policy to the Software Update Package and ensure they are targetable to the Client / Resources themselves:

1. To stop the errors from being posted to the Log Viewer: Go to the Console > Manage > Policies > Software > Patch Management > Software Update Policies > Windows
   1. Disable the affected Software Update Policies; this process alone will alleviate the errors from the SMP Logs; however, the deployment will not longer be in order, so the remainder of these 6 steps will need to be implemented.
   2. Leave these policies disabled for 3-5 days; allowing for targeted Clients to Update Configuration and receive change in status, and when all targeted clients receive change in status, it should be safe to delete the unwanted policies
   3. Recreate the Software Update Policy for the affected Bulletin. Keep in mind the limitations outlined in KM: HOWTO95202
2. Isolate which of the Software Updates have become corrupt:
   1. Method 1: Review the SMP Log to isolate the affected Bulletins from the listed errors
   2. Method 2: The SQL scripts listed below will also assist with isolating which updates have lost their resource associations
3. On the Console > Actions > Software > Patch Remediation Center:
   1. Highlight and Right-Click > Disable all affected Bulletin(s)
      1. Important: Right-click > List Software Updates the software KB#(s) for step 3
4. On the Console > Manage > Organizational Views > Default > All Resources > Package > Software Package
   1. Utilizing the list made in step 2.1.1; highlight the affected Software Update in the list, and Right-Click > Delete, from the listed updates.
   2. Repeat this process for each update, for each affected Bulletin, and this will ensure the Resource Associations are cleaned up in the database.
5. On the Console > Settings > All Settings > Software > Patch Management > Core Services
   1. Ensure the current location for Package Download is displayed:
      1. Note: default is at C:\Program Files\Altiris\Patch Management\Packages\Updates
   2. Drill down on the File Structure to this location:
      1. Physically delete the affected Software Update Package Downloads from the SMP's hard drive     
6. On the Console > Actions > Software > Patch Remediation Center
   1. Highlight > Right-click the Bulletin > Select 'Download Packages' to recreate the Software Updates
   2. Highlight > Right-click the affected Bulletin(s) > Select 'Distribute Software Updates' to recreate the Software Update Policy for the clients to receive the packages

Advisory: The following SQL Query results will reveal a list of Bulletins and Updates for which the packages need to be recreated with a null or blank entry in PM 7.0 - 7.1 (see attached doc below for PM 7.1 SP1+):

select * from vRM_Software_Update_Item su
join ResourceAssociation rasc2c on rasc2c.ParentResourceGuid = su.Guid     
and rasc2c.ResourceAssociationTypeGuid = '292DBD81-1526-423A-AE6D-F44EB46C5B16'--Software Component to Company
join ResourceAssociation rasc2l on rasc2l.ParentResourceGuid = su.Guid     
and rasc2l.ResourceAssociationTypeGuid = 'F35C6627-F70C-44A0-AFB8-490CE4D3ECAF'--Software Component Applies To Locale
left join ResourceAssociation rasu2sr on rasu2sr.ParentResourceGuid = su.Guid     
and rasu2sr.ResourceAssociationTypeGuid = '9603714F-078D-4B85-989D-81FC23ABF397'--Software Update Applies To Software Release
where rasu2sr.ParentResourceGuid is null
/*Comment out the previous line above to see all packages, not just problem ones.*/​

Restarting IIS was required as the final part of the previous steps as it was needed to resolve the issue related to the Additional errors outlined above:

1. Open CMD with right-click > Run as Administrator.
2. Input the following: IISReset
3. Input credentials as required when opening the Console; utilize the Application Identity (Symantec Service Account) if able.