Patch Management is an intricate product. Understanding the Patch Management work flow and processing is key to troubleshooting the failing Software Update installations.
Patch Management Processing broken-down summary:
·Licensing / Annual Upgrade Protection (AUP) installed through SIM on SMP for Patch Management Solution
·Download the Import Patch Data for Windows on the SMP
·Software Update Plug-in rolled out to targeted clients
·Licenses are consumed as clients download the Plug-in and return Patch Inventories.
·Patch Management pools the client’s Patch Inventories with the Import Patch Data to ensure the ‘IsApplicable’ & ‘IsInstalled’ rules are satisfied and marked for compliance. Client is deemed ‘vulnerable’ or ‘compliant’ on each targeted update.
·Software Update Package is created on the Patch Remediation Center. This will create codebases in the database for each package and outlines to client’s targeted download location.
·Software Update Policy is created to target specific clients to download the packages. Client downloads the package and waits in a ‘Scheduled’ status.
·Default Software Update Plug-in Policy configures the schedule to execute the Software Update Cycle and reboot process if desired. Advisory: It has been observed; once the Software Update Cycle has begun it will not stop, even if the Maintenance Window closes, and that appears to be a result of the Client's Operating System committing to the install and once it is queued it will not stop, and that limitation is set by the OS.
·Client runs the Software Update Cycle. Reboots as needed. Gathers client data for this event and returns it to the SMP for processing.
·SMP processes client inventory and populates the database with the returned compliance numbers for viewing in the Compliance Reports.
1.Troubleshooting begins with configuration:
a.Patch Management configuration is outlined on KM: HOWTO56242
i.Ensure configurations are in order.
ii.Some deviations may be necessary as the environment grows (i.e. Windows System Assessment Scan interval is expanded from every 4 hours to every 6-8 hours as more clients are added).
2.PMImport is the foundation of Patch Management:
a.Ensure the Import is not configured to run on schedule more than once per day.
i.Enable the ‘Incremental download’ to ensure that only the newest day is downloaded. This setting may be disabled if a complete fresh PMImport is needed to ensure rules are current.
1.Note: this data replicates to all Patch Agents once it has completed download. The client will return Patch Inventories from this data.
b.Troubleshooting Import Patch Data for Windows is outlined on KM: TECH166778
i.Ensure network security and communications are in order, along with permissions for the user executing the download, as those are the most common causes for PMImport failure.
c.Custom Notification Policy may be created to send an email if the import failed