K1000 and Java Patches.
So, with the fairly recent changes to the Java development cycle, how is everyone handling Java patches? We have 20 or so machine, spread through out 3 buildings that are heavily dependant on Java. Java also requires itself to be the latest version before it will run any applets. However, the K1000 will not download Java updates until after 10 days from their release date.
Our thoughts:
Download the new JRE installer once Oracle releases it. Create a Managed Install to push out the new version to all PCs in a label. This has worked, partially. Some machines never get the update until you force an inventory update. Other machines never get the update at all! They are listed in the Installing Status listing.
Is there a better way to do this?
Answers (3)
We use MIs to deploy updates for Java. We use the "after logon before desktop" option as well, but that doesn't always work for us. We usually also couple it with a similiar MI that is set to "while logged off".
As far as Java needing to be the latest version you can suppress that. We use a deployment.properties file that has all of our settings. The one you are looking for is "deployment.expiration.check.enabled=false".
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
Comments:
-
Hmm, thanks! that may just be a great work around until we get MIs or Patching working correctly. - kmorris 10 years ago
-
Going to go ahead and mark you as the answer, as this is what we used to "fix" our situation.
We have a MI setup to push the new Update 55 out, but for some reason it only seems to hit about 20% of our PCs on a reboot (out of 245). I think we may have some KBox issues, deeper down somewhere.
But either way, this flag is allow our critical applications to run with out having such a time sensitive update requirement. - kmorris 10 years ago
I deploy it via Managed Install along with suppressing updates. The machines don't get it until the Inventory but that happens frequently (every 12 hours in my case). What is your check-in interval for machines?
Do you know why some machines are not getting the MI? Are the not in the label you are targeting?
Comments:
-
Rockhead - Thanks for the reply. They are in the smart label group and they appear in the list to receive the install. But about half of the time it changes to "Suspended"... I have not been able to figure out why.
Prior to pushing out the MI, i forced all machines to check in and update their inventory. That did help about 1/3 of them to receive the update.
Last time java updated, we ended up having to run around to each PC and install.. - kmorris 10 years ago-
Hmmm... Suspended is not a status I have seen before. Do you have "Allow snooze" checked in the Managed Install? I'm wondering if your users are stopping the install in some fashion.
Please update if you figure out what's happening. Good luck. - rockhead44 10 years ago-
Sorry, Suspended is what are Patches do.. the MI usually just sits at "Not installed".
Allow snooze is not checked. Due to our users not having local admin, we have the MI set to run at startup, before login. - kmorris 10 years ago