Patch "not scheduled" (even though it is)
Has anyone run into this problem with their K1000?
We have patch schedules set up to detect & deploy selected patches (by smart-label) to selected machines (by smart-label) on a nightly basis. The schedules _do_ appear to run for some machines, and successfully patch them on a consistent basis. But not all machines are receiving the patches they are supposed to. When looking at the individual computers in the K1000 inventory, thepage shows these patches as "not scheduled" even though they clearly should be (and other patch schedules are running just fine on the machine). Help! Any thoughts?
Screenshot:
Thanks in advance for any tips or recommendations!
--Noel
Answers (5)
It absolutely can conflict in this manner. I would in fact suggest always having my detect and deploy run in seperate pahses and on seperate days. Just my experience
Comments:
-
What do you mean "separate phases"? You mean never do a "Detect & Deploy" as one schedule, but always run a Detect separate from a Deploy? - nwade 11 years ago
-
Yes - jdornan 11 years ago
-
OK. I actually split the detect and the deploy phases on a couple of schedules last night, and re-jiggered all of the times so no more than 1 schedule ran per hour (essentially giving each patch schedule 61 minutes to run before the next one kicked off). It looks like it _may_ have resolved the issue (I'm sorting through a long list of machines that still aren't running the schedule, but many are no longer active machines and others appear to be users who are powering off their PC at night - against company policy of course!) - nwade 11 years ago
I know there were issues with 5.4, have you upgraded to 5.4 SP1 along with the agents as well. I am sure support may ask you to do that if you haven't and retest again.
Comments:
-
We're fully updated on the K1000 server and Agent bundle. There are a few machines not checking in since the upgrade (mostly Mac agents); but none of those are being caught by this patch scheduling issue. The screenshot above is from a Windows 7 PC running Agent version 5.4.10622, for example. It is successfully checking in, I can force a check-in, it can run scripts, and some (but not all) patch schedules *are* being run on the box. Any other thoughts? Thanks! - nwade 11 years ago
Well lets take the USA - Firefox one and see what is there. Bare with me as we may need to know how they are setup in more detail and logical manner.
Subscription setting - these have changed in 5.4 so you may want to make sure that you are downloading Non-Security patches as well as application for both security and non security...
Then make sure you have subscribed to all the OS system you want to support.
Are you also under Settings > Patch Settings downloading full cache or using the new 5.4 method based on detection?
Are you running any schedules at the same times which may cause a conflict? The scheduled last run indciates nearly 2 months ago for the not scheduled.
Have you tried recreating one to see if that works?
Thanks. Here's a screenshot; my settings appear to match yours (and yes, I double-checked that all appropriate OS'es are selected):
Not sure what you mean by "full cache"? Here's a shot of the Settings > Patch Settings screen:
I have not tried deleting and re-creating the schedule because if I look at the actual schedule, it *is* running for some machines; just not all! And I can verify the patches are being applied to those machines that have run the schedule:
Any other thoughts?
Thanks!
--Noel
P.S. No patch schedules are in direct conflict. Some start only 15-30 minutes after a previous one, but on nights where the previous job is finished (perhaps there are no patches to deploy) it should still kick off, right? I find it hard to imagine that the job would take so long to run every night over a multi-month period.
I am having the Same issue. Did you ever get this resolved?
Comments:
-
JWinsor566 - Yes, mostly. By splitting out the Detect schedules from the Deploy schedules, we've seen a more reliable application of the schedules across machines. It still seems that sometimes when machines are powered off (or offline) for certain windows of time during the day, they wind up with the "not scheduled" status; but it seems to correct itself if they then remain online for the next 18-24 hours. It was a bit PITA to re-do all of our patching schedules; but in the end it _does_ seem to be a more reliable solution. Ah, well! - nwade 11 years ago
Patched: 0, Not Patched: 0, Detect Failures: 0 , Deploy Failures: 0
This is for Phase: not scheduled and ones that say complete. - bender6681 11 years ago