Patch Reporting Not Functioning Properly After Updating to 6.4
Been beating my head against this one for quite some time and involved Dell Kace support who has not helped at all thus far.
On 6.3 our K1000 virtual appliance ran a very simple report created with the wizard to look at devices in a label (servers in this case) and tell me all patches deployed in the last X days. I used this report for auditing, verification, security, and troubleshooting purposes as I could easily pull a record of what patches were actually deployed to a server.
After updating to 6.4 this report is now broken. It works on 3 servers of the 96 that are in our environment. Reason being is that patches are deploying properly, which I've verified via Programs and Features on the server, but the deploy date is showing as 00:00:00 so they are not within the past X days, ever.
Dell suggested this was due to some other device patching our servers however group policy prevents the servers from reaching MS update and there are no other Kace/WSUS servers in the environment. Furthermore we patch only severity: critical AND impact:critical which is a small subset of patches (this is a setting in Kace only) and those are the patches that are installing. If I pull the report I have for pending patches (patches that are detected by the detect schedule) and check them against Programs and Features it's only those listed patches being deployed and they are deployed when Kace should have deployed. This is just a very long winded way of saying that Kace IS in fact deploying these patches and it's NOT something else.
Has anyone experienced this? The issue has been ongoing since we updated to 6.4 and continued through applying SP1.
Version: 6.4.120261
Model: K1000
Model: K1000
Memory: 4GB
CPU: 2533 MHz
Hard Drive Usage: 169.54 GB / 241.65 GB
CPU: 2533 MHz
Hard Drive Usage: 169.54 GB / 241.65 GB
VMware 5.5u3
2 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Is it a custom report or one of the reports available out of the box?
If you go on the server record in the inventory of the K1000 and you have a look to the Patch section do you see the right deploy date or all 0s ?
A deploy date all 0s means that the patch was deployed indeed but not from us.
Kind regards,
Marco - StockTrader - StockTrader 8 years ago
1 - Group Policy is configured to disable automatic updates
2 - The configured WSUS Intranet server "Set the intranet update service for detecting updates" policy is enabled with a non-existent server configured
i.e. 1 and 2 means it's impossible for Windows to update itself
3 - Yes it is a simple custom report with Device and Patch Detects and Deployment. Device filters are by server smart label, which contains the 96 servers, and by Deploy Date - is within last - X days
4 - Another simple report, that I created, shows patches that are in catalog and are pending deployment the following patch day
5 - By comparing the pending report to one of the servers I can see that patches listed previously are now installed, they were deployed on the cofnigured deployment date set on the deploy schedule, and are no longer present on pending report (our patch schedule does not fall in-line with Microsofts patch schedule)
From this information I can conclude that Kace did indeed push the patches to my servers, as expected, and on the expected date. However, as I mentioned in the original post, all of the patches are showing a deploy date of all 0's as though Kace did not deploy them. - Parobola 8 years ago