Hello, I'm working on a K1000 (v.5.3.47927), and trying to enable patching.
I'm specifically starting out with just one patch, as a proof of concept.
The problem, is that, regardless of what I do, the active patches always seem to show up as 0 (zero).

Here's what I have done so far, and perhaps I missed a step that you can help me figure out.
1- I went to the Control Panel --> Patch Settings . And setup a daily download. (Offline Update options not enabled).
2- I created a new label targeting the patches that I want. I'm seeing the listing for those patches within that label. the SQL for the smart label is as follows:
select UID
from KBSYS.PATCHLINK_PATCH
where (( KBSYS.PATCHLINK_PATCH.IDENTIFIER like '%MS11-100%')
AND (1 in (select 1 from PATCHLINK_PATCH_STATUS where PATCHLINK_PATCH.UID = PATCHLINK_PATCH_STATUS.PATCHUID and PATCHLINK_PATCH_STATUS.STATUS = '0')) )


3- I went to Security --> Patching --> Subscription Settings
a- enabled the Windows platforms I want to enable for patching
b- checked Download Application Patches and Include Software Installers
c- Included the new label which contains the above query in the "Limit Patch Download to Select Labels:
d- Hide Disabled Patches on Path Listing, Allow Detect of Disabled Patches, Automatically Inactivate All New Patches : UNCHECKED
e- Automatically Inactivate Superseded Patches: Checked.

It's worth noting that on top of the subscription settings page, the "Last Patch Update Status" says, STOPPED, instead of "Updated" .. what does that mean ?? The last Patch Download was actually last night at 3:00am.. so the downloads are working.
Also, I made sure to go to the patches within the label, and specifically checking the patch that I expect to be installing on my test machine, to verify that its status says: Downloaded, and it did, as expected.

4- I create a new Detect and Deploy Schedule:
a- Specified a test machine
b- Filtered to run on all "Windows" platforms
c- Both Detect and Deploy labels are filtered to the label which contains my patches.
d- I set prompting and patch progress, for visual testing purposes.
e- I didn't set it to run on a schedule, as I wanted it to run on demand for now.

5- I went to the test workstation, and I made sure that one of the patches that is contained within the label is NOT on already installed. (in my case, I uninstalled KB2658424) , then I forced an inventory on that machine, so that the removal of the patch is reflect on the kbox inventory item.
6- I triggered the patch job from the kbox (Save and Run Now).

The result:
I the job would go from Scheduled, to Completed, but it doesn't go through the Detect and/or Deploy stages.
When I look on the main patching screen, it shows the total patches downloaded, which is 15 in my case for now.
Active Patches: 0
Inactive Patches 0

That does not make sense to me, as I would think that having all the components in place, the Active Patches should show up. In the case of my test machine, and given that I manually removed that patch, I would think Active Patches should AT LEAST say 1 in it, to correspond with the patch that isn't installed on my test machine.

Sorry for the lengthy post. I just wanted to make sure that I can give as much information as possible. I have done this same process before on another KBOX, and it worked fine, on this one, I'm having issues...

ideas?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
gkhairallah,

Wow, that's a lot of info! First, I suggest you look on the page for that particular patch - make sure it's not superseded, it has been downloaded, is in the right label, etc. You can find it by clicking on the title of that patch in the Patch Listing. Second, it looks like you are only subscribing to Active patches in your label. FYI, until patches are subscribed to AND downloaded they'll never get to the point of being either Active or Inactive. r2
Answered 03/08/2012 by: ronco
Second Degree Brown Belt

Please log in to comment
0
Thanks for the response Ron.

The patch in question is in fact included in the label, and in checking said patch, it states as being download, not superceded, and active.

I wasn't too sure what you were referring to by: it looks like you are only subscribing to Active patches in your label
What pointed you to this conclusion? Is it the following part of the SQL query?
PATCHLINK_PATCH_STATUS.STATUS = '0'

Could you please clarify ?

Thanks again!
Answered 03/08/2012 by: gkhairallah
Purple Belt

Please log in to comment
0
gkhairallah,

Yes, that very part of the query. Can you post a screenshot of the patch's information page? r2
Answered 03/08/2012 by: ronco
Second Degree Brown Belt

Please log in to comment
0
Sure, here's the snapshot of the patch.

Screenshot of patch

Also, within that patch:
MS11-100 2638420 2657424 Security Update for .NET Framework 3.5 SP1 (All Languages) (32Bit)

windows/x86/en/45E1621E-96F4-4C7D-B339-4B1F8EFBC2C2.plp
NDP35SP1-KB2657424-x86.exe

and

MS11-100 2638420 2657424 Security Update for .NET Framework 3.5 SP1 (All Languages) (64Bit)

windows/x86_64/en/4BBB662F-CDE5-41DA-9CCE-68B60C291C32.plp
NDP35SP1-KB2657424-x64.exe

Have a status of "Download Complete"



Answered 03/08/2012 by: gkhairallah
Purple Belt

Please log in to comment
1
gkhairallah,

Can you show the bottom half of that page? r2
Answered 03/09/2012 by: ronco
Second Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity