I have a NUMBER of patches from Microsoft which are not patching.  

Kace thinks it's already patched, MBSA and Microsoft Update say otherwise. This is happening on hundreds of machines.  Everyone I look at has some or all of these missing patches x64 and x86 machines are experiencing this issue.

KB982726, KB2844286, KB2840628, KB2803821, KB2836943, KB2647753, KB2729094, KB2732487, KB2732500, KB2687455, KB2760587, KB2752025, KB2752101, KB2767860, KB2825632, KB2810008, KB2768338

It's getting pretty frustrating when my patching says it's complete and I run MBSA or Microsoft Update and find 13 missing "Important" patches.

I've had open tickets for the RC for 5.5 and the GA with no real solutions from Kace.

4 Comments   [ + ] Show Comments


  • Can you tell us how you are subscribing to patching? are you limiting what you download by labels? Are you subscribed to security and non-security patches?I looked up a few of those patches you listed and my systems show they have them and that windows update doesn't see anything that needs to be patched.

    I am surprised that support hasn't gotten back to you or no solution or cause has been relayed back to you.

    On a side note have you requested the 6 hot fixes that need to be applied. One of those I think deals with detection.
    • Yes the patches are subscribed to by Labels. All patches listed are in at least one of the patch labels. I have separate detect and deploy schedules depending on where the machines are located at our 25+ locations.

      Support wants me to run D&D jobs on single machines which I have done and they still don't patch. It's stuck somewhere in engineering I guess.

      I have only received 4 hot fixes so far. I guess I need to make another call.
  • I am sure you applied this one.

  • Patching causing problems over here too. I still have yet to run a patch schedule (that I've been told is correct) where I am confident of the deployment.
    Would be nice if KACE would get back to me on a timely basis on My ticket I've had open since August too
  • Just wanted to let you know that we finally got this figured out, after escalating it all the way up to Lumension. Turns out that we had our DCOM default authentication level set to Default, and it needs to be set to Connect.

    You can find this by going into DCOMCNFG.exe, Component Services -> Computers -> Right-click on My Computer and go to Properties. Under the Default Properties tab, set the Default Authentication Level to Connect.

    We do not have any GPO's or login scripts that touch this setting, so I'm thinking that this requirement may be something new within Lumension's API. - See more at: http://www.itninja.com/question/k1000-5-5-not-detecting-missing-patches#sthash.ozptIoKw.dpuf
    • I'm already at Connect. Glad it worked for you. Still having issues here with random patches not patching.
Please log in to comment



Yes, I've had these issues recently also (I'm on 5.5). I've been following the same method of letting my patch schedules complete and then following up with an MBSA scan to verify that everything is up to date... I know that Microsoft had some issues with a number of patches released several weeks ago that were not installing properly, but I was under the impression that had already been cleared up.

I've had a ticket open with Dell support on this for a few weeks now and I really feel like I'm spinning my wheels right now. The Kace support individual I am speaking with makes it sound like this is an isolated issue, but I'm really not buying that (especially now that I see your post).

I am hestitant to set up a WSUS server and start pushing out patches that way. The primary reason we spent $20k on this appliance (plus annual renewals) was to automate patching and not have to worry about things like this...

Answered 10/23/2013 by: Michael4732
Orange Senior Belt

Please log in to comment

I have been having a lot of issues with Patching.  We just purchased the K1000 a litte over two months ago and I have had a ticket open with KACE for about two months because I cannot run pathes on our workstations.  They are telling me that the mcescan.exe file cannot run on any of our workstations and that it also cannot write to the registry. I tested it again yesterday on a workstation that needed 71 Windows Updates and after I ran the Patching, it only applied four.

Answered 10/08/2013 by: tsienkiewicz@ldirx.com
Seventh Degree Black Belt

  • I know it doesn't chain patches together well and multiple reboots are required for any monthly patching. Is that the case with you? Mine says it's done patching and leaves patches unpatched.
    • Yes, mine also says it is done and there are still a lot of patches unpatched.
      • Are the patches that aren't patched in your patch schedule? I set my patches by smart labels and I only scan for 2012 and newer patches and then patch on the same labels.
Please log in to comment

Yes, I am doing mine in smart labels. The patches are in the patch schedule. I have one for Critical, Recommended, and Office.

Answered 10/08/2013 by: tsienkiewicz@ldirx.com
Seventh Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity