So, with the fairly recent changes to the Java development cycle, how is everyone handling Java patches?  We have 20 or so machine, spread through out 3 buildings that are heavily dependant on Java.  Java also requires itself to be the latest version before it will run any applets.  However, the K1000 will not download Java updates until after 10 days from their release date.

Our thoughts:

Download the new JRE installer once Oracle releases it.  Create a Managed Install to push out the new version to all PCs in a label.  This has worked, partially.  Some machines never get the update until you force an inventory update.  Other machines never get the update at all!  They are listed in the Installing Status listing.

Is there a better way to do this?

Answer Summary:
0 Comments   [ + ] Show Comments


Please log in to comment



This is probably one of the best writeups I have seen regarding Java.

I am sure using this script would help give you what you need.

Answered 04/29/2014 by: smyle1979
White Belt

Please log in to comment

We use MIs to deploy updates for Java. We use the "after logon before desktop" option as well, but that doesn't always work for us. We usually also couple it with a similiar MI that is set to "while logged off".

As far as Java needing to be the latest version you can suppress that. We use a file that has all of our settings. The one you are looking for is  "deployment.expiration.check.enabled=false".

Answered 03/31/2014 by: dugullett
Red Belt

  • Hmm, thanks! that may just be a great work around until we get MIs or Patching working correctly.
  • Going to go ahead and mark you as the answer, as this is what we used to "fix" our situation.

    We have a MI setup to push the new Update 55 out, but for some reason it only seems to hit about 20% of our PCs on a reboot (out of 245). I think we may have some KBox issues, deeper down somewhere.

    But either way, this flag is allow our critical applications to run with out having such a time sensitive update requirement.
Please log in to comment

I deploy it via Managed Install along with suppressing updates. The machines don't get it until the Inventory but that happens frequently (every 12 hours in my case). What is your check-in interval for machines? 

Do you know why some machines are not getting the MI? Are the not in the label you are targeting?

Answered 03/31/2014 by: rockhead44
Tenth Degree Black Belt

  • Rockhead - Thanks for the reply. They are in the smart label group and they appear in the list to receive the install. But about half of the time it changes to "Suspended"... I have not been able to figure out why.

    Prior to pushing out the MI, i forced all machines to check in and update their inventory. That did help about 1/3 of them to receive the update.

    Last time java updated, we ended up having to run around to each PC and install..
    • Hmmm... Suspended is not a status I have seen before. Do you have "Allow snooze" checked in the Managed Install? I'm wondering if your users are stopping the install in some fashion.

      Please update if you figure out what's happening. Good luck.
      • Sorry, Suspended is what are Patches do.. the MI usually just sits at "Not installed".

        Allow snooze is not checked. Due to our users not having local admin, we have the MI set to run at startup, before login.
Please log in to comment
This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

Answer this question or Comment on this question for clarity