Hello all you Ninjas,

I have 24 locations in my company, and 24 patch management schedules. Some locations only have 2 or 3 computers and no server, other sites have between 30 to 100 computers with a server that I have a replication share setup. My issue is that some of the sites do fantastic and the status on the schedule is 100% with no failures. Others are at a very low percentage and most the computers are in the "Pending" or "Downloading" status. Funny thing is, the site with the most computers is the site that does the best with little or no failures. And that site is in England!  The rest of the sites are here in the States and the schedule never completes. For instance, we have a site in Allentown PA that has 25 computers, no successful patches have been pushed out, and 23 of the PC's are still in "Downloading" status.


Any advice on how to troubleshoot?


4 Comments   [ + ] Show Comments

Comments

  • Scheduling can be tricky. You have to get the KBOX:

    1. Enough time to scan and download what new patches have been released
    2. Replicate those patches to each site
    3. Ensure that schedules don't overlap causing issues (download, scan detect...etc)

    I would check when you are downloading your signature and when you are running your detect on all machines. With out the detect the download won't do anything and you won't have patches and may say in "Downloading" until done.

    I would also check when you have your window to allow downloads into the KBOX. If it is a small window, there may not be enough time to get everything and thus could fail or go to "Downloading".

    How often are you running a detect schedule? If you are just doing a Detect and Deploy, that could be one issue as now it has to download what it detected.

    I would suggest 1 or more schedules that just do a Detect. I run mine every day to ensure my systems get scanned for the latest signatures and that the kbox has plenty of time to download before my weekend patching.
    Have you seen these?

    http://www.itninja.com/question/my-kbox-6-4-server-can-not-donwload-patches

    debugging? - https://support.software.dell.com/k1000-systems-management-appliance/kb/116859

    Downloading - https://support.software.dell.com/k1000-systems-management-appliance/kb/111284
    • My patch download settings are to configure files detected as missing, and delete unused files after 30 days. My download schedule is on the 21st of each month at 20:00 hours and files schedule is set for after signature download.
  • The sites you are having issues with are they using replication shares?

    If so is the issue with some machines or the entire site?
    • Some have replication shares yes. The other, smaller sites that only a few computers do not have a domain controller or server. The issue is with some machines but at our Allentown site all but 2 of the machines are in the "Downloading" mode and have been for a month.
  • Sanity check: Do those computers show an active AMP connection when they're on? Are they usually powered on when the schedule runs?
    Clarification: What version of KACE are you using? Which agent version(s) are in your environment?
    • Sanity check: yes most computers have the active AMP connection.

      Clarification: I'm currently running KACE version 6.3.113399. I'm dragging my butt upgrading to 7 because I was told by Quest support that I'd have to start a whole new VM and begin from scratch because the newer version has some different requirements.
      • Are all devices on the same agent version?
  • Yes
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity