Has anyone run into this problem with their K1000?  

We have patch schedules set up to detect & deploy selected patches (by smart-label) to selected machines (by smart-label) on a nightly basis. The schedules _do_ appear to run for some machines, and successfully patch them on a consistent basis.  But not all machines are receiving the patches they are supposed to. When looking at the individual computers in the K1000 inventory, thepage shows these patches as "not scheduled" even though they clearly should be (and other patch schedules are running just fine on the machine).  Help! Any thoughts?

Screenshot: 

Thanks in advance for any tips or recommendations!

--Noel

 

Answer Summary:
Cancel
1 Comment   [ + ] Show Comment

Comments

  • I am having this same issue on 5.4 SP1. I have tried splitting the detect and deploy. Here is what my deploy screen looks like.
    Patched: 0, Not Patched: 0, Detect Failures: 0 , Deploy Failures: 0
    This is for Phase: not scheduled and ones that say complete.
Please log in to comment

Community Chosen Answer

2

It absolutely can conflict in this manner. I would in fact suggest always having my detect and deploy run in seperate pahses and on seperate days. Just my experience

Answered 03/06/2013 by: jdornan
Red Belt

  • What do you mean "separate phases"? You mean never do a "Detect & Deploy" as one schedule, but always run a Detect separate from a Deploy?
  • Yes
    • OK. I actually split the detect and the deploy phases on a couple of schedules last night, and re-jiggered all of the times so no more than 1 schedule ran per hour (essentially giving each patch schedule 61 minutes to run before the next one kicked off). It looks like it _may_ have resolved the issue (I'm sorting through a long list of machines that still aren't running the schedule, but many are no longer active machines and others appear to be users who are powering off their PC at night - against company policy of course!)
Please log in to comment

Answers

0

I know there were issues with 5.4, have you upgraded to 5.4 SP1 along with the agents as well. I am sure support may ask you to do that if you haven't and retest again. 

Answered 03/06/2013 by: nshah
Red Belt

  • We're fully updated on the K1000 server and Agent bundle. There are a few machines not checking in since the upgrade (mostly Mac agents); but none of those are being caught by this patch scheduling issue. The screenshot above is from a Windows 7 PC running Agent version 5.4.10622, for example. It is successfully checking in, I can force a check-in, it can run scripts, and some (but not all) patch schedules *are* being run on the box. Any other thoughts? Thanks!
Please log in to comment
0

Well lets take the USA - Firefox one and see what is there. Bare with me as we may need to know how they are setup in more detail and logical manner. 

Subscription setting - these have changed in 5.4 so you may want to make sure that you are downloading Non-Security patches as well as application for both security and non security...

 

Then make sure you have subscribed to all the OS system you want to support. 

Are you also under Settings > Patch Settings downloading full cache or using the new 5.4 method based on detection? 

Are you running any schedules at the same times which may cause a conflict?  The scheduled last run indciates nearly 2 months ago for the not scheduled. 

Have you tried recreating one to see if that works? 

Answered 03/06/2013 by: nshah
Red Belt

Please log in to comment
0

Thanks. Here's a screenshot; my settings appear to match yours (and yes, I double-checked that all appropriate OS'es are selected):

  

Not sure what you mean by "full cache"? Here's a shot of the Settings > Patch Settings screen:

I have not tried deleting and re-creating the schedule because if I look at the actual schedule, it *is* running for some machines; just not all! And I can verify the patches are being applied to those machines that have run the schedule:

Any other thoughts?

Thanks!

--Noel

P.S. No patch schedules are in direct conflict. Some start only 15-30 minutes after a previous one, but on nights where the previous job is finished (perhaps there are no patches to deploy) it should still kick off, right? I find it hard to imagine that the job would take so long to run every night over a multi-month period.

Answered 03/06/2013 by: nwade
Orange Belt

Please log in to comment
0

I am having the Same issue. Did you ever get this resolved?

Answered 03/19/2013 by: Jwinsor566
White Belt

  • JWinsor566 - Yes, mostly. By splitting out the Detect schedules from the Deploy schedules, we've seen a more reliable application of the schedules across machines. It still seems that sometimes when machines are powered off (or offline) for certain windows of time during the day, they wind up with the "not scheduled" status; but it seems to correct itself if they then remain online for the next 18-24 hours. It was a bit PITA to re-do all of our patching schedules; but in the end it _does_ seem to be a more reliable solution. Ah, well!
Please log in to comment
Answer this question or Comment on this question for clarity

Share