All-

Been trying to get KACE patching optimized and I just seem to be running into constant issues and would love some advice from others on any kind of best practices and/or if anyone can comment on the questions below.

1. Reboots during patching. Why does this seem so excessive? Our patch schedules are setup for Detect/Deploy since we want to try and get everything patches but it just seems like the amount of reboots necessary is exorbitant. As an example, I had a test laptop with me today that was going to have 10 patches pushed to it. I was forced to reboot three times to cover the ten patches and that was with two errors (patches that failed to install as well). I don't remember WSUS ever needing this many patches

2. Why do .NET Framework patches never seem to install correctly? We push security patches for .NET Framework but always seem to end up with install errors on each machine during the patching cycle. Is this common with .NET Framework?

We're a Windows 7 shop, about 750 hosts. I currently have three patch labels configured; OS/Security Critical, OS/Security Recommended, and Non-Security Recommended. These are used in my Detect and Deploy; we detect on those three labels and deploy on those three labels.

Really would appreciate any advice on a better setup. We're mostly interested in security patches and the windows malicious software removal tool.

Thank you all!
2 Comments   [ + ] Show Comments

Comments

  • dtobias_keenan,

    Have you watched our KKEs on Patching?

    http://kace.com/kke

    As to number one above, since you've chosen Detect and Deploy, and likely have a "Max Attempts" higher than 1, the Schedule retried the failed patches on subsequent reboots. It might have been the case, that without those failures, one reboot would have been sufficient.

    Ron Colson
    KACE Koach
  • Hi Ron...I've been through the KKE but I think I'll refresh myself with one of the newer trainings. I'll adjust my Max Attempts to one and see what kind of difference that makes. Any ideas on what causes patch failure? Take my original example above...I wasn't in any applications yet I had to go through three reboots. My usual culprit is .NET security patches as those always seem to be the ones that fail when I mix them in with other updates.
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity

Share