/build/static/layout/Breadcrumb_cap_w.png

Blog Posts tagged with K1000 Patching

Ask a question

KACE: Scheduled Patches Do Not Install At The Scheduled Time

 

  • Summary:  Some computers do not install patches at the scheduled time
  • Symptoms:  Random re-boot of some computers on the network
  • Cause:  Systems were turned off at scheduled patching time and patch setting is set to run "at next connection".

 

 

Problem:

You schedule installs of patches at a  specific  time, but some systems are installing and rebooting at later, random times.

 

Solutions:

Systems were off, and when turned on, they were set to run "at next connection".

Be the first to comment

Tracking Processes on Machines during Patching, Managed Installs & Scripts (w/utility scripts)

Tracking Processes on Machines during Patching, Managed Installs & Scripts

________________________________________________

I just wanted to share how I track things during patching, managed installs and script deployments. Initially I did this on my test machines to become familiar with the processes involved and now use these tools just to check status on various things I have running. I've found it particularly useful when working on my remote (VPN connected) machines or manually targeting stubborn machines, particularly when I don't want to remote into a system and disturb a user directly (like when I'm juggling other calls and machines at the same time).

I don't claim this to as a be-all-end-all guide, so if you see anything missing, anything that should be corrected or anything that can be improved, by all means please share. A lot of this will probably be common knowledge for those of us doing this stuff regularly, but I'm just trying to make this comprehensive.

Hope this helps someone, particularly those starting out with the K1000!

John

________________________________________________

________________________________________________

Part 1 - Useful utilities and screens

________________________________________________

________________________________________________

*Local Machine

 

Task Manager

- launch via:

CTRL+SHIFT+ESC

CTRL+ALT+DEL > (Start) Task Manager

right-click Windows Taskbar > (Start) Task Manager

- click on the Processes tab, the click on the Image Name column button to sort by name

 

Windows Explorer

- launch via:

Windows key + E

Right-click Start/Winlogo button > Open Windows Explorer

Double-click My Computer or any other folder

________________________________________________

*Remote Machine

 

PSList

- part of PsTools (http://technet.microsoft.com/en-us/sysinternals/bb896682)

- run "pslist \\machinename" from command line to list all running processes on remote machine

- for Win7 machines, the Remote Registry service needs to be started (see script below)

 

Windows Explorer (admin share)

- \\machinename\c$

________________________________________________

*K1000 General

Settings > Support > Troubleshooting Tools > K1000 Agent tasks

- Patching > patch-ORG1-###

- Managed Installs > kbox-ORG1-###

- Scripts > kbot-ORG1-###

- the numbers vary depending on the process

- if you have more than one ORG, the ORG number may differ

________________________________________________

*K1000 Patching

Security > Patching > Detect and Deploy Patches > select Patch Schedule

- scroll to bottom of page > click on Show All

- current patching phase listed (detecting, deploying, reboot pending, verifying, completed)

________________________________________________

*K1000 Managed Installs

Distribution > Managed Installations > select a Managed Install

- scroll to bottom of page > click on Show All

- current installation status listed (Installed, Not Installed, Failed)

- Not Installed (1 of # attempts) in my experience typically means MI completed, machine just needs to run Inventory again to update its installed software list

________________________________________________

*K1000 Scripts

Scripting > Run Now Status > select a Start Time > Run Failures/Successes

- lists scripts that were run manually (i.e. not scheduled)

- helps to include "Log message - status" to On (Remediation) Success/Failure when setting up a script

________________________________________________

________________________________________________

Part 2 - K1000 Agent and related processes

________________________________________________

________________________________________________

***Windows processes to monitor***

- via Task Manager, PSList, etc

________________________________________________

*General*

 

runkbot.exe

- receives commands used to launch other K1000 agent components

- see airwolf's blog on 5.3 agent commands:

http://www.itninja.com/blog/view/k1000-5-3-agent-commands-runkbot-exe

 

KLaunch.exe

- execution component of K1000 agent

- launches processes on client machine (scripts, etc)

 

KUserAlert.exe

- indicates a K1000 agent user alert is being displayed

________________________________________________

*Patching*

 

KPatch.exe

- indicates patching processes running (detecting, deploying, etc)

 

mcescan.exe

- Lumension patch agent, indicates patch scan in progress

 

wmiprvse.exe

- Windows Management Instrumentation

- used for monitoring purposes

 

wuauclt.exe

- Windows AutoUpdate client

- used to check for available updates

- appears when waiting on response from server

 

patch installer name (i.e. officesuite2010sp1-kb2460049-x86-fullfile-en-us.exe, etc)

________________________________________________

*Managed Installs*

 

KDeploy.exe

- distribution component of K1000 agent

- indicates managed install in process, file(s) being copied and executed

 

application installer name (i.e. msiexec.exe, jre-7u4-windows-i586.exe, etc)

________________________________________________

*Scripts*

 

cscript.exe

- may briefly see if running batch files

 

script deployed application name (i.e. ProduKey.exe, etc)

________________________________________________

________________________________________________

Part 3 - K1000 Agent and related files

________________________________________________

*Patching*

 

C:\Documents and Settings\All Users\Dell\KACE (XP)

C:\ProgramDate\Dell\KACE (Win7)

- kpatch.log - lists patch process initialization and patches being detected

- KUserAlert.log - lists agent alerts on machine

 

C:\Windows\Temp

- patch installers copied and run from here, randomly named folders which are typically empty post-install

________________________________________________

*Managed Installs*

 

C:\Documents and Settings\All Users\Dell\KACE\Downloads (XP)

C:\ProgramDate\Dell\KACE\Downloads (Win7)

- MIs deployed via zipped files extracted to numbered folder (####) and run from here

- extracted zip contents not cleaned up due to bug, but can cleanup via script (see script below)

________________________________________________

*Scripts*

 

C:\Documents and Settings\All Users\Dell\KACE\kbots_cache\packages\kbots (XP)

C:\ProgramDate\Dell\KACE\kbots_cache\packages\kbots (Win7)

- scripts' Dependencies (batch files, vbs scripts, etc) saved to numbered folder (###)

- review to determine if file being pushed to client

- can also run manually (as user or admin) if script troubleshooting required

________________________________________________

________________________________________________

Part 4 - Scripts

________________________________________________

________________________________________________

Script to Cleanup Dell KACE Agent Download Folder

________________________________________________

*Name*

Dell KACE Downloads Folder Cleanup

*Description*

Removes the downloads folders left behind by Managed Installs using zip files for deployment.

*Status*

Production

*Enabled*

Checked

*Deployment*

Deploy to All Machines

*Run As*

Run As Local System

*Schedule*

Run Every day at 12:30PM

Allow Run While Logged Off (Checked)

*Task 1*

Verify

*Always Fail

Remediation > Run a batch file...

* Script Name

RemoveDownloads

* Batch file:

if /i %processor_architecture%==AMD64 GOTO x64

if /i %processor_architecture%==x86 GOTO x86

:x64

:: Dell KACE Downloads folder cleanup (Win7 x64)

rmdir /S /Q "C:\ProgramData\Dell\KACE\downloads"

:x86

:: Dell KACE Downloads folder cleanup (WinXP)

rmdir /S /Q "C:\Documents and Settings\All Users\Dell\KACE\downloads"

:END

exit

* Wait for startup

Checked

On Remediation Success

* Log "folder removed" to "status"

On Remediation Failure

* Log "failed to remove folder, please review..." to "status"

________________________________________________

________________________________________________

Script to Enable Remote Registry Service (Win7)

________________________________________________

* Script Type*

Online KScript

*Name*

Enable Remote Registry Service (Win7)

*Description*

Enables the Remote Registry service, necessary for pslist and other utilities to work on Win7 machines.

*Status*

Production

*Enabled*

Checked

*Limit Deployment To Selected Labels*

win7

*Pick Specific OS Versions*

Microsoft Windows 7 Professional x64 SP1

*Run As*

Run As Local System

*Schedule*

Run Every day at 12:45PM

*Task 1*

Verify

* Verify the service "RemoteRegistry" is running

On Success

* Log "service already running" to "status"

Remediation > Run a batch file...

* Script Name

EnableRemoteRegistry

* Batch file:

sc config RemoteRegistry start= auto

net start RemoteRegistry

exit

* Wait for startup

Checked

On Remediation Success

* Log "service enabled" to "status"

On Remediation Failure

* Log "failed to enable service, please review..." to "status"

________________________________________________

Be the first to comment

How to Efficiently Manage "Detect and Deploy Patches" for 2500+ Computers

 

Hi, I will share my successful experience for managing "Detect and Deploy Patches" for 2500+ machines so that it could also help anyone who manages this much number of machines through K1000 appliance.

I have recently given the responsibility to manage K1000 Machine for around 3000 client computers. The main focus is to deploy patches to all the Windows machines.

We have been using 200+ KBox Replica Servers, each for every remote site. In "Detect and Deploy Patches", 'Patch Schedule' is created for 500 to 550 machines each and one schedule runs everyday.

Since many computers give error like "error (Signature Download Failed), waiting to connect" etc. so I have created a fixup schedule for every main schedule where such computers are entered and a force schedule is runned everyday till the time they successfully updates.

It has helped in reducing the errors, successful patch deployment to maximum computers and identifying the problematic computers so that they could be fixed individually.

View comments (1)

How to update or fixup the "Smart Label" filters, if they stop picking latest values.

 

I have observed an abnormal behavior in one of the "Smart Label" created for automatically detecting "Windows XP Critical Patches". It was not updating the patches after April 2012. I have reviewed the "SQL Statement" and found no error. After much troubleshooting what I did was that I created a new "Smart Label" with same criteria as for the one created earlier and tested it. It showed the latest patches available for Windows XP. But at the same time the old "Smart Label" also started showing the latest patches available for Windows XP under Critical impact.

 

So, as a troubleshooting tip, if anyone faces issues with the “Smart Label” not picking the values automatically then you can test by creating a new label with same criteria and save it. Afterwards, check the main “Smart Label” and it will also start picking the latest values.

 

What I find different or useful in doing this activity is that it saved a lot of time for me as if I would have deleted the current label and created a new one then I would have to update the settings in all the schedule tasks and other settings one by one and missing any one would lead to errors.

View comments (1)

K1000 Patching Disabled - Patch Tip #3 Missing Signatures

Just in case anyone else runs into this today, I went to patch a system today to find this error on the Patching screen:

Patch Tips

  • # 3. Patching is currently disabled for windows, because patch signatures are missing from the K1000. Please check the server logs for download errors, and rerun the patch download.

Tried the patch download several more times, found errors in the K1000 log, then did a search here in ITNinja and found this post:

 

Patch Tip #3 Missing Signatures
http://www.itninja.com/question/patch-tip-3-missing-signatures

My mismatched MD5s were the same each time:

 

[Thu Jun 14 14:55:05 EDT 2012] [notice] Patch download error, mismatched MD5 (4f9c2c9d56381a7a26010d81d0ebfca2 != b5873d3654cc8abefaa999523dc3898a)
[Thu Jun 14 14:55:06 EDT 2012] [notice] PLPatch fetching http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab

[Thu Jun 14 14:56:23 EDT 2012] [notice] Patch download error, mismatched MD5 (4f9c2c9d56381a7a26010d81d0ebfca2 != b5873d3654cc8abefaa999523dc3898a)
[Thu Jun 14 14:56:58 EDT 2012] [notice] KPatchSystem - Complete.

 

...so I called KACE support and after getting the issues escalated to engineering was advised that this is an issue with the file the K1000 is trying to download and should resolved some time tomorrow.  Should straighten itself out once the file issue has been addressed.

 

Hope that helps save someone else some time!

 

John

View comments (3)
Showing 1 - 5 of 25 results

Top Contributors

Talk About SCCM 2012