Ok, I am trying to get patching working in our environment. I'm using a test environment of three machines to simulate different machines in our environment. We are only using Kace to do patching for non OS patches. I'm testing first with Java. So my patch subscription label only downloads Java patches for Windows. I have smart labels created for three groups: 1) New patches less than 14 days, 2) Patches released more than 14 days ago but less than 30 and 3) patches older than 30 days. #1 gets deployed to test environment in my office. #2 gets deployed to test machines on locations and 3) deploys to all machines.

I can see that machines have detected they need patches, but the patch still has not run on them. If I click run now, it still doesn't run on them. The three test machines have Java 7u21 and Java 7u25. So I know they should all get updated to 7u40. Any ideas as to why they aren't patching? I have the schedules set to run once a week, but changed them to run daily today to see if I can get them to work.

8 Comments   [ - ] Hide Comments


  • For example I have a test machine with Java 7 update 25. It is in the first schedule "Production Detect and Deploy Patches to All Laptops. When I look at the Inventory entry it shows that the only patch detected is Java 6 update 45, but that hasn't been installed yet. Here is what the schedule looks like:

    Patch Action: Detect and Deploy
    Machine Selection: Three individual machines listed
    Operating System: Windows
    Limit Detect To Selected Patch Labels: Java to Deploy
    Limit Deploy To Selected Patch Labels: Java to Deploy
    Max Deploy Attempts: 3
    No Alerts
    Patching Progress is set to show
    Reboot Options: Force Reboot
    Patch Schedule: Every day at 12pm
    Schedule according to Server Time
    Run on next connection if offline
    Delay Schedule by 60 minutes

    Here is the SQL for the Java to Deploy Label:
    select UID
    where KBSYS.PATCHLINK_PATCH.TITLE like '%Java%'
  • Here's what I have for my Java Older Than 30 Days label:

    select UID from KBSYS.PATCHLINK_PATCH where ( KBSYS.PATCHLINK_PATCH.TITLE like '%java%')


    What is the PLATFORM_ID!=7 referencing? I'm not familiar with that.

    When you view your label, does it show you Patches being in it? My Java+30 day label shows 137 patches
  • PLATFORM_ID != 7 means it doesn't get Mac patches. We are not patching macs in our environment. I believe Windows is 1. I have the same number of patches in that label.
  • Imland,

    Ok, so you've verified that the JRE 7 u 40 is in the Patch Label that is pointed at this machine, in either a Deploy OR a Detect & Deploy schedule. Next, either find that patch in the Patch Listing, click on it and look to see what the status of that patch is WRT the specific machine, OR find that machine in Inventory, click on it, and see what the status of that patch is.

    Ron Colson
    KACE Koach
  • I already posted a screenshot of the status of the targeted machine below. It lists Java 6 u 45 to be deployed, but hasn't yet installed it. It does not list Java 7 u 40 and the installed version of Java is 7 u 25.
  • I have a support ticket with KACE about this. They said it seems like a weird problem. Test machine detected patch for 6 u 45, but it should be detecting 7 u 40 or 45. They are looking at debug logs. I will share more info when I have it.
  • We've been in contact with a KACE rep about this for a couple of months--no solution so far. We were eventually transferred to a higher tier of engineers, but we've been told their pretty busy and can have no definite resolution timing. Interestingly enough (referring to Dell system updates), for us, we can push patches and updates on a computer if it is done individually, however, when we do a group push, the file that is deployed to each machine inside of c:\programdata\dell\KACE\dell, .part files are generated. We don't know if this is the cause or not, or a result of something broken, but it looks like the exe file gets corrupted when the group push is enabled. We hope to find a solution, or at least find out what's wrong soon...
  • Yeah, I was working with support all last week and am now getting bumped up to tier three. I have narrowed my patching schedule down to a single machine and only pushing java updates and it still isn't working. They have unistalled agent, redownloaded patches and had me reimage my test machine without using the k2000. Nothing works yet. This seems like a major problem. I can't believe that this issue is a low priority when it is such an important feature of the software. I might have to start ramping up the pressure, especially if it's not just me.
Please log in to comment

Answer this question or Comment on this question for clarity



If the patch action is detect, not detect and deploy, it will stop after detecting the need for the patches you have identified.

Answered 10/30/2013 by: TankGirl
Senior Yellow Belt

  • I understand that. Notice that the names of the schedules indicate which ones are detect, which ones are deploy and which ones are detect and deploy. I didn't want to go into too much detail on the way I have my schedules set.

    The schedule that should be updating my test machines is the production and it is detect and deploy. There are 195 patches in the smart label and I have individually added three machines to the schedule. After a week, they have not been patched.
    • Without more detail about the individual patch schedule settings within the schedule you're asking about, it's really impossible to guess where the issue is.
Please log in to comment

Success (102) means that the machine needs a reboot to complete the installation. See here for error codes.



Answered 10/31/2013 by: ms01ak
Tenth Degree Black Belt

  • Ok. That's helpful, but this machine has Java 7 u 25 and 7 u 40 is over 30 days old. Why is it not listed and/or being installed on this machine?
    • Are you forcing a reboot of the box after patching and while deploying patches? I would suggest a restart and then try just a detect. to me it seems like Java is just stuck and needs to apply updates when the machine is booting.
    • Imland,

      Have you verified that the 7 u 40 is in the patch label you are restricting the deployments to?

      Ron Colson
      KACE Koach
      • Yep. It is in the Patch label, because it was downloaded and is listed in the patch label.
  • Also rebooted machine without having any effect. The schedule also has a force reboot. Why didn't the patch force reboot?

    If you look at the date, I believe this is from a previous attempt to get patching set up. That's the trouble with using test machines for patching and then starting over.
    • There's a patch retry button on the machine, try that it's under the machine's inventory for a particular machine.
      • You mean the Reset Patch Tries button? Tried that also.
Please log in to comment

Here's what the patching status looks like on my test machine.

Answered 10/31/2013 by: lmland
Tenth Degree Black Belt

Please log in to comment