/build/static/layout/Breadcrumb_cap_w.png

Trouble trying to deploy patches or feature updates

Trying to push out Windows 11. I either get the agent disconnected error or it says completed but not installed. 

Quest support is slow rolling and I'm not getting anywhere. This is a snip of the end of the log. Anyone have any ideas?


[2023-12-29.11:34:38][KacePatch:CmdBar_FileVersionPrep] CmdBar_FileVersionPrependRegSz::Execute: prefix not found in registry, key HKEY_LOCAL_MACHINE, subkey SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates, value SignatureLocation, regType32 

[2023-12-29.11:34:38][KacePatch:CmdLar::Execute       ] CmdLar::Execute - LAR And results 0

[2023-12-29.11:34:38][KacePatch:CmdLar::Execute       ] CmdLar::Execute - LAR Base results 0

[2023-12-29.11:34:38][KacePatch:DetectFileCmdBase::Det] DetectFileCmd::Detect - Product is not present

[2023-12-29.11:34:38][KacePatch:CmdBar_FileVersionPrep] CmdBar_FileVersionPrependRegSz::Execute: prefix not found in registry, key HKEY_LOCAL_MACHINE, subkey SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates, value SignatureLocation, regType32 

[2023-12-29.11:34:38][KacePatch:CmdBar_FileVersionPrep] CmdBar_FileVersionPrependRegSz::Execute: prefix not found in registry, key HKEY_LOCAL_MACHINE, subkey SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates, value SignatureLocation, regType32 

[2023-12-29.11:34:38][KacePatch:CmdLar::Execute       ] CmdLar::Execute - LAR And results 0

[2023-12-29.11:34:38][KacePatch:CmdLar::Execute       ] CmdLar::Execute - LAR Base results 0

[2023-12-29.11:34:38][KacePatch:DetectFileCmdBase::Det] DetectFileCmd::Detect - Patch is not present

[2023-12-29.11:34:38][KacePatch:KacePatchModule::CmdDe] KacePatchModule::CmdDetect: Patch was not detected

[2023-12-29.11:34:38][KacePatch:KacePatchModule::Detec] KacePatchModule::Detect: Patch PTCH348716 Name Security Intelligence Update for Windows Defender and Microsoft Security Essentials - Version: 1.403.1237.0 Applicable No

[2023-12-29.11:34:38][KacePatch:KacePatchModule::Detec] KacePatchModule::Detect: Detect Loop complete - processing the results

[2023-12-29.11:34:39][KacePatch:KacePatchModule::Detec] KacePatchModule::Detect: Log output created successfully

[2023-12-29.11:34:39][KacePatch:KacePatch::Execute    ] KacePatch::Execute: Command finished

[2023-12-29.11:34:39][KacePatch:main                  ] KacePatch::Main: Sending final status 0 back to SMA

[2023-12-29.11:34:42][KacePatch:KacePatch::HandleUploa] KacePatch::HandleUpload

[2023-12-29.11:34:42][KacePatch:KacePatch::HandleUploa] KacePatch::HandleUpload: Attempting to upload result file C:\ProgramData\Quest\KACE\kpd\KPATCH_DETECT_OUTPUT.txt for the 1 time

[2023-12-29.11:34:42][KacePatch:KWeb::UploadUsingCurl ] UploadFile:  uploading file C:\ProgramData\Quest\KACE\kpd\KPATCH_DETECT_OUTPUT.txt to http://127.0.0.1:49708/service/kbot_upload.php?checksum=233417a92f8b71e85eeb1d6f65cdd0a2cbf912734848504348e72464bee6d5552f3e6bcff6e9256e1cf7348aa00ce91a9ce5dd46ea513e028fd64add2c74aa42

[2023-12-29.11:34:42][KacePatch:KWeb::UploadUsingCurl ] UPLOADFILE: CURL DEBUG INFO --->>> START <<<--- 

*   Trying 127.0.0.1:49708...

* Connected to 127.0.0.1 (127.0.0.1) port 49708 (#0)

> PUT /service/kbot_upload.php?checksum=233417a92f8b71e85eeb1d6f65cdd0a2cbf912734848504348e72464bee6d5552f3e6bcff6e9256e1cf7348aa00ce91a9ce5dd46ea513e028fd64add2c74aa42 HTTP/1.1

Host: 127.0.0.1:49708

User-Agent: Mozilla/5.0 (Windows 10 Enterprise/6.3.19044; WOW64) libcurl/7.76.1 OpenSSL/1.1.1t zlib/1.2.11 QuestKACE-Agent/13.1.19

Accept: */*

KUID: e074a857-bcc2-480a-a5da-9d50c3606bdf

Content-Length: 1315247

Expect: 100-continue


* Mark bundle as not supporting multiuse

< HTTP/1.1 100 Continue

* We are completely uploaded and fine

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Date: Fri, 29 Dec 2023 17:34:42 GMT

< Server: Apache

< X-Content-Type-Options: nosniff

< X-Frame-Options: sameorigin

< X-XSS-Protection: 1; mode=block

< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

< Access-Control-Allow-Headers: x-kace-auth-timestamp, x-kace-auth-key, x-kace-auth-signature, accept, origin, content-type

< Access-Control-Allow-Methods: PUT, DELETE, POST, GET, OPTIONS

< X-KACE-Appliance: K1000

< X-UA-Compatible: IE=9,EDGE

< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform

< Content-Length: 0

< Content-Type: text/html; charset=utf-8

* Connection #0 to host 127.0.0.1 left intact

[2023-12-29.11:34:45][KacePatch:KWeb::UploadUsingCurl ] UPLOADFILE: CURL DEBUG INFO --->>> END <<<--- 

[2023-12-29.11:34:45][KacePatch:KWeb::UploadUsingCurl ] UploadFile: Uploaded to http://127.0.0.1:49708/service/kbot_upload.php?checksum=233417a92f8b71e85eeb1d6f65cdd0a2cbf912734848504348e72464bee6d5552f3e6bcff6e9256e1cf7348aa00ce91a9ce5dd46ea513e028fd64add2c74aa42 Upload speed: 475333.000000 bytes/second

[2023-12-29.11:34:45][KacePatch:KacePatch::Execute    ] KacePatch::Execute: Command finished

[2023-12-29.11:34:45][KacePatch:main                  ] KacePatch::Main: Sending final status 0 back to SMA


0 Comments   [ + ] Show comments

Answers (2)

Posted by: KevinG 11 months ago
Red Belt
1

I do not see an error in the snippet of the log.  You may want to review the Windows Event logs for errors and,  submit a support ticket for additional assistance.

Posted by: Purp_Hat 11 months ago
White Belt
0

So I had this problem and reached out to support. In the end, this is ultimately an issue with a .dll file inside of the Microsoft Windows 11 Iso. 

The KACE Analyst  I worked with gave me a guide on how to change the .dll file in the iso, then package that into a managed install in KACE. Then I can deploy that managed install to my clients with no error. Below was the last email I received that explains everything you need to do. Took me about 30 minutes to get everything packaged up, but works flawlessly now. 



Quest logo

Quest Support xxx| Update Notification

 


 

Good afternoon,

This is the information that I've got so far. Based on the logs the update did try to install:


..so I went deeper into the error logs from the installer itself (the payload from Microsoft) and I found:


...I continued investigating and it got me here:
https://www.reddit.com/r/techsupport/comments/17c7ypq/windows_11_deployment_error_amiutilityreggetvalue/


.. that is a general purpose tech subreddit, not specifically the one for Kace, but in it there is an interesting comment:



...that link https://www.reddit.com/r/SCCM/s/tBUllEu3JF took us to a thread that has this specific important comment:



...as other people have mentioned, the problem is with a library, a .dll that comes with the payload that Microsoft has for the upgrade, that causes this problem to come up, please note that these are people that use SCCM, a Microsoft-specific patching tool that is unrelated to us, to the SMA..



...so in short, you can follow this guide: https://support.quest.com/kb/4209563/windows-10-build-upgrade-deployment-walkthrough to create a managed install that applies the Windows Feature Update, and modify the payload to include the library from that update (KB5028314) in it, that way you can avoid using the official payload that was being pushed via Windows Features Updates that has the newer library that causes the machines to fail with that error code.

If this is not feasible for you, we will have to wait until Microsoft eventually decides to come up with a different payload and recognizes the situation that's going on since this error is being experiences by people that do and do not use our product.

At the same time, if you want to speak with a manager, let us know, you did mention that you thought that the appliance was the cause for the failure of the upgrade, but we do not create the payloads, Microsoft (the manufacturer of Windows) do, we follow their instructions and use their payloads so that we can have the best results, but if you feel like you are going to feel better speaking with a manager of ours, let us know and we can submit your request so one of our managers reaches out to you, let me know if there are any other questions.

 

 

Thank you,

XXX


Comments:
  • I removed the personal data of the engineer and yourself from the email. Please always keep in mind:
    With the case number someone can get personal data from you just by calling support and especially if the attacker then also knows the engineer you had to do with it is validated that the attacker comes from your company. Therefore please always anonymize personal data where possible. Thanks - Nico_K 11 months ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ