What are some reasons patching would be delayed?
I have machines at several layers of patching deficiencies. Some are behind a week or two and some are months behind. I'm looking into why this is and how it affects machines differently. I want to start with some reasons why machines would not be getting patched on a regularly scheduled basis. Some of the reasons I have so far are:
1) patches are delayed from Lumension
2) systems were taken off the network but the record was not removed from Inventory
3) the Quest agent service has stopped
4) Quest agent is not installed
5) patch download failed
In your experience, what are some other common reasons that a machine would not be getting patched on a regular schedule?
Thanks for the help.
Answer Chosen by the Author
1 - You are using replication shares and do not allow fallback to the SMA, and something is wrong at that replication site.
2 - AV messing with patching
3- Zombie jobs stuck on that machine and you need to clean the job from the agent command queue before other jobs will run against that machine.
4-The Machines have upgraded versions and you have not added that OS version to your patching schedule.
5-Win updates have changed something with Defender or Firewall
6-You have something wrong with the local patch cache on the machine and need to flush it C:\ProgramData\Quest\KACE\patches
You can check the logs on the machines to see if you have errors listed. There is now a Tshooting tool