This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
TrueSight Server Automation
TrueSight Server Patch Management
All supported versions of BSA
Microsoft Windows Server 2008 reached end-of-support on January 14 2020.
After this date, you must purchase an Extended Support Agreement from Microsoft to continue patching Windows Server 2008 systems.
TSSA users may have servers running Windows Server 2008 and a requirement to continue patching these systems with TSSA past the end-of-support date.
What is the process which must be followed to achieve this?
Windows Server 2008 Extended Support Update Process:
In order to use the Microsoft Extended Support Updates (ESUs) with TSSA, the following process must be followed:
- Customer establishes Extended Support Agreement with Microsoft. This must be done first.
- Microsoft will provide a license key to distribute to the Windows Server 2008 systems covered in the agreement.
- Customer establishes Extended Support Agreement via BMC Software:
- Contact anthony_bryce AT bmc.com
- BMC provides a URL that contains current patch metadata for all supported products as well as the 2008 Extended Support Updates (ESUs)
- Customer updates the TSSA Patch Global Configuration with the new url
- For the offline downloader, update the Ivanti url in the resources\patch-psu.properties file in the offline downloader directory
- Run the Patch Catalog Update Job in TSSA.
- The Windows Server 2008 ESUs will be publicly available, however they will not install unless the appropriate license key is in place (supplied in step #1 above)
Note: The February 2020 Patch Tuesday will be the first Patch Tuesday where this will be required. The January 2020 Patch Tuesday was the last to distribute Windows Server 2008 patches without an ESU subscription being required.
Additional Technical Details:
Microsoft Links about the ESUs:
As of publishing this article Microsoft has noted the following about preparing to deploy the ESUs. This is subject to change:
- Install the following SHA-2 code signing support update and servicing stack update (SSU) or a later SSU update:
- Install the following servicing stack update (SSU) and monthly rollup:
- Install and activate the ESU key. For information about how to install and activate the ESU key, see the How to get Extended Security Updates for eligible Windows devices blog on the Microsoft Tech Community website.
- For customers who follow the above steps, but continue to have trouble, Microsoft suggest customers call their support number at 1-800-Microsoft (642-7676).
Manual workaround until Ivanti extended support is established:
If you are unable to establish the extended support contract with Ivanti before ESU patches are available for your systems, it is still possible to deploy the ESU patches via TSSA via a manual workaround, with the following caveats:
- the ESU agreement with Microsoft and the provided license key must be in place on the systems to be patched.
- because the ESU patches are not present in the standard Ivanti metadata, they will not show up in the Patch Catalog, analysis results, or reporting.
- the manual ESU deploy will not be based on analysis results and the patch may not be applicable to the target system(s).
- Download the ESU patch from the Microsoft website
- Determine the correct silent install commands to install the patch without user interaction
- Create a new Depot Software Object in TSSA for the patch and provide the install command
- Create a Deploy Job that Deploys the Depot Software Object and target the systems that need the patch.