12 Replies Latest reply: Mar 29, 2012 10:52 PM by Prabhat Handoo

WSUS results vs Patch Analysis results

Joe Piotrowski Mar 29, 2012 3:39 AM

We're comparing results from WSUS (Critical and Security patches) vs our Windows Patch Analysis with all filters. We sorted both results by KB (Q) number and most of them (22) are the same.

However, WSUS is saying we need to deploy 7 patches that exist in our catalog, but our Windows Patch Analysis says we don't. Conversely, our analysis says 5 patches need to be installed but WSUS says they don't. How can I investigate how Shavlik determines which patches are necessary?

Here are the list of WSUS patches:

KB2567053

KB2586448

KB2592799

KB2618444

KB2639417

KB2660465

KB973825

Here is our Windows Patch Analysis list:

Q2647518

Q890830

Q931125

Q953155

Q982316

Trace.txt.old 545.8 K
Trace.txt 2.5 MB

1. WSUS results vs Patch Analysis results

Joe Piotrowski Mar 28, 2012 12:01 PM (in response to Joe Piotrowski)

We then installed all the patches that our Windows Patch Analysis says were required, and now WSUS says one patch is still not installed (KB973825) and our analysis says it isn't required.

http://support.microsoft.com/kb/973825

I verified this patch exists in my catalog. How do I investigate this patch from the Shavlik side? I need to figure out why WSUS considers this a Critical patch, and Shavlik doesn't recognize that it's missing.
Like Show 0 Likes (0)
2. Re: WSUS results vs Patch Analysis results

Bill Robinson Mar 28, 2012 12:12 PM (in response to Joe Piotrowski)

Look at the trace.txt on the c: on the target. look for that patch and see why it was skipped.
Like Show 0 Likes (0)
3. WSUS results vs Patch Analysis results

Prabhat Handoo Mar 29, 2012 12:56 AM (in response to Joe Piotrowski)

There can be difference between WSUS and BBSA patching. See the thread https://communities.bmc.com/communities/message/214931#214931 for this. Also see the KBs for more information on this: https://kb.bmc.com/infocenter/index?page=content&id=KA325243&actp=search&viewlocale=en_US&searchid=1333000502183 and https://kb.bmc.com/infocenter/index?page=content&id=KA305738&actp=search&viewlocale=en_US&searchid=1333000502183

Regarding this particular patch, send across the c:\trace.txt file.
Like Show 0 Likes (0)
4. WSUS results vs Patch Analysis results

Joe Piotrowski Mar 29, 2012 3:44 AM (in response to Prabhat Handoo)

I have uploaded trace.txt and trace.txt.old. The reference to KB973825 is in trace.txt.old but I cannot understand the syntax. Can someone translate what the log is saying? I need to show the customer why WSUS says it's needed and Shavlik says it isn't.

Thank you for the KB links prabhathandoo. That is excellent information to provide to the customer.
Like Show 0 Likes (0)
5. WSUS results vs Patch Analysis results

Prabhat Handoo Mar 29, 2012 4:01 AM (in response to Joe Piotrowski)

in the trace.txt old I see the refernce for this patch:

2012-03-28 18:50:05.850 T 0eac:0ebc MultiMachineScanner.cpp:543 Scanning for [Q973825]

This means it atleast does indicate that it is attempting to scan it. but then it (shavlik engine) may have wrongly detected it as installed or....may have declared it as "effectively installed".

What does this patch show up in the BSA Patch analysis? You will need to find out the status for this qnumber as reported by the shavlik engine. fire the blpatchcheck2 manually on the target for this. then if it is installed/effectivelty installed, only shavlik can justify why they think so.

See this KA: https://kb.bmc.com/infocenter/index?page=content&id=KA366485&actp=search&viewlocale=en_US&searchid=1333011466045

This will help you understand whats in a trace.txt and how to read it.
Like Show 0 Likes (0)
6. WSUS results vs Patch Analysis results

Joe Piotrowski Mar 29, 2012 4:04 AM (in response to Prabhat Handoo)

I found the issue for this particular KB973825 patch. WSUS considers it a "Security Patch" and Shavlik categorizes it as a "Non-Security Patch." We were not checking for Non-Security Patches in the analysis job so it was not looking for it. When we checked that option and re-ran the job it found it.

Thank you very much for your assistance and the links to the KB articles.
Like Show 0 Likes (0)
7. WSUS results vs Patch Analysis results

Prabhat Handoo Mar 29, 2012 4:06 AM (in response to Prabhat Handoo)

See the https://kb.bmc.com/infocenter/index?page=content&id=KA292433&actp=search&viewlocale=en_US&searchid=1333011832329 to see how to run the PAJ Manually.

Its something like
Blpatchcheck2 0 hfnetcheck6b.xml output.xml

Output.xml will have the output.
Hfnet … should be downloaded from Shavlik site…

Good luck mate. If your concern is to explain to the customer, see the earlier kbs that i sent on WSUS v/s BBSA and also refer to trace.txt to validate. That kb should help too.
Like Show 0 Likes (0)
8. WSUS results vs Patch Analysis results

Prabhat Handoo Mar 29, 2012 4:13 AM (in response to Joe Piotrowski)

Cool. That tells you. But if its really a security patch and want to inform shavlik about it, all you have to do is open a support ticket with BMC Support and they will do the rest. They contact the shavlik guys and the change is done within a day or so.
Like Show 0 Likes (0)
9. Re: WSUS results vs Patch Analysis results

Gerardo Bartoccini Mar 29, 2012 5:27 AM (in response to Bill Robinson)

I have a similar issue. Not solved yet.
Like Show 0 Likes (0)
10. Re: WSUS results vs Patch Analysis results

Joe Piotrowski Mar 29, 2012 6:41 AM (in response to Gerardo Bartoccini)

You might be better served gbartoccini by creating a new discussion with the specifics of your issue, and attached trace.txt file, so we can better support you. Since this is a "closed" or "Answered" discussion, you will probably not get the attention you need.
Like Show 0 Likes (0)
11. WSUS results vs Patch Analysis results

Lazar NameToUpdate Mar 29, 2012 11:09 AM (in response to Joe Piotrowski)

Feel free to refer to the right windows patching troublehooting guide.
I'm working on deploy guides now, let me hear your feedback on these.

KA363243 - BBSA Windows Patch Troubleshooting: Analysis Job reports an unexpected patch as Missing
https://kb.bmc.com/infocenter/index?page=content&id=KA363243

KA366513 - BBSA Windows Patch Troubleshooting: Analysis Job does not report Missing expected patch
https://kb.bmc.com/infocenter/index?page=content&id=KA366513

KA325243 - BBSA Windows Patch Troubleshooting: Analysis Job Results conflict with 3rd-party Vendors
https://kb.bmc.com/infocenter/index?page=content&id=KA325243

KA366615 - BBSA Windows Patch Troubleshooting: Windows Hotfix Patch is not found in the Catalog
https://kb.bmc.com/infocenter/index?page=content&id=KA366615

Lazar
Like Show 0 Likes (0)
12. WSUS results vs Patch Analysis results

Prabhat Handoo Mar 29, 2012 10:52 PM (in response to Lazar NameToUpdate)

Great job, Lazar. All of them are great piece of information. Will wait for the deploy guides as well. BTW, I saw one of the videos recorded by you. Great work there too!

Thanks mate!
Like Show 0 Likes (0)