-
1. WSUS results vs Patch Analysis results
Joe Piotrowski Mar 28, 2012 12:01 PM (in response to Joe Piotrowski)We then installed all the patches that our Windows Patch Analysis says were required, and now WSUS says one patch is still not installed (KB973825) and our analysis says it isn't required.
http://support.microsoft.com/kb/973825
I verified this patch exists in my catalog. How do I investigate this patch from the Shavlik side? I need to figure out why WSUS considers this a Critical patch, and Shavlik doesn't recognize that it's missing.
-
2. Re: WSUS results vs Patch Analysis results
Bill RobinsonMar 28, 2012 12:12 PM (in response to Joe Piotrowski)
1 of 1 people found this helpfulLook at the trace.txt on the c: on the target. look for that patch and see why it was skipped.
-
3. WSUS results vs Patch Analysis results
Prabhat Handoo Mar 29, 2012 12:56 AM (in response to Joe Piotrowski)There can be difference between WSUS and BBSA patching. See the thread https://communities.bmc.com/communities/message/214931#214931 for this. Also see the KBs for more information on this: https://kb.bmc.com/infocenter/index?page=content&id=KA325243&actp=search&viewlocale=en_US&searchid=1333000502183 and https://kb.bmc.com/infocenter/index?page=content&id=KA305738&actp=search&viewlocale=en_US&searchid=1333000502183
Regarding this particular patch, send across the c:\trace.txt file.
-
4. WSUS results vs Patch Analysis results
Joe Piotrowski Mar 29, 2012 3:44 AM (in response to Prabhat Handoo)I have uploaded trace.txt and trace.txt.old. The reference to KB973825 is in trace.txt.old but I cannot understand the syntax. Can someone translate what the log is saying? I need to show the customer why WSUS says it's needed and Shavlik says it isn't.
Thank you for the KB links prabhathandoo. That is excellent information to provide to the customer.
-
5. WSUS results vs Patch Analysis results
Prabhat Handoo Mar 29, 2012 4:01 AM (in response to Joe Piotrowski)1 of 1 people found this helpfulin the trace.txt old I see the refernce for this patch:
2012-03-28 18:50:05.850 T 0eac:0ebc MultiMachineScanner.cpp:543 Scanning for [Q973825]
This means it atleast does indicate that it is attempting to scan it. but then it (shavlik engine) may have wrongly detected it as installed or....may have declared it as "effectively installed".
What does this patch show up in the BSA Patch analysis? You will need to find out the status for this qnumber as reported by the shavlik engine. fire the blpatchcheck2 manually on the target for this. then if it is installed/effectivelty installed, only shavlik can justify why they think so.
See this KA: https://kb.bmc.com/infocenter/index?page=content&id=KA366485&actp=search&viewlocale=en_US&searchid=1333011466045
This will help you understand whats in a trace.txt and how to read it.
-
6. WSUS results vs Patch Analysis results
Joe Piotrowski Mar 29, 2012 4:04 AM (in response to Prabhat Handoo)I found the issue for this particular KB973825 patch. WSUS considers it a "Security Patch" and Shavlik categorizes it as a "Non-Security Patch." We were not checking for Non-Security Patches in the analysis job so it was not looking for it. When we checked that option and re-ran the job it found it.
Thank you very much for your assistance and the links to the KB articles.
-
7. WSUS results vs Patch Analysis results
Prabhat Handoo Mar 29, 2012 4:06 AM (in response to Prabhat Handoo)See the https://kb.bmc.com/infocenter/index?page=content&id=KA292433&actp=search&viewlocale=en_US&searchid=1333011832329 to see how to run the PAJ Manually.
Its something like
Blpatchcheck2 0 hfnetcheck6b.xml output.xml
Output.xml will have the output.
Hfnet … should be downloaded from Shavlik site…
Good luck mate. If your concern is to explain to the customer, see the earlier kbs that i sent on WSUS v/s BBSA and also refer to trace.txt to validate. That kb should help too.
-
8. WSUS results vs Patch Analysis results
Prabhat Handoo Mar 29, 2012 4:13 AM (in response to Joe Piotrowski)Cool. That tells you. But if its really a security patch and want to inform shavlik about it, all you have to do is open a support ticket with BMC Support and they will do the rest. They contact the shavlik guys and the change is done within a day or so.
-
9. Re: WSUS results vs Patch Analysis results
Gerardo BartocciniMar 29, 2012 5:27 AM (in response to Bill Robinson)
I have a similar issue. Not solved yet.
-
10. Re: WSUS results vs Patch Analysis results
Joe Piotrowski Mar 29, 2012 6:41 AM (in response to Gerardo Bartoccini)You might be better served gbartoccini by creating a new discussion with the specifics of your issue, and attached trace.txt file, so we can better support you. Since this is a "closed" or "Answered" discussion, you will probably not get the attention you need.
-
11. WSUS results vs Patch Analysis results
Lazar NameToUpdateMar 29, 2012 11:09 AM (in response to Joe Piotrowski)
Feel free to refer to the right windows patching troublehooting guide.
I'm working on deploy guides now, let me hear your feedback on these.
KA363243 - BBSA Windows Patch Troubleshooting: Analysis Job reports an unexpected patch as Missing
https://kb.bmc.com/infocenter/index?page=content&id=KA363243KA366513 - BBSA Windows Patch Troubleshooting: Analysis Job does not report Missing expected patch
https://kb.bmc.com/infocenter/index?page=content&id=KA366513KA325243 - BBSA Windows Patch Troubleshooting: Analysis Job Results conflict with 3rd-party Vendors
https://kb.bmc.com/infocenter/index?page=content&id=KA325243KA366615 - BBSA Windows Patch Troubleshooting: Windows Hotfix Patch is not found in the Catalog
https://kb.bmc.com/infocenter/index?page=content&id=KA366615Lazar
-
12. WSUS results vs Patch Analysis results
Prabhat Handoo Mar 29, 2012 10:52 PM (in response to Lazar NameToUpdate)Great job, Lazar. All of them are great piece of information. Will wait for the deploy guides as well. BTW, I saw one of the videos recorded by you. Great work there too!
Thanks mate!
-
13. Re: WSUS results vs Patch Analysis results
Attachment Scanner Feb 14, 2018 5:25 AM (in response to Joe Piotrowski)UPDATE: Based on File attachment policies, attached files were removed, see FAQ for more