4 Replies Latest reply on Nov 25, 2014 12:46 PM by Yanick Girouard

    patch global catalog - best practice setting

    Raja Mohan

      hi, we do use "ignore reboot" setting in our patch analysis jobs. Are there any defaults we should set in "Patch global catalog" to show the jobs as success on standard return codes like manual reboot required, update already installed etc? I searched the knowledge base and didnt find much information.


      Patch deploy warning return codes

      Patch deploy reboot return codes

      thanks in advance for your help


        • 1. Re: patch global catalog - best practice setting
          Joseph Schuler

          By convention Zero is success.  Any other code represents a warning or error.  3010 is the reboot required warning. Any other code should be considered at least suspicious.


          See:MsiExec.exe and InstMsi.exe Error Messages (Windows)

          for a list of msiexec error codes.

          • 2. Re: patch global catalog - best practice setting
            Bill Robinson

            setting the exit code overrrides will prevent a non-zero exit code from being seen as an error.  as joe mentioned, a 3010 means a reboot is required.  however that will just handle the exit of the job - that it was a success even though some of the items need a reboot.  to ignore the reboot you need to have the 'ignore presence of copy on boot files' (windows only) checked here:



            and your reboot options in the job should be set to ignore item defined reboots (solaris is the only one w/ item-defined settings iirc).

            • 3. Re: patch global catalog - best practice setting
              Raja Mohan

              Bill Robinson we do have "ignore item defined reboot" set in our jobs. If the job shows success for known errors, I could avoid some potential calls every day asking why is this a failure. Trying to avoid a job shows as failure when it is expected to be in that state. Joseph Schuler ok,I presume then it is safe to use 3010 :-) since I have enabled to ignore reboot. Reboot happens over the weekend.

              • 4. Re: patch global catalog - best practice setting
                Yanick Girouard

                I don't think there is a best practice for this really. 3010 is the default reboot exit code for all Microsoft patches, but if you ever find one that would be resolved by a reboot (and it's a known issue), then there's no harm in adding it there. There's one that we've added in the reboot return codes which is the SUS_E_NOT_APPLICABLE one (see Windows Update Codes). When applying several cumulative updates in a row, this code would come out for some patches that required a reboot before they could be applied because they depended on a previous patch. The patch analysis detects all of them as missing, but can't apply them all in one pass.


                What we've done was to add the exit code for this error in the reboot codes, and set our patching jobs in full auto-remediate with execute now. All we need to do is to run the same patching job against the same servers until no patches are left to install, which in average worked with 2 reboots (3rd analysis returned no missing). You do need to set the job to reboot the server though (use item defined reboot settings).


                Also note that if a reboot is required and the reboot is not allowed, the commit phase icon will show a shadowed green checkmark icon instead of a normal one, which means you can right-click on the phase icon and click Reboot.