1 Reply Latest reply on Jan 18, 2016 3:54 AM by Jim Wilson

    Windows Patch remediation always fails - Analysis and Live Browse different

    James Donohue



      I've seen some discussions on this but not sure exactly how it can be resolved:


      Problem(example): Running Analysis on my Test Servers will show that there is a patch missing. When I remediate, it ALWAYS FAILS. I attached a log for your review.


      Findings (via troubleshooting): Long story short, the Analysis says I’m missing a Patch but LIVE Browse says that the SAME Patch is already installed. It appears that I’m trying to install a Patch that is already installed. That’s what it looks like anyway; something is out of sync.


      Here’s what I’m seeing:

      •   Window OS Patch Analysis Job – results

      Windows6.1-2008-R2-SP1-KB3109094-x64.msu-MS15-135-en-WINDOWS SERVER 2008 R2 ENTERPRISE
      Security Update for Windows Kernel-Mode Drivers to Address Elevation of
      Privilege This security update resolves vulnerabilities in Microsoft Windows.
      The vulnerabilities could allow elevation of privilege if an attacker logs on
      to a
      File version is less than expected. [C:\Windows\system32\WIN32K.SYS
      6.1.7601.19091 < 6.1.7601.23265]              
      WINDOWS SERVER 2008 R2 ENTERPRISE (X64)    Missing              


      • Live Browse – TestServer1.corp.test.com

      Windows Server 2008 R2 Enterprise (x64) SP1     Installed      

        • 1. Re: Windows Patch remediation always fails - Analysis and Live Browse different
          Jim Wilson

          There are a number of possible causes for this., including:

          - Server needs a reboot

          - Hot Fix was not installed correctly

          - Detection logic has not been implemented correctly by Shavlik

          - Detection Logic has not been published correctly by Microsoft


          To make further determinations:


          What version of BSA is this?

          (To EVERYONE - please **always** mention the versions - every one is different !!)


          - Reboot mphewdsvsv04


          Set Job Property DEBUG_MODE_ENABLED=True and (re-) run the Patch Analysis job against the Windows 2012 R2 target.


          Live Browse and see if the problem still exists

          If so:


          - When was the catalog last updated?

          - What Filter(s) are set in the Catalog?

          - What is set in Configuration => Patch Global Configuration => Windows => Windows Filter Configuration File?

          - What is set in Configuration => Patch Global Configuration => Shavlik URL Configuration?

          - What is set in your Patch Analysis Job =>  Analysis Options?


          Send the Job Run Log along with the debug logs (location is mentioned in the Job Run Log) to support along with the above information and they will help you out.