2 Replies Latest reply on Jul 16, 2012 2:01 AM by Roy Ong

    Offline patching questions

    Roy Ong

      Hi all,

       

      I have some questions regarding offline patching,

       

      1) I understand WSUS payload (patches) cannot be used, so i will have to use the offline downloader utility to download all those patch payload and metadata. How often do i need to update (manually download) the shavlik patch metadata? Same as WSUS every first tuesday of the month?

       

      2)  Basically the steps involved for offline patching includes these steps correct? Do correct me if im missing something

      a) Download metadata and payload via offline downloader utility

      b) add the patch metadata to the depot.

      c) Create a windows patch catalog and point to the patch metadata added to the depot. Also point to the offline payload location.

      d) Run patch analysis job on servers

      e) Run remediation patch deploy job for servers

       

      Thanks all in advance

        • 1. Offline patching questions

          >>>How often do i need to update (manually download) the shavlik patch metadata?

          Shavlik metadata gets updated about once/twice per week, but major MS security updates are released on average 8-10 hours after MS has released them (patch Tue). Run through this process per your standards. If you only patch on patch Tuesdays, then run this late Tuesday / early Wednesday, when Shavlik has released the updated XML. I'd also recommend to signup for Shavlik XML notifications to know when they release updates and what updates. See this KB for this and additional info:

          KA312026 - FAQ: BBSA Windows Patch Analysis, Deployment, Troubleshooting

          https://kb.bmc.com/infocenter/index?page=content&id=KA312026

           

           

          Few notes to make the process easier and less problematic in the future:

           

          a) Download metadata and payload via offline downloader utility

          - Stick to XML files not CAB files. If the downloader only downloads CABs, that's fine just extract the XML from within.

           

          b) add the patch metadata to the depot.

          - For the first time - Yes. For the ongoing times, right-click on the metadata File Object in Depot / 'replace contents' and point to the new metadata file.

          This way you do not have to modify the Catalog to point to the new metadata file every time you have updated metadata.

           

          c) Create a windows patch catalog and point to the patch metadata added to the depot. Also point to the offline payload location.

          - See note in step b.

           

          d) Run patch analysis job on servers

          e) Run remediation patch deploy job for servers

          • 2. Offline patching questions
            Roy Ong

            Thanks all for the helpful replies