Recently we have been seeing vulscan using 40-50%cpu usage with spikes to 100% and slowly machines to a crawl. I have updated the local scheduler with the belownormal switch and the cpu usage stays below 10% but a couple of the machines still run slowly while being scanned.
If someone could provide a breakdown of the vulscan process, how and what it scans, it would be greatly appreciated. We are on SP3 and the users having the issues have the updated clients.
I'm running Landesk 9.0 with some machine with SP1 and others without (SP1 fails with error code 412 when patching to SP1). Patches are now failing on the systems with error code 412. This is the vulscan log from one of the machine during a failed patch of Firefox and Adobe Acrobat -
.....
I believe all of this started happening when I patched the management server to SP1 back in August.
Hi folks
Quick one... One of our engineers has posed the question surrounding hosting a LANDesk Patch Repository on a Windows domain controller. Not sure of the OS but suspect it may be Win 2003. Are there any solid reasons why a LANDesk Patch Repository should not be hosted on a DC or is this OK? Security reasons for not doing so/not recommended or is this OK?
Your thoughts please on this. I am trying to ge a definitive answer on this one with a reason - if OK good or if not, the reason why.
Thanks everyone.
As the title states "Gather Historical Information" is crashing during the task towards the end at "Removing historical information more than 30 days old ...".
The console crashes every time at this point. When I try to schedule the task for later, the task runs once then crashes, and then it fails to run again the next day. The error is "Failed, task handler exception".
This is preventing me from having accurate informaiton in the patch and compliance area. Any ideas?
Hi, everybody!
It looks like a bug in NTLM authentication parameters substitution in LanDesk patch management software.
When I open proxy configuration settings, I specify username as DOMAIN\username, I also specify other parameters, like password, proxy server name/port, etc.
I've tried to see HTTP conversation by using netwrok sniffer in time when patches information download process is started. And I see that LanDesk uses \DOMAIN\username string in HTTP conversation, but not DOMAIN\username. Therefore, we get 407 proxy error authentication. So, firts slash is waste!
HTTP conversation dumps and screenshots could be provided if needed...
Please, fix this bug asap!
Hello.
Can anyone verify if the announcement below from LANDesk is referring to the same issue as Microsoft has mentioned in the KB for the patch? If so, I'm assuming it's safe to apply the patch if the application named Kingsoft Internet Security is not used in the environment?
LANDesk Patch News Bulletin: Warning About Installing MS13-048 on Chinese Windows Systems
http://community.landesk.com/support/docs/DOC-28812
MS13-048: Vulnerability in Windows kernel could allow information disclosure: June 11, 2013
https://support.microsoft.com/kb/2839229
Thanks in advance.
The install of MS12-046 is failing on about of half of my client machines. Is there a widespread problem with installing this fix?
We're running LDMS 9 SP2. Upgrade to SP3 is not practical at this time.
The result is "Unknown status code (0x19C,0:412), and of course the return code is 412.
All of the pre-reqs for this fix have been downloaded.
I have created a policy that installs the following in addition to MS12-046:
MS12-043
MS12-044
MS12-045
MS12-047
MS12-048
MS12-049
OFFICE-2011-1423
Hi,
Just noticed that patch content has included Vulnerability ID LD-QIP-16209-875, but only for the core server. Does it mean that QIP service in LDSM or LDMS client nodes doesn't need to be patched?
Cheers
We are having problems that sound much like this one: http://community.landesk.com/support/message/5312
Our systems will not accept patch MS08-041_INTL. They all get the following error message:
Patch required: access2003-kb957198-fullfile-x86.glb.-yzwnQ.exe
Reason: Unable to open registry key HKLM\SOFTWARE\Microsoft\Self-Extractor\Package\{A289502A-DC0-45b5-B3AE-0481E7C1B16E}
I've tried uninstalling and reinstalling the Snapshot Viewer on a few PCs and for some reason this registry entry is never created.
Has anyone else noticed this?
The Vulnerability called FLASHPLAYERv115 is not downloaded. So i open it up and try to download it manually and everytime it skips. This version of Flash player has been out since 12 March 2007 which means that it has not download during our daily dowbnloads since then.
I suspect that LANDesk have used the incorrect filename of "Install_flash_player_active_x.exe" when it should be "Install_flash_player_active_x.MSI" (because that is the filename on the adobe site). I expect that the package would also have to re-writen suitable for an msi as opposed to an executable?
When I try to "Download assoicated patchs" for the "flashplayerpluginv10.0.45.2" and the "flashplayerv10.0.45.2" vulnerabilities I get "Hash for patch install_flash_player_10.0.45.2.exe does not match with host. Discarding." in the "Downloading Patches" dialog. However if I do the same thing for other vulnerabilities the download finishes without any issue. As a test I removed the patch associated with "wiresharkv1.2.6" vulnerability from the patch folder and told LANDesk to download it and it worked. Any ideas?
Good morning,
I am on LANDesk Management Console 9.50 and I am trying to understand what is the best way to download the patches I need to deploy on all my clients.
Basically, if I look under "Patch and Compliance" menu and under "Scan" folder I have a list of patches that goes from Service Pack severity to N/A (I moved only the patches I needed from "Unasigned" folder to "Scan" folder).
If i right-click on a patch and select "Download associated patches..." I have two options:
- Show currently required patches only
- Show all associated patches
Most of the times under the first option (Show currently required patches only) I see that the needed patches are downloaded (YES), but if I click on the second option (Show all associated patches) some of them are not (not downloaded).
I would like to know if I should also download the patches under "Show all associated patches" to be able to deploy an update, or if it's enough to have only the "Currently required patches" downloaded.
Can someone clarify this question?
Thank-you in advance.
I have a group of machines for which these pieces of information do not sync up. If I right click on a patch (MS12-063, MS12-052, MS12-054, etc.) in the Patch and Compliance window and select Affected Computers, this group of machines shows up. However, if I check the Security and Patch Information foe each machine and then the Clean/Repair History for each machine it lists the patch as being successfully installed. This is contradicted by going to All Detected, clicking on the patch, and looking at the field Patch Installed: No, but verified by the field Action: Patched (successful), and field Details: Done. Running MBSA against the host also shows it as being fully patched.
Of course I have run successive security scans, full inventory/sync scans, reboots, and gather historical patch information. Any help would be greatly appreciated with this.
I have a PC that is telling me i need 5 critical security updates in Windows Update. Why does Landesk not cover all the critical definitions that MS release. These are from the start of Jan. (KB2742596) is one example.
The issue i have is that all the settings are ok. The downloads happen each night and the scans on the pc all happens once a day. Landesk seems to work well, its just doesnt seem to cover all the patches that microsoft release. Every pc i check is missing some, different patches not the same ones or same category. Seems like random ones just arent covered. Can anyone shed any light.
Are there any queries/reports/SQL queries you use to show all the patches installed on a list of servers? (LANDesk 9 SP3)
If I right click on a single server in the console and go into Security and Patch info, click on "All Installed", it lists all the patches installed for that server. But there is no real way of creating a query or report that will give me the same information for one server or a specific list of servers. I contacted support and showed them, the Reporting prompts for AD groups or it lists everything in the landesk database, servers and pc's and takes forever to run. If the report does come up, it does not export to excel very well, (does not list the actual computer name of the server). Have to export using xml, then go thru and manually edit the xml spreadsheets.
Currently i have a query that shows "Vulnerable for patches", and filters on a grouping, this works well. But after patching a server, rebooting it, and scanning it again, it only falls off of the "Vulnerable for patches" query, and we have to go into each server to validate the patch actually installed. With over 500 servers to patch this is not very efficient. LANDesk support stated they are not trained on how to create custom reports.
One other question, has anyone figured out a way to get the failed logs consolidated from patching? Currently I go into each server that failed, save the log file to a folder. Then do a find for "failed", and delete everything else out of the text file. From these text files, I then copy and paste the failed listing to excel with the server names, so we know which patch and exe the server failed on, etc, etc.
I enabled Autofix by scope for a patch today but nothing shows in the "Autofix" column when displaying all detected patches. I do see Global when I enable patches to autofix via Global. I would have thought I would have seen "Scoped" listed in the Autofix Column. Everyone else seeing the same thing or is my Core broke.<GRIN>
Hello.
I have a VBscript that basically is using vulscan.exe to patch servers, and I've then build some additional features into the script to handle various situations in my environment. One of the features is reboot detection/action/tracking, but I'd like to improve that part by detecting if the vulscan process actually installed any patches or not.
How do I in a reliable way (via my VBscript, of course) detect if vulscan installed any patches?
I'm currently checking 2 things, but this unfortunately doesn't cover all scenarios:
Not all patches require a reboot, and in that case the first point won't detect the install if a reboot isn't required, but the second point would. The problem with that logic is that it will fail if a patch for whatever reason fail to install on the first attempt and you then run the script a second time to try installing it again. This time, the patch file is already cached so the no. of files in the sdmcache folder does not change, and if the patch is now installed successfully and doesn't require a reboot, then I won't be able to detect that something got installed.
The only method I can think of is reading the vulscan.log file once the vulscan.exe process terminates and search for the lines "x patches were found to run" and "RunPatches completed. x processed. y installed. z failures.". Is those are present, then something got installed.
Is there an easier way?
Thanks in advance.
Hi I was just keen to know what frequency of securtity scans other people had?
We have a large estate of 17000 machines. And the security scans are set on the agent to run every 20 days. This was in place before i started.
The reasoning behind that was with the random delays after a while the machines now scan at very random intervals. but this was before patch manager was introduced. Now I would like to increase this.
but wanted to see what others were doing on large or indeed small estates for comparison. We are not using autofix.
I just added this to my scan folder, and I was trying to test it against 7 computer. It failed on every single one of them, with no indication of why. I can't even figure out which log file to look in; there's nothing in the event log related to it. It installed just fine manually.
Anyone else running into this?
I have a computer that security required me to remove a hotfix on. Everyting I patch the server, it wants to re-add the hotfix because it no longer exists. All other computers need the hotfix, but I needed to turn off autofix so it wouldn't apply. How can I set it so just the one computer does not apply the patch.
John