Can anyone explain what "gather patch historical information" is, what it does, and how it does it?
↧
Gather patch historical information
↧
Patch Manager - Client cannot process data
we have installed 8.8 SP2 for a number of months with now issues PM working well.
I have applyed patch SP2A to core and client group. And since this PM scanning has stopped working.
This is a major issues which is stopping project.
Can LANDesk advise on how to approch this issue.
I have attached screen shot of issue.
Thanks in advance
↧
↧
VulScan Using Excessive Memory?
Hello,
We seem to have a common issues with several users in our organization. VulScan will kick off periodically throughout the day and use about 380K of the available memory which is leading to an extremely bogged down system. Has anyone experience this in your environment? Also, what logs could I check to find any abnormalities? I appreciate any advice!
- Stoj
↧
Patch MS09-034 on Windows Server 2003
Hello,
We have an issue here with the patch MS09-034, the patch is installed successfully but on all Windows Server 2003 systems the patch is still detected even after reboot with status Patch installed: YES Action: Patch successful Reason: File 'C:\WINDOWS\system32\ieapfltr.dll' version is less than the minimum version specified.
We've tryed to install manually, the patch is installed successfully but issue is still the same.
Is anybody can help us on this issue ?
Thanks in advance
Steve
↧
Security scan fails to download some patches
When i run a security scan, it fails to run certain installers.
Last status:
2 patches were found to run
Last status: Done. 2 patches were found
Last status: Failed
Download Failure: Error 80004005 downloading http://CORESERVER/LDLogon/patch/skypesetupfull5.6.0.110.exe
Last status: Failed: Could not download http://CORESERVER/LDLogon/patch/skypesetupfull5.6.0.110.exe
Sending status to core
Wed, 01 Feb 2012 16:36:34 Success
Last status:
Last status: Done
Wed, 01 Feb 2012 16:36:35 Performing TCP connection with a timeout of -1 milliseconds
Wed, 01 Feb 2012 16:36:37 Performing TCP connection with a timeout of -1 milliseconds
Wed, 01 Feb 2012 16:36:39 Performing TCP connection with a timeout of -1 milliseconds
Wed, 01 Feb 2012 16:36:41 Performing TCP connection with a timeout of -1 milliseconds
Wed, 01 Feb 2012 16:36:42 Performing TCP connection with a timeout of -1 milliseconds
Downloading http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe
Failed to download http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe. Error code 1
Last status: Failed
Download Failure: Error 80004005 downloading http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe
Last status: Failed: Could not download http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe
Sending status to core
In SendRequest: Action = SOAPAction: "http://tempuri.org/SetPatchInstallStatus"
Wed, 01 Feb 2012 16:36:44 SendRequest: SOAPAction: "http://tempuri.org/SetPatchInstallStatus"
However other updates run, such as adobe reader x or firefox 9.0.1 correctly downloads and installs. All the install files are in the same patch repository. I don't understand why it would update firefox from 8.0.1 to 9.0.1 but not to 10.0.
↧
↧
Java (JRE/JDK) 6 "upgrade" to 7
Does LANDesk have any plans to release the auto-upgrade patch & definition from v6 to v7 of Java? It would be nice to get that to run natively in LANDesk Patch Manager. Right now, we are prepping a script to uninstall v6 on all systems with software deployment, but I'd love to be able to use a LANDesk-provided patch to do it instead.
↧
Anyone getting a C++ error when Patch Manager tries to install/upgrade to Adobe Reader 10?
I can't figure out why this is happening in my enviroment. Specifically this is in regards to Definition ADOBERDv10.0.0_UPGRADE_ENU. Any time I try to run this update my client machines (Mostly Win XP SP3 machines) I get a blanked out C++ error on the client that has to be manually cleared out. THis wouldn't be such a pain except the Definition keeps sneaking into my scan folder. Has anyone seen this or know how to fix it?
↧
j2sdk-1_4_2_17-windows-i586-p.exe
Anyone have a direct link to this patch? I found all the others but this one is MIA....
Thanks!
↧
Security Scans cannot connect to server
In the past week I noticed several agents were erroring out when running security scans. Reason was that the agent could not connect with the server.
When I open the server console ON the LANDesk server, I no longer can open the Patch and Compliance tab. I click the link and nothing opens. It's as if though it's been disabled.
When I launch a Security Scan on a workstation, the process gets to "Sending current setting information to core". Where I get a Server Busy. Retrying ... message. After several attempts it fails.
Seems my Compliance and Patching is no longer enabled.
I tried the Server Activation process and that completed sucessfully. But I stil have the problem.
Ideas? Directions for resetting my system?
↧
↧
MS12-046
The install of MS12-046 is failing on about of half of my client machines. Is there a widespread problem with installing this fix?
We're running LDMS 9 SP2. Upgrade to SP3 is not practical at this time.
The result is "Unknown status code (0x19C,0:412), and of course the return code is 412.
All of the pre-reqs for this fix have been downloaded.
I have created a policy that installs the following in addition to MS12-046:
MS12-043
MS12-044
MS12-045
MS12-047
MS12-048
MS12-049
OFFICE-2011-1423
↧
Can't see all definitions Type in Patch and Compliance
Hi
I have just updated my Core Server Licences, And I have Now my Landesk Security Suite licence activated.
But when looking into the Patch and compliances download, I can't see any Microsoft securty type, I can only see the ones included in Landesk Management suite.
Is there someting to update in the console to enable my licence?
thanks
↧
Windows Firewall Settings: unable to get scan and repair settings from core
Hello,
I've been trying to get LANDesk to push some Windows Firewall settings to clients with a LANDesk agent. Untill now, it has been a daunting thing to accomplish.
What I want to do is set an exception for Sophos Anti-virus in the Windows Firewall. I've made a Windows Firewall settings in LANDesk which adds the Sophos main executable to the exceptions list. Scope is Any computer. The ID is 16.
I made a policy supported push as a delivery method and a scheduled task with the above Windows Firewall setting and delivery method.
When I run the scheduled task on one of my testmachines I get a status "Failed" and a result "Unable to get scan and repair settings from Core". We had this issue before. It was caused by the changing of the Windows Firewall setting, and thus the ID, while the scheduled task reffered to the old ID. I checked this by deleting the old scheduled task and making a new one. Again, the task failed with the same result.
This is the log file of the failed task
Processing package : PSP_Exception_Sophos_C
Wed, 04 Jun 2008 11:15:56 File (http://LANDESKCORE/landesk/files/ldrunner.exe) is cached locally
Wed, 04 Jun 2008 11:15:58 Downloading file http://LANDESKCORE/landesk/files/ldrunner.exe (oQs21bSjcecYMA3GGA9kOw==, 3)
Wed, 04 Jun 2008 11:15:58 Downloading file 1 of 1 from 'http://LANDESKCORE/landesk/files/ldrunner.exe'
Wed, 04 Jun 2008 11:15:58 LSWD or Executable Client Thread
Wed, 04 Jun 2008 11:15:59 PackagePath: http://LANDESKCORE/landesk/files/ldrunner.exe
Wed, 04 Jun 2008 11:15:59 Processing generic executable
Wed, 04 Jun 2008 11:16:00 Launched application 'C:\Program Files\LANDesk\LDClient\sdmcache\landesk\files\ldrunner.exe' ('"%LDMS_CLIENT_DIR%\vulscan.exe" /changebehaviors /firewallbehavior=16') result -1917648464
Wed, 04 Jun 2008 11:16:00 Installation result 8DB301B0
Wed, 04 Jun 2008 11:16:00 processing of package is complete, result -1917648464 (0x8db301b0 - code 432)
As you can see, the right firewallbehavior ID is used.
When I checked my testmachines, the changes pushed by the scheduled task were implemented correctly. I deleted the exception and switched the firewall off before I deployed the task. The firewall was on and the exceptions was enabled on all the machines.
I've searched for the specific error codes mentioned in the log, but cannot find anything.
Can anyone help me with this?
↧
Machines failing patches with error code 412, Landesk 9
I'm running Landesk 9.0 with some machine with SP1 and others without (SP1 fails with error code 412 when patching to SP1). Patches are now failing on the systems with error code 412. This is the vulscan log from one of the machine during a failed patch of Firefox and Adobe Acrobat -
.....
Command Interpreter running
Executing C:\Program Files (x86)\LANDesk\LDClient\SDMCache\Firefox Setup 3.6.9_ENU.exe -ms
ERROR: C:\Program Files (x86)\LANDesk\LDClient\SDMCache\Firefox Setup 3.6.9_ENU.exe -ms returned a bad exit code (3221225794)
ERROR(EXECUTEFILE) Failed to run command - 80004005
DownloadPatch ERROR: Failed to run commands (80004005).
Last status: Failed
Sending status to core
Last status: Contacting server...
Tue, 12 Oct 2010 10:46:11 Success
Last status:
Last status: Done
Running patch Firefox Setup 3.6.10_ENU.exe
ShouldScan Firefox Setup 3.6.10_ENU.exe before repairing returned: 0
Patch directory : 'C:\Program Files (x86)\LANDesk\LDClient\SDMCache\'
Patch name : 'Firefox Setup 3.6.10_ENU.exe'
Command Interpreter running
Executing C:\Program Files (x86)\LANDesk\LDClient\SDMCache\Firefox Setup 3.6.10_ENU.exe -ms
ERROR: C:\Program Files (x86)\LANDesk\LDClient\SDMCache\Firefox Setup 3.6.10_ENU.exe -ms returned a bad exit code (3221225794)
ERROR(EXECUTEFILE) Failed to run command - 80004005
DownloadPatch ERROR: Failed to run commands (80004005).
Last status: Failed
Sending status to core
Last status: Contacting server...
Tue, 12 Oct 2010 10:46:13 Success
Last status:
Last status: Done
Running patch AcrobatUpd940_all_incr.msp
ShouldScan AcrobatUpd940_all_incr.msp before repairing returned: 0
Patch directory : 'C:\Program Files (x86)\LANDesk\LDClient\SDMCache\'
Patch name : 'AcrobatUpd940_all_incr.msp'
Command Interpreter running
Executing C:\Windows\System32\msiexec.exe /q /p "C:\Program Files (x86)\LANDesk\LDClient\SDMCache\AcrobatUpd940_all_incr.msp"
ERROR: C:\Windows\System32\msiexec.exe /q /p "C:\Program Files (x86)\LANDesk\LDClient\SDMCache\AcrobatUpd940_all_incr.msp" returned a bad exit code (3221225794)
ERROR(EXECUTEFILE) Failed to run command - 80004005
DownloadPatch ERROR: Failed to run commands (80004005).
Last status: Failed
Sending status to core
Last status: Contacting server...
Tue, 12 Oct 2010 10:46:14 Success
Last status:
Last status: Done
Running patch AdobeAIRInstaller2.0.4.exe
ShouldScan AdobeAIRInstaller2.0.4.exe before repairing returned: 0
Patch directory : 'C:\Program Files (x86)\LANDesk\LDClient\SDMCache\'
Patch name : 'AdobeAIRInstaller2.0.4.exe'
Command Interpreter running
Executing C:\Program Files (x86)\LANDesk\LDClient\SDMCache\AdobeAIRInstaller2.0.4.exe -silent
Specified timeout is 3000 seconds
ERROR: C:\Program Files (x86)\LANDesk\LDClient\SDMCache\AdobeAIRInstaller2.0.4.exe -silent returned a bad exit code (3221225794)
ERROR(EXECUTEFILE) Failed to run command - 80004005
DownloadPatch ERROR: Failed to run commands (80004005).
Last status: Failed
Sending status to core
Last status: Contacting server...
Tue, 12 Oct 2010 10:46:16 Success
Last status:
Last status: Done
Any ideas?? Thanks!
I believe all of this started happening when I patched the management server to SP1 back in August.
↧
↧
Creating windows 7 baseline, but Windows Updates says patches are still available
I am new to LandDesk (nice to meet you!!), and I have been diligently watching the videos and doing the recommended reading.
I am having trouble creating a baseline of patches from a barebones Win7 SP1 x64 install. I have scanned against all available critical and Important updates. After that I have hunted down patches that were marked as N/A in Landesk but marked as important in Windows Update.
I am left with Windows Update alerting me to 13 patches. The patches have been scanned in LanDesk and were not detected and/or already installed on the system. I verified most were already installed on Windows up running Quick and Easy Way to List All the Windows Updates Installed on Your System | Gizmo's Freeware
I have also checked the detection logic in LanDesk and validated the detection to be true on the target machine.
I checked the detection rules for replaced rules, and in most cases those replacements were also scanned/passed or there are no replacements.
To focus on a specific example, MS15-029_MSU.
1. In the definition affected product is Win7 x64 with KB 2670838. This KB2670838 is already installed on the target, so affected product passes.
2. custom script detection logic... The only piece I could not validate because I do not understand how it works
3. Detecting the Patch Registry Setting. The Key already exists on the target, so the patch is already detected.
4. There are no replacements for this definition in Landesk
5. There are no pre-requisites for this definition in Landesk
6. Windows Update reports MS15-029 is still needed, but Landesk says MS15-029 passes.
Is it normal to have some of these already installed updates still being detected by Windows Update? Is it possible to achieve 100% patch on a barebones machine which was updated by Landesk, and validated through Windows Update?
Thanks,
-Lee
↧
Need to disable Windows 7 Restart or Postpone message
We want to use LANDesk for all of our patching needs. However, when we push a patch out to a Windows 7 machine that requires a reboot, the-end user always gets the Windows Action Center message pop up that says "Windows can't update important files and services while the system is using them. Make sure to save your files before restarting." Windows then gives the end-user the options to "Restart now" or "Postpone" and "Remind me in: (default is 10 minutes)."
At the same time, LANDesk Security and Compliance Manager also comes up (when all patching is complete) and tells the user a similar message (a message we CAN control in LANDesk).
We want to be able to control what options the end-user has. For example, we want to be able to give the user the option of deferring a maximum of 3 times for no more than 4 hours at a time. After that, we want to just force the reboot. The problem arrises, particularly, when the end-user sees the Windows message and just clicks "Restart now" before LANDesk (vulscan.exe) actually finishes doing it's thing in the background. This results in the task failing to install all the patches. On the flip side of that, we don't want the user to just be able to keep "Postponing" forever. We only want to give them a limited number of deferrels.
Basically, we don't want Windows to interact with the user at all with regard to Windows updates. We want to control it all via LANDesk and LANDesk only.
Here's what we've tried so far:
Under the Windows Action Center, turning off basically everything:
After that didn't work, we tried to modify the following Group Policies as follows:
So far, we've still been unable to stop the Windows message from popping up. Can anyone help us? I find it hard to believe that no one has done this before.
Also, I forgot to mention we are running LDMS 9.5. Thanks!
Kenny
↧
Do Microsoft Office 2013 patches apply to Microsoft Office 365?
I was wondering if Office 2103 patches also patch Office 365? Everything I find for patching Office 365 currently points to installing patches for Office 2013. Also, even if Office 2013 cannot be installed to patch Office 365 is there any plan for LANDesk to offer patches for Office 365?
In Office 365 you can select to view updates and it carries you to the page below. Then you can select to view the description of one of the update versions and the version changes show the patches for Office 2013.
↧
Issues with JREJDKv1.6.75_Manual
LANDesk issued this: LANDESK Patch News Bulletin: Java 6 Update 75 06-MAY-2014
I have six machines that say they need JREJDKv1.6.75_Manual (jre-6u75-windows.i586.exe).
I have searched the Oracle Java website to find this patch and cannot find it anywhere. Can anyone provide me a link where I can download this?
↧
↧
Basic questions with Patch Management
Hello, I apologize for the basic nature of my questions and confusion, but I have been reviewing the manual and documentation and also viewing as many videos as I can find to watch. However, I'm afraid after 2 weeks, I still have some basic questions and confusion.
We have recently purchased LANDesk 9.6 and I was asked to look into the Patch Management piece. I've picked up some (very) basic knowledge in my efforts to learn, but have hit a bit of a stumbling block to continue learning and am at a point I need to show my lack of understanding of this product and ask for help.
My understanding is that in the Patch and Compliance area, after you download the updates, they are placed into the "\Unassigned" folder. Then it is up to me to figure out what to do with them. To get the vulnerability scan (vulscan.exe) to check if these updates are needed on our workstations, I must copy the desired updates into the "\Scan" folder. And vulscan.exe will ONLY check the workstations for the updates in this \Scan folder.
I have many questions and items that are confusing to me in LANDesk, but my initial question & confusion is 'Which of the thousands of updates that were downloaded should I copy to the \Scan folder?' Now I realized the obvious answer is "You dummy, copy the ones you want to scan for!", but that is the problem. I don't understand how LANDesk is doing this check. In my mind it should simply check for "Adobe Reader", yet there are numerous 'versions' of Adobe Reader updates that get downloaded and I don't understand why, and more importantly, how these different versions are used.
In a specific example, but questions and confusion is below. Thank you for any help or pointers that will get this beginner past this initial hurdle.
- We have thousands of computers and they all have Adobe Reader installed. There are many updates downloaded that are listed for Adobe Reader and various versions. Do I ONLY need to copy the very latest Adobe Reader update into the \Scan folder? (I..e - Adobe Reader 11.0.10) If I do that and a machine has Adobe Reader 9 or 10, will the fact that I copied just the Reader 11 update show those workstations as needing an update?
- Also, there are currently 3 different updates that were downloaded for Adobe Reader v11.0.10. Why, and which one should I copy to the \Scan folder? (We don't want to be scanning for unnecessary things.) This occurs with other products too where there are multiple items referencing the same version that were downloaded. I guess I'm having a mental block as to why LANDesk does this? I don't want to take a shotgun approach and just put "everything" in the \Scan folder, but how do I know which of the Adobe Reader (or JAVA, Flash Player, etc.) items are truly needed?
- How does vulscan.exe flag what the 'fix' is? In other words, I have machines with Adobe Reader v9. Is LANDesk going to install the most current version as the fix? (i.e. - LANDesk will tell me the fix for computers with Adobe Reader 9 is to install Adobe Reader 11.0.10.) Is so, how do we control versioning? Because we actually have some computers that require a specific version of Adobe Reader 9. Thus, if LANDesk says those computers are vulnerable, how can you ensure that the 'fix' for those computers is to simply install the latest Adobe Reader 9 version, which is 9.5.5 and do NOT 'fix' them by installing Adobe Reader 11.0.10?
- And finally, what if a machine did NOT have Adobe Reader installed? Can I perform an installation of that product via LANDesk Patch Management?
Keith Hemmelman
↧
SDMcache Cleanup ...
Hello,
I am pretty new with LANDesk, and I was wondering how and why the SDMcache folder (C:\Program Files\LANDesk\LDClient\sdmcache\) is not cleaned after the security and patch management.
I've now some workstations with 1 GB of cached packages, and this space should be released.
I am using the Management Suite 8.7 SP5, and until now, I've not been lucky on Google to answer this !
Any help is welcome !
Eric
↧
Java 7 Update 11
Support is aware of the Java 7 Update 11 emergency update provided by Java. Our team is currently developing a patch manger definition for Java 7 Update 11 and we will have this released as soon as possible. I will update this thread as soon as this new content has been released. If you need to release this content to your environment immediatly you may do so by creating a custom definition for the patch that has been released by Java found here:
↧