Patch Managemnt Reporting Question - Detected Patches by Computer

July 2, 2015, 9:18 am

≫ Next: What are best practices maintaining a consistent LANDesk patch management structure across 2 core servers?

≪ Previous: Do Microsoft Office 2013 patches apply to Microsoft Office 365?

Hi there. I was looking for a way to report on LANDesk Patch management on required or detected patches for each computer. I have seen the canned report “Computers with the most detections” give the computer name and then the amount of detections for each computer. This would indicate the data appears to exist I just need to get that data in a format where I can copy/paste into excel. If this is obtainable in a query that is really what I want then I can add fields like source IP address and use excel formulas to show exactly how well we are patched in each location. Is there a way to get required patches by computer in a query? Below is the chart that I would typically fill out with formulas for WSUS to show exactly how we are doing monthly....

↧

What are best practices maintaining a consistent LANDesk patch management structure across 2 core servers?

October 1, 2015, 11:38 am

≫ Next: Delete Patch Directory

≪ Previous: Patch Managemnt Reporting Question - Detected Patches by Computer

What are best practices maintaining a consistent LANDesk patch management structure across 2 core servers?

In our environment we have 2 core servers, one for the East one for the West then a rollup server. We have been told in the past that we cannot use a rollup server for LANDesk patch management in the 9.5 release. LANDesk phone support didn’t have clear answers on this but ultimately I was told it couldn’t be done in 9.5. I would like to know is that really true in the 9.6 release?

Second question would be if this is true and there is no way to manage this from one central location then administration is a bit of a nightmare. Currently we have a separate administrator in the East and from the reports I am generating our patch levels are very inconsistent.

Not really worth describing how we are setup because I will change it shortly but here is how I am thinking we should be setup. Computers should scan for all vulnerabilities and not necessarily for items in a patch group like we currently are doing. All detected should be looked over and put in a pilot group first and then deployment group after tested. So now we are maintaining 2 groups in each location and the “Do Not Scan”, “unassigned” and scan groups. So how would I keep consistency in these groups in the most efficient manner? Should I export and import the groups every month? Even if I did that there would be inconsistencies in the “unassigned” and “do not scan” group. How would I keep them consistent? The margin of human error is very large especially with a language barrier.

We had been pulling reports from WSUS which were showing how badly patched the East is and the West isn’t bad however there are a few patches that need to be manually reconciled with WSUS. Apparently a few patches got declined that should not have been. Anyone know the most effective way in reconciling this? If you do a search for the KB article number LANDesk typically returns nothing which is another source of frustration. What would be a good way to solve all these problems and make this product easier to use? Our current methods surely aren’t consistent with the set it and forget it email I received a few weeks ago regarding patch management and I would like to get back on track.

↧

Delete Patch Directory

December 18, 2013, 8:28 am

≫ Next: HP Software Framework deployment

≪ Previous: What are best practices maintaining a consistent LANDesk patch management structure across 2 core servers?

I have recently moved the patch location to a network DFS share. Is it ok to remove all contents from the original patch location (C:\Program Files (x86)\LANDesk\ManagementSuite\ldlogon\patch)? If there is critical information in here please specifiy what is so I can keep those files/folders. Thanks for the help in advance!

-Jon

↧

HP Software Framework deployment

October 24, 2014, 1:32 pm

≫ Next: Distribution and Patch Settings (Pre-repair Script)

≪ Previous: Delete Patch Directory

How can I achieve this? We have SP59202, SP60076, and a customized SP52784 (LANDESK: this patch is not written correctly!) set to scan. Are these the correct patches to deploy it? Are they the only ones? We have approximately 6000 devices and these only find about 2600 eligible...

↧

Distribution and Patch Settings (Pre-repair Script)

June 23, 2015, 12:59 pm

≫ Next: Patch and Compliance - Downloading Patches Fail

≪ Previous: HP Software Framework deployment

Hello!

I need to run a pre-repair script to enable the Windows Update service before the patching process begins. I have a VB script that sets the service to automatic and works correctly, but the action reports a failure. Below is the script I am using. Does anyone have any idea what I need to add to the script so the action wont fail?

strComputer = .

objServiceName = "wuauserv"

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CimV2")

Set colListOfServices = objWMIService.ExecQuery ("Select * From Win32_Service Where Name ='" & objServiceName & "'")

For Each objService in colListOfServices

objService.ChangeStartMode("Automatic")

Wscript.Sleep 5000

errReturnCode = objService.StartService()

ReportRepairResult true, "Windows Update Enabled"

↧

Patch and Compliance - Downloading Patches Fail

July 23, 2015, 7:42 am

≫ Next: Patches failing to download

≪ Previous: Distribution and Patch Settings (Pre-repair Script)

When trying to download updates, I get errors like this one:

Attempting to download 1 patches

Failed to download file windows6.1-kb3079904-x64.msu

Connection to http://download.microsoft.com/download/1/5/7/15796587-cdc1-4586-97e9-299409682dc4/windows6.1-kb3079904-x64.msu failed. The request was aborted: The operation has timed out.

Proxy settings: Not using a proxy server.

Trying alternative source at patch.landesk.com

Failed to download file windows6.1-kb3079904-x64.msu

File https://patch.landesk.com/LDPM8/ldvul.php?KEYWORD=filename&FILENAME=patches/windows6.1-kb3079904-x64.msu does not exist

↧

Patches failing to download

April 2, 2009, 6:57 pm

≫ Next: Current LDSS 9.0 subscription- limited patch update definitions

≪ Previous: Patch and Compliance - Downloading Patches Fail

Hello all,

Our patch download scheduled task has been downloading the patches without any issues until this evening. Is anyone else experiencing this issue?

Nothing that I can tell has changed on our end.

This is what I get in the Application Event Viewer on the core:

Event Type:    Error
Event Source:    VAMiner.exe
Event Category:    None
Event ID:    0
Date:        4/2/2009
Time:        9:37:51 PM
User:        N/A
Computer:    CORESERVERNAME
Description:
You have not specified a valid site from which to download updates. Please verify your network connection settings.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

If I try to download the patches manually, it checks the LANDesk east coast server, west coast and EMEA and all of them fail.

↧

Current LDSS 9.0 subscription- limited patch update definitions

September 13, 2011, 4:36 pm

≫ Next: Failed to control service: 1051

≪ Previous: Patches failing to download

I am new to LANDesk, and have been thrown under the bus as far as learning it top to bottom myself. We have current licenses for version 9.0 SP2 of the Security Suite, which I was under the impression entitled us to the full loadout of software updates and patches, however, when I try to update, I am limited to a short list of mostly useless garbage.

I can see where, in the past we have had full access to updates, as the list is recent until August of this year with Flash and Firefox, etc., How can I add updates to my definition files. I looked for the answer in trolling the forum, but did not see it. Help appreciated, thanks.

↧

Failed to control service: 1051

December 9, 2011, 9:44 am

≫ Next: Failed to download

≪ Previous: Current LDSS 9.0 subscription- limited patch update definitions

I have a custom vulnerability that I am trying to stop a service on. I checked the service and it does show that it is stopable, but I keep getting failed results:

Command Interpreter running

Stop service VergenceLocatorSvc

Successfully controlled the service.

Stop service VergenceSessionManager

Failed to control service: 1051

ERROR(StopService) Failed to run command - 80004005

DownloadPatch ERROR: Failed to run commands (80004005).

Last status: Failed

Sending status to core

Failed

Any ideas? I'm just using the built in LANDesk stop service command. (LDMS9 SP2 latest MCPs)

↧

Failed to download

July 9, 2013, 1:06 pm

≫ Next: Microsoft .NET Framework 4.5.2

≪ Previous: Failed to control service: 1051

I am in the process of testing LANDesk for deployment on laptops. However, I am having a problem with the patch and compliance scans not being able to download patches. It seems like the GUI gets about half way through the download of the first patch, starts over, gets about half way through again and then bombs out. This is what I see in vulscan log:

Failed to download http://landesk/LDLogon/patch/vlc-2.0.6-win32.exe. Error code 2

Last status: Failed

Failed

Download Failure: Error 80004005 downloading http://landesk/LDLogon/patch/vlc-2.0.6-win32.exe

Last status: Failed: Could not download http://landesk/LDLogon/patch/vlc-2.0.6-win32.exe

DeferredReportAction: name 'vlc-2.0.6-win32.exe', code '0', type '-1', status 'Failed to download file vlc-2.0.6-win32.exe'

Failed: Could not download http://landesk/LDLogon/patch/vlc-2.0.6-win32.exe

I am able to copy and paste that URL into a browser (Chrome and IE) and download the file. I also did a TCP dump on the LANDesk server and can see a HTTP GET request along with a HTTP response status: partial content for the correct package. Any ideas?

Thanks,

Brad

↧

Microsoft .NET Framework 4.5.2

February 3, 2015, 6:22 am

≫ Next: j2sdk-1_4_2_17-windows-i586-p.exe

≪ Previous: Failed to download

Through the last round of endpoint patching we noticed Windows Update showed the most recent .NET framework update as "Important" . Yet in scanning using LANDesk, the vulnerability is not detected nor are we allowed to patch.

This is being noted by our CSO as our policy is to patch all Critical, High and Important patches.

My questions are: Why is this not being detected? Why is there not a patch available to update?

↧

j2sdk-1_4_2_17-windows-i586-p.exe

March 18, 2008, 9:56 am

≫ Next: LDMS 9.5 "Gather Historical Information" crashing everytime

≪ Previous: Microsoft .NET Framework 4.5.2

Anyone have a direct link to this patch? I found all the others but this one is MIA....

Thanks!

↧

LDMS 9.5 "Gather Historical Information" crashing everytime

March 19, 2013, 12:25 pm

≫ Next: High CPU Usage by ISSUSER.exe

≪ Previous: j2sdk-1_4_2_17-windows-i586-p.exe

As the title states "Gather Historical Information" is crashing during the task towards the end at "Removing historical information more than 30 days old ...".

The console crashes every time at this point. When I try to schedule the task for later, the task runs once then crashes, and then it fails to run again the next day. The error is "Failed, task handler exception".

This is preventing me from having accurate informaiton in the patch and compliance area. Any ideas?

↧

High CPU Usage by ISSUSER.exe

May 29, 2015, 2:23 pm

≫ Next: Distribution and Patch Settings (Pre-repair Script)

≪ Previous: LDMS 9.5 "Gather Historical Information" crashing everytime

On LD 9.6 SP1 client I'm seeing issues with ISSUSER.exe running at 100% of one core and sometimes faulting.

Once suggestion was to replace the jscript.v55 file, but that has not resolved the issue.

Looking at the application errors in the diagnostic data in inventory I'm seeing the following

So it appears the LIBEAY32MT.dll is where it's faulting at with an exception code of c0000005

Any advice?

↧

Distribution and Patch Settings (Pre-repair Script)

June 23, 2015, 12:59 pm

≫ Next: Post Repair Script

≪ Previous: High CPU Usage by ISSUSER.exe

Hello!

strComputer = .

objServiceName = "wuauserv"

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CimV2")

Set colListOfServices = objWMIService.ExecQuery ("Select * From Win32_Service Where Name ='" & objServiceName & "'")

For Each objService in colListOfServices

objService.ChangeStartMode("Automatic")

Wscript.Sleep 5000

errReturnCode = objService.StartService()

ReportRepairResult true, "Windows Update Enabled"

↧

Post Repair Script

September 9, 2015, 1:31 pm

≫ Next: Patch Deployment Issue

≪ Previous: Distribution and Patch Settings (Pre-repair Script)

I think this should be a simple one. I want to use a post repair script that lets the user know the repair has been completed.

I tried using a simple msgbox command but the vulscan log said I did not have rights to run that command.

How would I display a message to the user at the end of the repair? I am running 9.5 SP2.

Thank you.

- Kurt

↧

Patch Deployment Issue

July 29, 2008, 11:59 pm

≫ Next: Is Most Affected Computers report available from charts?

≪ Previous: Post Repair Script

Hi,

We have a multiple sites in our organisation. We have installed a Core Landesk server at one of our site and have created a Repository for Patches, Softwares, Images at other remote location. I have configured a server from each location as a Preferred server. I want to deploy patches such that the clients from the specific location should install the Patch from the repository created on server on that location it shouldnt install the patches from the Core server. Is it that i have to push a different agent or any other setting has to be done or can you suggest me with another solution for this querry.

↧

Is Most Affected Computers report available from charts?

June 5, 2012, 6:56 am

≫ Next: Downloading Java SE 6 Update 51

≪ Previous: Patch Deployment Issue

Hi, on lDMS 9 SP3 on Patch And Compliance module we have Charts on Vulnerabilities statistics, is possible to export or generate a scheduled report for Chart titled: Computer with the most detection"??

Thanx all

↧

Downloading Java SE 6 Update 51

June 24, 2013, 4:11 pm

≫ Next: issues deleting old patches

≪ Previous: Is Most Affected Computers report available from charts?

Has anyone figured out how to actually download the latest v.6 Java update? They only list the v.7 stuff now on their standard download page. I found a page where you can download old versions, but it only went up to the last v.6 version - Update 43. The LANDesk bulletin says: "login Oracle Technical Network to get these patches" but after mucking around on the Oracle site for 15 minutes, I can find no such logon.

Thanks!

↧

issues deleting old patches

June 17, 2011, 11:02 am

≫ Next: Security scan fails to download some patches

≪ Previous: Downloading Java SE 6 Update 51

Hey all,

we are on core 8.8 and currently I am a full admin across the board but my "delete selected item " option is greyed out when in security and patch manager. I have the purge option but not delete selected items, I've even logged into the core with our main LANDesk service account and no change- info to note is that I am using the core and not just using the console. We have quite a few entires that are rather old and I'd like to clean things up a bit.

Thanks ,

Brandon

↧