Patch Management Solution

Hi All,

Some background / context, we recently migrated from 8.1 to 8.5RU3, all managed assets pointing to our "new" 8.5RU3 NS

Here is what an the various agents look like in the environment on a PILOT machine after being upgraded.
Windows System Assessment Scans were initially broken post migration but were fixed via https://knowledge.broadcom.com/external/article?legacyId=HOWTO101482

We are pushing a set of July 2020 patches last night via Software - Patch Management  - Software Update Policies, to our DEV server group and PILOT client group and ran into an issue where the applicable patches were not being delivered to the agents. 

The Patch Policy looks like this:


The scheduling is managed by Settings - Agents/Plug-ins - Windows, see below: 
The Software Update Delivery Summary looks like this for PILOT, lots of installation incomplete


------------------------------
JD1881
------------------------------

Hi,

We had a similar issue but only on a few devices. Support also pointed us to the fix article but that did nothing.

The first thing I would check here is the licenses and the maintenance, if that is out then patching is off.

In some cases what worked for us was to uninstall the agent, remove the device from the CMDB (right click -> delete), run a policy update then the delta resource membership update, re-install the agent and see the system assessment scan results.

in some cases the update was already installed and the SMA did not detect the install, then we uninstalled the update did not reboot, then started the install from the SMA and the install would then succeed, reboot and all was fine again.

Cheers,

------------------------------
ProServe Consulting
------------------------------

Original Message:
Sent: 07-17-2020 01:28 PM
From: Jonathan Deng
Subject: Software Updates / Patch Applicability Patching Issue / Possible Windows System Assessment Issue?

Hi All,

Some background / context, we recently migrated from 8.1 to 8.5RU3, all managed assets pointing to our "new" 8.5RU3 NS

Here is what an the various agents look like in the environment on a PILOT machine after being upgraded.

Windows System Assessment Scans were initially broken post migration but were fixed via https://knowledge.broadcom.com/external/article?legacyId=HOWTO101482

We are pushing a set of July 2020 patches last night via Software - Patch Management  - Software Update Policies, to our DEV server group and PILOT client group and ran into an issue where the applicable patches were not being delivered to the agents.

The Patch Policy looks like this:

The scheduling is managed by Settings - Agents/Plug-ins - Windows, see below:

The Software Update Delivery Summary looks like this for PILOT, lots of installation incomplete

The compliance by computer for PILOT under compliance and remediation showed mostly 0% compliance

Looking at one of the PILOT machines' agents - Software Updates, its empty when it should be showing applicable patches 

Looking at the same PILOT machine's patch applicable updates report, it shows all these patches below that apply but are not delivered to the agent for some reason.

My questions is why are the applicable patches not being delivered to the machines? Please provide any insight or guidance if you have seen something similar to this situation, thanks! 

------------------------------
JD1881
------------------------------