Client Management Suite

 View Only
Expand all | Collapse all

Patch installs affecting Win7 Build

  • 1.  Patch installs affecting Win7 Build

    Posted Jul 26, 2013 08:11 AM

    I am finishing off a Win7 build which seems to be fine - I am having one issue. Before the job finishes its installing MS patches which is intefering with the job. Any way to postpone these till the build is finished ?

     



  • 2.  RE: Patch installs affecting Win7 Build

    Posted Jul 26, 2013 08:43 AM

    Do your build tasks have "Allow other tasks to run while installing this task" checked or unchecked (Advanced, Task Options tab)?  If it's checked, try unchecking it and see if that helps. 



  • 3.  RE: Patch installs affecting Win7 Build

    Posted Jul 26, 2013 08:46 AM

    The default is unchecked, and thats what they all are.

     



  • 4.  RE: Patch installs affecting Win7 Build

    Posted Jul 26, 2013 08:47 AM

    Hi,

    there are some ways to get this working.

    First and maybe simplest. Just turn off the windows update service and at the end of the job turn back on.

    Simple script task for stopping:

    sc stop wuauserv

    sc config wuauserv start= disabled

     

    For starting:

    sc start wuauserv

    sc config wuauserv start= auto

     

     

    Do you use patch management for MS patches?

     

    Regards



  • 5.  RE: Patch installs affecting Win7 Build

    Posted Jul 26, 2013 08:57 AM

    Hi md, that sounds like a solution, again :-) - i'll create a service taks that does that and see how it goes.

    Yes, We use patch management for Microsoft hotfixes.

     



  • 6.  RE: Patch installs affecting Win7 Build

    Posted Jul 26, 2013 09:03 AM

    Hi,

    perfect, would be great to get any feedback.

    As I mentioned there are some more options. In some environments we implemented a task which puts a client at the beginning of an installation into a filter. This filter is excluded in policies (in patch policies too). So the installing client is "isolated" from any policies affecting the client. At the end the client is removed from this filter and all policies can start working.

    This could be achieved with an asdk script. It needs little configurations and you have to keep in mind, that the client could be "isolated" in troubleshooting scenarios.

    Just give a hint if you need some more. I guess on connect there are some threads with this script.

    Regards

     

     



  • 7.  RE: Patch installs affecting Win7 Build

    Posted Aug 06, 2013 07:12 AM

    Hi - looks like this is still causing a problem - I see from the logs teh agent is restarting for some reason, I assume this is causing the running task to fail!

     



  • 8.  RE: Patch installs affecting Win7 Build

    Posted Aug 06, 2013 07:44 AM
    Hi, Sounds like any Agent policy affects the client. Do you install any agent plugin per policy or is there running an Upgrade policy? Can you provide an agent log of affected client? Regards


  • 9.  RE: Patch installs affecting Win7 Build

    Posted Aug 06, 2013 08:49 AM
      |   view attached

    see attached - the task that fails kicked off at 11:16:42 and end time is reported to be 11:18:51

    I had a look and it looks like the agent is restarting, dont know whats causing that though.

    Thanks

     

     

    Attachment(s)

    txt
    client log_1.txt   598 KB 1 version


  • 10.  RE: Patch installs affecting Win7 Build

    Posted Aug 06, 2013 08:53 AM

    Sorry - I deleted my other thread was the same issue. So do you think the agent updates are causing this? I got the feeling someones going to tell me to exclude this new machine from all the agent policies updates.!

     



  • 11.  RE: Patch installs affecting Win7 Build

    Posted Aug 06, 2013 09:20 AM
    Hi, For testing you can manually exclude it. I will post whole process in some hours. Regards.


  • 12.  RE: Patch installs affecting Win7 Build
    Best Answer

    Posted Aug 06, 2013 04:02 PM

    Hi,

    the idea behind is to have a dynamic filter which is excluded in every policy affecting clients. These policies are agent install / upgrade polices, managed software deliveries and patch management policies. Of course you can exclude from any other, too (like inventory policies etc). But for failure-free installation it is important to have no other installations beside the ones in the install process.

    To include a client into this filter we need an asdk script at the beginning of the process and at the end of the process the client have to be cleaned out of the filter.

    What to do now:

    Create a filter and name it like you want (e.g. “install filter”).

    Create a “add to filter” script task for taskserver (be careful it’s another than normal) and paste following input (vbscript type). The script should run at the early beginning of the install process. You can let it run just before the os installation (so all membership updates on the smp can run). You need the guid of the filter (properties of filter) in the script. Just fill in the necessary const. I provided the source code for working with the filter name, too. But my experiences is that in some cirumstances working with the name could error out (often when the filter name is very long and complex).

     

    Option Explicit

    'Const strFilterName = "My Filter"  'only needed when you want to address the filter by name

    Const itemfilterforadding = "guid of filter"

    Dim oCollectionManagement

    Dim oItemManagement

    Dim strItemName

    Dim colItems

    Dim itemComputer

    Dim itemComputerToAdd

    Dim itemFilter

    Dim itemFilterForAdding

    Set oCollectionManagement = CreateObject("Altiris.ASDK.NS.CollectionManagement")

    Set oItemManagement = CreateObject("Altiris.ASDK.NS.ItemManagement")

    oItemManagement.CreateLocalInstance()

    oCollectionManagement.CreateLocalInstance()

    ItemManagement.TargetServer  = "%NSSERVER%"

    itemManagement.Authenticate()

    strItemName = "%COMPNAME%"

    colItems = oItemManagement.GetItemsByName(strItemName)

    For Each itemComputer In colItems

    itemComputerToAdd = itemComputer.Guid

    Next

    'this part is only needed when you want to address the filter by name

    'strItemName = strFilterName

    'colItems = oItemManagement.GetItemsByName(strItemName)

    'For Each itemFilter In colItems

    'itemFilterForAdding = itemFilter.Guid

    'Next

    Call oCollectionManagement.AddInclusions(itemFilterForAdding, itemComputerToAdd)

    Call oCollectionManagement.UpdateCollections(itemFilterForAdding)

     

    And at the end of the install process create another script for task server for clearing the filter out (vbscript type). The input is nearly the same with the difference of the called function in the last but one line.

     

    Option Explicit

    'Const strFilterName = "My Filter"  'only needed when you want to address the filter by namea

    Const itemfilterforadding = "guid of filter"

    Dim oCollectionManagement

    Dim oItemManagement

    Dim strItemName

    Dim colItems

    Dim itemComputer

    Dim itemComputerToAdd

    Dim itemFilter

    Dim itemFilterForAdding

    Set oCollectionManagement = CreateObject("Altiris.ASDK.NS.CollectionManagement")

    Set oItemManagement = CreateObject("Altiris.ASDK.NS.ItemManagement")

    oItemManagement.CreateLocalInstance()

    oCollectionManagement.CreateLocalInstance()

    ItemManagement.TargetServer  = "%NSSERVER%"

    itemManagement.Authenticate()

    strItemName = "%COMPNAME%"

    colItems = oItemManagement.GetItemsByName(strItemName)

    For Each itemComputer In colItems

    itemComputerToAdd = itemComputer.Guid

    Next

    'this part is only needed when you want to address the filter by name

    'strItemName = strFilterName

    'colItems = oItemManagement.GetItemsByName(strItemName)

    'For Each itemFilter In colItems

    'itemFilterForAdding = itemFilter.Guid

    'Next

    Call oCollectionManagement.RemoveInclusions(itemFilterForAdding, itemComputerToAdd)

    Call oCollectionManagement.UpdateCollections(itemFilterForAdding)

     

     

    What is now happening in the install process: the client becomes a member of the filter at the beginning and at the end he gets out of this filter. Now you can work with the filter and set it as an exclusion in any policy you have. So the client becomes “isolated” in the install process.

     

    One thing to ask: Do you work with task servers? If yes, there is a thing to mention. On the task server you need the asdk components. You can find them in the file repository of your Symantec installation manager. If you have a lot of task servers you can create a new software resource and deploy it with the help of a task / policy.

    This is the whole process. The most workload is to exclude the filter in all your existing policies (depends on how many policies you have).

    As I mentioned in post above, you have to keep in mind that the client is included in the filter at the beginning of the installation. If the installation is breaking off you have to remove the client manually from the filter. If you don’t do, some things won’t work for the client (even reinstalling).

     

    If there are any questions, just ask.


    Regards



  • 13.  RE: Patch installs affecting Win7 Build
    Best Answer

    Posted Aug 07, 2013 04:47 AM

    Your Problem at least in the log you posted is the pcAnywhere plugin.

    pcAnywhere Plug-in for Windows-Upgrade' still running, client stopping

    It is getting upgraded and restarts the agent which messes with all kinds of tasks. How did you integrate the plugins? In an image or are they installed with a script during setup? If so just put the exchange the pca plugin installer with the recent one. There was a single update for pcanywhere some months ago, maybe you didnt update the installer back then.

    Besides that we usually also implement exclude filters with ASDK Tasks run on the task servers to keep the setup as clean as possible without policies interfering, same as md investigate mentioned.



  • 14.  RE: Patch installs affecting Win7 Build

    Posted Aug 07, 2013 04:55 AM

    MD - thanks for the script - will give it a test.

    Yet again I am bamboozled as to how this was not picked up by some testing of this software and then fixed. This is a bog standard deployment of Win7 with a task to install Lenovo drivers. The simplest of jobs for a deployment server and yet we have to go in and tweak filters etc (which is not documented in user manuals) - I have the agent included in the image (which is the way symantec advise doing as far as I'm aware)Simple stuff like this is why I believe this software is doomed to be honest.

    My job :

    Reboot to PXE
    Deploy Image
    Reboot to Production
    Add machine to domain
    Disable W7 Update Service - "to stop hotfixes installing"
    Install Lenov drivers - FAIL!
    Enable Winodws update service.

     

    It doesn't get much simpler than that and yet we have to have a workaround. To me thats not good enouugh and this is where CMS gets its ass kicked by WDT.



  • 15.  RE: Patch installs affecting Win7 Build

    Posted Aug 07, 2013 05:45 AM

    Hi,

    there are a lot of ways to fullfill all needs. In your case the installation of the drivers is no must have with extra step. You can use the deployanywhere driver database and all drivers get installed while imaging the client. And the breaking pcanywhere agent, okay, someone had to establish the update which directs to this behavior. So someone had to do an update of the image process.

    It is an endless discussion but it always depends on how such a tool is used. In CMS you have a very granular way to get your managed client. This granularity is sometimes frustrating but very often this gives you the chance to get all things established you have in mind.

    After all, I guess every management tool is challenging and if you find anything not beeing ideal, just let us know and we can have an idea post to make the product better for all needs.

    Regards



  • 16.  RE: Patch installs affecting Win7 Build
    Best Answer

    Posted Aug 07, 2013 08:15 AM

    I padded the job out a bit with 3 extra tasks

    Update client configuration
    Gather Hardware Inventory
    Update client configuration

    no idea if all 3 are needed but it makes it work anyway so will stick with it.
     

    Thanks for the tips and support guys.