1. According to both pics above, you have installed "Software Update Agent" on both client computers, so there is no need to install other plug-ins like "Application Metering", "Inventory Agent", "Software Management Solution Agent" & "Deployment Solution plug-in"
--// But if you need them to be installed, then you need to enable their default install rollout policies (SMP Console -> Settings -> All Settings -> expand "Agents/plug-ins" folder -> find there required install rollout policy and enable it.
2. For assessment problem, could you please open SMA UI by mouse double click on its tray icon, on agent settings tab enable "Trace", "Verbose" logging, now go to 'Software delivery" tab of SMA UI and manually start windows assessment scan task, once it will fail, please gather all logs from C:\ProgramData\Symantec\Symantec Agent\Logs" and send them to me via private message.
Thanks,
IP.
------------------------------
Software QA Engineer
Broadcom Inc.
------------------------------
Original Message:
Sent: 11-12-2020 12:51 PM
From: Hagai Nachmani
Subject: multiple machines with agent issue (Patch Assesment)
Difference between machine that is counted well to a machine that the software is showing as "missing FoxIT" (but actually the software there), is in the agents plugin:
Good:
Bad:
How to do I Push all needed plugins to all windows machines so they will be the same?
Tnx,
Hagai
Original Message:
Sent: 11/12/2020 12:29:00 PM
From: Hagai Nachmani
Subject: RE: multiple machines with agent issue (Patch Assesment)
Hi Igor,
I have the needed software I require.
I only gave FoxIT as an example. All packages are updated to the latest.
We are working on a self-created query (that's why I wanted to rule it out, since nothing changed in it) – that goes to the ADD/Remove and see if machine has a specific software installed or not.
All worked great.
Since I updated to RU4 I didn't add many additional devices until last week. Where I added more.
Now some of these new agent installations (about 50%) are not getting the software item from the add/remove, even that it's really is included there (and on other machines, same model, same OS, so segment network, so everything is does work).
So I suspect that ITMS, since the rest is identical.
I was hoping it's an "easy fix", but
Tnx,
Hagai
Original Message:
Sent: 11/12/2020 12:13:00 PM
From: Igor Perevozchikov
Subject: RE: multiple machines with agent issue (Patch Assesment)
I see that at least what is shown on screenshot "Import Patch Data for Windows", there is no any vendor/update checked to be imported.
Make sure that you have checked required vendor checkbox, saved changes and run PM import task, then after PMImport task, clients will download latest ready assessment package and should execute assesment scan.
------------------------------
Software QA Engineer
Broadcom Inc.
Original Message:
Sent: 11-12-2020 12:07 PM
From: Hagai Nachmani
Subject: multiple machines with agent issue (Patch Assesment)
Yes, sorry, was a long day... lol.
I located it and tried. Same result.
Regarding the certificates, I have no idea, since I never needed to install any certificate on any of the devices before.
Machines have internet, but only 1 NIC and works fine (no dual networks or something). Agent looks to be "green and active" or some of the machines (not all of them are "yellow warning" ) – and yet every time I try to scan, it fails.
Even when manually pushing an inventory from the NS side to a machine, if immediately fails (but agent on machine is now green ... ) I'm loss for words.. :
Hope I miss something stupid and small that can be resolved with a small "checkbox" that you will be able to notice.
Tnx,
Hagai
Original Message:
Sent: 11/12/2020 11:52:00 AM
From: Igor Perevozchikov
Subject: RE: multiple machines with agent issue (Patch Assesment)
1. Your client computers where assessment scan fails, have required certificates mention in KB? Computers have an internet connection or they are only in intranet?
2. KB mentions to clone "Windows Assessment Scan" task and change there to run by (not a Windows assessment scan policy you mentioned)
Jobs and tasks -> expand "Software" folder -> Patch Management -> there should be a windows assessment scan
3. When last PMImport refresh/import task was done on your NS server? SMP Console -> Home -> Patch Management ->
------------------------------
Software QA Engineer
Broadcom Inc.
Original Message:
Sent: 11-12-2020 11:08 AM
From: Hagai Nachmani
Subject: multiple machines with agent issue (Patch Assesment)
Hi Igor,
Am I missing something again? , in the advance tab as shown in the KB below, is specifically says to choose a user.
Where is the user/pass? (tried with a clone task as well.. same result) :
All I see is start/end dates.
Tnx,
Hagai
Original Message:
Sent: 11/12/2020 10:23:00 AM
From: Hagai Nachmani
Subject: RE: multiple machines with agent issue (Patch Assesment)
Hi Igor!
Thank you!
Trying it immediately. ��
Fingers crossed...
Tnx,
Hagai
Original Message:
Sent: 11/12/2020 10:19:00 AM
From: Igor Perevozchikov
Subject: RE: multiple machines with agent issue (Patch Assesment)
Hi Hagai!
Please check this KB with solution:
https://knowledge.broadcom.com/external/article/174087/run-system-assessment-scan-on-windows-co.html
Thanks,
IP.
------------------------------
Software QA Engineer
Broadcom Inc.
Original Message:
Sent: 11-12-2020 09:19 AM
From: Hagai Nachmani
Subject: multiple machines with agent issue (Patch Assesment)
Hi Experts, please help! :
I have a 100 windows machines that I installed a software version on them (let's say "FoxIT reader) with a new version, but inventory from those machines keep telling me that the software is missing on them.
I've tried to "update configuration", "basic inventory" , I waited for the full software daily inventory, but nothing changed.
when I login to one of these machines, I see the following error and picture:
Patch Assessment Scan Failed. Please Check Symantec Management Agent logs for details.
I have enough licenses (I checked), I've tried to reinstall the agent from scratch, same result).
What am I missing? how can I align these machine to show accurate info on installed software on them?
Also made sure that "Windows Patch Remediation Settings" are configured properly (found another thread suggesting it):
What am I missing??? I don't understand what do I require to update...
should I refresh any settings or configuration somehow? is there a self test / check that can heal these machines and bring them back to active proper inventory state?
Please help,
Could someone please tell me how to resolve this?
Hagai