Patch Management Solution

I have a parent and a child NS in hierarchy. The child NS doesn't have access to the internet.
Everything works except download of patch packages. Filters, Policy and software packages are downloaded from the parent.

The replication of import patch data works and the Windows System Assessment scan are running on the clients on the child NS.
The compliance report show missing patches on the child NS, but there are no packages downloaded from the parent NS - even that there are policy enabled to install.
On the child NS its trying to download the patches from the internet - instead of downloading it from the parent. 

On the child agents. Software Updates show all patches downloaded on the parent NS are listed as pending.

What is the problem? 

Hi Steen,
this is by design - Patch Management solution doesn't replicate software update binaries from parent to child, they are downloaded from the software vendor directly by the child Notification Server.
From Patch Management documentation: "Replicating software update policies does not replicate the actual software update files. Child Notification Server computers download the needed software update files from the vendor." -- https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/ITMS/Related-Solutions/Patch-Management-for-Windows/Replicating-Patch-Management-Solution-for-Windows-Data-in-Hierarchy/replicating-a-software-update-policy-v14285895-d840e4088.html#v14285895.
Original Message:
Sent: Jan 10, 2023 04:02 PM
From: Steen Bogoe
Subject: Patch problems in hierarchy

I have a parent and a child NS in hierarchy. The child NS doesn't have access to the internet.
Everything works except download of patch packages. Filters, Policy and software packages are downloaded from the parent.

The replication of import patch data works and the Windows System Assessment scan are running on the clients on the child NS.
The compliance report show missing patches on the child NS, but there are no packages downloaded from the parent NS - even that there are policy enabled to install.
On the child NS its trying to download the patches from the internet - instead of downloading it from the parent.

On the child agents. Software Updates show all patches downloaded on the parent NS are listed as pending.

What is the problem?

Hi Dmitri

Thanks for the info. I couldn't read it from the KB's, so I thought the download would works as software packages.
Original Message:
Sent: Jan 10, 2023 06:13 PM
From: Dmitri Gornev
Subject: Patch problems in hierarchy

Hi Steen,
this is by design - Patch Management solution doesn't replicate software update binaries from parent to child, they are downloaded from the software vendor directly by the child Notification Server.
From Patch Management documentation: "Replicating software update policies does not replicate the actual software update files. Child Notification Server computers download the needed software update files from the vendor." -- https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/ITMS/Related-Solutions/Patch-Management-for-Windows/Replicating-Patch-Management-Solution-for-Windows-Data-in-Hierarchy/replicating-a-software-update-policy-v14285895-d840e4088.html#v14285895.
Original Message:
Sent: Jan 10, 2023 04:02 PM
From: Steen Bogoe
Subject: Patch problems in hierarchy

I have a parent and a child NS in hierarchy. The child NS doesn't have access to the internet.
Everything works except download of patch packages. Filters, Policy and software packages are downloaded from the parent.

The replication of import patch data works and the Windows System Assessment scan are running on the clients on the child NS.
The compliance report show missing patches on the child NS, but there are no packages downloaded from the parent NS - even that there are policy enabled to install.
On the child NS its trying to download the patches from the internet - instead of downloading it from the parent.

On the child agents. Software Updates show all patches downloaded on the parent NS are listed as pending.

What is the problem?

You may check the following workaround for Patch Management solution on Notification servers that don't have the Internet access (you would need only steps related to software update binaries): https://knowledge.broadcom.com/external/article/180645/configuring-patch-management-8x-to-opera.html
Original Message:
Sent: Jan 10, 2023 04:02 PM
From: Steen Bogoe
Subject: Patch problems in hierarchy

I have a parent and a child NS in hierarchy. The child NS doesn't have access to the internet.
Everything works except download of patch packages. Filters, Policy and software packages are downloaded from the parent.

The replication of import patch data works and the Windows System Assessment scan are running on the clients on the child NS.
The compliance report show missing patches on the child NS, but there are no packages downloaded from the parent NS - even that there are policy enabled to install.
On the child NS its trying to download the patches from the internet - instead of downloading it from the parent.

On the child agents. Software Updates show all patches downloaded on the parent NS are listed as pending.

What is the problem?