Quantcast
Channel: Shavlik User Community : All Content - Ivanti Patch for Windows
Viewing all 2126 articles
Browse latest View live

Support for Non-Security Patch MSNS18-01-4078130 / Q4078130 to disable mitigation against CVE-2017-5715

January 29, 2018, 1:59 pm
$
0
0

Overview

This update, Q4078130, was removed from our data on 10/08/2018. If mitigation of this vulnerability needs to be disabled, please deploy Q4072698U (Security Tool) to needed machines.

Microsoft has released a Critical Update KB4078130 to disable mitigation against CVE-2017-5715.

We highly recommend reading this Microsoft article: Update to disable mitigation against Spectre, Variant 2

MSNS18-01-4078130 / Q4078130 is a Critical Non-Security Patch that will disable the fix for variant 2 for stability issues.  You must reboot after installing the patch for it to apply on the system.

 

Additional Information

 

The Security Tool IVA18-001 ADV180002 will enable the fix again:Security Tool: Implement registry keys per Windows Server guidance to protect against speculative execution side-channel vulnerabilities

 

Affected Products

 

Ivanti Patch for Windows Servers 9.3

Search

Patch metadata out of date

October 17, 2018, 10:04 am
$
0
0

I have an offline deployment of Patch for Windows that I am managing.  Currently I have several clients that have Google Chrome installed (v69.0.3497.100) and P4W is saying that they are missing the 69.0.3497.92 update (bulletin CHROME-234), which is an older version than what is installed.  I've looked in the list of patches and it does not list v69.0.3497.100 anywhere (should be bulletin CHROME-235).  I've gone over to our online server and performed a Refresh Files to download the latest patch data, and this update still does not show up.  Since the .100 update came out a month ago, I am now wondering what other updates have not been added to the patch files.  Is there a way to force the availability of these updates without having to create a custom patch?

Two questions about Patches - Push or pull

October 18, 2018, 7:39 am
$
0
0

Hi. I got two questions about Ivanti Patch for windows servers. Patches - Push or pull - just to be clear.

  1. Does IPM zip or compress the patches and send to the Servers/Distribution Points?
  2. Does IPM push the patches to Servers/Distribution Points or does the Servers pull the patches?
  3. Similarly, how does the mechanism works from Distribution Points to Servers?

/Mike

Patching FileZilla Updates in Patch for Windows Servers

September 27, 2018, 9:34 am
$
0
0

Purpose

 

The purpose of this document is to outline the issues surrounding FileZilla updates particularly related to the downloading of the patch files from the vendor.

 

Cause

 

Changes from the vendor, Filezilla, has caused downloads of the updates not from a Web browser to fail with an error 403 authentication error. From review, the cause is the lack of user token authentication as updates downloaded through Patch for Windows are done on behalf of a user or system account, not as the actual user. Additional findings have shown the direct download links to also reroute to the main Filezilla site versus downloading the actual installer.

 

Resolution

 

The current workaround to this issue can be found in this document: How To: Supply and Deploy Patches That Can Not Be Downloaded

 

Affected Product

 

Patch for Windows Servers 9.3

Certificate Verification Failed With Error : -2146762748

October 28, 2013, 10:09 pm
$
0
0

Symptom

 

STAgentUpdater.log

WinTrustVerifier.cpp:195 Certificate verification failed with error : -2146762748

 

certificate issue.PNG

 

Cause

 

The OS is unable to verify the digital signature. The specific error is -2146762748 which is a Mircosoft error that translates to "The subject is not trusted for the specified action"

 

Resolution

 

1) Update the Root Certificate on the client machine. You can update it manually or run a scan with Security Tools enabled against it. It's going to be MSRC-001 or MSRC-002.

2) It's possible the System Account (used to run the agent services) is having issues on the machine. You could attempt to run the agent services as a domain account as a test.

 

Updated:

3) it is also possible that computers were missing root CA cert VeriSign Universal Root Certification Authority. While Windows was attempting to connect to Microsoft Update to obtain this cert automatically during update install and failing. Allowing ctldl.windowsupdate.com through the firewall and network security appliances, the issue could also be corrected.

Automatically add new machines to a group

October 22, 2018, 6:42 am
$
0
0

Hello everyone,

 

I am looking for a solution to automatically add new machines to a group.

Assuming that the new machines have no agent to install, I would like to add machines that are detected without agents during scans, in a particular group.

 

Do you have any idea? Maybe a script?

 

Thank you in advance !

Running -Get Date and Time -gives console local time

October 23, 2018, 2:00 am
$
0
0

Hi

When I'm running ITScript - Get date and time I only getting same time as my console!

Running Powershell on local console (sweden)
Current time at AAAA is 10/23/2018 10:52:17 AM

Running Powershell on remote server (Iran)

Local time (GMT+03:30) at \\BBBB is 10/23/2018 12:21:49 PM

(Yes it is a shift for summertime stillin sweden)

 

But when running ITScript - Get date and Time it gives me Local console time!!? Why?

 

BBBB1 0/23/2018 10:56:44 AM OU_IR -2- (Iran) UTC+3.5 10.99.1.13 Complete: 10/23/2018 10:56:41 AM

 

Best regard / Mike

Push a vbs file with Shavlik protect standard

June 12, 2017, 6:48 am
$
0
0

Good morning ,

 

i'm new in your community,

i need help or advice to deploy a vbs file with shalik.

I did test in push to call but he vbs did not start.

 

Do you have a solution ?

 

Thank you for you help.

 

Best regards

Search

Patch for Windows / Powershell: Detailed Scan and deploy results.

October 23, 2018, 7:39 am
$
0
0

I developed serveral powershell scripts to scan and deploy Windows patches.   Thus far the only very general information is being gathered.  Is there a method to report on the patches found missing and a listing of the deployed patches?

 

 

Example transaction script output:   What I can not seem to output is the listing of patches.   It seems I need to run a report for that information.

 

Scan Starting .........................

 

Name         : API - n.n.n.n

StartedOn    : 8/29/2018 2:58:46 PM

TemplateName : Dechert - Full Scan

Uid          : 938f3cee-720e-4705-a9b3-253939cba097

 

Name                 Elapsed    Ended On             Expected   Completed  Is

                     Time                            Machines   Machines   Complete

----                 ---------- --------             ---------- ---------- ----------

API - n.n.n.n   0:01:32    8/29/2018 11:00 AM   1          1          True

 

 

Name                 Installed  Missing    Missing SP Completed On         Error

                     Patches    Patches

----                 ---------- ---------- ---------- ------------         -----

xxxxxxxxxxx     542        35         0          8/29/2018 11:00 AM

 

 

Name                 Elapsed    Ended On             Expected   Completed  Is

                     Time                            Machines   Machines   Complete

----                 ---------- --------             ---------- ---------- ----------

API - n.n.n.n   0:01:32    8/29/2018 11:00 AM   1          1          True

 

Name                 Installed  Missing    Missing SP Completed On         Error

                     Patches    Patches

----                 ---------- ---------- ---------- ------------         -----

xxxxxxxxxx     542        35         0          8/29/2018 11:00 AM

 

 

 

ScanUID : 938f3cee-720e-4705-a9b3-253939cba097

Machines : 1

Update : 8/29/2018 3:00:23 PM

Complete: True

The scan took hh:mm to complete:  0:2

.

.

Scan Finished,

Deploy Starts  .........................

Deploy UID : 5ce68ec8-2639-4060-8125-369f0ef28080

 

 

Name                 Elapsed    Ended On             Expected   Completed  Is

                     Time                            Machines   Machines   Complete

----                 ---------- --------             ---------- ---------- ----------

Standard with Off... 0:40:54    8/29/2018 11:41 AM   1          1          True

 

Name                 Address         Overall State  Status                 Last Updated         Error Code

----                 -------         -------------  ------                 ------------         ----------

xxxxxxxxxx     n.n.n.n    Complete       Finished               8/29/2018 11:41 AM

 

 

Name                 Elapsed    Ended On             Expected   Completed  Is

                     Time                            Machines   Machines   Complete

----                 ---------- --------             ---------- ---------- ----------

Standard with Off... 0:40:54    8/29/2018 11:41 AM   1          1          True

 

 

 

Name                 Address         Overall State  Status                 Last Updated         Error Code

----                 -------         -------------  ------                 ------------         ----------

xxxxxxxxxx     n.n.n.n   Complete       Finished               8/29/2018 11:41 AM

 

 

The scan and deploy took hh:mm to complete:  0:43

Integrations for Patch for Windows and vRO

October 23, 2018, 7:44 am
$
0
0

I am now using vmware vRO to develop server deployment workflows.  Has anyone developed a method to integrate patch management with an orchestration product?

Java 192 < 191

October 23, 2018, 3:37 pm
$
0
0

If I scan a machine that has Java 8 version 192 installed, it gets flagged as needing version 191 because 8.0.192.12 < 8.0.1910.12.

 

strfinfo javaw.exe returns "ProductVersion=8.0.1920.12"

 

but getvers javaw.exe returns "javaw.exe Version: 8,0,192,12"

 

Getvers is an old (2006) program; I don't know where I got it.  The point is, two programs here return 192 or 1920 which suggests the version info might be in more than one place in the file and the two places might not agree.

 

Ivanti Patch for Windows® Servers Standard 9.3.0 Build 4510

Definition version is 2.0.2.6245.

Disabling TLS 1.0 may causes issues with Protect and Patch for Windows Servers

October 7, 2016, 8:39 am
$
0
0

Purpose

 

The purpose of this article is to go over the issues that may arise when TLS 1.0 is disabled in the environment and how to get Shavlik Protect and Patch for Windows Servers to work with TLS 1.2.

 

Symptoms

 

Per PCI requirements, all SCHANNEL protocols are vulnerable, except for TLS 1.2. Organizations may already have a GPO in place to disable all the protocols, except for TLS 1.2 (namely SSLV2, SSLV3, TLS1.1, and TLS1.0). Issues that can arise when these channels are disabled include:

 

  • Deployment Tracker gets stuck at Scheduled or Executing when deploying to target machines.
  • Agent installation gets stuck at 50%
  • Connection to Shavlik Protect SQL database cannot be established:
Attempting to recover from a broken connection in the database connection pool. Attempt: 1, connection state: Closed, error: System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - No process is on the other end of the pipe.) ---> System.ComponentModel.Win32Exception (0x80004005): No process is on the other end of the pipe
  • Commands to Shavlik Protect Agents are unsuccessful - Agents did not respond:
System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://consolename.FQDN:3121/ST/Console/STS/ConsoleSTS. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
  • Cannot download patches from vendors:
The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

 

Cause

 

No secure communication channel can be established, either because no form of TLS is enabled, or whatever is enabled is not properly configured.

 

Resolution

 

You must either enable TLS 1.0 or configure TLS 1.2 correctly using Enabling TLS 1.2 for Shavlik Protect and Ivanti Patch for Windows.

 

Affected Product(s)

 

Ivanti Patch for Windows Servers 9.3

Shavlik Protect 9.x

Understanding installer return codes

April 30, 2014, 7:00 am
$
0
0

Purpose

 

This document will list common install return code errors from the vendor and possible solutions to the error.

 

Overview

 

Protect and Patch for Windows Servers (PWS) track patch deployment progress.  The View > Deployment Tracker (F9) will display the final status of the install attempt and display the return code from the vendor.

 

As an example return code 0 is success and return code 3010 is reboot required, but there are many other codes that can help troubleshoot patch install issues.

This isn't a comprehensive list. Our suggestion is to use your favorite search tool if the code isn't listed here.

For instance, the return code 2147483647 isn't listed here. Searching Google for return code 2147483647 will often provide results that help troubleshoot the issue.

 

MsiExec.exe and InstMsi.exe Error Messages

Error Value

Error code

Description

0

ERROR_SUCCESS

The action completed successfully.

13

ERROR_INVALID_DATA

The data is invalid.

87

ERROR_INVALID_PARAMETER

One of the parameters was invalid.

120

ERROR_CALL_NOT_IMPLEMENTED

This value is returned when a custom action attempts to call a function that cannot be called from custom actions. The function returns the value ERROR_CALL_NOT_IMPLEMENTED. Available beginning with Windows Installer version 3.0.

1259

ERROR_APPHELP_BLOCK

If Windows Installer determines a product may be incompatible with the current operating system, it displays a dialog box informing the user and asking whether to try to install anyway. This error code is returned if the user chooses not to try the installation.

1601

ERROR_INSTALL_SERVICE_FAILURE

The Windows Installer service could not be accessed. Contact your support personnel to verify that the Windows Installer service is properly registered.

1602

ERROR_INSTALL_USEREXIT

The user cancels installation.

1603

ERROR_INSTALL_FAILURE

A fatal error occurred during installation.

1604

ERROR_INSTALL_SUSPEND

Installation suspended, incomplete.

1605

ERROR_UNKNOWN_PRODUCT

This action is only valid for products that are currently installed.

1606

ERROR_UNKNOWN_FEATURE

The feature identifier is not registered.

1607

ERROR_UNKNOWN_COMPONENT

The component identifier is not registered.

1608

ERROR_UNKNOWN_PROPERTY

This is an unknown property.

1609

ERROR_INVALID_HANDLE_STATE

The handle is in an invalid state.

1610

ERROR_BAD_CONFIGURATION

The configuration data for this product is corrupt. Contact your support personnel.

1611

ERROR_INDEX_ABSENT

The component qualifier not present.

1612

ERROR_INSTALL_SOURCE_ABSENT

The installation source for this product is not available. Verify that the source exists and that you can access it.

1613

ERROR_INSTALL_PACKAGE_VERSION

This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

1614

ERROR_PRODUCT_UNINSTALLED

The product is uninstalled.

1615

ERROR_BAD_QUERY_SYNTAX

The SQL query syntax is invalid or unsupported.

1616

ERROR_INVALID_FIELD

The record field does not exist.

1618 / 1619

ERROR_INSTALL_ALREADY_RUNNING

ERROR_INSTALL_PACKAGE_OPEN_FAILED

Another installation is already in progress. Complete that installation before proceeding with this install.

For information about the mutex, see _MSIExecute Mutex.

This installation package could not be opened. Verify that the package exists and is accessible, or contact the application vendor to verify that this is a valid Windows Installer package.

1620

ERROR_INSTALL_PACKAGE_INVALID

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

1621

ERROR_INSTALL_UI_FAILURE

There was an error starting the Windows Installer service user interface. Contact your support personnel.

1622

ERROR_INSTALL_LOG_FAILURE

There was an error opening installation log file. Verify that the specified log file location exists and is writable.

1623

ERROR_INSTALL_LANGUAGE_UNSUPPORTED

This language of this installation package is not supported by your system.

1624

ERROR_INSTALL_TRANSFORM_FAILURE

There was an error applying transforms. Verify that the specified transform paths are valid.

1625

ERROR_INSTALL_PACKAGE_REJECTED

This installation is forbidden by system policy. Contact your system administrator.

1626

ERROR_FUNCTION_NOT_CALLED

The function could not be executed.

1627

ERROR_FUNCTION_FAILED

The function failed during execution.

1628

ERROR_INVALID_TABLE

An invalid or unknown table was specified.

1629

ERROR_DATATYPE_MISMATCH

The data supplied is the wrong type.

1630

ERROR_UNSUPPORTED_TYPE

Data of this type is not supported.

1631

ERROR_CREATE_FAILED

The Windows Installer service failed to start. Contact your support personnel.

1632

ERROR_INSTALL_TEMP_UNWRITABLE

The Temp folder is either full or inaccessible. Verify that the Temp folder exists and that you can write to it.

1633

ERROR_INSTALL_PLATFORM_UNSUPPORTED

This installation package is not supported on this platform. Contact your application vendor.

1634

ERROR_INSTALL_NOTUSED

Component is not used on this machine.

1635

ERROR_PATCH_PACKAGE_OPEN_FAILED

This patch package could not be opened. Verify that the patch package exists and is accessible, or contact the application vendor to verify that this is a valid Windows Installer patch package.

1636

ERROR_PATCH_PACKAGE_INVALID

This patch package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer patch package.

1637

ERROR_PATCH_PACKAGE_UNSUPPORTED

This patch package cannot be processed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

1638

ERROR_PRODUCT_VERSION

Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs in Control Panel.

1639

ERROR_INVALID_COMMAND_LINE

Invalid command line argument. Consult the Windows Installer SDK for detailed command-line help.

1640

ERROR_INSTALL_REMOTE_DISALLOWED

The current user is not permitted to perform installations from a client session of a server running the Terminal Server role service.

1641

ERROR_SUCCESS_REBOOT_INITIATED

The installer has initiated a restart. This message is indicative of a success.

1642

ERROR_PATCH_TARGET_NOT_FOUND

The installer cannot install the upgrade patch because the program being upgraded may be missing or the upgrade patch updates a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch.

1643

ERROR_PATCH_PACKAGE_REJECTED

The patch package is not permitted by system policy.

1644

ERROR_INSTALL_TRANSFORM_REJECTED

One or more customizations are not permitted by system policy.

1645

ERROR_INSTALL_REMOTE_PROHIBITED

Windows Installer does not permit installation from a Remote Desktop Connection.

1646

ERROR_PATCH_REMOVAL_UNSUPPORTED

The patch package is not a removable patch package. Available beginning with Windows Installer version 3.0.

1647

ERROR_UNKNOWN_PATCH

The patch is not applied to this product. Available beginning with Windows Installer version 3.0.

1648

ERROR_PATCH_NO_SEQUENCE

No valid sequence could be found for the set of patches. Available beginning with Windows Installer version 3.0.

1649

ERROR_PATCH_REMOVAL_DISALLOWED

Patch removal was disallowed by policy. Available beginning with Windows Installer version 3.0.

1650

ERROR_INVALID_PATCH_XML

The XML patch data is invalid. Available beginning with Windows Installer version 3.0.

1651

ERROR_PATCH_MANAGED_ADVERTISED_PRODUCT

Administrative user failed to apply patch for a per-user managed or a per-machine application that is in advertise state. Available beginning with Windows Installer version 3.0.

1652

ERROR_INSTALL_SERVICE_SAFEBOOT

Windows Installer is not accessible when the computer is in Safe Mode. Exit Safe Mode and try again or try using System Restore to return your computer to a previous state. Available beginning with Windows Installer version 4.0.

1653

ERROR_ROLLBACK_DISABLED

Could not perform a multiple-package transaction because rollback has been disabled. Multiple-Package Installations cannot run if rollback is disabled. Available beginning with Windows Installer version 4.5.

1654

ERROR_INSTALL_REJECTED

The app that you are trying to run is not supported on this version of Windows. A Windows Installer package, patch, or transform that has not been signed by Microsoft cannot be installed on an ARM computer.

3010

ERROR_SUCCESS_REBOOT_REQUIRED

A restart is required to complete the install. This message is indicative of a success. This does not include installs where the ForceReboot action is run.

 

Adobe Update Errors

Error

Title

Solution

1067

Update failed. The process terminated unexpectedly.

Try downloading Reader directly from this page.

1309

Error attempting to open the source file:

See Error 1321 or 1309 | Install | CS4, CS5 | Windows

C:\Windows\system32\Macromed\Flash\FlashPlayerTrust\AcrobatConnect.cfg.

1310

Error writing to file: C:\Config.Msi.... Verify that you have access to that directory.

See Error "1310: Error writing to file: C:\Config.Msi..." | CS4 products

1311

Could not locate source file cabinet: [filename].

See Error 1311, 1335, or 2350 "Source file not found...data1.cab" when installing Adobe products | Windows

1321

The Installer has insufficient privileges to modify this file: c:\Windows\system32\Macromed\Flash\FlashPlayerTrust\AcrobatConnect.cfg.

See http://kb2.adobe.com/cps/403/kb403915.html.

1327

Invalid drive

See Error 1327 | "Invalid Drive" | Install | CS4, CS5, Acrobat, Reader

Alternative solution: This error sometimes appears when a drive is mapped for the user and the installer is running in a system context. Change the access permissions on the network folder to “write” for everyone to the shared folder or drive.

1328

Error applying patch to [filename]. It's likely that something else updated the file, and the patch can't modify it. For more information, contact your patch vendor.

A file has changed or is missing. Uninstall and reinstall the program.

1335

The cabinet file '[filename]' required for this installation is corrupt and cannot be used. This error could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

The source cabinet is corrupt. See http://msdn.microsoft.com/en-us/library/aa372835(VS.85).aspx. 

1401, 1402, 1404, 1406

Could not [perform some action] for [key or value].

These errors occur when the Windows installer cannot successfully modify the registry. Quick solutions:

Repair the current program installation using Add/Remove Programs in the Control Panel.

Log in as administrator and access the appropriate registry key:

(Acrobat) HKLM\Software\Adobe\Acrobat

(Reader) Reader\<version> HKCU\Software\Adobe\Acrobat Reader\<version>

Update the program again.

See also:

Error 1402 | Error 1406 | Acrobat, Reader

1500

Another installation is already in progress. Complete that install before proceeding with this installation.

See Error 1704 or 1500 | Install, remove | CS4 | Windows

1601

Out of disk space

Please ensure that you have enough disk space on your primary disk and update again.

1603

A fatal error occurred during installation

Shut down Microsoft Office and all web browsers. Then, in Acrobat or Reader, choose Help > Check for Updates.

or

See also Error 1603 | Install | CS3, CS4 products

#_AdobeError_#1603

1606

Could not access network location

Try using the Microsoft Fix it wizard, available at support.microsoft.com/kb/886549. This wizard updates the Windows registry.

Disclaimer: Adobe does not support third-party software and provides this information as a courtesy only.

If you cannot resolve the problem after using the Fix it wizard, see the solutions in Error 1606 | Install | Acrobat 8, 9 | CS4

1612,

The installation source for this product is not available. Verify that the source exists and that you can access it.

Try using the Microsoft Fix it wizard, available at http://support.microsoft.com/kb/971187. The wizard updates the Windows registry so that you can usually uninstall previous versions of the program, or install or update the current version successfully.

 

Error codes for Office update packages

Value

Error message

0

Success

17301

Error: General Detection error

17302

Error: Applying patch

17303

Error: Extracting file

17021

Error: Creating temp folder

17022

Success: Reboot flag set

17023

Error: User cancelled installation

17024

Error: Creating folder failed

17025

Patch already installed

17026

Patch already installed to admin installation

17027

Installation source requires full file update

17028

No product installed for contained patch

17029

Patch failed to install

17030

Detection: Invalid CIF format

17031

Detection: Invalid baseline

17034

Error: Required patch does not apply to the machine

17038

You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.

17044

Installer was unable to run detection for this package.

17048

This installation requires Windows Installer 3.1 or greater.

 

Downloads

 

Affected Product(s)

 

Shavlik Protect 9.x

Ivanti Patch for Windows Servers 9.3.x+

Understanding the affect a Patch Group can have on patch supersedence in patch scans

December 31, 2012, 11:00 pm
$
0
0

Purpose

 

This article provides information the affect a Patch Group can have on patch supersedence.

 

Description

 

Shavlik Protect filters out patches that have been superseded by later patches and shows only the latest applicable patch that is missing.

For example, MS03-026 is superseded by MS03-039, which is superseded by MS04-012. MS04-012 does not require MS03-026 or MS03-039 to be installed. So, Shavlik Protect shows that only MS04-012 must be installed.
When using Patch Groups, you force Shavlik Protect to scan for every patch included in your list even if the patch is replaced by a newer patch.  In some rare cases, it can cause superseded patches to be detected as missing even if a newer patch replaces it.

 

Resolution

 

  • In some cases, our Content Team can workaround the issue in our data. For this reason, highly recommend all customers open a case with support:  Support Portal
  • If the Content Team is unable to correct this, the workaround would be to remove the affected patches from the Patch Group.

 

Additional Information

 

For more information on patch supersedence, in Shavlik Protect, go to Help> Index> Search.  Search for:Determining Patch Replacements

 

When using a patch group that is empty as a baseline in your patch scan template the patch scan template will give results similar to the Security Patch scan template.

Affected Product(s)

 

Shavlik Protect 9.x

How To: Run a Diagnostic Patch Scan When Unable to Perform a DPDTrace

August 11, 2017, 8:55 am
$
0
0

Purpose

 

The purpose of this document is to instruct how to run a diagnostic patch scan when you are unable to perform a DPDTrace for a detection issue.

 

 

Overview

 

  1. Go to Tools > Options > Logging in your console and set the Logging Levels to "All" and check the "Diagnostic patch scanning" checkbox.
     Note as the message below the Diagnostic option says, you should only turn this option on at the request of Support.

 

  2. Save your changes and select to restart the service now then close your console, then stop the Ivanti Patch for Windows Servers Console Service.

  

 

   3. Go to C:\ProgramData\LANDESK\Shavlik Protect\Logs and delete or move the contents of the directory.

 

    

   
  4. Restart the console service from step 2 and then open your console and scan the machine that Support has requested the diagnostic scan for using the scan template that Support specifies. For instance, if the problem patch on the machine is a security patch, you would use the security patch scan template.

Scan Results.PNG

 

   5. Save a screenshot of your scan results (similar to the screenshot above showing the machine name, definition date, scan template, Bulletin ID, and Qnumber of the patch having the issue).

 

   6. Go to Tools > Options > Logging and uncheck the Diagnostic Patch scanning checkbox and save your changes.

 

   7. Zip up the contents of the C:\ProgramData\LANDESK\Shavlik Protect\Logs folder.

 

   8. Send the zipped Logs folder from step 7 and the screenshot from step 5 to Support.

 

 

Additional Information

 

You will still need to obtain Registry Exports from the problem client machine to send to Support along with the Diagnostic Patch Scan or DPDTrace. You will find instructions for obtaining these Registry Exports here Batch File for Obtaining Registry Exports for Detection Related Issues

 

 

Affected Products

 

Ivanti Patch for Windows Servers 9.3

Search

How to: Add patches released between specifics dates to a Patch Group using PowerShell and the API feature

March 16, 2018, 5:59 am
$
0
0

Purpose

 

This document contains instructions on how to add patches released between specifics dates to a Patch Group using PowerShell and the API feature.

 

Overview

 

Basic Instructions:

 

     1. Download AddPatchesToPatchGroupUsingDateRange.zip from this document. (download link)

     2. Extract the contents of the .zip file to a folder on the console server.

     3. Read Disclaimer.txt.

     4. Open PowerShell as an administrator.

     5. Change directory to the extracted location.

     6. Execute the following to get help. This will provide parameters and instructions on how to use the PowerShell script.

 

Get-Help .\AddPatchesToPatchGroupUsingDateRange.ps1 -full

 

Examples:

 

Add all patches released between two dates.

.\AddPatchesToPatchGroupUsingDateRange.ps1 "Test" "1/1/2018" "1/31/2018" "ServerName\SQLInstance" "MyDatabase"

 

Add all patches released within the last 30 days.

.\AddPatchesToPatchGroupUsingDateRange.ps1 "Test" ((Get-Date).AddDays(-30)) (Get-Date) "ServerName\SQLInstance" "MyDatabase"

 

Add security and non-security patches released within the last 30 days

.\AddPatchesToPatchGroupUsingDateRange.ps1 "Test" ((Get-Date).AddDays(-30)) (Get-Date) "ServerName\SQLInstance" "MyDatabase" "0, 1, 4"

 

Add .NET and Java patches released within the last 30 days

.\AddPatchesToPatchGroupUsingDateRange.ps1 "Test" ((Get-Date).AddDays(-30)) (Get-Date) "ServerName\SQLInstance" "MyDatabase" -productList ".net|Java"

 

Add all patches except .NET and Java released within the last 30 days

.\AddPatchesToPatchGroupUsingDateRange.ps1 "Test" ((Get-Date).AddDays(-30)) (Get-Date) "ServerName\SQLInstance" "MyDatabase" -productList ".net|Java" -excludeProductList

 

Additional Information

 

API Quick Start Guide

 

Affect Product

 

Ivanti Patch for Windows Servers

Does anybody knows if PFW will work for multiple machines with the same UUID?

October 30, 2018, 11:36 pm
$
0
0

As titled. Does anybody knows if PFW will work for multiple machines with the same UUID? What's the patching logic like for such scenarios and what's the license count like? Thank you.

Is there a way that we can save a update scan and deployment scan that we can use for different environments. Like a patch group but then still the same patches

November 1, 2018, 1:18 am
$
0
0

We have a test environment and a Production environment that are the same

We clone the production to the test and want to update this environment with the latest updates after that we need 3 weeks to test all the applications if it works then we need the same updates/patches for the production

we have to save the updates like a group or something because we need to install the same patches in de Production environment

 

We don't want to install new updates in de production environment because we haven't test the applications in it.

 

Is this possible with Ivanti?

Dpdtrace Tool Fails to Scan Target Machine With: Could Not Download File (.\Windowspatchdata.Zip) from Uri 'Http://Xml.Shavlik.Com/Data/Windowspatchdata.Zip

April 18, 2016, 9:02 am
$
0
0

Purpose


This document provides guidance to running a DPDTrace on servers with no internet connectivity or other issues preventing the download of WindowsPatchData.zip data file.  This file is need when using the 9.2 scan engine in the DPDTrace Tool.


Description


You attempt to run a DPDTrace following the instructions from this document:  DPDTrace Logging Tool Used For Patch Detection Issues

The DPDTrace fails to scan the target machine with this error in the ErrorA.txt file:  Could not download file (.\WindowsPatchData.zip) from URI 'http://xml.shavlik.com/data/WindowsPatchData.zip


Cause


The DPDTrace tool is unable to download the WindowsPatchData.zip file from the internet.  This could be caused by no internet connection, firewall, proxy or some other setting/device on your network/server.


Resolution

 

 

Additional Information


This issue may also be related toDPDTrace Tool Fails To Scan Target Machine With: Could not download file (.\hf7b.xml) from URI 'http://xml.shavlik.com/data/hf7b.xml


Affected Product(s)

 

DPDTrace Tool: DPDTrace command line logging tool used for patch detection issues

Integrations for Patch for Windows and vRO

October 23, 2018, 7:44 am
$
0
0

I am now using vmware vRO to develop server deployment workflows.  Has anyone developed a method to integrate patch management with an orchestration product?

Viewing all 2126 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>