The attached .bat file is designed to collect information that may assist the support team in diagnosing and resolving issues with the Protect application.

This batch file will collect trace log files, event logs, registry entries, config files, and other information that can provide great information to support for diagnosing problems.

This .bat can prove useful on any system where you are currently having issues with the Protect console or a Protect agent.

This file is intended only to obtain information for support purposes. It is not an officially supported tool and has not gone through QA/Testing. The user assumes any risks of running the attached file(s).

1) Download the attached Get_Protect_Info.bat.zip.

2) Extract the Get_Protect_Info.bat to the desktop of the Protect console system or agent system where you wish to obtain files for support.

3) Right click the Get_Protect_Info.bat, choose 'Run as Administrator'. For older operating systems such as XP or 2003 this will not be necessary - just run the file.

4) Allow the .bat to run through everything. It may take some time. The cmd screen that comes up when run will disappear when it is finished.

5) A folder titled 'ProtectLogs' will be created at the root of C:\, containing all the files collected by the .bat.

6) Please create a compressed file of this folder. It is suggested to use 7zip for compression. 7zip will compress to a smaller file size than the built in Windows compression, and it allows for creation of an encrypted 7z or zip file. You can download 7zip here: http://7-zip.org/download.html

7) Send the 7z or zip file of the ProtectLogs folder to support.

8) The folder C:\ProtectLogs can be deleted after this.

This .bat file may retreive some files containing sensitive system or network information. Make sure you review the files that are collected prior to sending if you believe this poses any security risk for you. This is why it is also highly recommended to place the files within an encrypted or password protected zip or 7z file before sending.

Hello everyone, We were previously using Shavlik Condole 8.5 and were installing the Agents on our laptops that were not connected to our network 24/7.  The individual Agent results would show up on the Results on the Shavlik Console which we wanted.  We then upgraded to Shavlik version 9 and I reimaged the original shavlik console with the same computer name and passwords and passphrase.  Now nether the existing laptops (agent version 8.5) or the newly imaged laptops with the new version of shavlik (agent 9.0) is showing up on the Results on the console.  I ran the STAgentManagement.exe -diag agentdiag.txt command and got the following: PASSED - Able to communicate with console.  Any Ideas why the agent results will not show up on the shavlik console results? Here is the results of the STAgentManagement.exe -diag agentdiag.txt command

All error lines in agent log files sorted by date/timestamp. Total number of error lines mined from logs [6] Log file key 2 C:\ProgramData\LANDesk\Shavlik Protect\Logs\STAgent.log 3 C:\ProgramData\LANDesk\Shavlik Protect\Logs\STAgentManagement.log 4 C:\ProgramData\LANDesk\Shavlik Protect\Logs\STAgentUI.log 5 C:\ProgramData\LANDesk\Shavlik Protect\Logs\STAgentUpdater.log 6 C:\ProgramData\LANDesk\Shavlik Protect\Logs\STDispatch.log Errors Found [4] 3/18/2014 4:35:39 PM 134c STAgentUI.cpp:258  Cannot determine user interaction setting: class Opc::CContainerException at Opc.cpp:163: Unable to open container 'C:\ProgramData\LANDesk\Shavlik Protect\Agent\Policy.zip': [4] 3/18/2014 4:35:40 PM 12e4 ActiveProtection.cpp:133  Error retrieving AP state [2] 3/18/2014 4:36:08 PM 16f0 ServiceBase.cpp:81  Could not log event type 4: class STWin32::CWin32Exception at EventLog.cpp:32: Error 1717: The interface is unknown.. [6] 3/18/2014 4:36:08 PM 1204 ServiceBase.cpp:81  Could not log event type 4: class STWin32::CWin32Exception at EventLog.cpp:32: Error 1717: The interface is unknown.. [3] 3/18/2014 4:53:04 PM 08b0 Diagnostics.cpp:388  Converter.cpp [3] 3/18/2014 4:53:04 PM 08b0 Diagnostics.cpp:388  DateTime.cpp ----------------------------------------------- Scheduled Jobs Taskname  Enabled/Disabled Run Once  (if the task is not run once then this line will not be there) Last time run      Next time to run Checkin_agent.xml Enabled Last Time: 12/31/2009 7:00:00 PM  Next Time: 3/18/2014 12:00:43 PM (Includes 43 seconds delay) Patch Staff Windows 7 Laptops_patch.xml Enabled Last Time: 1/1/2010 6:00:00 AM  Next Time: 3/19/2014 11:25:23 AM (Includes 1523 seconds delay) PostReboot_a773a3e7-2d34-4714-bea6-e0e7d8ebeb0d_Patch Staff Windows 7 Laptops.xml Disabled Run Once Last Time: 3/18/2014 11:36:46 AM  Next Time: 12/31/9999 6:59:59 PM ScanAfterReboot_a773a3e7-2d34-4714-bea6-e0e7d8ebeb0d_Patch Staff Windows 7 Laptops.xml Disabled Run Once Last Time: 3/18/2014 11:35:42 AM  Next Time: 12/31/9999 6:59:59 PM (Includes 589 seconds delay) ScanNow_a773a3e7-2d34-4714-bea6-e0e7d8ebeb0d_Patch Staff Windows 7 Laptops.xml Disabled Run Once Last Time: 3/18/2014 11:36:46 AM  Next Time: 12/31/9999 6:59:59 PM -----------------------------------------------

Certificate Tests PASSED

- Has an agent certificate PASSED

- Has a console certificate PASSED - Console certificate is in the intermediate store PASSED

- Root certificate is in the root store -----------------------------------------------

Communications tests PASSED - Agent certificate hash does match SSL hash -----------------------------------------------

Agent To Console CommunicationTest test PASSED - Able to communicate with console.

Hi, we are migrating our existing Shavlik to a SQL 2012 cluster.  Our DBA's have asked the following questions:

I will be providing the name of the Availability Group Listener and the port used.

o   IE:           P_SHAVLIK_AGL              PORT: 1439

·      Please inquire with Shavlik what the connection string should look like when connecting to an availability group listener

o   IE:  P_SHAVLIK,1439;SHAVLIK

Thoughts?

Hi. We use some automation commandline scripts which use hfcli.exe for scan tasks. Since we've upgraded from VCenter Protect 8.0.2 to Shavlik Protect 9.0.0 hfcli.exe only shows results for a limited number of products (mainly for Microsoft Developper Tools, Runtimes, and Redustributables).

The commandline looks like this: %ShavlikProtect%\HFCli.exe -h %HOST% -ifq %input%\HFChkIgnore.txt" -x %input%\hf7b.xml -t 128 -f %HOST%.txt -v -trace. It is the same we were using with Protect 8.0.2 where it showed patches for the OS and for other products installed. Scans in the console application produce correct results. - What can be the reason for this behavior? The Maintenance and Data Subscription does not expire until 18.10.2016 and the licence is duly activated.

Cf. hfcli.log and the scan result in output.txt (attached)

Any ideas?

Klaus

Hello, We have been using Shavlik for over 5 years to patch all our desktop computers that are connected to our network 24/7.  We have a growing number of Laptop users who may never connect directly to our network so we started installing the agent on them about a year ago so they would get patched.  I just noticed that one of the laptops I installed the Agent on about 4 months ago had expired.  I immediatly looked at a few other laptops and found the Agent had expired and no longer working and patchng these laptops which leaves these computers and our network at risk.  For testing purposes today I reinstalled the agent on one of these laptops using the shavlik version 9 console to install the agent.  On the laptop I went to help - about to verify and it said the new version of the agent (9) was installed but it would be expiring May 10th 2014 !!!!  This is a huge problem for us as we have 100 laptops that had the Agent installed and are now expired.  And not only that in the previous version of Shavlik (8.5) we would at least get the results of these Agents in the Results log on the shavlik console to verify the agent is in fact working. Last week I submitted a post on this forum asking about why the Agents were no longer showing up in the Results on the Shavlik console version 9 and was informed that Shavlik had removed this feature.  This is very troubling for us as we could have laptop that are running the Agent and is no longer working because the license is expired. (We are current on our Shavlik License and in fact have spent thousands over the years).  What has caused our Agents license to expire and how do we fix it?  Where can I get a version of the Agent that does not expire or give me instructions on how to fix this?  There could be other Shavlik customers out there that have installed and are usign the Agent but no idea the agent license has expired. This is a major security flaw with the Shavlik Agent and we need to get this problem solved as soon as possible. Thanks, Tom Farrell Hennepin County Library

Purpose

This document is a step by step guide on how to configure authenticated SMB Distribution Servers. in Shavlik Protect 9.x.

Why use a distribution server ?

Distribution servers can be used in a number of different scenarios:

• Distribution servers can be used to store patches that you wish to deploy. Distribution servers can be physically located near each group of machines you are managing. The console can copy patches to the distribution servers only, rather than to each individual machine. Each machine can then download the patches it needs from the nearest distribution server. This can greatly reduce network traffic in a distributed environment and be of huge benefit in wide-area networks. This is true in both agentless environments and agent-based environments. In agentless environments, using distribution servers means the console does not need to push patches to individual machines and individual machines do not need to download patches from patch vendor. In an agent-based environment, it can keep each machine from downloading the patches it needs from the patch vendor over the Internet.
• Distribution servers can be used to store the most up-to-date engines and XML files that are available. In a multi-console or agent-based environment, this can reduce the number of machines that need to download updated files over the Internet. If you will be configuring an agent policy that contains a threat task it is strongly recommended that you use a distribution server. The threat definition file is rather large and using a distribution server to store the file will greatly improve the download performance for your agents.
• Distribution servers allow consoles and agents to operate in environments where they do not have Internet access but still need access to the most up-to-date engines and XML files. See What is a Disconnected Console Configuration for more information.
• Distribution Servers can be used to store any custom patches you may have defined. This is particularly important for agent-based environments. See Preparing to Use Agents for more information.

Do You Need a Distribution Server ?

To determine if you should use one or more distribution servers with Shavlik Protect, apply the following formula:

• If # of machines * 10Kb > available bandwidth, then you need at least one distribution server.

Examples

Assume available bandwidth = 500 Kb:

• 100 machines: 100 machines * 10Kb = 1000Kb > 500Kb (need distribution server)
• 20 machines: 20 machines * 10Kb = 200Kb < 500Kb (do not need distribution server)

If You Need Distribution Servers, How Many ?

If (using the formula above) you determine you need one or more distribution servers, you still need to determine exactly how many distribution servers are needed. Determining the number of distribution servers that are needed is very simple. The general rule is:

• Use one distribution server for every 2500 machines

For example, if you have 7500 machines you should plan on using three distribution servers.

Apply to

• Windows Server 2012
• Shavlik Protect 9.x

Related guides

Configuring Authenticated HTTP Distribution Servers

Configuring Authenticated HTTPS (SSL) Distribution Servers

Create a shared folder on Windows Server

In order to create a shared folder open the Server Manager

On the up right corner Manage > Add Roles and Features

Follow the wizard.

Check the box File Server in File and Storage Services > File and iSCSI Services > File Server

Continue without adding new features.

You should have something like the following screenshot. And Install

After adding the File Server role, on the Server Manager's Dashboard click on File and Storage Services

Go in the Shares tab and create a new share.

Choose SMB Share

Select where you want to create the share folder.

Name the share.

Click on Customize permissions...

In the Permissions tab we will need 2 accounts :

• One for the Console which will need a read/write to add and delete the patchs.
• One for the Agents which will need only to read and download the patchs.

It is possible to use the Console credentials for the Agents but it is not recommended for security issue as these credentials will be copied on all Agents.

In the Share tab Edit the permissions for Everyone

And select Full Control

And create the share.

Add a new distribution server in Shavlik

In order to add a new distribution server in Shavlik go in Tools > Operations

Select the tab Distribution Servers

On the top panel "Distribution Servers" click New

Give a name to the Distribution Server and fill the path and credentials.

The upper panel is for the Agents connexion so we will give the read only credentials.

The lower panel for the Console so we will give the read/write credentials.

Select the created Distribution Server, choose All engines, definitions, and patch downloads from the scroll down and click Add scheduled sync:

Schedule when you want to sync the Distribution Server with the files on Internet.

We recommend to sync on Wednesday and Friday as our patch release are on Tuesday and Thursday.

To force sync click Run now for each selected tasks.

There should be files in the shared folder.

If not follow this document :

Troubleshouting distribution server synchronization

Using the Distribution Server in Agent Policy

In order to use the Distribution Server we need to create a new Agent Policy or modify an exesting one.

To create an Agent Policy go in New > Agent Policy

To modify an existing Agent Policy click on the button just under Home and Agent Policies

In the popup window select Distribution Server and select your previously created Distribution Server.

Deploy or update the policy on the Agents and files will now be downloaded from the agents.

Hi

We have an ESXi environment which has been upgraded recently using VMware update manager to a more uptodate version. .

We also use Shalvik for patch management and we have the license which allows us to do ESXi hypervisor patching.

However we have an issue with VMware tools. If this updated using VMware, it works fine until the Virtual machine is rebooted and then it goes out of date.

We believe this is happening because Shalvik product is upgrading the VMware tools also. When I check what updates Shalvik is updating to the machine I can see in the patches list there is VMware tools 9.4 x64 which is also being rolled out. 

How would I go about ensuring that this update is not effective on any future patches?

We are running ESXi 5.0.0 update 3 but it seems that some virtual machines managed via Shalvik are installing a much newer version of the VMware tools (for v5.5) which is causing this out of date message confusion. When it installs this version it also doesnt allow you to edit any of the VMware tools which it should allow if the installation is correct.

Thanks

Recently, we have noticed our main development IIS virtual server is taking 20+ minutes to boot.  The following Events are seen during the boot window:

____________

Event ID 1 - STThreatService - The description for Event ID 1 from source STThreatService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

An error has caused the program to exit

____________

Event ID 6006 - Winlogon - The winlogon notification subscriber <GPClient> took 1243 second(s) to handle the notification event (CreateSession).

____________

Event ID 6005 - Winlogon - The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (CreateSession).

____________

Uninstalling Shavlik results in a one minute boot time and the above errors are no longer recorded.  Any ideas?

While upgrading from version 8 to 9, I have encounted an issue. The first step, the uninstall of the previous version, succeeded. During the install of v9, it fails while attempting to create the Patches directory. The installer states that the user does not have rights sufficient to create the directory. I am logged on with an admin account. I am able to create and delete directories manually. The installer was executed with and without elevated privileges. No difference.

So far I have tried the following to no avail:

• Renamed the existing Patches directory from the previous version
• Moved the Patches directory then deleted Shavlik directory (the installer recreates the parent Shavlik directory but not the subdirectories)
• Turned off UAC
• Re-downloaded the installer

Any suggestions?

Jim

This document outlines how to run a DPDTrace. This may be necessary when troubleshooting detection issues.

DPD stands for Dynamic Product Detection.  It’s the method our scan engine uses to determine what supported products are installed on the machine.This tool was created for troubleshooting patch scan issues where we need to know what is going on during the DPD process.

Note- .Net Framework v4.0.30319 or newer needs to be installed for this to work

1. Download DPDTrace.zip and extract the file into a folder on the root of C:\
2. Read Disclaimer.txt.
3. Open Command Prompt and change directory to C:\DPDTrace

4. Enter the following command, replacing {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} and {PATCHTYPE} with corresponding values. ({MACHINE_NAME} has to be the Target machine that is having the detection problem

          DPDTrace.bat {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} {PATCHTYPE}

5.      When the command line is run, a window titled 'Rename HF.1 Log' will appear with an OK button. Do not close this window as the scan continues.

6.     When the scan has completed the command prompt window will say 'Test Complete  Please zip up HFCLi folder and send it back to us'. Please verify that an XML document has been created in the HFCLI folder. If it has, please zip up the directory "C:\DPDTrace\HFCLI" and send it back for analysis.

The Protect Console expiration date is different than the expiration date shown in the Protect Agent.

(Protect Console Expiration Date)

(Protect Agent Expiration Date)

Agent seats are held for 45 days from the last time they successfully checked in. This is to allow a seat to be reclaimed by the Console in the event an Agent goes unused for a prolonged period of time. The Agent's expiration date will be 45 days from the last time it successfully checked in.

If the Agent has an expiration date older than 45 days from today, initiating an Agent Check In should refresh its expiration date.

Shavlik Protect 9.x
vCenter Prtoect 8.x

- Protect crashes with an "unexpected error" during the patch deployment or download process.

- In the ST.Protect.Managed.xxx log file you see an error similar to the following:

2013-09-27T16:45:23.0890496Z 0022 I WorkItemController.cs:399|Download patches for deployment Started

2013-09-27T16:45:23.1202506Z 0022 I Patch.cs:102|Nonexistent file 'C:\ProgramData\Shavlik Technologies\NetChk\Patches\ccsetup405_slim.exe'.

2013-09-27T16:45:23.3230571Z 0022 V FileSetDownload.cs:457|Started ''.

2013-09-27T16:45:23.3386576Z 0022 V SingleFileDownload.cs:481|Downloading from 'http://www.piriform.com/ccleaner/download/slim/downloadfile' to 'C:\Users\administrator.HPDDM\AppData\Local\Temp\st7e7884f3-959c-4e83-91ea-a93abfb2e839.tmp'.

2013-09-27T16:45:23.7910721Z 0023 C Launcher.CurrentDomainUnhandledException|System.ComponentModel.Win32Exception (0x80004005): An error occurred during encode or decode operation

at ST.NativeWrappers.ManagedCrypto.IsSigned(String filePath)

at ST.Engines.Catalog.Patch.IsSigned(String filePath)

at ST.Engines.Catalog.SingleFileDownload.CheckSignature()

at ST.Engines.Catalog.SingleFileDownload.HandleCompletedFile(Object sender, AsyncCompletedEventArgs eventArgs)

at ST.Engines.Catalog.SingleFileDownload.ClientDownloadFileCompleted(Object sender, AsyncCompletedEventArgs e)

at System.Net.WebClient.OnDownloadFileCompleted(AsyncCompletedEventArgs e)

at System.Net.WebClient.DownloadFileOperationCompleted(Object arg)

at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)

at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

at System.Threading.ThreadPoolWorkQueue.Dispatch()

at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

The reason for the crash is two-fold:

1) The application being downloaded most likely has a static URL and downloads may have been disabled or invalid due to changes on the vendor's side.

2) Protect is not properly handling reason 1. This is currently marked as a defect and Protect's handling of the invalid URL should be fixed in a future release.

Most likely there is a newer version of the affected application that is causing the crash. Once the new version has been added to Protect's XML (patch definitions) it should resolve the problem.

Check for updates to patch definitions with the links in this document: http://community.shavlik.com/docs/DOC-23176

If you are running into this issue and do not see it fixed after an XML update or wish to verify with support that it will be fixed, please open a case here:

http://support.shavlik.com

Update 3/27/14

The crash will no longer occur in Shavlik Protect version 9.1. Instead you will see the deplyment of the patch fail, and an error such as the following will be provided:

Error: File not downloaded: ccsetup411_slim.exe

Error reason: File 'C:\ProgramData\LANDesk\Shavlik Protect\Console\Patches\ccsetup411_slim.exe' failed signature check: http://www.piriform.com/ccleaner/download/slim/downloadfile

Zero patches are available and properly signed.

No patches were deployed. Please review the program logs to determine the cause.

Patch deployment canceled due to failure building deployment instructions.

Error on machine 'WIN-4VAC13D975C': Failed

Shavlik Protect 9.0

I would like to run a report on a few server to show all install patches on the server.

I have looked through the predfined reports and dont seem to be able to fine one that shows installed patches on a server.

Can any one help.

Thanks

Steve

Certain Hot Fixes are missing from Protect.

One of the criteria for a patch to be added to the Protect data is it must have a publicly available download URL.

Certain Hotfixes from Microsoft are only offered by request.

Example of Microsoft Hotfix Request Form

These patches/hotfixes do not offer a publicly available download url, and therefor are unable to be added to Protect.

Here are some known hotfixes that this article applies to:

• KB2406705
• KB2522766
• KB968287
• KB2597051
• KB2935092

Protect Version: All

I just installed Protect version 9 (build 1182) onto a Win2012 server.  I was able to successfully scan a machine, and deployed all needed patches. When I pulled up the deployment tracker, however, all I see is that the patches are scheduled. It never moves beyond that point, and it has been 40 minutes.  When I look at the  machine, the hard drive light is flashing like crazy, so it's definitely working on something.  I have the remote registry service started on that machine (Win7x64). The deployment parameters indicate that patches should install immediately. What should I be looking for that might provide a clue as to what might be happening and how to correct?  Should I just reboot the machine or rescan to see if anything looks different?

The Protect Console does not show in the list of machines under the Scheduled Task Manager.

Note: This issue is most commonly seen after an upgrade to version 9 build 1182.

With the release of Version 9 Patch 1 (Version 9 build 1182), the Protect Console will not be listed in the Scheduled Task Manager.

Run a successful patch scan against the Console. (Any patch scan will work).

The scheduled jobs should then re-appear in the Scheduled Task Manager.

Shavlik Protect 9.0.0.1182

This document is meant to describe the best practices for the order in which to apply updates with Protect when using agentless patch scanning and deployment.

When preparing to deploy updates to your systems with Shavlik Protect, it is best to follow the order listed below:

1. If you wish to deploy software using the software distribution feature of Protect, do so first.
   See the following document for more information on software distribution: http://community.shavlik.com/docs/DOC-23116
2. Run a patch scan for Security Patches and/or (optional) Non-Security Patches and Security Tools.
   More info about creating a patch scan template can be found here:
   http://www.shavlik.com/onlinehelp/Protect90HTMLHelp/Creating_or_editing_a_patch_scan_template.htm
3. View scan results. How many service packs show missing? These should be applied prior to patches/hotfixes.
4. Deploy operating system level service packs first.
5. Run your patch scan again after applying OS level SPs.
6. Deploy any remaining service packs. Take into account that each service pack must be deployed separately, and each service pack will require a reboot.
   This can seem tedious, however, it's important that you do service packs first. Service packs may update the base code for the application as well as apply currently missing updates during the process. New updates may be required once the service pack is applied as well.
7. After all service packs have been applied, run a patch scan on the systems once more, and then deploy missing patches.

More information about agentless deployment of service packs and patches can be found in Protect's online Help under "Agentless Patch Management Tasks".

Protect Online Help:

http://www.shavlik.com/onlinehelp/Protect90HTMLHelp/HFN.htm

Additional Information from Microsoft about best practices for applying updates can be found here:

http://technet.microsoft.com/en-us/library/cc750077.aspx

http://technet.microsoft.com/en-us/library/cc512589.aspx

Shavlik Protect 9.x

vCenter Protect 8.x

The purpose of this document is to help to prepare a current Protect console and database for upgrade to a newer version of Protect, and also to provide some information about how to resolve common upgrade issues.

Preparing for Upgrade of Protect

Most issues with upgrading Protect can be avoided by ensuring that you are meeting system requirements and that proper database maintenance has been performed prior to upgrade. The list below can be used as a guide to ensure you have a successful upgrade:

• Review the System Requirements for the version of Protect you plan to install.
  Refer to the document - Shavlik Protect Requirements Guide
• Review the Shavlik Protect Upgrade Guide.
• Prior to upgrade, it is recommended that you clean out as much old results as possible and perform database maintenance.
  This document covers the full steps for database maintenance: DOC-23430
• The user who will perform the upgrade of the database should either be the SA for the database in SQL, or the user should at least have the following privileges for the Protect database:
  Privileges required for upgrade purposes: db_securityadmin, db_ddladmin
  Privileges required for all Protect users: STExec, DB_DataReader, DB_DataWriter
• If your Protect database is hosted on SQL 2005, review the document; Authentication Limitation with Protect 9.0+ and SQL 2005.
• If you plan to move/migrate your console to a different system, review the document; Migrate Shavlik Protect Console.

Resolving Common Upgrade or Post-Upgrade Issues

If you do have an issue during the upgrade process, it's possible the issue can be resolved based on some common issues listed below:

Upgrade/Install Failure

• Error: "Installation Failed.  A data conversion error has been detected during the database upgrade process."
• Resolving database upgrade timeout failures for Shavlik Protect
• Upgrading Protect fails with the error: Cannot create a new Service Broker in a mirrored database
• Upgrade to v9.x fails with error "Protect bootstrapper has stopped working"
• Upgrade\Installation Error, Background Intelligent Transfer Service (BITS) is disabled
• Failed to commit or save the database installation. Invalid License
• Install- Error 1612: The installation source for this product is not available
• Upgrade - Error - Data Conversion Error - EventSubscription
• Shavlik Protect Install/Uninstall Issues
• Upgrade to version 9 Fails with error 'This installation package could not be opened.'
• How to clean up broken installs of Shavlik Protect with the Microsoft Fixit Tool
  • Applies when seeing: Error 1605: This action is only valid for products that are currently installed.

  Post-Upgrade 

• Scheduled Jobs Missing from Scheduled Task Manager in Protect Console
• Scheduled Task Manager pops Error: -2080374779 - Upgrade scheduler now
• It is worth noting that the Agent Manager has been removed in version 9. All functionality is available from within Machine View.
  • You can see the full list of changes in each build, here.

What to do if you face an upgrade failure you cannot resolve

If you receive an upgrade or installation failure, and you are not able to use the above resources to resolve the issue it's time to open a support case.

• Contact Support with one of the following methods:
  • Support Portal: https://support.shavlik.com/
  • Other contact methods: http://www.shavlik.com/support/contact/
• If possible please provide the following information:
  • Console Logs
  • Installation Logs
  • Any applicable screenshots
  • Operating system of the console system and version of SQL used to host Protect database

Shavlik Protect 9.x

vCenter Protect 8.x

Upgrading to version 9 fails with errors.

• This installation package could not be opened.  Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Errors located in the Protect Installer log files (ProtectInstall_20130903_204512.log) in the TEMP directory (%TEMP%)

• 2013-09-03T20:45:12.7989609Z 0b0c E BitsNotification.cpp:156 Error from BITS: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

Clicking the prompt from Protect to upgrade will download a no longer supported web installer.

The web installer is 1.15mb where the full installation file is 154mb.

*Note the Name and Size difference between the 2 files.

Download the full installation file from http://www.shavlik.com/downloads/

*Note: Always read upgrade documenation prior to running the upgrade. Failure to do so increases likelihood of upgrade issues.

• When downloading a patch in Protect, the console crashes.

Note: Other actions may also cause this. Downloading patches is the most common cause.

 

[Window Title]
Shavlik Protect Advanced

 

[Main Instruction]
Sorry, an unexpected error has occurred and Shavlik Protect Advanced must close to recover.

 

Depending on the configuration of your operating system, a second dialog may be displayed that gives you the option to report this error and check online for a solution. We really want to fix this problem (to help you and other customers) and hope you will select the “Check online” or "Send Error Report" option. Thanks!

• An error is present in the ST.Protect.Managed log:

This is a Windows based error typically caused when the operating system has run out of available working memory (RAM), though Microsoft indicates other potential causes such as:

• Active Anti Virus
• IRPStackSize registry entry on the server is set too low.

Microsoft Article: Error message: "Not enough server storage is available to process this command"

Because the issue can occur from different causes, there is not an explicit fix-all solution. Where this issue stems from system resource limitations (Hardware or Operating System Based), the following 'solutions' are provided as potential workarounds.

Crash Occurs Downloading Multiple Patches at Once

Try downloading a smaller subset of patches, or even downloading them individually. The goal is to not overtax the OS's available memory.

Crash Occurs Downloading A Single Patch

If a single patch is being downloaded, and crashes (typically at around 99%) this can be caused by the patch occupying memory in the download, and then occupying additional memory from being copied from the Temp directory into the working Patch Repository. To correct this, download the patch manually from the vendor.
If you are able to download the patch manually from the vendor, copy it manually into the Patch Repository, and provide it with the Shavlik Name.

Related Document: Protect doesn't recognize a patch that was manually downloaded

Crash Occurs During Other

Because the crash stems from Hardware or Operating System based limitations, there are a variety of things that can attribute to the crash. Microsoft has many threads online regarding the error, with fixes ranging form increasing the IRPStackSize Registry entry, to adding more RAM to the machine.

Note:This issue seems to occur on x86 Operating Systems specifically (though unverified). Beginning with Protect 9.1, x86 systems will no longer be supported. To prepare for new versions of Protect, consider upgrading your Protect Console to a newer x64 based Operating System.

Shavlik Protect 9.x
vCenter Prtoect 8.x