Quantcast
Channel: Shavlik User Community : All Content - Ivanti Patch for Windows
Viewing all 2126 articles
Browse latest View live

Troubleshooting Shavlik Protect patch scan error messages

December 31, 2012, 11:00 pm
$
0
0

Purpose

 

 

Many of the common Shavlik Protect scan errors can be corrected by changes to configuration or environment. This article lists the most common scan error messages and provides some guidance on correcting the issue.

 

Cause

 

Scan errors can occur:

 

  • If one or more of the Shavlik Protect Scanning Prerequisites have not been met 
  • If one or more configuration issues are present in Shavlik Protect 
  • Due to one or more environmental issues

 

Resolution

 

The table below lists the error codes with the known reason or solution. Most scan errors can be resolved by ensuring you are meeting requirements.
Note: You can see the scan errors listed by viewing your scan result under the 'Results' section and viewing the 'Machines Not Scanned' tab of the scan result.
Capture.JPG

 

Error Code

Description

Error Code 101:

Unable to determine System Language

The scan process reads the Windows ntdll.dll file to determine the language of the system. If this file is inaccessible, the prerequisite validation fails and the scan is aborted. See the following document for more information: http://community.shavlik.com/docs/DOC-23310
Error Code 105:
MS_UNABLE_TO_GET_SYSTEM_DATA		This issue occurs due to an access denied message at the root of the problem, or due to other enironmental or network related issues. See the following KB:
http://community.shavlik.com/docs/DOC-2233
Error Code 200:
System not found. Scan not performed.		This indicates that the specified computer was not located and could not be scanned.
Error Code 201:
System not found. <system error message>		A network problem is preventing the specified machine from being scanned. Check to see that your computer (the scanning machine) is properly connected to the network and that you can remotely logon to the specified machine.
Error Code 202:
System not found. Scan not performed.		A network or system error occurred while the scan was in process. Check to see that your scanning machine is properly connected to the network and that the machine being scanned is still connected to the network. Also ensure that the remote machine is running the Server service.
Error Code 230:
Scan not performed. <system error message>		A general network error has occurred. See the system documentation for more information.
Error Code 235:
System not found, or NetBIOS ports may be firewalled. Scan not performed.		Most likely, there is no machine with the specified IP address. If a machine does exist at this address, a personal firewall or port filtering device may be dropping packets destined for TCP ports 139 and 445.
See the following KB: http://community.shavlik.com/docs/DOC-2220
Error Code 261:
System found but it is not listening on NetBIOS ports. Scan not performed.		A machine exists at this IP address but it is either not listening on, or is blocking access to, TCP ports 139 and 445.

Error Code 270:

Connected to a machine with the wrong hostname or domain name.

Ensure that you are meeting all scanning prerequisites, and that you are able to resolve the target system properly by forward and reverse nslookup.

Example:

nslookup target_IP_address

nslookup target_NetBIOS_name

Error Code 301:
SystemRoot share access required to scan.		Unable to connect to the remote machine’s system share. This may occur if the administrator has unshared the systemroot (typically C$ or similar) or has disabled the AutoShareServer(Wks) via the registry. Set Value from 0 to 1 in these registries:

 

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\
parameters\AutoShareServer

 

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\
parameters\AutoShareWks

 

For more information on restoring Admin Shares, see the Microsoft Knowledge Base article 318755.
Error Code 429:
DLL is not properly registered.
Error Code 430:
Incorrect version of MDAC.
Error Code 451:
Admin rights are required to scan. Scan not performed.		The current or specified user account performing the scan does not have administrative rights to the machine being scanned. Check to see that the specified account is a member of the local administrators group on the machine being scanned (or is a member of a group with local administrative rights).
Error Code 452:
NetChk is unable to scan this machine. Please check to see that you have administrative rights to this machine and are able to login to this machine from your workstation. Scan not performed.		Check to see that the Server service is enabled on the remote machine and that you can remotely logon to this machine. Ensure that the Workstation service is running on the machine performing the scan.
See the following KB: http://community.shavlik.com/docs/DOC-2218
Error Code 501:
Remote registry access denied. Scan not performed.		Check to see that the Remote Registry service is enabled on the machine being scanned.
See the following KB: http://community.shavlik.com/docs/DOC-2219
Error Code 502:
Scan not performed. Error reading Registry <system error message>		A general registry error has occurred. See the system documentation for more information.
Error Code 503:
Scan not performed. Error reading Registry.		A general registry error has occurred. No additional information is available.
Error Code 553:
Unable to read registry. Please ensure that the remote registry service is running. Scan not performed.		Check to see that the Remote Registry service is enabled on the machine being scanned.
Error Code 621:
OS of target is an unsupported version of Windows		The specified may be a non-Microsoft platform running SMB services or otherwise emulating a Microsoft product. Review the document: http://community.shavlik.com/docs/DOC-23052
Error Code 622:
Machine OS is not Recognized. Please run with tracing on and send to technical support. Scan not performed.		Unable to determine the operating system of the specified machine. This may occur when scanning beta or unreleased versions of Microsoft operating systems.
Error Code 623:
Machine Service pack is not Recognized. Please run with tracing on and send to technical support. Scan not performed.		Unable to determine the Service Pack of the specified machine. This may occur when scanning beta or unreleased versions of Microsoft Service Packs.
Error Code 701:
File http://download.microsoft.com/download/ ... secure.cab was NOT downloaded.		The signed, compressed CAB file containing the security patch information could not be obtained from the specified location. This may occur if the scanning machine is not connected to a network, or is otherwise unable to access the specified file or location. If the CAB file is not obtained, an attempt is made to access the uncompressed XML file via https.
Error Code 702:
File https://www.microsoft.com/technet/secur ... secure.xml was NOT downloaded. Attempting to find local copy of mssecure.cab.		The uncompressed XML file containing the security patch information could not be obtained from the specified location via https. This may occur if the scanning machine is not connected to a network, or is otherwise unable to access the specified file or location. If the XML file is not obtained from the network, an attempt is made to locate an existing version of this file on the local machine.
Error Code 799:
Itanium class servers are not supported by Protect.
Error Code 802:
Could not read boot.ini file in harddrive at '%s'		Unable to read the image's boot.ini file after successfully mounting the hard disk (non-Vista systems).
See: http://community.shavlik.com/docs/DOC-23104
Error Code 803:
Could not find windows install directory in boot.ini file in harddrive at '%s'		The virtual image hard drive was successfully mounted and the boot.ini file was read but the scan engine was unable to locate the %systemroot% folder at the specified location (non-Vista systems).
Error Code 804:
Could not find system32 directory for virtual system at '%s'		The virtual image hard drive was successfully mounted and the boot.ini file was read but the scan engine was unable to locate the %systemroot%\system32 folder at the specified location (non-Vista systems).
Error Code 805:
Timeout when mounting hard drive at '%s' to drive '%c'		An attempt to mount the virtual image was not successful. The mounting process timed out after 60 seconds. Try scanning this image individually to see if the mount succeeds.
Error Code 806:
Error mounting hard drive at '%s' to drive '%c'		An attempt to mount the virtual image was not successful. This can happen if the image being mounted is encrypted, is on a compressed drive, is a template or a linked clone, or any of the vmdk files are read-only. If this is a VMware Workstation or VMware Server image, this error occurs if the image is currently powered on or suspended.
Error Code 807:
Error mounting hard drive at '%s' to drive '%c' with exit code %d		An attempt to mount the virtual image was not successful. The mounting process returned an unknown error code. Contact support for assistance.
Error Code 808:
Could not get return code from mounting tool when mounting hard drive at '%s' to drive '%c' due to %s		The virtual image mounting process completed but the mount process was unable to determine if the mounting was successful.
Error Code 809:
Unknown virtual image type '%s' extracted from '%s'.		The scan engine was unable to determine the virtual image type. This may occur if scanning a currently unsupported virtual image platform.
Error Code 810:
Could not find system32 directory for virtual image: '%s'		The virtual image hard drive was successfully mounted but the scan engine was unable to locate the image's %systemroot%\system32 folder.
Error Code 811:
Could not get information about drive mounted at '%s' for system:'%s'		The scan engine was unable to determine the systemroot drive letter for the mounted image.
Error Code 812:
Could not open mounted registry key 'HKLM\\Software\\MountedDevices' for system: '%s'		The virtual image hard drive and registry was successfully mounted but the scan engine was unable to read the mounted registry.
Error Code 813:
Could not enumerate the values under the key HKLM\\Software\\MountedDevices for system: '%s'		The virtual image hard drive and registry was successfully mounted but the scan engine was unable to enumerate values from the mounted registry.
Error Code 814:
No path to vmware-mount.exe provided!		The scan engine was unable to locate the VMware mounting tool. Please make sure that the VMware Virtual Disk Development Kit has been properly installed.
Error Code 815:
Could not find mounting tool at '%s'		The scan engine was unable to locate the VMware mounting tool. Please make sure that the VMware Virtual Disk Development Kit has been properly installed.
Error Code 816:
Could not read system file at '%s'		The vmx configuration file does not exist for the specified VMware Workstation or VMware Server image.
Error Code 817:
Error parsing system file at '%s'		The scan engine was unable to read the vmx file for the specified VMware Workstation or VMware Server image. Check the vmx file and ensure that it can be read in a text viewer.
Error Code 818:
'%s'. Unable to mount the virtual image. The virtual image is currently powered on.		The scan engine was unable to mount the virtual image because the virtual image was powered on. The scan engine is only capable of scanning images that are offline (powered off).
Error Code 819:
'%s'. Unknown PowerStatus '%d'		The scan engine was unable to determine the current state of the image (powered on, suspended, powered off).
Error Code 820:
%s'. Scanning suspended or paused images is not currently supported.		The scan engine was unable to mount the virtual image because the virtual image was suspended (paused). The scan engine is only capable of scanning images that are offline (powered off).
Error Code 821:
Could not open Objects key in BCD for image at '%s'		The scan engine was unable to access the boot configuration data (BCD) for this image. This error message could indicate that there is a problem with the specified image. Try powering on this image to ensure that it is still valid. This error message applies to Vista images only.
Error Code 822:
Could not enumerate keys in 'BCD\\Objects' for image at '%s'		The scan engine was unable to enumerate information from the boot configuration data (BCD) for this image. This error message could indicate that there is a problem with the specified image. Try powering on this image to ensure that it is still valid. This error message applies to Vista images only.
Error Code 823:
Could find default boot section in the BCD for image at '%s'		The scan engine was unable to enumerate boot information from the boot configuration data (BCD) for this image. This error message applies to Vista images only.
Error Code 824:
Could not open key at 'BCD\\Objects\\%s\\Elements\\22000002' for image at '%s'		The scan engine was unable to open the boot information data from the boot configuration data (BCD) for this image. This error message applies to Vista images only.
Error Code 825:
Could find the Windows root in default boot section of the BCD for image at '%s'		The scan engine was unable to locate the value which stores the location of the windows directory in the boot configuration data (BCD) for this image. This error message applies to Vista images only.
Error Code 826:
Registry mount sentry is NULL!		The scan engine was enable to mount the virtual image's registry. The console may be running low on memory.
Error Code 827:
Hard-drive mount sentry list is NULL or empty!		The scan engine was unable to read the vmx file and/or this file had no hard drives configured for the image.
Error Code 828:
Could not mount registry for image '%s'. This could be caused by running a non supported configuration. Windows 2000 can't mount x64 registries.		The scan engine was unable to mount the registry for the virtual image. This may occur if using a Windows 2000 console and trying to mount x64 images (unsupported).
Error Code 829:

 

Error: 829 - Accessing disk ID
Error: 829 - Accessing disk ID, Code:16054 – Invalid connection

This error can occur due to a number of different reasons. This is an error that occurs prior to mounting the image - it is not related to mounting the image (like the errors above)

 

General errors:

 

VIX_E_FAIL = 1,
VIX_E_OUT_OF_MEMORY = 2,
VIX_E_INVALID_ARG = 3,
VIX_E_FILE_NOT_FOUND = 4,
VIX_E_OBJECT_IS_BUSY = 5,
VIX_E_NOT_SUPPORTED = 6,
VIX_E_FILE_ERROR = 7,
VIX_E_DISK_FULL = 8,
VIX_E_INCORRECT_FILE_TYPE = 9,
VIX_E_CANCELLED = 10,
VIX_E_FILE_READ_ONLY = 11,
VIX_E_FILE_ALREADY_EXISTS = 12,
VIX_E_FILE_ACCESS_ERROR = 13,
VIX_E_REQUIRES_LARGE_FILES = 14,
VIX_E_FILE_ALREADY_LOCKED = 15,
VIX_E_NOT_SUPPORTED_ON_REMOTE_OBJECT = 20,
VIX_E_FILE_TOO_BIG = 21,
VIX_E_FILE_NAME_INVALID

Error Code 1001:
IPv6 addresses are not supported.		IPv6 addresses are currently not supported. Ensure that IPv4 is enabled.

 

 

Affected Product(s)

 

Shavlik Protect All Versions

Search

Schedule job doesn't show up in Schedule Task Manager

June 10, 2014, 1:28 pm
$
0
0

I am running Shavlik 9.0 Build 1182. Everytime I schedule a job the program tells me that it has been sent to the Schedule Task manager but when I check it there it doesn't show up. The job still runs at the time I set it for. I am planning to schedule job weekly so this is problematic if I need edit the jobs.

 

Please advise.

Thanks

 

David

Shavlik on Windows 7 Diebold ATMs

June 11, 2014, 5:02 am
$
0
0

Hello all!  I am trying to use the shavlik agent on my new Windows 7 Diebold ATMs.  The operating system by default is hardened although I don't know exactly what was done.  I know that I can not map drives out from it.  I know that the server service and remote registry service are disabled.  So I created a manual install and installed the agent on client that way.  So now with the agent installed it is talking with the server, although it can not download any of the patches or scan.  Has anyone done this on a hardened OS?  I don't want to reduce security but at the same time I need to make sure I can scan and patch the devices.

Deployment Tracker Stays at Scheduled Status

June 11, 2014, 11:01 am
$
0
0

1604_157_49_cache.png

 

Symptoms


When deploying patches, the deployment tracker shows 'Scheduled' but never updates with new statuses.

 

 

Cause


There are 2 causes for this issue:

  • Port 3121 is not blocking transmissions for the Deployment Tracker.
  • The Batch file on the target is never being executed.


Resolution

 

Verify that communication from the Target to the Console is open on port 3121.

Using Telnet to test ports

Port requirements for Shavlik Protect

 

When initiating a deployment, the patches and deployment files are copied to the target, then a job is created in the scheduler, which sets the Deployment status to 'Scheduled'. Once the deployment is running, it will send status updates to the console over port 3121. If that port is blocking traffic, the status will stay at 'Scheduled'.

 

 

If traffic is able to go through port 3121 from the target to the Console, the batch file may be failing to initiate and run. This can be caused by Anti Virus, or locked down security features on a machine.

 

 

Affected Product(s)

 

Shavlik Protect All

ESXi Hypervisor Bulletin Scan fails

August 23, 2013, 9:59 am
$
0
0

SYMPTOMS

 

-When running a bulletin scan on an ESXi hypervisor, the Shavlik Protect Operations Monitor shows the status:

Complete with errors. Check the hypervisor network configuration and firewall settings.

hypervisorerror.png

 

-When running a bulletin scan you may get the following error:

Failed to load catalog for embeddedEsx.5.0.0, host ST.Virtual.Vim.HostSystem.

 

-Within Protect's ST.ServiceHost.managed.log you see the following type of error (example from ESXi 5.1):

 

2013-08-23T17:06:01.5901867Z 0006 V HypervisorPatchScan.cs:123|Starting patch scan.

2013-08-23T17:08:34.6382558Z 0006 E HypervisorPatchDataAdapter.cs:209|[ESXi_hostname] Failed to download metadata. ('https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vmw-ESXi-5.1.0-metadata.zip', '/tmp/tmp9Ic9qk', '[Errno 12] Timeout: <urlopen error timed out>')

  url: https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vmw-ESXi-5.1.0-metadata.zip

  localfile: None

 

CAUSE

 

The ESXi host does not have required internet access. During the ESXi hypervisor bulletin scan, it is actually the ESXi host that runs the scan. Protect is just calling for the scan to take place. This requires that the ESXi host be able to download the required metadata files for the scan.

 

RESOLUTION

 

You will need to ensure that the ESXi host can download required metadata files.

 

Review these documents:

 

http://community.shavlik.com/docs/DOC-22971

 

http://community.shavlik.com/docs/DOC-22972

 

If you still receive the same error after going through the information provided in these documents you may need to work with your network administrator and/or contact VMware support for further assistance to ensure the ESXi host can obtain required metadata files.

 

APPLIES TO

 

Shavlik Protect 9.x

Gathering a DPD Trace

July 18, 2013, 7:00 am
$
0
0

1604_157_49_cache.png

 

Purpose


This document outlines how to run a DPDTrace. This may be necessary when troubleshooting detection issues.

 

Steps

 

DPD stands for Dynamic Product Detection.  It’s the method our scan engine uses to determine what supported products are installed on the machine.This tool was created for troubleshooting patch scan issues where we need to know what is going on during the DPD process.

 

.Net Framework v4.0.30319 or newer needs to be installed for this to work

 

 

  1. Download DPDTrace.zip and extract the file into a folder on the root of C:\
  2. Read Disclaimer.txt.
  3. Open Command Prompt and change directory to C:\DPDTrace

 

cd directory.png

 

  1. Enter the following command, replacing {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} and {PATCHTYPE} with corresponding values. ({MACHINE_NAME} has to be the Target machine that is having the detection problem
          DPDTrace.bat {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} {PATCHTYPE}

 

Notes:

 

  • Failure to supply any one of these values ({MACHINE_NAME}  {ADMIN_USER_NAME} and {PASSWORD}) will cause the test to fail.

 

  • {ADMIN_USER_NAME} needs to be in the format domain\username

 

  • {PATCHTYPE} has the following possible values:
    • 1  - Security patches
    • 4  - Security tools
    • 8  - Non-Security patches
    • 9  - Security and non-security patches
    • 13 - Security, non-security and tools

Unless explicitly asked to use a different variable here, use 13 to include all patch types.

 

Example of the command:

run.png

 

 

  • If you want to use a specific hf7b.xml, just copy it into the Extracted folder\HF7B.
    • If you are in an offline environment, you must download the HF7b file directly and place it in the Extracted folder\HF7Bfolder
    • Link to latest HF7b File  http://xml.shavlik.com/data/hf7b.xml (Right Click on link and choose Save Target As)

 

  • If you need to scan with a older scan engine, you may do so. Please add the VERSION number to the end. If no version is specified, it will use the 9.0.651 scan engine. Possible values:
    • 7.8.5
    • 8.0.43
    • 9.0.651

Example:

DPDTrace.bat {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} {PATCHTYPE} {VERSION}

 

 

5.      When the command line is run, a window titled 'Rename HF.1 Log' will appear with an OK button. Do not close this window as the scan continues.

 

rename prompt.png

 

 

6.     When the scan has completed the command prompt window will say 'Test Complete  Please zip up HFCLi folder and send it back to us'. Please verify that an XML document has been created in the HFCLI folder. If it has, please zip up the directory "C:\DPDTrace\HFCLI" and send it back for analysis.

 

complete.png

Shavlik 9.1 downloads same file multiple times

June 13, 2014, 6:09 am
$
0
0

Hi there,

 

Scenario:

Since patch Tuesday has come about, I had my Test Workstations scan for missing patches.  Once the results came back in, I could see the list of missing patches.  This is in Machine View, with the test workstations selected - in the bottom pane, you can see a list of missing patches.  With all of the missing patches selected, you can then right-click and select Download.

 

Expected behaviour:

It's always been like this in the past.  The Operations Monitor comes up, with each required patch file listed, and they begin downloading.

 

Actual behaviour:

But now, many of the patch files were listed multiple times!  And not only were they in the list multiple times, but they actually downloaded that many times!  One of them was 903MB, and it downloaded 4 times!  Here's a screenshot of the Operations Monitor:

 

     ScreenShot.jpg

 

Some lost connection and didn't download, but still they shouldn't have been in the list more than once.  And here are the resulting files downloaded.  Obviously there is only one copy of each one, so the multiple downloads were simply erroneous and unnecessary.

 

     ScreenShot.jpg

 

Can someone at Shavlik please confirm this bug and hopefully we can get it fixed?

 

Thanks,

Sandra

Question about pushing software that isn't listed in the "Software Distribution" tab

June 13, 2014, 8:00 am
$
0
0

Perhaps I have overlooked something this simple since I haven't pushed software from Shavlik yet; I have only used it to install/reinstall the Shavlik agent, and to push security patches/service packs to the systems in our network.  I saw the "Software Distribution Best Practices and Informational Guide" in the knowledge base, however I'm trying to push the latest version of FileZilla to a dozen or so systems, and I don't see FileZilla on the list.  I also saw the article about creating a custom patch template by creating a new custom .xml file, but I'm not sure that applies either since I'm trying to install an application and not patch one.  If anyone is able to point me in the right direction with this seemingly easy task, I would appreciate it.

 

Thanks

Search

Scheduling deployments fails with Error 1385

December 31, 2012, 11:00 pm
$
0
0

Symptoms

 

  • Cannot schedule deployments in Protect
  • Scheduling deployments fail with Error 1385 (this error may also appear in application logs)
  • This issue does not always occur on all targets

 

Cause

 

This issue occurs if Logon as Batch Job is not enabled for the user.

 

 

Resolution

 

To resolve this issue:

 

  1. Navigate to Control Panel> Admin Tools> Local Security Policy> Local Policies> User Rights Assignments.
  2. Ensure that the scheduling user is listed in the Log on as Batch Job user list.
This security setting allows a user to be logged in using a batch queue facility and is provided for compatibility with older Windows versions. For example, when a user submits a job using the task scheduler, the task scheduler logs in that user as a batch user, rather than as an interactive user.

Affected Products

 

Shavlik Protect All Versions

What causes an unhandled exception error?

June 16, 2014, 7:08 am
$
0
0

One of my customers began getting an unhandled exception error whenever they try to do a scan of machines from a text file in Shavlik Protect Standard. Has anyone ever experienced this issue before? Any help is appreciated. The error message is below.

 

Shavlik error.bmp

Manually Installing Agents via Script when Policy has Spaces in Name

June 16, 2014, 12:26 pm
$
0
0

Have not been able to find a definitive answer so I will post this here.

 

I am attempting to install agents with a specific policy during a SCCM deployment. This is the line I'm attempting to use:

 

STPlatformUpdater.exe /wi:"/qn /l*v C:\Windows\Logs\SPAinstall.log SERVERURI=https://xxxxxxxxx:3121 POLICY=Laptops CLOUD Test AUTHENTICATIONTYPE=PASSPHRASE PASSPHRASE=xxxxxxxxxxx"

 

 

When that runs, I get the generic MSIExec window listing the switches, which makes me think it does not understand the command.

 

If I enclose the policy name in quotes, it acts like it installs, but the STAgentManagement.log says that it could not find that policy in its DB.

 

If I try the same command with a policy that does not have spaces in its name, everything works as expected.

 

So - is there a specific syntax for using policies with spaces? Or do I need to rename any that I plan to install manually to remove those spaces?

Patch Management Policy and Procedures

June 16, 2014, 1:59 pm
$
0
0

We are working to formalize a patch management policy and procedure. Does anyone have any examples they would be willing to share or some good points of reference? Thank you in advance.

Shavlik Protect Migration Tool User’s Guide

March 25, 2014, 9:45 am

How the Shavlik & Microsoft Scheduler work

June 17, 2014, 10:45 am
$
0
0

1604_157_49_cache.png

 

             

Purpose


This document outlines how scheduled events occur when utilizing the Shavlik Scheduler vs the Microsoft Scheduler.

 

             

Where Scheduled Events are Stored

 

Scheduled Scans

When doing a scheduled scan, The Protect Console will schedule the event on the console. Everything is done from the console. No logs would be shown on the target machine.

 

 

Scheduled Deployments

When you click deploy, Protect will copy the patches you selected for deployment (Using NetBios Ports TCP 137-139 or TCP 445) to C:\Windows\ProPatches\Patches file on the target machine. It also creates and copies a batch file and a cfg file in C:\Windows\ProPatches\Install on the target machine.

 

 

Protect handles Deployments 2 different ways depending on what you have selected  in Tools-Options-Scheduling. The default is the Shavlik Scheduler.

 

             

Shavlik Scheduler

 

When the patches, bat, and cfg files are copied to the Propatches folder, the Scheduler is set during this time when to run the task. This can be verified in the C:\Windows\ProPatches\Scheduler\Scheduler.log. Scheduled tasks when made with the Shavlik Scheduler may be viewedon the Protect Console.This can be viewed by going under Manage-> Scheduled Tasks. (If your tasks are not showing up here, see this documenthttp://community.shavlik.com/docs/DOC-23053)

 

When the scheduled deployment time occurs, the Shavlik Scheduler runs the .bat file created in C:\Windows\ProPatches\Install

 

 

You can view the deployment status by opening up View -> Deployment Tracker or Pressing F9. The ST Remote Scheduler Service reports back to the Console on Port TCP 3121.

 

 

**Note- If for some reason the Shavlik Scheduler fails to schedule the task, it will by default fail-over and use the Microsoft Scheduler for this specific job.

 

             

Microsoft Scheduler

 

After the patches, bat and cfg files are copied to the Propatches folder, the Protect console will schedule the task on the Target Machine using the Microsoft Schedulerfor the desired scheduled date.

 

 

If you would like to view this job, you will need to view this on theTarget Machine. On the target machine, open the task scheduler. You will then click on Task Scheduler Library and see the job listed.

 

 

**Note if you use the Microsoft Scheduler, your jobs will not be listed under Manage->Scheduled Tasks.

 

When the scheduled deployment time occurs, the Microsoft Scheduler runs the .bat file created in C:\Windows\ProPatches\Install

 

You may still view data regarding the deployment by opening up View -> Deployment Tracker or Pressing F9

 

The actual scheduled task file is located at: C:\Windows\System32\Tasks and will have a name like "Scheduled Deployment (3170)"

 

             

Affected Product(s)


Shavlik Protect 8.x
Shavlik Protect 9.x

Shavlik protect port script

June 17, 2014, 11:11 am
$
0
0

Hello,

 

I found this document which details both the required ports for shavlik protect and some methods for opening the required ports:  https://community.shavlik.com/docs/DOC-23109

 

Unfortunately I don't control our Active Directory and cannot push this out via GPO, making the changes manually is not an option either.  Has anyone scripted this by any chance?

 

Thanks,

Duncan.

Search

Java 7_45

November 1, 2013, 10:20 am
$
0
0

Hi all,

 

I am experencing issues using Shavlik to deploy Java 7u45. 18 of 54 systems did not get updated. On a test machine that had the issue this is what I did.

 

  • Scanned the system with the default patch scan temmplate, and it indicated that Java 7u45 was available. (installed version was 7u40)
  • Using the default deployment template from Shavlik I apply the update
  • Subsequent scan shows Java 7u45 still missing (Confirmed locally on the machine that Java 7u40 is still installed)
  • Locally on the machine I disabled Java update service and rebooted
  • Rescanned and reapply the update. Still no success
  • Reboot the system, rescan and apply update. Still no success
  • Locally I rename the relevant Shavlik script from .his to .bat and try to run the script locally. Still does not install
  • On the local machine if I double click the Java 7u45 file (which Shavlik places in the "ProPatches\Patches" folder) it installs

 

I have looked over the best practices guide and tried what I could, but this is happenening randomly on every Java update thru Shavlik. Last month it was 10 systems that had the issue and I had to manually go to each system and install the update. All systems are running an identical corporate image and there is nothing to indicate why the installs continue to fail randomly. We have no GPO's or security policies that I can see would cause the issue. Our usual process is to run the updates overnight using a custom template which includes a post install reboot. All other patches install fine but Java continues to be an issue.

 

We are running the latest version of Protect Advanced. I must be missing something. Does anyone else have similar issues?

 

Thanks everyone

Help upgrading to 9.1 from 8.1

June 17, 2014, 12:49 pm
$
0
0

Hello,

My company is currently running Shavlik 8.1 on a Window 2003 server with SQL 2008 R2.  It no longer will download definitions and we can not even patch with the patches that it currently knows about.  I know that I have to install a new OS.  When I install Windows 2008, do I just install Shavlik 9.1 and then install the Database in SQL 2008 (on the new server) and run the Setup database tool and it will migrate it to the 9.1 SQL database structure?   The only thing that is in there that I can't lose is the patch groups.

 

 

Any help would be greatly appreciated.

Custom Action vs. Custom XML

June 17, 2014, 2:40 pm
$
0
0

1604_157_49_cache.png

 

Purpose


There are 2 ways to push 3rd party patch/programs with Protect that are not part of the Shavlik content.

  • Method 1 - Custom Action
  • Method 2 - Custom xml.

This document outlines the Pro's and Con's of using a Custom Action vs. Custom XML for deploying 3rd party patches/programs.


Custom Action

 

Custom Action is quick to setup, but does no authenticating on the target to verify it is a needed file. It assumes any machine it deploys against needs the file.

 

Custom Action - How to perform a custom action

 

Pros:

  • Fast to setup. No detection criteria required.

Cons:

  • No differentiating between machines that need the patch and those that don't.

 

Custom XML

 

Custom XMLtakes a little longer to setup, but allows the user to define detection criteria so you scan a target for the patch and only are offered it in the event it is a file that is needed.

 

How to Create a Custom Patch

 

Pros:

  • Detection for patch to only offer patch when patch is needed.

Cons:

  • Requires up front design to setup detection criteria.

 

Affected Product(s)

Shavlik Protect All

MSWU-919 quietly re-released?

June 18, 2014, 10:52 am
$
0
0

I experience a strange problem yesterday that I haven't seen before.

 

We had previously approved the patch for MSWU-919, Q2800095 (File Windows6.1-KB2800095-x64.msu), shortly after it was initially released in April 2014

 

It appears that Microsoft re-released the file for MSWU-919.  The original file was Windows6.1-KB2800095-x64.msu and the new file is Windows6.1-KB2800095-V2-x64.msu on 6/10/14.   (notice the V2)

 

In preparation for patching this week, I downloaded patch files that we didn't' already have, but didn't actually "approve" any of them for deployment.

 

Our Shavlik agents started picking up the newly downloaded v2  version and deployed them unexpectedly.   This particular patch requires a restart, so any system that already had patch MSWU-919 previously approved, brought down and executed the new version and was restarted, causing an unexpected disruption for us.

 

I'm not sure how this got through the Shavlik patching process.  The KB is the same, but the file name seems to have changed.    I looked through the release notes of the shavlik XML files and don't see any reference to an updated version of MSWU-919.  

 

Any idea what happened and if something like this can be prevented in the future?

Error 900 when performing a patch scan after latest content release

June 20, 2014, 6:43 am
$
0
0

Symptoms

 

Error 900  Critical Error, send logs to support

Error900.PNG

 

We are  aware that some of our customers are receiving an Error 900 when performing a patch scan.  We believe a data error in the latest content release is the
root cause. We are researching the issue and should have an update soon.


Resolution


This will be corrected in a Content Release today.


Viewing all 2126 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>