I am trying to get Ivanti Patch for Windows to find the same missing patches as Windows Update.  So far, using the "non-security" patch check boxes I can get it pretty close.  However, there are still a few things off.  For example this month I show this patch missing in Windows Update:

However, when I scan in Ivanti, it does not show this patch missing (I am not concerned about MSRT or .Net 4.71 as those are not patches).  Does anyone know what options I need to check/enable in my Ivanti scan to get it to see this patch as missing?

Thanks

NK

Overview

We have seen numerous changes to how Microsoft content was being organized through 2016 and 2017, the two main changes being the following:

1. On October 2016, Microsoft moved to a security bundle and monthly patch rollup model for Windows 7 and newer, supplying a single KB each respective branch.

2. On April 2017, Microsoft abandoned the Security Bulletin model that had been used for nearly 20 years.

The Ivanti Content team has worked hard to accommodate these changes, while attempting to preserve the previous bulletin organization. This allowed our customers to navigate these drastic changes with confidence, ensuring the updates released each month were properly accounted for. It has been a year since the last major change to Microsoft’s patching model.In response to this, the Ivanti Content team is normalizing our content to be more consistent each month. The more readable bulletin model is preserved, with the Microsoft KB appended to the end.

The new Security Bulletin mappings our products will be using: MS[YY]-[MM]-[PP]-[KB]

• MS = Microsoft
• YY = Year
• MM = Month Released
• PP =  Product
• Followed by the KB number

Here are some examples:

• MS18-03-OFF-3114416
  • All Office patches
• MS18-03-IE-4089187
  • All IE patches
• MS18-03-AFP-4088785
  • All Microsoft released Flash patches
• MS18-03-W10-4088776
  • All Windows 10 patches, rollups and Deltas
• MS18-03-SO7-4088878
  • Security Only Update for Windows 7 and Server 2008 R2
• MS18-03-SO8-4088880
  • Security Only Update for Server 2012
• MS18-03-SO81-4088879
  • Security Only Update for Windows 8.1 and Server 2012 R2
• MS18-03-MR7-4088875
  • Monthly Rollup for Windows 7 and Server 2008 R2 (this is the rollup that includes non-security fixes)
• MS18-03-MR8-4088877
  • Monthly Rollup for Server 2012 (this is the rollup that includes non-security fixes)
• MS18-03-MR81-4088876
  • Monthly Rollup for Windows 8.1 and Server 2012 R2 (this is the rollup that includes non-security fixes)

  .NET Patches will follow a slightly different naming scheme:

• MS[YY]-[MM]-[TT][PP]-[KB]
  • YY = Year
  • MM = Month
  • TT = Type (Security Only or Monthly Rollup)
  • PP = Product (.NET)
  • KB = Parent KB
• MS17-12-SONET-1234567 MS17-12-MRNET-1234567
  • Security only patches associated with that parent KB
  • Security patch type
  • Monthly Rollup associated with that parent KB
  • Non-Security patch type

Non-security .NET Patches also have a slightly different naming scheme:

• MSNS[YY]-[MM]-[TT][PP]-[KB]
  • YY = Year
  • MM = Month
  • TT = Type (Quality Preview or Quality Rollup)
  • PP = Product (.NET)
  • KB = Parent KB
• MSNS17-12-QPNET-1234567 MSNS17-12-QRNET-1234567
  • Quality Preview patches associated with that parent KB
  • Non-Security patch type
  • Quality Rollup associated with that parent KB
  • Non-Security patch type

Office 365

Additional Information

Additional Naming Conventions

• QP = Quality Preview
• NS = Non-Security

Microsoft released the following article for FAQ on the changes made: Security Updates Guide dashboard and API:

Q: Why is the security bulletin ID number (e.g. MS16-XXX) not included in the new Security Update Guide?

A: The way Microsoft documents security updates is changing. The previous model used security bulletin webpages and included security bulletin ID numbers (e.g. MS16-XXX) as a pivot point. This form of security update documentation, including bulletin ID numbers, is being retired and replaced with the Security Update Guide. Instead of bulletin IDs, the new guide pivots on vulnerability ID numbers and KB Article ID numbers.

Affected Products

Shavlik Protect

Ivanti Patch for Windows Servers

Ivanti Patch for SCCM

   1374 Views    Categories:    Tags:  landesk management suite 2016.x, patch tuesday, next gen naming

Purpose

The purpose of this article is to go over the issues that may arise when TLS 1.0 is disabled in the environment and how to get Shavlik Protect and Patch for Windows Servers to work with TLS 1.2.

Symptoms

Per PCI requirements, all SCHANNEL protocols are vulnerable, except for TLS 1.2. Organizations may already have a GPO in place to disable all the protocols, except for TLS 1.2 (namely SSLV2, SSLV3, TLS1.1, and TLS1.0). Issues that can arise when these channels are disabled include:

• Connection to Shavlik Protect SQL database cannot be established:

Attempting to recover from a broken connection in the database connection pool. Attempt: 1, connection state: Closed, error: System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - No process is on the other end of the pipe.) ---> System.ComponentModel.Win32Exception (0x80004005): No process is on the other end of the pipe

• Commands to Shavlik Protect Agents are unsuccessful - Agents did not respond:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://consolename.FQDN:3121/ST/Console/STS/ConsoleSTS. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. --->System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

• Cannot download patches from vendors:

The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

• Deployment Tracker gets stuck at Scheduled or Executing when deploying to target machines

Cause

TLS 1.0 is not enabled.

Resolution

You must either enable TLS 1.0 or configure TLS 1.2 correctly using Enabling TLS 1.2 for Shavlik Protect and Ivanti Patch for Windows .

Affected Product(s)

Ivanti Patch for Windows Servers 9.3

Shavlik Protect 9.x

Purpose

The purpose of this document is to go over what to do when the deployment tracker fails to update beyond Scheduled.

Symptoms

• Deployment tracker will stay at scheduled despite the deployments being initialized on the target machines being deployed to.
  
• Deployment tracker shows scheduled:

• When looking at the STDeployerCore.log on the target machine(s), you will see results similar to below indicating the patches were installed successfully:

2016-10-06T21:01:35.1775494Z 0b78 I DeploymentPackageReader.cpp:782 Deploy package 'C:\Windows\ProPatches\Installation\InstallationSandbox#2016-10-06-T-21-00-54\deployPackage-2855.zip' successfully opened unsigned for package IO

2016-10-06T21:02:38.2639494Z 0b78 I Authenticode.cpp:134 Verifying signature of C:\Windows\ProPatches\Patches\Windows6.1-KB2544893-x64.msu with CWinTrustVerifier

2016-10-06T21:02:38.3263494Z 0b78 V UnScriptedInstallation.cpp:29 Executing (C:\Windows\ProPatches\Patches\Windows6.1-KB2544893-x64.msu /quiet /norestart), nShow: true.

2016-10-06T21:02:47.7895494Z 0b78 V ChildProcess.cpp:140 Process handle 000004FC returned '0'.

Cause

• Port 3121 being blocked.
  • Port Requirements for Ivanti Patch for Windows Servers (Formerly Shavlik Protect)
• The Deployment Template used for the deployment doesn't have 'Send Tracker Status' enabled.
• TLS 1.0 may be disabled
  • Disabling TLS 1.0 may causes issues with Protect and Patch for Windows Servers
• The Console Alias Editor doesn't have the NetBIOS name, FQDN, and IP address of the Protect console added to it.
• The Shavlik Scheduler is in a corrupted state.

Resolution

1. Ensure that port 3121 is not being blocked in your network. Perform a telnet command from the target machine(s) to your Protect console machine's IP or FQDN address.

telnet {console IP/FQDN} 3121

     If Telnet is not installed, you will see the following:

     To Enable Telnet:

     If the port is blocked, you will see a similar error:

   If at this point you see the port fail to connect, you will need to make sure that 3121 is enabled in your network before attempting to deploy again.

     If the port is not blocked, you should see a blank command prompt:

2. Once you have confirmed that port 3121 is able to connect, check to ensure that your Deployment Template being used has 'Send Tracker Status' enabled:

3. Confirm that either TLS 1.0 is enabled between the console and the problem client machine or TLS 1.2 is properly configured Disabling TLS 1.0 may causes issues with Protect and Patch for Windows Servers.

4. Verify that you 'Console Alias Editor' has all of the following located within it:

• Console NetBIOS name
• FQDN
• IP address

Tools > Console Alias Editor

Once updated, test your deployment again. If the device is able to properly connect, the tracker status will updated as expected.

If after updating the 'Console Alias Editor' the deployment status is still showing 'Scheduled', you will find in the dplyevts.log file on the target machine something similar to the following:

PingBack.cpp:63 Sending data to 'https://PROTECT-92-5119:3121/ST/Console/Deployment/Tracker/V92' failed: 12002.

If you find something similar to the above, you will need to uninstall the scheduler service from the machine(s).

Protect 9.2:

Manage > Scheduled Remote Tasks

Find device(s) being deployed to, right click the machine and select 'Refresh Selected':

Device will be shown as 'Online':

Once online, right click the device again, go to Scheduler service > Uninstall:

Patch for Windows Servers 9.3:

View > Machines

Find the device affected using the search window

Highlight machine > Right-click > View scheduled tasks

Click Uninstall to remove the scheduler service.

NOTE: To validate scheduler is uninstalled, go to C:\Windows\ProPatches and if you don't see a folder named Scheduler, the service was uninstalled.

Test another deployment to your target machine(s). During this deployment, the Scheduler service will reinstall and should update the deployment tracker to show the deployment operation executing.

Additional Information

• Deciphering Shavlik Protect Deployment Tracker Status Messages
• Using Telnet to Test Ports
• Understanding installer return codes

Affected Products

Shavlik Protect 9.2.x

Ivanti Patch for Windows Servers 9.3.x

Overview

This document provides a list of required URL addresses for Shavlik Protect and Ivanti Patch for Windows Servers to allow:

• Patch executable download.
• Patch content definition download.
• Online license activation or license refresh.
  
• Home page RSS feed.
  
• Product check for update.
  

URL List

The following URLs may be used to download updates and must allowed through firewalls, proxies and web filters:

Additional Information

• To obtain the IP for vendor sites you can ping the vendor site or contact the vendor to obtain this information. We are unable to provide a list of IP addresses due to the varied dynamic IP addresses being used by the vendors. It may be easier to create an exception for an entire domain rather than entering all specific URLs, you can usually do so by entering the exception in this format:
  • *.domain.com.

Affected Product(s)

Shavlik Protect

Ivanti Patch for Windows Servers

Purpose

This article provides steps to perform a manual uninstall and re-install of the Shavlik (ST) Remote Scheduler service on a single machine.

Description

1. On the target machine:
   1. Open a command prompt as an administrator.
   2. Run this command:

           c. CD C:\Windows\ProPatches\scheduler

           d. Run this command:  stschedex.exe /remove

   2.  Open Windows Explorer and delete the C:\Windows\ProPatches folder and its contents.

   3.  Open Windows Registry Editor and verify that the following registry keys have been deleted:

• 9.x key for 32bit: HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\Shavlik Protect\Scheduler
• 9.x key for 64bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LANDesk\Shavlik Protect\Scheduler

Further steps to ensure successful re-installation of the scheduler service:

1. On the Protect console:
   • In Shavlik Protect 9.x:
     • Go to Manage> Credentials.
     • Add credentials that you want to use as default or edit existing credentials to ensure that the password is up-to-date.
     • Ensure to set the proper credentials as the default credentials.
     • Go to Tools > Options > Scheduling and ensure the Shavlik Scheduler is selected.

Alternatively, to uninstall the Scheduler from a target machine on the Protect console:

1. Click Manage> Scheduled Tasks.
2. Right-click the target machine name in the list on the left, and click Scheduler Service> Uninstall.

Installation of the scheduler service:

During next deployment to the target system, the scheduler is automatically reinstalled. If you prefer to force the install of the scheduler service prior to the next deployment you can do so in the Protect console by going to Manage > Scheduled Tasks, then right click on a target system name in the list on the left and choose Scheduler Service > Install.

If this issue exists on multiple systems:

If you are experiencing this problem on multiple systems and would like a way to resolve the issue for all machines affected, please refer to this document on how to set up a custom action to delete the scheduler service from target systems:

http://community.shavlik.com/docs/DOC-23009

Affected Product(s)

Shavlik Protect 9.x

Hey group,

I handle the windows server patching for our org with about 2,000 servers, currently use Ivanti Patch for Windows Server, and would love to bang some ideas back and forth with other groups responsible for patching to swap stories and find out how each of you are handling your patching governance, prep and deployment etc.

If anyone is interested in a bit of a group conversation, something more than is possible through just forum discussions, let me know. I'll put together a bit of a template and maybe we can get a call going between a few of us.

Thanks in advance, chat soon.

Joey

I've created an agent policy which will patch a machine at a scheduled time. This part has worked. These are the messages from the machine.

However what I don't get is why I can't see the results from my Shavlik console. I can see the results of machines I've patched and scanned manually.

But I would expect to see the results of Agent installs as well. I have left the check-in time to 480 mins but I ran a check in request from the console to the machine.

Now if I generate a report using the Reporting function I can see the patch report. So I know the Agent job worked and it reported back to the console.

When I look at the machine in machine view, it is out of date however.  I can't see the patches I've just applied. It looks to be getting the information from the last time a scan was run on the machine manually.

Q4074590 isn't showing here. Which is the February cumulative patch.

I was under the impression a check-in to the console would fill in the results of the patching and show an Agent install and show the correct level of patching in machine view.

Is this the case, or will it take time for the Agent install to propagate its results to the Ivanti Console?

I can see that's scans have taken place if I create reports to query the database. But surely Agent installs should show up in the results Window? Or do I have to run some sort of scan afterwards?

Help!!!

Just wanted to make sure this update is superseded by the Feb Outlook update KB4011682. The update catalog does not list it as being replaced by 4011682 but Ivanti is showing it as effectively installed on systems that have that.

I have a password manager that has a Rest API , we wanted to use the password rotate options. So I looked at your powershell module and I have a few questions around this.

1) I see 2 cmdlets that I could use Add and Remove-STCredential

What I wanted to do is remotely reset the stored credentials , I know I can store the password in secure text and add-STcredential with the new password but ,

     a) Add a credential is not the same as editting one. I don't want to remove the credentials as that might break associations to group that were made.

     b) In essence i wanted to backdoor into a current credentials that is setup as a default cred and assigned to groups and change the password without breaking anything etc.

2) How can accomplish password change without much hassel ?

2018-05-14T01:18:36.6872518Z 0108 I SequenceState.cpp:30 Sequence state file 'C:\Windows\ProPatches\Installation\InstallationSandbox#2018-05-14-T-01-15-05\8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.sequence.txt' does not exist, reverting sequence to default.

2018-05-14T01:18:36.6872518Z 0108 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:18:36.7028518Z 0108 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:18:36.7028518Z 0108 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:18:57.7160518Z 0108 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:18:57.7160518Z 0108 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:18:57.7160518Z 0108 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:18:57.7160518Z 0108 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:18:57.7160518Z 0108 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:18:57.7160518Z 0108 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:19:18.7136518Z 0108 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:19:18.7136518Z 0108 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:19:18.7136518Z 0108 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:19:18.7136518Z 0108 I PingBack.cpp:53 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:19:18.7136518Z 0108 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:19:18.7136518Z 0108 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:19:33.6896518Z 0108 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:19:33.6896518Z 0108 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:19:33.6896518Z 0108 E PingBack.cpp:63 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:26:03.9580000Z 0144 I TrackerAddress.cpp:49 Read 3 messages from '8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.tracker'.

2018-05-14T01:26:04.0048000Z 0144 I DplyEvts.cpp:291 PingBack updates code - tracker(https://8a11fa7b-ad2b-4b72-b238-b8e51a6d382b:3121/ST/Console/Deployment/Tracker/v92)  deploymentId(8a11fa7b-ad2b-4b72-b238-b8e51a6d382b), machineId(370433), status(43), failure(false), terminal(false).

2018-05-14T01:26:04.0048000Z 0144 I SequenceState.cpp:30 Sequence state file 'C:\Windows\ProPatches\Installation\InstallationSandbox#2018-05-14-T-01-15-05\8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.sequence.txt' does not exist, reverting sequence to default.

2018-05-14T01:26:04.0048000Z 0144 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:26:04.0204000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:26:04.0204000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:26:25.0492000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:26:25.0492000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:26:25.0492000Z 0144 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:26:25.0492000Z 0144 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:26:25.0492000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:26:25.0492000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:26:45.3760000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:26:45.3760000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:26:45.3760000Z 0144 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:26:45.3760000Z 0144 I PingBack.cpp:53 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:26:45.3760000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:26:45.3760000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:27:06.3892000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:27:06.3892000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:27:06.3892000Z 0144 E PingBack.cpp:63 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:27:06.6076000Z 0144 I TrackerAddress.cpp:49 Read 3 messages from '8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.tracker'.

2018-05-14T01:27:06.6076000Z 0144 I DplyEvts.cpp:291 PingBack updates code - tracker(https://8a11fa7b-ad2b-4b72-b238-b8e51a6d382b:3121/ST/Console/Deployment/Tracker/v92)  deploymentId(8a11fa7b-ad2b-4b72-b238-b8e51a6d382b), machineId(370433), status(43), failure(false), terminal(false).

2018-05-14T01:27:06.6076000Z 0144 I SequenceState.cpp:30 Sequence state file 'C:\Windows\ProPatches\Installation\InstallationSandbox#2018-05-14-T-01-15-05\8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.sequence.txt' does not exist, reverting sequence to default.

2018-05-14T01:27:06.6076000Z 0144 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:27:06.6076000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:27:06.6076000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:27:25.4056000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:27:25.4056000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:27:25.4056000Z 0144 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:27:25.4056000Z 0144 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:27:25.4056000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:27:25.4056000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:27:46.4188000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:27:46.4188000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:27:46.4188000Z 0144 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:27:46.4188000Z 0144 I PingBack.cpp:53 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:27:46.4188000Z 0144 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:27:46.4188000Z 0144 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:28:07.3072000Z 0144 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:28:07.3072000Z 0144 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:28:07.3072000Z 0144 E PingBack.cpp:63 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:33:48.4792000Z 0530 I TrackerAddress.cpp:49 Read 3 messages from '8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.tracker'.

2018-05-14T01:33:48.4948000Z 0530 I DplyEvts.cpp:291 PingBack updates code - tracker(https://8a11fa7b-ad2b-4b72-b238-b8e51a6d382b:3121/ST/Console/Deployment/Tracker/v92)  deploymentId(8a11fa7b-ad2b-4b72-b238-b8e51a6d382b), machineId(370433), status(43), failure(false), terminal(false).

2018-05-14T01:33:48.4948000Z 0530 I SequenceState.cpp:30 Sequence state file 'C:\Windows\ProPatches\Installation\InstallationSandbox#2018-05-14-T-01-15-05\8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.sequence.txt' does not exist, reverting sequence to default.

2018-05-14T01:33:48.4948000Z 0530 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:33:48.4948000Z 0530 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:33:48.4948000Z 0530 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:34:09.5080000Z 0530 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:34:09.5080000Z 0530 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:34:09.5080000Z 0530 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:34:09.5080000Z 0530 I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:34:09.5080000Z 0530 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:34:09.5080000Z 0530 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:34:30.5212000Z 0530 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:34:30.5212000Z 0530 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:34:30.5212000Z 0530 E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:34:30.5212000Z 0530 I PingBack.cpp:53 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:34:30.5212000Z 0530 W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:34:30.5212000Z 0530 E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:34:51.5188000Z 0530 E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:34:51.5188000Z 0530 E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:34:51.5188000Z 0530 E PingBack.cpp:63 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:40:33.7672000Z 085c I TrackerAddress.cpp:49 Read 3 messages from '8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.tracker'.

2018-05-14T01:40:33.7672000Z 085c I DplyEvts.cpp:291 PingBack updates code - tracker(https://8a11fa7b-ad2b-4b72-b238-b8e51a6d382b:3121/ST/Console/Deployment/Tracker/v92)  deploymentId(8a11fa7b-ad2b-4b72-b238-b8e51a6d382b), machineId(370433), status(43), failure(false), terminal(false).

2018-05-14T01:40:33.7672000Z 085c I SequenceState.cpp:30 Sequence state file 'C:\Windows\ProPatches\Installation\InstallationSandbox#2018-05-14-T-01-15-05\8a11fa7b-ad2b-4b72-b238-b8e51a6d382b.sequence.txt' does not exist, reverting sequence to default.

2018-05-14T01:40:33.7984000Z 085c I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:40:33.7984000Z 085c W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:40:33.7984000Z 085c E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:40:47.1052000Z 085c E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:40:47.1052000Z 085c E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:40:47.1052000Z 085c E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:40:47.1052000Z 085c I PingBack.cpp:53 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:40:47.1052000Z 085c W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:40:47.1052000Z 085c E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:41:01.6288000Z 085c E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:41:01.6288000Z 085c E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:41:01.6288000Z 085c E PingBack.cpp:63 Sending data to 'https://CHH-VC-PROTECT.OSI-ASP.NET:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

2018-05-14T01:41:01.6288000Z 085c I PingBack.cpp:53 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92'.

2018-05-14T01:41:01.6288000Z 085c W HttpDownload.cpp:560 IE Proxy not found: 2.

2018-05-14T01:41:01.6288000Z 085c E HttpDownload.cpp:492 AttemptIEProxySession failed.

2018-05-14T01:41:22.6576000Z 085c E HttpDownload.cpp:1029 WinHttpSendRequest failed: 12029.

2018-05-14T01:41:22.6576000Z 085c E HttpDownload.cpp:500 AttemptStraightSession failed.

2018-05-14T01:41:22.6576000Z 085c E PingBack.cpp:63 Sending data to 'https://172.16.28.150:3121/ST/Console/Deployment/Tracker/v92' failed: 12029.

Hello,

I would like to update my baselines automatically or by clicking a Powershell Script. It seems that the only way could be to use the new API and Powershell.

There is a Add-PatchGroupItem cmdlet that seems to be the key but I have to specify bulletin or KB name. There is no way to get the Ivanti Patches by date or a list of all of the patches.

Is there any way to query the Ivanti Patches with arguments (date before, date after) in order to add them in a baseline with the Add-PatchGroupItem ?

Thanks in advance

Best regards

Gabriel Maret

regarding Ivanti Patch for Windows® Servers Standard 9.3.0 Build 4510

I've been asked to produce a report that details the inventory for all patching groups, meaning lists all the hostnames for the servers contained in each patching group.

Does something like this exist in the canned reports?

https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 article mentions that may patches change the default setting from Vulnerable to Mitigated.

We patched some of our servers and did not notice any RDP issues when we tried to connect from unpatched server to patched server?

We also did not find registry value on the patched server? how does may patch change the default setting from Vulnerable to Mitigated?

hello

if you scan machines with the creator update installed with custom action, it reports no patch missing

it should have a patch count of 1

this happened before when 1511 was released

see  Re: windows 10 build 1511  custom actions no longer work

please can you add build 1703 to supported OS for custom actions

thanks in advance

neil

I am trying to get Ivanti Patch for Windows to find the same missing patches as Windows Update.  So far, using the "non-security" patch check boxes I can get it pretty close.  However, there are still a few things off.  For example this month I show this patch missing in Windows Update:

However, when I scan in Ivanti, it does not show this patch missing (I am not concerned about MSRT or .Net 4.71 as those are not patches).  Does anyone know what options I need to check/enable in my Ivanti scan to get it to see this patch as missing?

Thanks

NK

Hi,

Will patch 9.3 for Windows handle Office 365 click to run version updates? I have read that it should make the client go out and download the update itself, but we have a few machines that are on the monthly release channel and the patch scanning is not reflecting that they need the current April 25th version 1804. They are on 1803, the April 10 update. We do have a GPO in place to prevent Office from auto-updating itself, as we wanted to handle it through Ivanti.

Thanks

have notiched some wired stuff today

if i have a 2012r2 server and scan it with a patch group, where i have only selected windows server it shows it missing 96 patches

if i only select windows server 2012r2, it tells me that there missing 16 patches, thats make no sence to me, is this a bug or ?

I am attempting to install the latest Windows 10 Build update 1803.  I am following this document Windows 10 Build Upgrade Deployment Support in Protect 9.2+ and Patch for Windows Server 9.3+

I have downloaded and renamed the .ISO as per the document.  The error I receive is

Heres my situation.  For our remote users we are using Direct Access for remote access.

The agents on the remote machines, when they check in to the console show the IP Address of our Remote Access server.

I've read that the Ivanti Patch Console supports IPV6 but when showing in the console will only show the ipv4 address. 

The problem with this is I am not able to do any management of the agent from the console, initiating a scan, requesting an agent checkin, etc. 

Now, I can ping the IPV6 address of the remote machines, and I can manually install the agent by adding the IPV6 address to a machine group:

and it will go out and check and return the actual machine name and allow me to deploy an agent to it

but in the console it will show the address of our DA server:

Once its in that state all of my control ends.  I can't initiate any scan, checkin or anything. 

Anyone else having this issue? Have a workaround?