Purpose

This document provides documentation to our clients on how Java deployments in Protect have changed recently and why these changes had to be made, as well as providing best practices to ensure proper deployment of Java patches.

Symptoms

Shavlik Protect users may have experienced issues deploying recently released Java patches (Java 7 Update 71), or noticed changes in the deployment mechanism. In some cases Java deployment status may repeatedly return the status "Reboot may be required\Installation failed". In other cases Java patch deployments that previously worked without a reboot may not show up as installed in Protect as installed until a reboot is completed. Understanding changes made to Java deployment in Protect and how to respond to them can help administrators keep Java fully patched in their environment.

Description

Due to changes in recently released Java patches (Java 7 Update 71+) that caused silent patch installations to fail - changes had to be made to the way Shavlik deploys these and future Java patches. These changes had to be made to ensure continued support of Java patches in Shavlik Protect.

Java update installs will now be scheduled to run at system reboot. This means that deployments that do not require a reboot will not complete until a reboot is processed. Additionally, because deployments are processed at boot using a deployment template that removes temporary files will ensure failure. (For more information see the following document: Remove Temp Files option may cause Java 7 Update 71 and later fail to install).

Resolution

To ensure successful patching, deployments of Java 7 Update 71+ should use a Deployment Template that will reboot the client and does not remove temp files.

Product

Shavlik Protect 9.x