ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Retained Windows XP Software Updates

book

Article ID: 150318

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

 

Resolution

Recent Import Patch Data for Windows (PMImport) Download removed multiple Windows XP Software Update Policies as outlined on INFO3409.

Section #1:

Please review the following process only if the Windows XP updates had been downloaded and managed in the environment prior to this removal and need to be managed moving forward.

Advisory: This will only work following download of PMImport v7.1.781 (scheduled for 3/3/2016) and only if the Software Update Packages were not deleted with the setting: 'Delete previously downloaded data for vendors, software and languages that are now excluded' was left disabled on the Import Patch Data for Windows (PMImport) Policy, for if that setting was enabled post removal, the Windows XP Software Update Packages would have been cleaned-up from the NS (however they may be still retained on package servers).

  1. Drill down on the SMP to the Updates storage:
    • Default: C:\Program Files\Altiris\Patch Management\Packages\Updates
    • Copy the Software Bulletins from this download location and place them in a 'staging location'
      • Advisory: Any Windows XP packages not already downloaded will not be able to be managed for the download URL from the vendor was removed.
  2. Enable the setting: 'Download from staging location:' on the Console > Settings > All Settings > Software > Patch Management > Core Services; input the directory to be a different location than that listed in the 'To Location' setting on this same policy and maintain the setting for 'Use application credentials' as follows (unless the specific credentials are required to access the staging location:
    • ​​
    • Note: This will allow verification of the Software Update files already downloaded binaries without trying to re-download them from Microsoft's site which is no longer available.
       
  3. Run the PMImport with the 'Automatically revise Software Update policies after importing patch data' setting enabled.
    • Note: This task will include Windows XP Software Updates into existing Software Update Policies that have not been deleted as included with other Software Updates within those policies.
       
  4. Recreate the Software Update Policies for Windows XP Software Updates which were deleted in previous PMImport download.
    • Performed on the Console > Actions > Software > Patch Remediation Center; highlight the Software Bulletin > Right-click > Distribute Packages.
    • Note: This will recreate the Software Update Policies which were completely deleted as they were the only Software Bulletins held in the policies.
       
  5. Disable the setting: 'Download from staging location:' on the Console > Settings > All Settings > Software > Patch Management > Core Services once this process has completed.
    • ​​Note: This will ensure downloading the updates from Microsoft will proceed with future Software Bulletin releases moving forward.

Advisory: The settings above apply to a one time execution and can be retorted once the PMImport v7.1.781 completes and the updates have been downloaded from this Staging Location. This process will not download any Windows XP Software Updates that were not previously downloaded in the environment as they are no longer available from the vendor, for this process is merely allowing the continued deployment of currently downloaded Windows XP Software Updates and retain their resource associations in the database.

Hierachy Configurations: work through the process as outlined above on the Child SMP(s), for they will need the ability to manage the packages from the 'Staging Location' as the Download Software Updates following the Patch Management Import Data Replication for Windows scheduled tasks will replicate the PMImport data from Parent to Child SMP, and then download the Software Updates which were downloaded by the Parent SMP and replicated to the Parent SMP's Package Server per regular package management processes within a Hierarchy.

  • Alternatively, if that replication schedule is not enabled, the process of Topology Replication schedule (Delta Replication) will be executed and run the Patch Management Import Data Replication for Windows on that schedule, follwed by the Download Software Updates. The PMImport, then allow for the scheduled replication from the Topology to run, for that will execute the Patch Management Import Data Replication and the subsequent processes detailed above. 
     
  • Once this process has completed on the Child SMP and the Windows XP Software Update Packages & Policies have replicated, targeted and installed on managed Clients, then the PMImport configurations on the Parent SMP may be configured to clean-up the PRC for deployment of the Windows XP Software Updates as outlined in Section #2.

Section #2:

If Windows XP Software Updates are to be removed as they are no longer being managed, and this process is not being worked through to maintain them, there will be the following entries in the SMP Server Log Viewer:

  • Error: Download failed for 'Windows XP URL'
  • Warning: The remote server returned an error: (404) Not Found
  • Error: The NS failed to refresh package snapshot. Couldn not access the package path.
  • Warning: Unable to create the distribution shares for package "WindowsXP" (Guid:). Reason: System.ComponentModel.Win32Exception: Overlapped I/O operation is in progress
  • Warning: The package with guid WindowsXP (GUID) references a location on the Notification Server that does not exist (C:\Program Files\Altiris\Patch Management\Packages\Updates\Bulletin\Windows XP

Work through the following:

  • Open PMImport
  • Disable the 'Incremental download' setting
  • Enable the 'Delete previously downloaded data for vendors, software and languages that are now excluded' setting
  • Expand the Vendor & Software section: Disable all 'XP' associations listed as follows:
    • Office XP
    • Windows XP
    • Windows XP Home Edition
    • Windows XP Professional
    • Windows XP Tablet PC Edition
    • Windows XP Embedded
    • Windows Embedded Standard 2009
    • Windows Media Player 9
    • Windows Media Player 10
    • Windows Media Player 11
    • Internet Explorer 8
    • Internet Explorer 8 (x64)
    • Word Viewer 2003
    • DirectX 8.1
    • DirectX 9.0c
    • Internet Information Services 5.1
    • Internet Information Services 6.0 (x64)
    • MDAC 2.7
    • MDAC 2.8
    • MDAC 2.8 (x64)
    • Windows Media Services 9 Series
    • Windows Search 4.0
       
  • Click 'Save Changes' on the PMImport
  • Click 'New Schedule' and run 'Now' or allow the PMImport to update with the changes detailed above on schedule.

Caution: If these steps are followed after PMImport v7.1.781; PMImport will need to be configured to run with 'Incremental download' setting disabled for the process to update the Windows XP updates in the SMP Server database. This only needs to be executed once following v7.1.781 to update the Import Patch Data for Windows tables in the database. The setting may be re-enabled moving forward.

Note: Due to the intricacy of the product; it is difficult to isolate all necessary exclusions, so a SQL query has been written and attached. This query can be implemented into a custom SQL Report on the Console, or it may be reviewed in SQL Server Management Studio ran against the Symantec_CMDB database. Note: The BULLETIN NAME needs to be implemented into the lower segment of the report and that will return the Product name to be disabled for the Windows XP only updates, for Windows Server 2003 updates are still available for download.

Additionally, the attached SQL Script has been found to rarely find the associations in the database, and working through the following process will help isolate the affected Products:

  1. Go to the Console > Actions > Software > Patch Remediation Center.
  2. Highlight the Software Bulletin > Right-click > Resource Manager.
  3. Click on More... link under the Resource associations > Software Bulletin to Software Update segment and then select one of the populated links in the right pane for the individual Software Update:
  4. In the newly populated window; click Summaries > Software Update Details:
  5. Then view the Affected Resources for that Software Update:
  6. This process may be repeated to confirm the Products that need to be disabled for clean-up of Windows XP Software Updates.

Note: If there appears to be a targeting issue with these effected Software Updates; Software Management will need to be utilized to deploy them, for the rule logic management is no longer supported for these EOL Updates.

Advisory: If Windows XP related updates are cleaned-up; please review TECH235091 on how to refund the Patch Management License for Windows XP Clients.

Attachments

Isolate Product to Bulletin Association.txt get_app