Troubleshooting Patch Management within Hierarchy
search cancel

Troubleshooting Patch Management within Hierarchy


Article ID: 181686


Updated On:


Patch Management Solution IT Management Suite Client Management Suite


How do I troubleshoot Patch Management processes failing to replicate within Hierarchy:


ITMS 8.x


Review the following troubleshooting steps after ensuring the SMP is configured as detailed in "Configuring hierarchy and hierarchy replication" section of the ITMS Admin Guide:

1. Ensure the PMImport has completed on the Parent/Child SMP:

  • Scheduled Task; note longest time to begin/end and confirm only one scheduled task
  • History of PMImport and PRC shows all in order, for often the replication is working, but the PMImport is merely failing to complete.
  • Check for multiple running attempts as outlined on KM: 154817- Step 10 (often caused by PMImport running or replicating during upgrades)
  • Advisory: If issues downloading PMImport on the Child SMP (Error 401 Unauthorized) is a problem, chances are replication is misconfigured:
    • From the Console > Settings > Notification Server > Hierarchy Management > Topology > Child SMP > Right-click > Edit; on the General Tab > Access Credentials; ensure the 'use these credentials' setting is enabled, and input the Application Identity (Symantec Service Account) & Password.

2. Ensure Patch Configurations are in order for Parent and replicated to the Child SMP:

  • Confirm all Patch Configurations are in order on the Parent SMP to be replicated to the Child SMP(s) as outlined on KM: 180589
    • Remediations and Policies are configured with proper filters: KM: 181166
  • Confirm Replication Configurations are in order on the Parent SMP (Patch Management Language Alerting etc.) per KM: 180633
    • Language Alerting replication data can be viewed in the database table: Inv_PM_Hierarchy_Installed_Culture
    • Comparison of Child GUIDs can be performed via database to ensure they are identical as follows:
      • View table in Child Database: VTHISNS
      • View table in Parent Database: HierarchyNode
    • Confirm Parent/Child SMPs are listed with FQDN in Parent SMP Database table: ForwardServer

3. Ensure the replications schedules are in place: KM: 173382

  • This can cause conflicts in running processes if the start/end times overlap the replication run times
  • Plan the chronological start/end time for each replication job accordingly

4. Ensure the package replication is in order: 

  • Process outlined on KM: 180299
  • This helps review process and review to ensure there are no issues with packages failing to replicate to the Child (e.g. Parent Site Servers need packages before the packages replicate to the Child SMP)

5. Kick off the replication on schedule

  • This is performed by one of the following:
    • If the separate scheduled replication Resource Job: 'Import Patch Data Replication for Windows' is configured;
      • Configure the schedule to run in the next 5-10 minutes and wait for the process to run
    • If the scheduled replication Resource Job: 'Import Patch Data Replication for Windows' is configured to run on the 'Standard Replication' job:
      • Go to the Console > Manage > Jobs and Tasks > System Jobs and Tasks > Software Patch Management; Import Patch Data for Windows; highlight > Right-click > Hierarchy > Replicate Now
        • Note: The 'Replicate Now' process only works if using the Delta/Standard Replication, and it executes the complete Standard Replication job

6. Ensure replication activity on both Parent & Child in ‘Currently Replicating Activity Report’

  • Ensure replication manifest files being created at default: ‘C:\ProgramData\Symantec\SMP\Replication\Temp\’
  • Run the attached SQL Script (Running Replication Jobs) against the Parent/Child SMP Database to confirm the job was created
    • Also run the following SQL script against the Parent/Child SMP Database to confirm no hung job

select * from ReplicationJob
where State =2 --Running state

7. Check SMP Logs for Parent & Child; see if there are any errors replicating the processes

  • Troubleshoot any relative errors or warnings as they would be presented in the logs

8. Troubleshooting Windows System Assessment Scan (WSAS) replication:

  • Confirm the Proxy is open on the standard ports for downloading this package
  • Confirm the WSAS is configured to the default Filter as the managed Target on the Child SMP may not be the same if the Parent's WSAS is configured to target a custom Filter
    • Review best practice configurations for the WSAS on KM: 178560

Advisory: If you find the Child SMP Compliance Reports fail to target IsApplicable for updates; confirm the Update count is accurate in the Patch Remediation Center by comparing them to the PRC on the Parent SMP. If you find the Child PRC count is lower than the Parent PRC for that Bulletin; highlight the Bulletin in each PRC, select 'List Software Updates' and compare the listing. If the Child SMP is missing all named language updates (e.g. English etc.), and only lists Invariant Languages; ensure the Patch Management Language Alerting is configured as outlined on KM: 180589. Please contact support for further assistance if this setting is in order.

Note: If seeing errors regarding 'Unable to generate policy XML for item' on Child SMP; review 163870.


SQL - Clean up Language Alerting.txt get_app
(BEST for 7.1 SP1-7.5) Running Replication Jobs.txt get_app