Windows System Assessment Scan fails with error code -2147467259
Article ID: 188935
Updated On:
Products
Issue/Introduction
This document addresses an issue regarding the execution behavior of the Windows System Assessment Scan (WSAS) policy when configured with a "Run Once" schedule alongside the option to “Execute scan immediately on clients when this policy is first received or when this policy is modified.” > A common configuration objective is to have the WSAS automatically trigger following each Patch Management Import (PMImport) update. However, under these specific settings, administrators may observe that workstations return an assessment scan code of -2147467259 and fail to execute subsequent scans. This guide clarifies the underlying policy logic and provides the recommended configuration to ensure reliable, automated assessment scheduling.
Environment
ITMS 8.x
Patch Management 8.x
Cause
This behavior is due to the fundamental logic of the "Run Once" policy constraint. When a policy is configured to execute only once, the client agent marks the task as complete after the initial run. Because a PMImport update refreshes patch definitions but does not modify the structural configuration of the Windows System Assessment Scan (WSAS) policy itself, the client agent does not recognize a "modification" event. Consequently, the policy transitions to an inactive state on the endpoints, and no subsequent scans are initiated.
Resolution
To ensure the Windows System Assessment Scan (WSAS) policy remains active and consistently evaluates endpoints for missing patches, implement a recurring schedule rather than a "Run Once" configuration.
Recommended Actions:
Adjust the Schedule: Modify the WSAS policy schedule from "Once" to a repeating pattern. For optimal balance between network performance and up-to-date vulnerability reporting, a Daily or Weekly recurring schedule is recommended.
Verify Target Scope: Ensure the policy is configured to target all applicable client workstations.
Implementing a repeating schedule ensures the policy remains active within the client agent framework, allowing endpoints to evaluate new patch metadata immediately following each PMImport update.
Feedback
