Resolution

Resolution #1: Use Wireshark to determine the Cipher Suite that the Website requires, and then use IISCrypto (download from Nartac.com) to 'add' this Cipher Suite to the OS of the SMP Server (click Best Practices in IISCrypto usually works).  See KB How to Get the Cipher Suite List Presented in Wireshark.

Resolution #2: If you're getting the (403) Forbidden error,  then you may have a Proxy and this new URL may need to be Whitelisted on the Proxy.  See the Error logs for the exact URL to add to the Whitelist.

Workarounds

Workaround #1.

Create a Software Package by Importing the Bulletin files as a new Software Package; then create a Managed Software Policy to deploy the Software Package, and finally create a Target of vulnerable systems.

Steps to complete the Workaround #1 using MANAGED SOFTWARE DELIVERY POLICY:

1. Download the Update files to any computer
   1. The specific URL can be found in the SMP Logs for the patch you are trying to download. Alternatively, Google may be helpful
2. Copy the file over to the SMP
3. Use the Import Method to create a new Software Package
   1. See Page 39 of KB Software Management Best Practices and Troubleshooting 8.5/8.6/8.7 for additional information and instructions
4. Create a Managed Software Delivery Policy to deploy the package to targeted systems.
   1. See Page 77 of KB Software Management Best Practices and Troubleshooting 8.5/8.6/8.7 for additional instructions
5. Create a Target of systems to deploy
   1. Pages 78 and 71 of KB Software Management Best Practices and Troubleshooting 8.5/8.6/8.7

Workaround #2

This method brings the update into Patch Management by recreating the expected file structure as if the files were downloaded by another SMP, and then importing those files into the current SMP.

In Part 1, we manually create the staging paths to import from (the Desktop works well for this).
In Part 2, we import the files from the Desktop into Patch Management.

As an example of how this works, we will use Wireshark and TeamViewer updates.

Part 1 – Manually create the staging paths and files

1. Open Altiris Log Viewer

   • Start > Symantec > Altiris Log Viewer

2. Locate the failed download messages.

   • If needed, use Find and search for the application name (for example Wireshark).

3. For each file download attempt you will typically see log entries similar to the following:

   1. [1 / 4] Downloading Software Update Package [Wireshark-win64-X.X.XX.exe for WIRES34-XXXXX]

   2. Start download [from:'https://2.na.dl.wireshark.org/win64/Wireshark-win64-X.X.X.exe'
to:'X:..\...\Updates\WIRES34-XXXX\{<XXXXXXX-some-GUID>}\Wireshark-win64-X.X.X.exe'
task:Download Software Update Package]

4. These log messages provide the following information:

Important clarifications

• • The GUID shown in the log entry refers to the Update GUID, not the Bulletin GUID.

  • The file name that must exist in the staging folder is the one shown in the to: path, not necessarily the name from the download URL.

  • Some software update files are renamed when Patch Management processes them. When this occurs, the file must be renamed to match the filename in the to: portion of the log entry.

Example from Altiris log:

In this example:

Therefore:

• • Download TeamViewer_Host_Setup.exe

  • Rename the file to TeamViewer_Host_Setup_15.75.4.0_x86.exe

  • Place it into the correct {UpdateGUID} folder.

5. Create a folder named Updates on the Desktop (or another accessible location).

6. Using the information from the log file, recreate the expected folder structure in the Updates folder.

Structure format:

Example:

Note:

• • The bulletin name and Update GUID will differ for each release.

  • Include the curly braces { } around the GUID exactly as shown in the log entry.

7. Download the file from the URL shown in the from: portion of the log entry using a web browser.

8. Rename the downloaded file if necessary so that it matches the filename shown in the to: path in the log entry.

9. Place the renamed file into the recreated folder structure:
   
   ..\Desktop\Updates\BulletinName\{UpdateGUID}\ExpectedFileName.exe

10. Repeat Steps 6–9 for each file until all files listed in the log entries have been downloaded and placed in the correct {UpdateGUID} folder.

11. After completing these steps, the required file structure will exist locally, allowing the files to be imported into the SMP Server.

Example structure created after downloading a Wireshark bulletin named Wireshark-YYMMDD:

Desktop
└ Updates
└ Wireshark-YYMMDD
└ {UpdateGUID}
└ Wireshark-win64-X.X.X.exe

 

After completing these steps, the required staging file structure will exist and can be imported into Patch Management in Part 2.

Part 2 – Importing the staged files into the SMP

1. Open the SMP Console and navigate to:

2. In Core Services, temporarily redirect the download source to the local staging folder.

3. Enable:

Enter the path where the files were created, for example:

Click Save changes.

4. Ensure the Application ID has permission to access the staging location.

Options:

• Select Use Application Credentials, or

• Provide credentials that have access to the staging directory.

5. In the Patch Remediation Center, locate the desired Wireshark bulletin and click:

The files should now be retrieved from the Desktop\Updates staging location.

6. After the download completes, return to Core Services and uncheck:

Click Save changes.

7. Verify the files were placed in the Patch Management package repository, typically:

The structure should appear similar to:

8. At this point, the update packages are available in Patch Management and can be used to:

• Create a Patch Policy

• Distribute updates to targeted systems

via the Patch Remediation Center.