Configure procedure of Patch Me Security IntelliRollup is failing with error SDM228519
Article ID: 227864
Updated On:
Products
CA Client Automation - IT Client Manager
CA Client Automation
CA Client Automation - Patch Manager
Issue/Introduction
Configure procedure of Patch Me Security IntelliRollup is failing with error
"Job execution error, rollup configure job failed [SDM228519]"
In Job properties following error appears :
Job execution error. Native OS error : [SDM28481]
In TRC_USD_SDAGENT*.log following lines appear :
021121-07:42:56.2577218L|SDAgent|sdjecontainerif.cpp |001232|NOTIFY | Running SD job 1: UPM - CA - Patch Me - Security IntelliRollup v2110.00 - {04e5eb93-191f-4430-b538-1388add283cb} Silent Configure 1.0
...
021121-07:42:58.0900147L|SDAgent |sdjecontainerif.cpp |001408|NOTIFY | SDjob 1 returns: 35 ExitCode: 2
021121-07:42:58.0900360L|SDAgent |sdjecontainerif.cpp |002727|NOTIFY | Execution not OK
Environment
Client Automation - All Versions.
Cause
Cause 1
This problem could occur when there are these 2 conditions
1- "UPM - CA - Patch Me - Security IntelliRollup" has installed a patch which needs a reboot after last job.
and
2- Plugin sdagent is configured to be executed at logoff of user.
Condition 1 could be seen in TRC_USD_SDAGENT*.log :
021121-07:35:08.4522792L|SDAgent|sdjecontainerif.cpp |001232|NOTIFY|Running SD job 2: UPM - 2021-10 Net Framework 4.8 - Win10-Server-KB5005539-x64-2004-21H1 - {f19d8a6c-3c0c-4e2a-a305-55cd36823c43} Silent Install 1.0
021121-07:35:52.0873246L|SDAgent|sdjecontainerif.cpp |001315|NOTIFY|Procedure requests reboot after all jobs
021121-07:35:52.0917685L|SDAgent|sdjecontainerif.cpp |001408|NOTIFY|SDjob 2 returns: 0 ExitCode: 0
021121-07:35:54.6111330L|SDAgent|sdjecontainerif.cpp |003523|NOTIFY|Reboot after last job
Condition 2 could be checked with following command on the target machine :
ccnfcmda -cmd GetParameterValue -ps itrm/agent/solutions/usd_agent -pn afterlogoffplugin
If it returns sdagent, then sdagent is configured to be executed at logoff time.
When both conditions are true, we have this sequence :
- Patches are installed and a reboot is requested.
- A logoff is done. SDAgent is executed.
- SD Agent executes the Patch Me Configure procedure. But as Windows is in a reboot process, it is failing.
Cause 2
"UPM - CA - Patch Me - Security IntelliRollup" has installed a patch which needs a reboot after last job. Reboot is initiated by caf but it takes time to be processed by Windows.
During this time caf receives a SD Trigger and starts a new SD Agent.
SD Agent executes the job "UPM - CA - Patch Me - Security IntelliRollup Silent Configure" but as Windows is in a shutdown process, communication with Scalablity Server is no more possible and execution of job is in error.
Example :
caf initiates the reboot but it receives the SERVICE_CONTROL_SHUTDOWN message 63 seconds later
230222-13:39:42.5924809L|004424|00001144|SDAgent | |sdjecontainerif.cpp |003523|NOTIFY | Reboot after last job
230222-13:39:45.6125819L|004408|00001158|CAF_SERVIC|caf |caf |000000|NOTIFY | CFRebooter::run: reboot requested session: 0 user: allowcancel: 0 force: 0 cancel: 0 allusers: 1 timeout: 1800 defertime: 1800 ndeferals: 10
230222-13:39:45.6128663L|004408|00000eec|CAF_SERVIC|caf |caf |000000|NOTIFY | CFRebooter::doit: reboot NOW
230222-13:40:48.5144426L|004408|0000113c|CAF_SERVIC|caf |caf |000000|NOTIFY | cfWindowsCtrlHandlerEx: SERVICE_CONTROL_SHUTDOWN: windows is shutting down
230222-13:40:48.5225468L|004408|0000113c|CAF_SERVIC|caf |caf |000000|NOTIFY | cfWindowsCtrlHandlerEx: SERVICE_CONTROL_STOP: stopping caf service
During this minute, caf has received a SD Trigger and start the sdagent :
230222-13:40:02.6973664L|004408|00001158|CAF_SERVIC|caf |caf |000000|NOTIFY | CFPlugins::startOnePlugin: starting plugin: Software Delivery agent (sdagent): args: "UNIT=."
SD agent starts the job "UPM - CA - Patch Me - Security IntelliRollup v2202.00 - {92f92501-3502-490c-9781-49ae6622f84f} Silent Configure 1.0"
230222-13:40:53.0196561L|002192|00001d80|SDAgent | |sdjecontainerif.cpp |001232|NOTIFY | Running SD job 1: UPM - CA - Patch Me - Security IntelliRollup v2202.00 - {92f92501-3502-490c-9781-49ae6622f84f} Silent Configure 1.0
But as computer is in a shutdown process, communication with Scalability Server is no more possible and execution of job fails with error 35 ExitCode 2
230222-13:40:53.0196561L|002192|00001d80|SDAgent | |sdjecontainerif.cpp |001232|NOTIFY | Running SD job 1: UPM - CA - Patch Me - Security IntelliRollup v2202.00 - {92f92501-3502-490c-9781-49ae6622f84f} Silent Configure 1.0
230222-13:40:57.3419470L|002192|00001c7c|SDAgent |CFSMCAPI |CFSMCAPI |000000|NOTIFY | SMEVENT : MSG Conn Retry. Asked messenger to delay restart.
230222-13:40:57.3420550L|002192|00001d80|SDAgent |CFSMCAPI |CFSMCAPI |000000|ERROR | SmiSession::sendMessageExec : Failed to send message. RC = 00033202 Reason = 1
230222-13:40:57.3428141L|002192|00001d80|SDAgent |SDAgent |sdsmmsg.cpp |000382|ERROR | SmMessage::send failed: Rc:00033202, Error:SME_SPI_APPERROR, Desc:Der Remote-Server ist beschäftigt und derzeit nicht verfügbar.
230222-13:40:57.3428390L|002192|00001d80|SDAgent |SDAgent |camif.cpp |000286|ERROR | Failed to send to scalaname:SD_AG_REQUEST [0h]
230222-13:40:57.3428765L|002192|00001d80|SDAgent | |sdjecontainerif.cpp |004045|ERROR | Error in SetJobStatus (Reporting start execution)
230222-13:40:57.3442126L|002192|00001d80|SDAgent | |sdjesdprocedureexecu|000533|NOTIFY | SDJESDProcedureExecutorIf::Execute executing DMSCRIPT.EXE 92f92501-3502-490c-9781-49ae6622f84f-1.dms c:\PROGRA~2\CA\DSM\Agent\units\00000001\usd\sdjexec\DE604264-6C3E-42CD-BC8D-9E5DF911C42F.res configure
230222-13:40:57.3580189L|002192|00001d80|SDAgent | |sdjecontainerif.cpp |001408|NOTIFY | SDjob 1 returns: 35 ExitCode: 2
Resolution
For Cause 1
Execute following command on the computers :
ccnfcmda.exe -cmd DeleteParameter -ps itrm/agent/solutions/usd_agent -pn afterlogoffplugin
This will avoid the execution of sdagent at logoff of user.
This command could be executed using a SD Package. See attached file "Remove SD AFTERLOGOFF.7z" which is a SD Package you could import in DSM Explorer :
For Cause 2
Change the following settings in configuration policy applied on the agent to force the closure of application in case of a reboot initiated by SD Agent :
DSM/Software Delivery/Agent/ForcedReboot = True
Unseal Configuration Policy Applied on the agent and go under DSM/Software Delivery/Agent
Change the value for Reboot: Forced reboot from False to True
With this settings, the reboot should be made much more quickly and this will avoid execution of new SD Agent during shutdown process.
Additional Information
Following Parameters are set in the comstore of a computer :
itrm/agent/solutions/usd_agent/afterlogoffplugin = sdagent
itrm/agent/solutions/usd_agent/afterlogoffpluginparams = AFTERLOGOFF
when a SD Job with following option is executed :
"Prevent user from being logged-on while job executes (WinNT only)"
If sending a package with option "Prevent user from being logged-on while job executes (WinNT only)" is needed, package "Remove SD AFTERLOGOFF Execution" should be executed again after.
This could be done automatically with a Procedure Group which contains in this order :
- The package procedure with option "Prevent user from being logged-on while job executes (WinNT only)"
- The procedure "Remove AFTERLOGOFF sdagent" of package "Remove SD AFTERLOGOFF Execution"
And send the procedure to the computers.
Attachments
Feedback
Yes
No
Powered by
