Patches are not showing as applicable to endpoint even though they are supposed to be
book
Article ID: 375371
calendar_today
Updated On:
Products
Client Management SuitePatch Management Solution
Issue/Introduction
Example scenario: Windows Server 2019 17763.5329 is in a group that has a policy applied to it that includes the latest Windows Quality update (KB5041578 17763.6189 from MS24-08-W10-5041578).
Issue: The policy is not showing up on several of the targeted servers.
Environment
ITMS 8.7.x
Cause
The affected servers are missing prerequisite updates. In this case, these updates were released over a year ago and so did not show in the compliance reports as ran in the default configuration which is one year back.
Resolution
Simplified Resolution:
We ran the Compliance by Computer report setting the Release Date From parameter to the year 2000. We then reviewed the not installed updates (right-click an affected computer and choose this option) to see the missing updates. We found in this case that MS21-08-SSU-5005112 was missing. We created a SW update distribution policy with this update, and after deploying this update, MS24-08-W10-5041578 then showed in the compliance report for the affected servers, and we were then able to deploy and install the update.
Expanded Resolution:
Confirmed that Windows System Assessment scan is running (and completing successfully) on the Windows Server 2019 that has the issue that you are using as test.
Look at the SMP Console and under "Compliance by Computer" report, find that this affected Windows Server under "View Not Installed Updates" had some Critical patches missing (we set the "Release Date From: 8/23/2000" and changed the "Supersedence Status: Not Superseded". In this case, it was missing one critical update: MS21-08-SSU-5005112.
Look at the "Windows Superseded Bulletins" report for that MS21-08-SSU-5005112 (in this case, it is not one that is superseded by another one). So, it needs to be distributed to this Windows Server.
Look at "Compliance by Bulletin" for this "MS21-08-SSU-5005112" and in this example, there were other 10 systems without it. Those 10 systems were the same ones that the customer noticed that were not getting this KB5041578 (MS24-08-W10-5041578) and other updates since January.
After the customer distributed this MS21-08-SSU-5005112 patch first, installed it, Windows System Assessment Scan ran on one of the affected Windows Server 2019, and "NS.Windows Patch Remediation Settings" scheduled task ran on the SMP Server (How to Immediately Download, Install and Report a Software Update in Patch Management (broadcom.com)), the desired KB5041578 (MS24-08-W10-5041578) was applicable and it was able to be installed.