Automatic Managed Software Delivery (MSD) Policy Fails to Execute Remediation on Managed Clients with "Not Started" Status
Article ID: 422544
Updated On:
Products
Issue/Introduction
A Managed Software Delivery (MSD) policy assigned to managed clients doesn’t automatically start the software install. The Symantec Management Agent (SMA) does receive the policy, but in the SMA UI (under Software Delivery tab), the policy shows up as Completed or Unknown. However, the actual install steps (such as Execute install command…) never begin and stay stuck in Not started status.
Interestingly, if the user manually runs the policy from the SMA UI, the installation starts right away and completes successfully.
Environment
ITMS 8.7.x, 8.8
Software Management Solution (Managed Software Delivery Policy)
Cause
The root cause is a misconfiguration in the Remediation scheduling of the Managed Software Delivery policy.
When a policy is set to use a schedule for remediation ("If the software is not found, install it: Schedule") and the defined schedule window has an invalid or future-dated Start Date, the automated installation logic is halted. The policy successfully completes the first phase (Compliance Check/Detection), determines the software is missing, but defers the action because the mandated schedule window for installation has not arrived.
In the reviewed evidence, the remediation schedule defined an unrealistic future Start Date (12/11/2026), preventing any automated execution until that date.
Changing the remediation setting to "Immediately" bypassed this scheduling restriction and resolved the issue.
The Core Logic of MSD Policies
Managed Software Delivery (MSD) policies operate in a strict, sequential workflow on the client machine to determine if software should be installed or actioned. This logic explains why the deployment was skipped in the automated run but succeeded manually.
| Stage | Process Description | Key Policy Settings Used | Role in the Customer's Issue |
| 1. Policy Synchronization | The Symantec Management Agent (SMA) checks in with the Notification Server and downloads the most recent configuration, including the MSD policy XML. The policy state may show as "Completed" or "Unknown" in the SMA UI. | Compliance Schedule: Defines when the agent evaluates the rules (e.g., "Repeat daily," "check every: 1 Hours"). | Success: This step completed successfully; the client received the policy. |
| 2. Compliance Check / Detection | The agent executes the defined Detection Check rule locally. This rule, linked to the Software Resource, determines if the target software (at the correct version) is already installed. | Compliance Settings: "Perform software compliance check using: Detection check". | Assumption: The check likely determined the software was Non-Compliant (or "needed"), moving the policy to the next stage. |
| 3. Remediation Scheduling / Trigger | If the Compliance Check determines the client is Non-Compliant (i.e., the software is not found or the wrong version is present), the policy then attempts to execute the installation action (Remediation). | Remediation Settings: "If the software is not found, install it:" option. | Point of Failure: This was set to Schedule, but the associated schedule had a future Start Date (12/11/2026). The automated process stopped here, leaving tasks in "Not started" status. |
| 4. Execution Phase | If the Remediation Trigger is Immediate (the resolution applied) or the Schedule time window is currently open, the agent runs the deployment sequence. | Command Line: The actual command to run (e.g., sudo GlobalProtect_6.3.3-c676_plist.sh). |
Success (Manual): The manual run bypasses the scheduling check (Stage 3), allowing the valid command line to execute successfully. Success (Fixed Automated): When changed to Immediately, the automated flow proceeds here and executes the installation. |
This flow confirms that the issue was not a failed Compliance Check, but a delay imposed by the Remediation Schedule configuration.
Resolution
The issue is resolved by instructing the policy to run the installation immediately upon confirming non-compliance, rather than waiting for a specific schedule on the future.
STEPS:
-
Navigate to the Symantec Management Console (SMP).
-
Go to Manage > Policies > Software > Managed Software Delivery.
-
Locate and open the affected Managed Software Delivery policy (e.g.,
MAC Install - GlobalConnect 6.3.3-c676 for MAC - TEST). -
Expand the Schedule options.
-
Under the Remediation section (labeled "If the software is not found, install it:"), select the dropdown option.
-
Change the setting from Schedule to Immediately.
-
Click Save changes to publish the updated policy.
The managed clients will receive the policy update and immediately trigger the software download and installation, moving the task status from "Not started" to "Completed" (Success).
Troubleshooting Tip: Identifying Scheduling Issues
| Symptom / Policy Setting | Key Finding | Action to Take |
| Policy Status is Completed/Unknown. | Compliance check finished, determining the software is needed. | Review the Remediation scheduling settings. |
| Remediation set to Schedule. | Check the Advanced options of the Remediation schedule for valid start and end dates. | If immediate deployment is required, change setting to Immediately. |
Important Scheduling Notes (Self-Correction Guidance)
-
"Immediately" vs. "Schedule": For deployments requiring immediate installation upon non-compliance, set the remediation setting to Immediately. Use Schedule only when the installation must be intentionally delayed to a specific maintenance window or future date.
-
Verification: After this change, the policy automatically executed the download and then the installation, transitioning the task status from Not started to Completed.
Additional Information
Feedback
