UPM Policies do not evaluate successfully when Patch Management is installed on an Enterprise Server and the Policy is based on an edited CA Rollup Patch.

book

Article ID: 51264

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

Description:

Patch Manger is installed on ITCM Enterprise Manager which is linked with one / more Domain Managers.

A full security rollup which is in approved state in Patch Manager is edited within Patch Management.

<Please see attached file for image>

Figure 1

A Patch Management Policy is created to automate the deployment of this edited patch.

Once the policy is evaluated and distributed from Enterprise Manager across Domain Managers, policy violations are not shown in respective Domain Managers and therefore the patch is not distributed.

<Please see attached file for image>

Figure 2

Root Cause

When a patch is edited it creates a new signature for this patch. As the patch is a CA Rollup this signature is not distributed to the Domain Manager from the Enterprise Manager (Each Domain is responsible to download its own content from the CA Content Download Server).

As a result the UPM Groups and Policies that are populated onto the Domain Manager for this patch cannot evaluate as the SQL query fails due to the missing signature.

Solution:

CA designed the content utility to allow the export of content from one Manager and import to another. This is used when firewalls prevent a Manager from accessing the Content Download Server and when content is needed to be replicated from the Enterprise Manager to a Domain Manager.

Follow the below steps to run the content utility after edited rollup patch moves to "Testing State".

  • On the Domain machine, run the C:\Program Files\CA\DSM\bin\content_utility.exe which will create a content_utility.xml file.
                                                                    <manager>                                <hostname>EM.xx.com</hostname>                                <enabled>yes</enabled>                                <ca_provided>yes</ca_provided>                                <custom_created>no</custom_created>                                </manager>                                </export>                                <import>                                <manager>                                <hostname>DM.xx.com</hostname>                                <enabled>yes</enabled>                                <ca_provided>yes</ca_provided>                                <custom_created>no</custom_created>                                </manager>                                </import>
  • Edit the content_utility.xml file and replace the highlighted text.

  • Now save and close the xml file. Run the C:\Program Files\CA\DSM\bin\ContentUtility.exe to replicate the software definition created from enterprise to domain manager.

After the agent next runs a software inventory it will then display as a violator

<Please see attached file for image>

Figure 3

The Content Utility can be automated by scheduling it to be run as an Asset Job

  1. Open ITCM Explorer and go to Jobs -> Asset jobs -> New job.

    <Please see attached file for image>

    Figure 4

  2. Select the job type as External utility.

    <Please see attached file for image>

    Figure 5

  3. Provide the job name and the description.

    <Please see attached file for image>

    Figure 6

  4. Select the contentutility executable using the browse button. This file can be found at <dsm_home>/bin/contentutility.exe

    <Please see attached file for image>

    Figure 7

  5. Select <dsm-home>/bin as the working directory and click on Next.

    <Please see attached file for image>

    Figure 8

  6. Schedule the job as per the requirements. Be Sure to Select the "This job is allowed to run unattended" box on the Miscellaneous tab.

    <Please see attached file for image>

    Figure 9

    <Please see attached file for image>

    Figure 10

  7. Link this Asset Job to the Domain Manager

    <Please see attached file for image>

    Figure 11

    <Please see attached file for image>

    Figure 12

  8. When the agent runs on the domain manager next time, this job will be executed.

  9. Make sure to verify the asset job status to see for the success message.

    <Please see attached file for image>

    Figure 13

Environment

Release:
Component: UNIPTM

Attachments

1558695356453000051264_sktwi1f5rjvs16mz3.gif get_app
1558695354646000051264_sktwi1f5rjvs16mz2.gif get_app
1558695349786000051264_sktwi1f5rjvs16mz1.gif get_app
1558695348122000051264_sktwi1f5rjvs16mz0.gif get_app
1558695346345000051264_sktwi1f5rjvs16myz.gif get_app
1558695344570000051264_sktwi1f5rjvs16myy.gif get_app
1558695342762000051264_sktwi1f5rjvs16myx.gif get_app
1558695341002000051264_sktwi1f5rjvs16myw.gif get_app
1558695339358000051264_sktwi1f5rjvs16myv.gif get_app
1558695337407000051264_sktwi1f5rjvs16myu.gif get_app
1558695335688000051264_sktwi1f5rjvs16myt.gif get_app
1558695333903000051264_sktwi1f5rjvs16mys.gif get_app
1558695331783000051264_sktwi1f5rjvs16myr.gif get_app