Please review the following possible resolutions for Patch Management Solution 8.x
1. Confirm Windows Patch Remediation Settings policy > Packages tab configurations are in order:
- Ensure the Delete package after: setting isn't set to 0 days (deletes packages immediately from Package Servers if configured), so ensure it has a 1 Week at least (default)
- Ensure the Package Distribution settings are in order; often found the All Package Servers or the Package Servers individually / by site configurations ensure communications and package integrity is maintained
- This is detailed further in KB: 180589 - Section 7
2. Ensure the download location for Patch Packages is accessable to the environment
- Found on the Console > Settings > All Settings > Software > Patch Management > Core Services
- The setting for 'To Location' is found under the heading 'Software Update Package Location' on the 'Languages and Locations' tab.
- Ensure the path is a valid path that is accessable and the path has proper permissions in place
- Detailed checks for this are outlined on KB 162812 to ensure the NTFS permissions allow all Solution Agents and Software Update Packages
3. Ensure Site Management is in order:
- Found on the Console > All Settings > Notification Server > Site Server Settings
- Ensure Subnets are targeted appropriately
- Ensure Constrained settings are in order, for there has to be at least one unconstrained Package Server per subnet.
- Ensure no Pending status count for packages
- Work through KB:181405 to synchronize the Site/Package Servers to the Notification Server
- Ensure there is no Package Server Service installed on the Notification Server
- Remove the Package Server Service from the Notification Server and allow for the NS.Package Refresh scheduled task to run.
- Note: the Notification Server is by design a Package Server. An added Package Server Service will cause duplicate and unnecessary processes.
- Ensure no 'rogue' Site/Package Servers are in the environment
- Migration Tool can migrate Package Servers to a new environment, and this will cause stalled package deployment if they are not configured properly.
- Remove the Site/Package Servers that are not to be utilized in the environment.
4. Run the 'ping' from the Client in CMD prompt:
- Ensure the IP Address of the Site/Package Server is the same as what is being targeted from the Client
- Resolve this via the DNS Server to ensure the IP is properly assigned to that Site/Package Server
5. Ensure the Site/Package Server has Anti Virus exclusions in place and the software types are in order.
- This is detailed further on KB: 154301 "What exclusions should be considered for Symantec Management Platform and Agents to function correctly with an anti-virus solution installed?"
6. Check GUIDs for packages and ensure they are not all 0's:
- Review the process to clear Software Update Packages with GUID = {00000000-0000-0000-0000-000000000000} outlined in KB: 150830
7. Confirm the Site/Package Server settings are in order and they are in sync with the SMP:
- Confirm the Console > Settings > Notification Server > Site Server Settings > Package Service > Package Service Settings
- Confirm the Domain is properly configured
- Confirm settings for 'Delete package files if they are unused for' is not set to lower than 1 Week (if set to '0 Days' it will delete immediately)
- Confirm the Constrained setting (Check box in Site Server row) is not enabled unless there is a master Site Server for that domain
- Confirmed the proper package counts for 'Available Packages' and other package status are present
- RDP to the Site Server(s) in question:
- Ensure the proper package counts for 'Available Packages' and other package status display as they did in the Package Service Settings
- If these numbers appear out of sync; review KB: 181405
8. When affecting the Windows System Assessment Scan (WSAS) Package:
- Ensure the "Run from the server if bandwidth is above - Any connection speed" is not enabled on the SMP as outlined in KB: 159330
- Note: The contents of this package are replicated to the Clients from the SMP Server following a PMImport for Windows; full PMImport may need to be performed to refresh the contents of this package
- Check the status in the SQL Database for the WSAS Package:
- Select * from vRM_Package_Item where ProductUninstalled=1 and ProductGuid='B1338338-5575-4A27-9808-23BEC40D79FA'
- If the above query returns a row showing product is uninstalled;
- Run the repair as detailed on KB 180404 with Application Identity credentials/permissions
- If the issue is still present; run the following script in SQL against the Symantec_CMDB database (SMP Server Database) with Application Identity credentials/permissions:
- Update RM_ResourceSoftware_Package set ProductUninstalled = 0 where ProductUninstalled = 1 and ProductGuid='B1338338-5575-4A27-9808-23BEC40D79FA'
- Caution: Always have a recent backup of the database prior to running any table altering scripts such as this to ensure database integrity restoration in case of table corruption
Advisory: Often the issue is resolved via a process happening outside the product;
- Found could be caused by the files being locked down by the Site Server / Package Server OS and are unable to refresh the codebase when received from the SMP Server.
- Found could be caused by the Site Server / Package Server is not configured properly via IIS for the targeted drive storage of Patch Packages
- Note: If the 'Use Alternate Download location' is enabled on the Patch Remediation Settings > Package Server Settings tab; the Site Server / Package Server's IIS may need to be modified to allow communications to that drive.