Updates to show as pending on the Software update tab of the Symantec Management Agent

book

Article ID: 152288

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Updates are shown in a 'Pending' state on the Software Update tab:

  • Software update packages are not downloading to the clients.
  • One or more of the following errors are in the client logs
    • Error 404 Not Found when downloading the updates.
    • Failed to obtain Agent vendor config policy
    • Failed to obtain Agent config policy
    • Ignoring update schedule - updates cannot be applied whilst in this state
    • Object Altiris.SoftwareUpdateAgent is not installed: Invalid class string (-2147221005). This situation should be resolved once the agent rollout has been completed.
    • Post to 'HTTP://<server DNS>/ALTIRIS/InventoryRuleManagement/Agent/AgentRuleData.ashx?DataType=DataClassRuleSummary&Compress=true' failed: HTTP error: 500 Internal Server Error (-2147209951)
    • Server is busy: retrying POST event
  • Server logs show 'Patch Management Vendor Policy doesn't exist for Vendor'.

Cause

1. Below is a list of common causes:

  • Licensing: The current Licenses are expired, exceeded or the AUP (Annual Upgrade Protection) time has elapsed.
  • Download: Software Update Packages are not downloading to the client computers. 
    • Package servers not having the package available.
    • Not enough space on the drive (500 Mb of free space is the minimum)
  • Policies:
    • Computers are not in one of the Policies required for the Software Update Agent\Plug-in to function correctly.
    • The Microsoft or Adobe vendor policy does not exist or is corrupt.
    • Computers are in multiple cloned Default Software Update Plug-in Policies (Default Software Update Agent Configuration Policies).
  • Ignoring update schedule: Updates cannot be applied whilst in this state
  • Missing inventory: The inventory used by Patch is missing or out of date.  This is commonly caused by not being able to download the .iad or .ibd file.  It could also be that the file is corrupt.

2. There are less common issues that can cause this behavior as listed below:

  • DNS: Name resolution to the Server is not functioning correctly.
  • Agent: This has occured when the Software Update Plug-in \ Agent has not been upgraded to the most current version.
    • Error may be found in Client Log: Unexpected exception caught in OnWakeup()
      • This error is associated with corrupt Patch Plug-in Agent registry

3. Some instance have been caused by having both a Maintenance Window open for the targeted clients and having the Schedule Window configured on the Default Software Update Plug-in Policy.

  • Found these two schedules conflict and cause updates to be stuck in Pending

ADVISORY: Inspecting the Agent Logs is key to isolating the cause of any issue; ensure the Agent Logs are reviewed to further troubleshoot this issue, for it can be caused by multiple failures.

Resolution

1. Work through the following before moving to the less common section below, make sure to start with the most likely based on the cause and symptoms before looking at other resolutions:

  • Licensing: Renew the current Licensing AUP and ensure the count of machines to be updated did not exceed the count of available licenses
  • Download Software Update Packages:There are some instances where this is a timing issue with package servers or other processes and can resolve itself (Note: product is not real-time):
    • Troubleshoot Agent to Site Server communications;
      • View Altiris Agent and SMP Logs, and view IIS Logs on SMP to ensure clients are able to obtain data
      • View Site Server Agent GUI and Logs; issue may be Site Server is out of sync as outlined in KM: HOWTO83906
  • Policies:
    • This can be one of many policies missing; check the Agent's ClientPolicy.xml to ensure all Patch Policies are targeting
    • Ensure only one Default Software Update Plug-in Policy is targeting the client if the policy was cloned. 
  • Ignoring update schedule: Updates cannot be applied whilst in this state; client needs reboot
  • Missing Inventories:
    • Change the Windows System Assessment Scan to run 'Send Inventory Results Only If Changed'
    • Troubleshoot further as outlined on KM: HOWTO60750

2. To resolve the less common issues:

  • Download:
    • DNS:  Resolve the DNS issue or change the Agent configuration to use IP Address instead of a name.
    • IIS: IIS issues like having multiple versions registered or Verbs not associated to the Virtual directory
    • IIS: In IIS, go to the Default Web Site > Altiris > InventoryRuleManagement > Agent > Properties > Directory Security Tab > Authentication and Access Control. Here, check the anonymous access check box.
  • Missing Policies:
  • Agent:
    • Verify that the upgrade policies for the Software Update Plug-in \ Symantec Management Agent are enabled and have a schedule defined other than ASAP. 
      • Caution: If there have been multiple agent upgrades and a schedule is not defined then subsequent upgrades may not happen.
    • If nothing else has helped and it is a small number of computers remove the Agent and install it again, for it could be a problem with recent Agent upgrade deployment.

3. Disable the Maintenance Window, or the Schedule Window on the Default Software Update Plug-in Policy and run a single schedule on the Plug-in Policy.

 

 

Applies To

Patch Management Solution for Windows 7.1 SP1, SP2, MP1 & 7.5