Management Agent GUI > Software Updates Tab displays Software Updates in a 'Retrying' status.

book

Article ID: 154257

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Remoted to Client: Checked Altiris Agent GUI > Software Update Tab; found some Software Updates stuck in 'Retrying' status.

Additionally, the Windows System Assessment Scan folder is 'Retrying' status.

 

  • No Package Source returned by server
  • 404 Item Not Found / File Not Found
  • Cannot write to directory: 0x80070005 [Access is denied] <DOWNLOAD PATH HERE>
  • Error while downloading package: Access is denied (0x80070005)
  • Download Package failed: Access is denied (-2147024891)
  • Error while downloading package: No connection to server (0x80070005)
  • Windows System Assessment Scan package was found to be status 'Uninstalled' in the vRM_Package_Item table

Cause

The 'Retrying' Status is a result of the client receiving all necessary policies to execute the update, but the client is unable to download the Software Update Package from the Package Server / SMP Server.

This could be caused by package data corruption, corruption in the snapshot.xml or the snapdata.xml, or the NTFS permissions on the package may be unable to allow download.

May also be caused by the DNS assigning the wrong IP address to the Package / Site Servers.

Package status may be set to uninstalled due to corrupt or invalid credentials upon installation/upgrade.

Resolution

Please review the following possible resolutions for Patch Management Solution 7.5.x - 8.0.x:

1. Confirm Windows Patch Remediation Settings policy > Packages tab configurations are in order:

  • Ensure the Delete package after: setting isn't set to 0 days (deletes packages immediately from Package Servers if configured), so ensure it has a 1 Week at least (default)
  • Ensure the Package Distribution settings are in order; often found the All Package Servers or the Package Servers individually / by site configurations ensure communications and package integrity is maintained 
  • This is detailed further in KM: HOWTO56242 - Section 7

2. Ensure the download location for Patch Packages is accessable to the environment

  • Found on the Console > Settings > All Settings > Software > Patch Management > Core Services
  • The setting for 'To Location' is found under the heading 'Software Update Package Location' on the 'Languages and Locations' tab.
  • Ensure the path is a valid path that is accessable and the path has proper permissions in place
    • Detailed checks for this are outlined on TECH233964 to ensure the NTFS permissions allow all Solution Agents and Software Update Packages

3. Ensure Site Management is in order:

  • Found on the Console > All Settings > Notification Server > Site Server Settings
    • Ensure Subnets are targeted appropriately
    • Ensure Constrained settings are in order, for there has to be at least one unconstrained Package Server per subnet.
    • Ensure no Pending status count for packages
      • Work through KM: HOWTO83906 to synchronize the Site/Package Servers to the Notification Server
    • Ensure there is no Package Server Service installed on the Notification Server
      • Remove the Package Server Service from the Notification Server and allow for the NS.Package Refresh scheduled task to run.
      • Note: the Notification Server is by design a Package Server. An added Package Server Service will cause duplicate and unnecessary processes.
    • Ensure no 'rogue' Site/Package Servers are in the environment
      • Migration Tool can migrate Package Servers to a new environment, and this will cause stalled package deployment if they are not configured properly.
      • Remove the Site/Package Servers that are not to be utilized in the environment.

4. Run the 'ping' from the Client in CMD prompt:

  • Ensure the IP Address of the Site/Package Server is the same as what is being targeted from the Client
  • Resolve this via the DNS Server to ensure the IP is properly assigned to that Site/Package Server

5. Ensure the Site/Package Server has Anti Virus exclusions in place and the software types are in order.

6. Check GUIDs for packages and ensure they are not all 0's:

  • Review the process to clear Software Update Packages with GUID = {00000000-0000-0000-0000-000000000000} outlined in KM: TECH214097

7. Confirm the Site/Package Server settings are in order and they are in sync with the SMP:

  • Confirm the Console > Settings > Notification Server > Site Server Settings > Package Service > Package Service Settings
    • Confirm the Domain is properly configured
    • Confirm settings for 'Delete package files if they are unused for' is not set to lower than 1 Week (if set to '0 Days' it will delete immediately)
    • Confirm the Constrained setting (Check box in Site Server row) is not enabled unless there is a master Site Server for that domain
    • Confirmed the proper package counts for 'Available Packages' and other package status are present
  • RDP to the Site Server(s) in question:
    • Ensure the proper package counts for 'Available Packages' and other package status display as they did in the Package Service Settings
    • If these numbers appear out of sync; review KM: HOWTO1108 for ITMS 7.0, and KM: HOWTO83903 for ITMS 7.1.

8. When affecting the Windows System Assessment Scan (WSAS) Package:

  • Ensure the "Run from the server if bandwidth is above - Any connection speed" is not enabled on the SMP as outlined in KM: TECH218153
    • Note: The contents of this package are replicated to the Clients from the SMP Server following a PMImport for Windows; full PMImport may need to be performed to refresh the contents of this package
  • Check the status in the SQL Database for the WSAS Package:
    • Select * from vRM_Package_Item where ProductUninstalled=1 and ProductGuid='B1338338-5575-4A27-9808-23BEC40D79FA'
    • If the above query returns a row showing product is uninstalled;
      • Run the repair as detailed on HOWTO47868 with Application Identity credentials/permissions
      • If the issue is still present; run the following script in SQL against the Symantec_CMDB database (SMP Server Database) with Application Identity credentials/permissions:
        • Update RM_ResourceSoftware_Package set ProductUninstalled = 0 where ProductUninstalled = 1 and ProductGuid='B1338338-5575-4A27-9808-23BEC40D79FA'
        • Caution: Always have a recent backup of the database prior to running any table altering scripts such as this to ensure database integrity restoration in case of table corruption

Advisory: Often the issue is resolved via a process happening outside the product;

  • Found could be caused by the files being locked down by the Site Server / Package Server OS and are unable to refresh the codebase when received from the SMP Server.
  • Found could be caused by the Site Server / Package Server is not configured properly via IIS for the targeted drive storage of Patch Packages
    • Note: If the 'Use Alternate Download location' is enabled on the Patch Remediation Settings > Package Server Settings tab; the Site Server / Package Server's IIS may need to be modified to allow communications to that drive.

 

 

Applies To

Patch Management Solution 7.5.x - 8.0.x