Deploying Microsoft Office 365 updates with Patch Management Solution

book

Article ID: 184965

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

The following versions of Patch Management Solution for Windows support Microsoft Office 365 (Office 2016 version) Click-to-Run installations:

  • 7.6 post-HF7 point fix
    For more information about Patch Management Solution for Windows 7.6 post-HF7 point fix implementation, see the KB article 150566.

  • 8.0 HF6 and later versions
    For more information about Patch Management Solution for Windows implementation, see IT Management Suite Release Notes for the version that you require.

Resolution

Microsoft Office 365 Click-to-Run products use virtualization and streaming Microsoft Application Virtualization (App-V) technology. The Click-to-Run method of downloading and updating Office products differs from the traditional Windows Installer-based (MSI) method in the following way:

  • You do not need to download the whole Office product installer, and then update it to the current version with patches and service packs. With Click-to-Run, you download a single executable program that lets you initiate Click-to-Run streaming and application start processes. You can start using the product while the rest of it is being downloaded in the background to a network or HTTP share (the default location is Microsoft CDN). When you open an application that is not yet downloaded and installed, Click-to-Run immediately downloads it from there and installs it to the client computer.
  • By default, Click-to-Run products are updated automatically on client computers. You can disable automatic updating or invoke updating manually in Office menu. During the update process, the Office updater service (ClickToRunSvc) connects to the network location that stores the full image of the latest version of Office, and then downloads only the updates for the Office components that are installed in your environment. Thus the download size depends on the number of the installed Office components and the number of the Office files to be updated.

For more information, see Deployment guide for Office 365 ProPlus.

Microsoft uses update channels for Office 365 and releases a separate update for each version of a channel. The same update applies to all corresponding editions of Microsoft Office 365, such as ProPlus and Business Retail. For more information, see the following Microsoft articles:

Patch Management Solution provides the software bulletin for all supported Microsoft update channels. A separate bulletin is available for each date when Microsoft Office 365 updates are released for a specific channel.
The naming scheme for a bulletin is as follows:

  • MSYY-MM-0365 - for updates that are released before May 2018.
  • MSYY-MM-O365-CHANNEL_NAME - for updates that are released after May 2018.

For example, MS18-04-O365-SEMI-ANNUAL is the name of the bulletin that includes the April, 2018 Office 365 updates and is presented in the Symantec Management Console as follows:
 


 

Prior to the patch management metadata for Windows release7.2.73, all Microsoft Office 365 updates were associated with a single software product Microsoft Office Click to Run 2016.
The current patch management metadata for Windows release 7.3 contains the following Microsoft Office 365 software products:

  • Microsoft Office Click to Run 2016 (Office 365 Monthly Channel) - formerly known as (Current)
  • Microsoft Office Click to Run 2016 (Office 365 Semi-Annual Channel) - formerly known as (Deferred)
  • Microsoft Office Click to Run 2016 (Office 365 Semi-Annual Targeted Channel) - formerly known as (First Release for Deferred)

Starting from May 2018, the patch management metadata for Windows release 7.3 will contain four Microsoft Office 365 software products:

  • Microsoft Office Click to Run 2016 (Office 365 Deferred Channel)
  • Microsoft Office Click to Run 2016 (Office 365 Monthly Channel)
  • Microsoft Office Click to Run 2016 (Office 365 Semi-Annual Channel)
  • Microsoft Office Click to Run 2016 (Office 365 Semi-Annual Targeted Channel)

Each Microsoft Office 365 update is assigned to two software products:

  1. The software product that is common for all Microsoft Office 365 channels.
  2. The software product that corresponds to the specific update channel.

For example, the update for the Semi-Annual Channel of Microsoft Office 365 is associated to the software products Microsoft Office Click to Run 2016 and Microsoft Office Click to Run 2016 (Office 365 Semi-Annual Channel).

You use bulletins to create a software update policy that delivers and installs Microsoft Office 365 updates to the appropriate computers. You create the software update policy with the Distribute Software Updates wizard.
 

Before you deploy Microsoft Office 365 updates with Patch Management Solution, consider the following:

  • Ensure that you have imported the latest patch management metadata for Windows.

    NB! By default, when you check the Microsoft bulletin on the Import Patch Data for Windows page, all Microsoft software is selected.
    If you want to exclude Microsoft Office 365 updates from the patch management metadata import for Microsoft software, on the Import Patch Data for Windows page, under Vendors and Software, check and expand Microsoft, scroll down the list, uncheck all software releases for Microsoft Office Click to Run 2016, and then click Save changes.
    For example, if you want to deploy only Microsoft Office 2016 updates, you may exclude Microsoft Office 365 updates that are stored in the same bulletin.


     
  • If you deploy only specific channels of Microsoft Office 365, on the Import Patch Data for Windows page, under Vendors and Software, check and expand Microsoft, scroll down the list, uncheck Microsoft Office Click to Run 2016, check only the channels that you want to update (for example, Microsoft Office Click to Run 2016 (Office 365 Monthly Channel)), and then click Save changes.



    NB! If you have updated the list of available software products manually by clicking Update on the Import Patch Data for Windows page, under Vendors and Software, ensure that you have imported the latest patch management metadata for Windows before you change the selection of Microsoft Office 365 software products. Otherwise the existing Microsoft Office 365 advertisements may be deleted or disabled if the option Delete previously downloaded data for vendors, software and languages that are now excluded is checked on the Import Patch Data for Windows page.
    This happens because after the software products list is updated, the new software products are available in patch management metadata but have no associations with Microsoft Office 365 updates.

    NB! After you select a subset of Microsoft Office 365 software channels on the Import Patch Data for Windows page, Microsoft Office 365 installations of other channels will not be reported in compliance reports.

    For more information about staging a specific channel for Microsoft Office 365, see the KB article 184970.
     
  • If you deploy Microsoft Office 365 in multiple languages in your environment, you must select all the languages you need during the patch management metadata import on the Import Patch Data for Windows page, under Languages. Otherwise, the update process fails on the client computers that use Microsoft Office 365 with the unselected language.

    NB! Note that selecting each new language increases the size of the update package.


     
  • The update process for Microsoft Office 365 does not succeed on the client computers where the software is currently running.  The error is typically Exit Code 1638.  After the user closes the software, Microsoft Office 365 will be updated according to the enabled automatic updating schedule or after the computer restart.
     
  • Microsoft Office 365 update may fail if the download of update files to endpoint requires more time than the default Office timeout settings allow (usually because of network throttling or low network speed).
    The following warning in the logs indicates that the download failure is caused by the download timeout:
    Failed to send HTTP response, error: An operation was attempted on a nonexistent network connection (0x000004CD)
    The warning appears before the errors:
    Office update installation failed
    Please execute Click2Run tool manually using command line [C:\xxxxx] for troubleshooting

    Workaround:
    184948: Modify the following registry value to change Office timeout parameter, for example, to 600000 milliseconds (10 minutes)
    • NOTE that In some environments, you may need to put in a higher value, such as 30 minutes):
  • ***************************************************
    Windows Registry Editor Version 5.00
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\Internet]
    "documentsynctimeout"=dword:000927C0

     
  • Newly initiated Microsoft Office 365 update process may fail in the following scenario:
    • The data blocks that the Office updater service (ClickToRunSvc) requires are not available on peers of the Symantec Management Agent and are only available on the Notification Server or Package Server in other site.
    • You have configured the targeted site settings policy to limit the number of outbound data transfers from a site to which the Symantec Management Agent belongs.
    • The number of outbound connections has exceeded the limit configured in the other site.

The update installation process is as follows:

  1. Click to Run performs 3 connection attempts in less than a minute, and then update installation fails.
  2. Click to Run repeats update installation attempts 3 times with 1h intervals.
  3. If the data blocks are still not accessible, Click to Run performs new update installation attempt only after the Symantec Management Agent restarts or a software update policy changes.

Remediation:

  • Ensure that your sites have own site servers assigned so that download of the required data blocks occurs within site boundaries.
  • Increase limit of simultaneous data transfers between sites to match your actual usage pattern.

 

To deploy Microsoft Office 365 updates with Patch Management Solution

  1. In the Symantec Management Console, on the Actions menu, click Software > Patch Remediation Center.


     
  2. On the Patch Remediation Center page, in the right pane, in the Show drop-down box, click Windows Compliance by Bulletin, and then click the Refresh symbol.
    These reports let you see which updates the client computers require.


     
  3. Right-click the bulletin with Microsoft Office 365 updates that you want to download to the Notification Server computer, and then click Download Packages.
    For example, to download the November 10, 2016 Office 365 updates, right-click the O365-16-1110 bulletin.
    If you want to download many bulletins at once, you can select multiple items while holding down the Shift or Ctrl key, right-click one of them, and then click Download Packages.



    You can close the status dialog box or leave it open in a new window; the download continues in the background.


     
  4. After the download task succeeds, on the Patch Remediation Center page, in the right pane, right-click the bulletin that you want to distribute to client computers, and then click Distribute Packages.


     
  5. In the Distribute Software Updates wizard, click Step 1, ensure that the settings are configured as needed, and then click Next.


     
  6. On the second page of the wizard, check the updates that you want to distribute.


     
  7. To enable the software update policy, at the upper right of the second wizard page, click the colored circle, and then click On.
    You can also turn on the policy later.
  8. Click Distribute software updates.


     
  9. In the status dialog box, click Close.

You can view the results of software update policies in the Windows Software Update Delivery - Details report.
For more information, see the help topicViewing software update delivery results.


 

 

Optional Command Line Parameters for OfficeUpdater.exe

It is possible to use a Custom Command Line to pass optional parameters to OfficeUpdater.exe.  Note that Parameters begin with TWO dashes - -.

Recommendation: Copy the current Command Line and add additional parameters as desired. 

Usage: OfficeUpdater.exe <--help|other mandatory parameters> [optional parameters]
  --help show help
  --forceappshutdown =<false> if true, force shut down running instance of Office
  --promptuser =<false> if true, ask user to continue
  --showui =<false> show UI
  --loglevel =<3> log level, 0..3, 3 = high, 0=no logging
  --updatetoversion =VERSION version to update to
  --updateurl =URL URL with update source. This option has priority above GUID and PATH
  --path =PATH relative path in URL with update source
  --omitsmf don't request SMF to force download
  --guid =GUID GUID of software package

Example: OfficeUpdate.exe --forceappshutdown --showui=true --promptuser=true --guid=<guid> --updatetoversion=<version> --loglevel = 3

To update the Command Line, select the Patch Policy you have created, click the Advanced Tab, and then click on the Command Line.

 

Limitations for Microsoft Office 365 Click-to-Run installations

Patch Management Solution for Windows 7.6 post-HF7 point fix and 8.0 HF6 support Microsoft Office 365 Click-to-Run installations with the following limitations:

  • On the Import Patch Data for Windows page, the enabled option Automatically revise Software Update policies after importing patch data does not work in the software update policies for Microsoft Office 365 Click-to-Run installations.

Workaround: You need to manually recreate the packages for the bulletins that you want to revise.

 

  • If you have imported patch management metadata, created software update policies for Microsoft Office 365 Click-to-Run installations, and unchecked some languages on the Import Patch Data for Windows page, the data for the unchecked items will not be automatically deleted from the corresponding Office 365 policies.

Workaround: To save disk space, you need to open the directory C:\Program Files\Altiris\Patch Management\Packages\Updates\ and remove the folder(s) with name of Office 365 bulletin for which you want to delete the data. Then you need to manually recreate the packages for the changed Office 365 bulletin.

 

  • After an off-box upgrade of Patch Management Solution for Windows 7.6 post-HF7 point fix to the 8.0 HF6 version, Microsoft Office 365 software update package files are exported from the source Notification Server incorrectly.
    The following error occurs in the log:
     iveMethods.IAdsContainer.GetObject(String className, String relativeName)
     at System.DirectoryServices.DirectoryEntries.Find(String name, String schemaClassName)
     at Altiris.PatchManagement.Exporters.PackagePhysicalDataExporter.GetFilePathFromIIS(Guid packageGuid, DirectoryEntry packagesVirDir)
     at Altiris.PatchManagement.Exporters.PackagePhysicalDataExporter.ExportPackageResourceFiles(TableWriter writer, Guid packageResourceGuid,  DirectoryEntrypackagesVirDir, String packageRootPath)
     at Altiris.PatchManagement.Exporters.PackagePhysicalDataExporter.ExportPackageResourceFiles(Store store)

    From all Microsoft Office 365 software update package files, only 2 files in the Experiment folder get imported to the target Notification Server.

Workaround:

  1. Manually transfer all Microsoft Office 365 software update package files from the source Notification Server to the new software update files location on the target Notification Server.
  2. On the target Notification Server, run the task Check Software Update Package Integrity with the enabled option Relocate existing packages if default Software Update package location on Core Services page has changed.
    Warning: Do not change the Software Update Package Location value on the Core Services page.

  3. Manually recreate the packages for each Microsoft Office 365 bulletin.

  4. Import patch management metadata to download the Windows Assessment and Patch Install Tools packages.

 

  • After an upgrade of Patch Management Solution for Windows 7.6 post-HF7 point fix to the 8.0 version that does not support Microsoft Office 365 installations (8.0 HF5 or earlier), the Microsoft Office 365 software updates get transferred to the client computers of the upgraded Notification Server.
    To eliminate incorrect behavior, Microsoft Office 365 updates are configured as follows:
    • Microsoft Office 365 updates are disabled in Patch Management Solution. You cannot download them or create new software update policies using them.
    • Microsoft Office 365 updates that have been previously included into software update policies are disabled for distribution.
    • New Microsoft Office 365 updates will not be imported on subsequent imports of patch data.

After an upgrade to Patch Management Solution for Windows 8.0 HF6, Microsoft Office 365 updates will be enabled for download, distribution, and use in software update policies.

 

To check the integrity of software update packages

  1. In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.


     
  2. In the left pane, expand System Jobs and Tasks > Software > Patch Management, and then click Check Software Update Package Integrity.


     
  3. To relocate downloaded updates to the new location specified on the Core Services page, check Relocate existing packages if default Software Update package location on Core Services page has changed, and then click Save changes.


     
  4. Under Task Status, click New Schedule, specify a schedule on which to run the task, and then click Schedule.

 

To recreate the packages for software bulletins

  1. In the Symantec Management Console, on the Actions menu, click Software > Patch Remediation Center.


     
  2. On the Patch Remediation Center page, in the right pane, in the Show drop-down box, click All Software Bulletins, and then click the Refresh symbol.


     
  3. Select the bulletins that you want to revise. You can select multiple items while holding down the Shift or Ctrl key.
  4. Right-click the selected bulletin(s), and then click Recreate Packages.


     
  5. On the Download Software Update Package page, click Close.

 

To import patch management metadata for Windows

  1. In the Symantec Management Console, on the Manage menu, click Jobs and Tasks.


     
  2. In the left pane, expand Jobs and Tasks > System Jobs and Tasks > Software > Patch Management > Import Patch Data for Windows.


     
  3. In the right pane, under Vendors and Software, click Update.


     
  4. When the available products list import is complete, under Vendors and Software, check the software for which you want to download the patch management metadata.
  5. (Optional) Make any other necessary changes, and then click Save changes.


     
  6. Under Task Status, click New Schedule.
  7. In the New Schedule dialog box, click Now, and then click Schedule.

 

Attachments