Software updates are not installing or rebooting as defined in the main Patch schedule

book

Article ID: 176909

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Configured the Software Update Cycle and Reboot on the Default Software Update Plug-in Policy schedule and found the Software Update Cycle or Rebooting took place outside that configured schedule.

 

Cause

  1. If the Software Update Policy > Package Options > 'Allow immediate restart if required' is configured; the Software Update Cycle will execute on the Client, the Agent Reboot watchdog timer and the Software Update Cycle processes will become hung. This will cause each Software Update to install and reboot the client. This can cause adverse rebooting and the Software Update Cycle to become drastically delayed as the Agent/Plug-in work through each 'Scheduled' update to complete the Software Update Cycle. This can be delayed for days if enough updates are scheduled for a single Software Update Cycle.
     
  2. If the Software Update Policy > Package Options > Run > 'As Soon As Possible' is configured; the update will run once ASAP and if it fails it will not try again. This could occur because the computer was turned off during the scheduled time, the package had not downloaded before the scheduled execution time or a reboot was needed to refresh the registry before updates could install.
     
  3. If the Software Update Policy > Package Options > 'On Schedule' is configured; the update will roll out on that schedule. If it fails on that initial schedule, it will fall back to the Default Software Update Agent Configuration / Default Software Update Plug-in Policy (Policy name pending current Patch Version), and run on that schedule as a fail-safe. If the secondary schedule is missed, then the Software Update Cycle will run as soon as it is able to install the update at any time with the reboot options enabled on this policy.

NOTE: This can be seen in the registry key; HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Patch Management\Software Update\Persistent State\{ADVERTISEMENTGUID.EN_US}\OneShotScheduleHasFired  If this is set to a '1' it means it missed the schedule.

Environment

Patch Management Solution 7.5.x, 7.6.x and 8.x

Resolution

This is working as designed. These settings are a feature to allow for one-off Software Update Cycles / Rebooting for a single Out-of-Band Software Bulletin and are not intended for mainstream scheduling of the Software Update Cycle and Rebooting.

  1. Best practice is to configure the Software Update Cycle and Reboot on the Console > Home > Patch Management; Windows > Settings > Installation and Restart: Default Software Update Plug-in Policy
    • If the Client fails to run the Software Update Cycle (e.g. the Client is not powered-on or requires a reboot for the updates to continue), the process will stop until the next scheduled time.
    • However, setting the Package Options on the individual Software Update Policy may be utilized for a one-off or Out-of-Band deployment which would need to be deployed and installed on this regular schedule
       
  2. If the Package Options > Run > ASAP is configured and Clients fail to run the Software Update Cycle due to the following; client is in need of a reboot, client is turned off at time of update cycle, the client not yet having the Update Package or the Client did not receive the actual Software Update Task/Policy prior to schedule:
    • Ensure Clients are not in need of reboots prior to Software Update Cycle.
    • Use Task Server or Deployment Solution to wake the computers before the Software Update cycle runs.
    • Download the Bulletin in the Patch Remediation Center; create the Software Update Task/Policy early enough to be sure the packages have replicated to all package servers.
    • Make sure that the Client Configuration update schedules are frequent enough that the client will get the policy and download the schedule before it occurs.
      Note: If the desired effect is to run on the Software Update Policy, and never on the Default Software Update Policy, then be sure to set the schedule on the Default Software Update Policy to run in the far future; otherwise you will experience Issue #2.
       
  3. Client failing to run on the Software Update Policy > Package Options > On Schedule troubleshooting:
    • Example: Software Update Task/Policy is set to run at 3 am tonight. However, they miss the run due to client needing a reboot, being turned off or unable to get the Policy/Package in time. The Default Software Update Policy schedule will be the next attempted execution, and if that run process fails; the next run is ASAP regardless of any schedule defined by Patch Management.
      • If the Software Update Policy schedule is the main run; configure the Default Software Update Plug-in Policy schedule to run in the far future (i.e. January 1, 2050), for that will ensure if the schedule is missed on the individual Software Update Policies, then the 'Run ASAP' will not be an issue, for it will hang up on the 2nd failover of run on the Default Software Update Plug-in Policy.
        Advisory: This schedule on the Software Update Policy will be queued by the Altiris Agent, so if there are multiple policies ready and scheduled, they are run individually and queued one by one.

Advisory: Changes may be made to schedules or other processes to obtain the desired behavior as outlined in KM: HOWTO56242 Section 5.