Deploying patches across multiple endpoints spread over various geographical locations can be difficult. While this diversity can be unified with a dedicated patch deployment policy, there are several instances wherein the deployments cannot be completed successfully.
Be it an issue of the user endpoints or the network stability, resolving such errors can be a daunting task, especially in an enterprise with a multitude of endpoints.
Using the Patch Deployment Troubleshoot functionality, admins can now diagnose deployment errors and resolve them in just a few clicks. This feature is applicable for both Automate Patch Deployment and Manual Deployment tasks.
Note:This feature is available on Patch Manager Plus versions 11.2.2328.01 and above. If you're on a lower version and would want to tryout the feature, kindly reach out to Support.
The deployment errors can be troubleshooted seamlessly based on the broaded classification, as mentioned below:
This error occurs when the agent on systems and endpoints has not been upgraded after the recent server version upgrade (either PPM or ISU). All agents with a version that differs from the server version are grouped under this category, and there is only one main view available for this issue. For resolution, please ensure that the upgrade process is correctly initiated, and if problems persist, contact support with the relevant logs.
This error occurs when systems are associated with a Distribution Server (DS) that is experiencing problems. Common issues include DS crashes, internet disconnections during synchronization or insufficient storage. When the DS becomes unreachable due to these issues, the systems under that DS are categorized under this error. For resolution, please investigate the DS status and connectivity to restore proper functionality.
Main View: List of remote offices with affected resource counts.
Sub View: List of affected systems.
This error occurs when systems have not contacted the server or DS for more than 7 days. This lack of communication indicates a prolonged period of inactivity. As a result, these systems are grouped under this category for further investigation. To resolve this issue, check the network connectivity and ensure the systems are operational
Main View: List of systems with their last contact time.
This error occurs for on-premise servers and does not apply to on-demand customers. If a download fails on the server, replication to the Distribution Server or agent fails, resulting in incomplete deployments. This error group includes two tabs: Patch Download Failure (including dependency patches) and File Download Failure. If a patch has multiple language IDs, the grouping depends on the patch ID’s language and the OS language, which may result in duplicate patch IDs.
PATCH FAILURE IN SERVER:
Note: Count mismatch may occur due to overlapping resources across multiple failed patches.
SYSTEMS AFFECTED DUE TO PATCH DOWNLOAD FAILURE:
Main View:
System View:
Note: There may be a count mismatch between the numbers shown under Patch Download Failure and in the view. This discrepancy occurs because the view is focused on patches/files rather than systems. Multiple resources can overlap across different failed patches or files. The count reflects the unique number of systems/resources affected by this error group as a whole, including those impacted by both patches and files.
For eg. Two patches failed which has affected systems has 20 and 25 in main view, based on the systems, the total count can comprise of systems being unique as in (20 systems for patch 1 + 25 systems for patch 2) 45 or overlap and count be 25(20 systems have both patches as missing and 5 are unique for one patch).
This issue occurs when systems are unable to deploy or apply specific patches due to two primary reasons: replication failures in the Distribution Server (DS) and failed downloads of patches in the DS. Both scenarios are categorized under Error Group 1. The first reason involves replication failures while patches are being transferred from the Central Server (typically the OP Server). The second reason concerns patches that fail to download directly from vendor sites to the DS (usually in OD or Cloud Servers).
PATCH REPLICATION FAILURE - AFFECTED PATCHES
Patch Replication Failure → Affected Patches → Systems affected due to Replication Failure:
This error occurs when systems have significantly low disk space on the drive where the agent is installed. Insufficient disk space prevents patches from downloading or replicating to the agent store, making this issue a top priority in post-deployment. There are two views available: the main view lists the resources and the number of patches affected by the disk space issue, while the subview provides detailed information about the patches.
Main View: List of resources with count of patches failed due to low disk space available in system.
Sub View: Sub view is redirected by clicking failed patches count.
This error occurs when an agent attempts to replicate or download patches from the Central Server, Distribution Server, or directly from vendor sites and fails to do so. These failures are categorized under this grouping for further analysis.
Main View:
Sub View:
This remarks validate once in each view when machines have successfully processed the deployment but require a reboot to complete the patching process. These machines are grouped in this category for easier management. In this view, actions are available to shut down or restart the machines, facilitating a quicker completion of the deployment.
Main View: Resources with count of patches waiting for a reboot.
Sub View: List of patches specific to the resource waiting for a reboot to complete patching.
Actions: Select and perform Shutdown/Restart available in Main View.
Redirections: Click Failed patches.
This error occur when the system agent is offline during the deployment window, especially for server-based updates. For instance, if your organization's deployment policy schedules patching during the first and second Mondays and Tuesdays of the month between 1:00 AM and 5:00 AM, and the system is offline during this time, Systems Offline During Deployment Window error will occur.
If you've set Wake-on-LAN as a pre-deployment activity and the system is still not active during the deployment window, it may be in Stand-by or Hibernate mode, or it could be outside the LAN coverage area where Wake-on-LAN is ineffective.
This view lists the systems not live during the deployment window.
This error occurs when systems encounter CBS log issues during the deployment of patches. These systems are grouped under this view for better management. There are two available views:
System View: lists systems along with the patch count facing CBS corruption.
Detail View: provides a list of systems along with the specific failed patch information.
Detail view is a tab view and can be directly viewed or filtered view through clicking patch count in system view.
Read KB for this issue :Read KB
DETAILS OF CBS CORRUPTED SYSTEMS:
This error occurs when systems experience corruption or damage related to dotNET during the deployment of patches. These systems are grouped under this category for easier tracking and resolution. There are two available views:
System View: lists systems with the patch count affected by dotNET corruption.
Detail View: provides specific information about the failed patches.
Detail view is a tab view and can be directly viewed or filtered view through clicking patch count in system view.
.NET CORRUPTED SYSTEMS:
DETAILS OF .NET CORRUPTED SYSTEMS:
This error occurs when systems encounter specific applications(except OS anc corruption issues during patch deployment. These systems are grouped under this category for efficient management. There are two available views:
The System View: lists systems with the patch count affected by application corruption The Detail View - provides specific information about the failed patches.
Read KB for further info - Read KB.
APPLICATION CORRUPTED SYSTEMS:
DETAILS OF APPLICATION CORRUPTED SYSTEMS:
This error occurs when some applications cannot be patched because they are currently running. The user must close the application to complete the deployment. This is a common cause of failure, especially during workdays, and is assigned the lowest priority. Patching can only resume once the end user closes the application in question.
There are two views :
SYSTEM VIEW: List of systems with patch count facing CBS Corruption.
DETAIL VIEW: List of systems along with the failed patch info.
APPLICATION IS CURRENTLY IN USE:
DETAILS WHERE APPLICATION IN USE:
This error occurs when there are deployment failures that do not fit into any of the previously mentioned categories. This grouping represents an anomaly. There is a Reason View that categorizes individual errors within this group, allowing users to toggle between the Reason and Detailed View for a better understanding of the specific errors encountered.
There are three tabs for this view
SYSTEMS VIEW: List of systems with failed patch count.
DETAIL VIEW: List of Systems with failed patch info.
REASON VIEW:Remarks based grouping of errors with systems count occurring in Other installation failure view.
Detail view can be accessed from both Systems View and Reason View. They can be accessed by clicking Failed Patches from Systems View.
OTHER INSTALLATION ISSUES:
SYSTEMS WITH OTHER INSTALLATION VIEWS(TAB VIEW):
DETAILS OF SYSTEM WITH OTHER INSTALLATION VIEW:
Once the error codes mentioned-above have successfully been resolved, patches would automatically be re-deployed in case of Setup/Component issues. In case of Installation issues, the patches need to be re-deployed via a Manual Deployment task.
Once the errors have been resolved, you can click on Sync Now to get the updated status on these errors.
