1. There are no patches listed in the Applicable and Missing Patches sections. Why?

If you cannot see patches listed in the Applicable and Missing patches sections, do the following:

  • Check if the Endpoint Central agents have been installed in all computers that you are managing. If agent installation has failed, read this document to understand and rectify the possible reasons for the agent-installation failure.
  • Ensure that the computers have been scanned atleast once. To learn more about setting up periodic scanning, see patch scanning.

Questions

2. I could not complete the task of scanning for patches manually. It failed. Why?

When you scan for patches manually, it could fail if because of any of the following reasons:

Access Denied

If you get the 'Access Denied' error, do the following:

  • Check whether the Domain Administrator credentials supplied while defining the Scope of Management is still valid and has not been changed.
  • Enable DCOM settings in all the computers in your network. To enable DCOM settings, follow the steps given below:
    1. Click start>Run
    2. Enter dcomcnfg
    3. Click OK

      The dialog box that appears depends on the Windows operating system that is installed in your computer. If you are using Windows NT/2000, you will see the Distributed COM Configuration Properties dialog box on the screen. If you are using Windows XP, you will see the Component Services dialog box on the screen. To acces the Properties tab, follow the steps given below:

      1. Expand Component Services
      2. Expand Computers
      3. Right-click on My Computer
      4. Click Properties
    4. Click the Default Properties tab
    5. Select Enable Distributed COM on this computer
    6. Select an appropriate authentication level
    7. Select an appropriate impersonation level

    You have enabled DCOM settings in the computers in your network.

  • Turn off the Force Guest feature if client computers are part of a workgroup (not part of a Windows Domain). Make the following change in all the client computers:
    1. Click start>Run
    2. Enter explorer
    3. Click OK
    4. Select Tools>Folder Options
    5. Click the View tab
    6. Deselect the option Use simple file sharing
    7. Click OK

RPC Server Unavailable

If you get the error message, 'RPC Server Unavailable', check if the following are switched on or enabled:

  • Remote computer: If the remote computer is not reachable, ensure that the system is switched on and running when the inventory scan is in progress.
  • Remote Administration feature: If the Remote Administration feature is disabled in the computers firewall, enable it using the steps given here.
  • File and Printer Sharing for Microsoft Networks: If the 'File and Printer Sharing for Microsoft Networks' is not enabled in the network adapter of the computers, enable this option using the steps given here.

Scanning Timed Out

If you get the error message, 'Scanning Timed Out', complete the following tasks:

  • Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall:
    • 8020: Used for agent-server communication and to access the Web console
    • 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another

      This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed.

  • Check if the computers are switched on when inventory scanning is in progress. Ensure that the service "ManageEngine Desktop Central 10-Remote Control" is running in the computers.

    Note: This is applicable if the scanning has failed for computers in remote offices.

  • Disable virtual adapters, if any, when the computer in which the Endpoint Central server is installed has multiple IP addresses. For example, a virtual adapter and two NICs.

Questions

3. I had scheduled the scanning for patches to take place automatically. It failed. Why?

If scheduled patch scanning fails, do the following:

  • Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall:
    • 8020: Used for agent-server communication and to access the Web console
    • 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another

      This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed.

  • Enable the local group policy. For steps to enable the local GPO, click here.

Questions

4. I cannot update the list of latest patches in the computers in my network. Why?

The reason you cannot update the list of latest patches in the computers in your network could be because the proxy server credentials specfied in the Proxy Server settings are no longer valid. Reconfigure the proxy server settings by specifying a valid set of credentials.

Questions

5. I am unable to deploy patches to the computers in my network. Why?

If you are unable to deploy patches to computers in your network, do the following:

  • Check the following:
    • Versions of the agents installed in the computers. You can view the version of the agents installed in the computers on the Scope of Management page. To access this page, click Admin>Scope of Management.
    • Status of the computers to which you want to deploy patches
    • Status of the patch-download process. You can check this in the Downloaded Patches page. To access this page click Patch Mgmt>Patches>Downloaded Patches.
    • Proxy-server credentials specified in the Proxy Server settings. Reconfigure these credentials if they are no longer valid by specifying valid credentials.
    • Local group policy in the computers. If the local group policy is disabled the client computers, scheduled scanning for patches will fail. For steps to enable the local group policy, click here.
    • Availability of users and computers in an Organizational Unit (OU) or group that is specified as a target for a configuration has users or computers in it. If required, you should login as the user or restart the computers in an OU or group to ensure that the required patches are deployed.
    • Event logs in computers that you want to deploy patches to for errors. Do this when the Domain Controller is not reachable from the client computers. To open the Event Viewer, follow the steps given below:
      1. Click start>Run
      2. Enter eventvwr
      3. Press Enter
      4. Select the required application from the left tree and look for errors with the following event IDs:
        • 1030
        • 1054
        • 1058
      5. Refer to this Microsoft Knowledge Base articles to resolve these errors.
  • Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall:
    • 8020: Used for agent-server communication and to access the Web console
    • 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another

    This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed.

Questions

6. Why does the vulnerability database not get updated?

The reason why the vulnerability database does not get updated could be because the proxy server is blocking the data. Ensure that you do the following:

  • Specify ports 443 and 80 through which the proxy server communicates
  • Add "patchdb.manageengine.com" to the exception list of your proxy server

Questions

7. Patch installation fails while downloading the patches. Why?

The reason why patch installation fails while downloading patches could be because the authentication provided in the proxy settings do not have necessary privileges to download .exe files.

Questions

8. Patch installation fails with error 'Fatal Error during Installation'. Why?

Patch installation could fail with the error 'Fatal Error during Installation' because of patch-specific errors. Check the %windows%\KB******.log for possible reasons. If problem persists, contact support with the following logs:

  • %windows%\KB******.log
  • Agent logs pertaining to the computers where the patch is being installed.

Questions