Windows Patch Analysis Job does not report an expected missing patch
Use the following guidelines to analyze a case where the Windows Patch Analysis Job does not report a patch that is not installed and was expected to be found missing on the target server.
Shavlik metadata XML files are updated weekly and sometimes contain a Revision section with recent fixes. Before troubleshooting, check if your possible patch issue is already fixed, and if so, then update your Catalog and validate. To subscribe for Shavlik XML Releases, follow this link: http://www.shavlik.com/support/xmlsubscribe.aspx
For the Windows Patch Analysis Job to report that a patch is missing, several conditions must be met. The following sections describe how to verify that these conditions are met and provide troubleshooting guidelines.
The patch exists in the Catalog and is not obsolete
Check that the patch is present in the Catalog.
Review full patch name from Hotfixes Smart Group (not Bulletin). The correct patch object for your target server will have the correct Product Name (Windows OS is also considered a Product) and Service Pack appended. Examples:
Windows6.1-2008-R2-KB2620704-x64.msu-MS11-085-en-WINDOWS SERVER 2008 R2 STANDARD (X64)-GOLD Windows6.1-2008-R2-SP1-KB2620704-x64.msu-MS11-085-en-WINDOWS SERVER 2008 R2 STANDARD (X64)-SP1
Following the example, if the target is Windows 2008 SP1, then you need to validate that the SP1 patch object exists, because the GOLD patch object does not apply to the system.
If the patch object is not found for the correct Product or Service Pack, then this is most likely the root cause of your issue. To investigate further why the Catalog does not contain the patch object, see Windows Hotfix Patch not found in the Catalog.
- Check that the patch is not obsolete.
If the correct patch object is found, open the respective Bulletin and review the Obsolete value. If the patch is obsolete, then by default the obsolete patches are not reported in the analysis results. This would explain why the patch is not reported. Review the Superseded By value to get the newer Bulletin ID that you should analyze for instead.
The patch is considered by the Analysis Job options
- Validate that the Patch Analysis Job has the correct patch type selected.
Open the patch from the Hotfixes Smart Group of your Catalog, go to Extended Properties tab, and review the 'Patch Type' value. The available patch types are: Security Patch, Security Tool, Non-Security Patch, and Service Pack. In the Patch Analysis options you have the ability to select any combination of these types. If you do not have the correct patch type included, then this is the root cause of your issue.
- Validate that the patch is not excluded from analysis
If the Job uses an Include filter, verify that the patch is present. If the Job uses an Exclude filter, the patch should not be present. Not meeting this requirement would be the root cause of the issue.
The analysis engine scans for the patch and finds missing
We have now established that the patch exists and is considered, so we need to find out if the actual analysis engine scans for this patch. For that we need to review the C:\Trace.txt file left on the target. Search Trace.txt for Bulletin ID (not Q number).
When searching for a Bulletin, if you find
NOT testing MSXX-XXX, keep searching, because the same Bulletin may appear more than once.
Below are possible outcomes with examples:
(a) ID found - Not tested; the patch is not applicable to the system:
NOT testing MS11-085
(b) ID found - Installed; file version is equal or higher than expected:
PatchTest.cpp:785 File C:\Program Files\Common Files\SYSTEM\WAB32.DLL (6.1.7600.16891) C 2 6.1.7600.16891 (AC 5)
(c) ID found - Missing; file version is less than expected:
PatchTest.cpp:785 File C:\Program Files\Common Files\SYSTEM\WAB32.DLL (6.1.7600.16385) C 2 6.1.7600.16891 (AC 5)
(d) ID not found; Trace.txt does not have information about the Bulletin
Use the following troubleshooting guidelines for the above example outcomes:
(a, b) If Bulletin is 'Not Applicable' or 'Installed' and you believe that this is not accurate, review the vendor website and the target system configuration to cross-reference the information in Trace.txt. The Microsoft site, for example, will contain Products, Product Versions, OS Versions, Service Packs, file versions and other relevant information for the patches; this information needs to be reviewed and compared to what is on the target server. Generally the link is http://support.microsoft.com/kb/xxxxx, where xxxxx is the KB number. If the information suggests that the patch should be reported as missing, then this could be a potential defect; file a ticket with BMC Support and provide all relevant details.
(c) If Bulletin is 'Missing', then we need to investigate why the results were incorrectly sent back to the application server. Either revisit all previous check points (it is possible that one may have been misread), or file a ticket with BMC Support and provide the information requested below.
(d) If Bulletin is not found in Trace.txt, then one of the following might have occurred:
- The Product, to which this Bulletin belongs, is not installed on the target server. For example, if the patch in question is for SQL2008, and SQL2008 is not installed, then this entire Product is skipped, including all Bulletins.
- The Bulletin patch information was not present in the Shavlik metadata file (hfnetchk6b) used to perform analysis. To validate a possible conflict with mismatched metadata, review the following article: https://kb.bmc.com/infocenter/index?page=content&id=KA347121
- Analysis scan aborted unexpectedly, completing with partial results. To validate this possibility, review the end of Trace.txt file for possible errors and see if it matches the following article: https://kb.bmc.com/infocenter/index?page=content&id=KA348230
If Trace.txt contains a different error, continue searching KCS.
For more general tips on how to analyze Trace.txt logs, review the following article: Knowledge Article ID: 000096560
Collect the logs
If you have run into a situation that is not covered here, collect the following information and file a ticket with BMC Support:
- Bulletin and KB number of patch(es) in question (include full name as appears in Hotfixes Smart Group)
- Patch Analysis Job log
- From target: output of 'systeminfo' command and C:\Trace.txt
- Issue summary and where you had difficulties