Windows Patch Analysis Job reports an unexpected patch as missing
Use the following guidelines to analyze a case where a Windows Patch Analysis Job reports a patch as missing, but the patch is considered to be already installed or not applicable to the target.
Shavlik metadata XML files are updated weekly and sometimes contain a Revision section with recent fixes. Before troubleshooting, check if your possible patch issue is already fixed, and if so, update your Catalog and validate. To subscribe for Shavlik XML Releases follow this link: http://www.shavlik.com/support/xmlsubscribe.aspx
If Windows Patch Analysis Job reported the patch as missing, then the patch appeared to be applicable to the system, and the detection logic or 'Reason' did not pass for the affected file or registry key. The following sections help you validate whether the patch is truly applicable, and whether the correct reason was used to determine this.
Patch Analysis was run to validate after successful Deploy Job
If the Patch Analysis Job was run to validate the Deploy Job results where the patch was presumably installed and the patch still reported as missing, then review the following guide for possible explanations: Knowledge Article ID: 000090870
Check if the patch is obsolete and happened to be in the include filter
Open the respective Bulletin from the Catalog and review the 'Obsolete' value. If the Bulletin is obsolete, then we have two options to review:
- If the Analysis Job uses an Include filter, then to resolve the issue the patch needs to be removed from it (this applies to BladeLogic pre-8.2SP1), or added to exclude filter. For more information about the difference in analysis with and without the include filter review the following article: Knowledge Article ID: 000077159
- If the Analysis Job does not use an Include filter, then there is a possibility that the patch as part of Partially Superseded Bulletin, should be considered as not obsolete, and therefore investigation should proceed to the next step. For more information and to validate this, review the following article: Knowledge Article ID: 000083735
Identify the reason for the patch to be considered missing
The reason can be found in one of two places:
- In the BSA Console / Patch Analysis results / Server View / target / last Column (Reason). For example:
File version is less than expected. [C:\Program Files\Common Files\MICROSOFT SHARED\VGX\VGX.DLL 8.0.7600.16385 < 8.0.7600.20957]
- On the target server in C:\Trace.txt log. Search for Bulletin ID to find the snippet that will contain the reason. For example:
PatchTest.cpp:785 File C:\Program Files\Common Files\MICROSOFT SHARED\VGX\VGX.DLL (8.0.7600.16385) C 2 8.0.7600.20957 (AC 5)
For missing patches, the reason is followed by "Did not pass file tests"
For more information on how to analyze Trace.txt logs, review the following article: Knowledge Article ID: 000096560
Check if the reason is valid for this server based on vendor specification
- Get the OS specification from the target server (run 'systeminfo'), or if the patch in question is for a specific product, such as Office or SQL, then get the Product specification as well, including the SP level.
- Review the Vendor website to verify that files (and their versions) or registry keys seen in the reason of the analysis result apply to the Product or Windows OS of the target. It is important to note that different OS Service Packs might have different conditions, and this is not to be overlooked.
Essentially, you need to clearly identify the OS or Product of the patch, find the correct affected files and their versions on the Vendor site, and make sure that these files (or registry keys) are used in the Shavlik logic (reason) to make a decision about the patch status. If the logic uses incorrect files, incorrect versions, versions of incorrect builds, then these could lead to an incorrect status result of the patch. Such an issue needs to be reported to BMC Support for validation and to work with Shavlik to provide the fix.
Collect the logs
In the end, if you have identified the defect or are still not convinced that the patch is reported as missing correctly, file a ticket with BMC Support and provide the following information:
- Bulletin and KB number of patch(es) in question
- Patch Analysis Job results
- From target: output of 'systeminfo' command and C:\Trace.txt
- Issue summary and where you had difficulties