Troubleshooting Patch Management issues

This topic contains troubleshooting information for patch management issues. The topic includes the following sections:

Troubleshooting Windows patching issues

The errors that you might encounter during a Windows patching task can be divided into the sections that follow.

Errors encountered while creating or updating a patch catalog

The following table lists issues that you might encounter while running a Patch Catalog Job, and provides troubleshooting information and references to knowledge articles for these issues.

Note

For general information about monitoring the progress and viewing the results of a Patch Catalog Job, see Viewing progress and results of a Patch Catalog Job.

Issue	Troubleshooting information
Unable to download shavlik metadata	The shavlik metadata may not be downloaded due to the following reasons: Files are not available at the shavlik site Firewall has blocked access to shavlik URLs For more information about this issue, you can refer to the Error occurred while downloading shavlik metadata knowledge article in the BMC knowledge base. Steps for debugging the shavlik downloader To enable DEBUG logging, add the following text to appserver.cf file: #Downloader debug log4j.logger.com.bladelogic.model.job.compliance.patch.ShavlikResult=DEBUG log4j.logger.com.bladelogic.app.util.DownloadServer=DEBUG
Patch Catalog Update Job throws the following warning: No mappings were found for the selected product	Product Mappings are subject to change due to updates by Microsoft (and therefore Shavlik). If the updates occur before BMC Server Automation has shipped updates in the product, you can use a Windows Filter Configuration File to update the mappings used by BMC Server Automation. Navigate to the following BMC Communities document: Windows Patching- product_categories.xml Download the most recent Windows Filter Configuration File file to a location available to the BMC Server Automation console. From the console, select Configuration > Patch Global Configuration and click the Windows tab. Next to the Windows Filter Configuration File (the last item in the tab), click the ellipsis button (...) and navigate to the downloaded file. Select the product categories mapping file you downloaded from BMC Communities and click OK. Click the Save icon (the blue diskette) at the top left corner of Patch Global Configuration window. Edit the filter list in the patch catalog and select the correct Product Filter. Run the Patch Catalog Update Job again. Note If the `No mappings were found for the selected product` message persists, the Windows Filter Configuration File needs further update. If you need assistance, contact BMC Customer Support. For the latest information on this issue, see the BMC Server Automation Knowledge Article ID: KA419955.
ACL issues: Windows Helper Server cannot be reached or access is not authorized	For information about creating an ACL template or ACL policy and controlling server access with agent ACLs, see Managing access.
Patch object cannot be added or updated due to an RBAC issue	To create Patching Jobs and deploy patches, the patch administrator must be assigned a role that includes the necessary RBAC permissions. For more information, see Minimum permissions for patching.
Windows Hotfix Patch is not found in the Catalog	For steps on troubleshooting this issue, see Windows Hotfix Patch not found in the Catalog.
Catalog update job fails because of PD5.cab, or HF7b.cab configuration files.	If you have upgraded to BMC Server Automation 86 or later, you may still be using the PD5.cab, or HF7b.cab configuration files for Windows patching. However, BMC Server Automation 8.6 and later versions do not support the PD5.cab, or HF7b.cab configuration files, and you must use the PD5.xml, or HF7b.xml files instead. The Windows catalog update job fails if you use the .cab configuration files. To update the configuration files used for Windows patching see, Global configuration parameters.

_{Back to top}

Errors encountered while running the Patching Job and the Remediation Job

The following table lists issues that you might encounter while running the Patching Job and the Remediation Job, and provides troubleshooting information and references to knowledge articles for these issues.

Note

The Trace.txt log file and the results.xml file are generated by the Windows Patch Analysis Job or by live browsing Hotfixes .The information in these logs can be used to troubleshoot errors. For more information about analyzing the Trace.txt, see How to analyze Trace.txt generated by a Windows Patch Analysis Job.

Issue	Troubleshooting information
Shavlik metadata was not copied to the target	You can refer to the following articles in the BMC knowledge base for steps on troubleshooting this issue: Windows Patch Analysis Job error: failed to copy Windows Patch Analysis Job error: Cannot create analysis results for server If your issue is still not resolved, file a ticket with BMC Support and provide the information from the following logs: Patch Analysis Job log rscd.log from file server and target Turning on debug tracing for cl5.exe To validate the payload, the shavlik engine runs the cl5.exe tool on the target. If this tool is not working properly, you can turn on tracing, using the following command: CL5.exe 2097197 1 <Log Directory> The customary value for maximum log size is 5000000. This command writes some values to the registry. To turn off CL5 tracing, use the following command: CL5.exe 2097197 0
One of the BLPatchCheck2 phases did not complete successfully	You can refer to the following articles in the knowledge base for steps on troubleshooting this issue: Windows Patch Analysis warning: BlPatchCheck2 version is prior to 1.3 Windows Patch Analysis Job error: Version of shavlik SDK on the target is not supported by the Application Server Windows Patch Analysis or Catalog Update Job error: Unable to load the shavlik scan engine dll Windows Patch Analysis Job error: Assessment file is missing or unable to download or decab Windows Patch Analysis error: Error executing analyzer Windows Catalog or Patch Analysis error: Error executing BLPatchCheck2 If your issue is still not resolved, file a ticket with BMC Support and provide the information from the following logs: Patch Analysis Job log rscd.log and Trace.txt from target
Results are not passed back to the Application Server	You can refer to the following articles in the knowledge base for steps on troubleshooting this issue: Windows Patch Analysis Job error: Failed to copy //target/agent/shavlik_resultsXXXXX.xml to /[appserver]/tmp/application_server/shavlik_resultsXXXXX.xml Windows Patch Analysis Job error: com.bladelogic.shared.xml.XMLServiceException: File /[appserver]/tmp/shavlik_results_xxx.xml is empty. Cannot parse. If your issue is still not resolved, file a ticket with BMC Support and provide the information from the following logs: Patch Analysis Job log rscd.log and Trace.txt from target appserver.log
Analysis reported unexpected patch as missing	For information about troubleshooting this case, see Windows Patch Analysis Job reports an unexpected patch as missing. You can also refer to the following articles in the BMC knowledge base: Windows Patch Deploy Job error: BlPatchCheck2.exe failed Windows Patch Deploy Job error: Could not load patch details file Patch Analysis or Deploy error: Unable to load the shavlik packager engine dll Windows Patch Analysis error: Difference in results with and without using Include filter (whitelist) Partially superseded bulletins show as superseded in the Windows Catalog
Analysis did not report expected patch as missing	For information about troubleshooting this case, see Windows Patch Analysis Job does not report an expected missing patch. You can also refer to the following articles in the BMC knowledge base: Windows Patch Analysis Job does not report missing patches (missing product filter) Windows Patch Analysis partial results:Invalid character was found in text content Windows Patch Analysis does not report new missing patches after an upgrade or shavlik URL change Windows Patch Catalog or Patch Analysis does not obtain latest shavlik metadata files
BMC Server Automation analysis does not match with other third-party patch solutions	For more information about troubleshooting this case, see Analyzing differences between Windows Patch Analysis Job results and third-party vendors. You can also refer to the following articles in the BMC knowledge base: Live Browse Hotfix does not report last installed patches How long it will take for the patches to be reflected in BMC Server Automation/Shavlik after Microsoft has released them? Windows Patch Troubleshooting: Analysis Job results conflict with third party vendors

_{Back to top}

Troubleshooting Linux patching issues

When troubleshooting Yum-based Linux patching it is import to know how the process works in order to narrow down problems. At a very high level the catalog (repo) metadata is copied from the repo location to the target server(s), a custom yum.conf is generated on the target(s) and yum is called using that configuration file (instead of the system's default), analysis is performed and then the analysis results are processed and fed back to the BladeLogic application server. For RHEL 7 targets, the OS's yum binary is used and for all other rpm-based platforms a custom 'blyum' that is part of the RSCD install is used instead.

Click here for a detailed list of the process.

The detailed steps are:

blpackage of repodata.tar.gz and linux_analyze is created
blpackage deployed to target system in ??STAGING_DIR??/LinuxCatalog_<hash>
custom yum.conf file generated in ??STAGING_DIR??/LinuxCatalog_<hash>
??STAGING_DIR??/LinuxCatalog_<hash> contains:
- repodata.tar.gz -> compressed yum repodata from catalog
- yum.conf -> yum configuration generated on the fly by the job based on yum.conf settings in the Patch Global Config and Job that refers to the temporary repo location
- repo directory -> extracted contents of the repodata.tar.gz file, the 'repo' used during analysis
- linux_analyze -> binary that builds the include lists and runs yum w/ options
linux_analyze runs which is effectively calling <rscd install dir>/bin/blyum (or just /usr/bin/yum for RHEL7) -C -c ./yum.conf [ update | install ] <include list>
A number of output files are generated. These files contain various outputs:
- yum_analysis.res -> result of the yum upgrade/install command
- analysis_res.log -> ??
- analysis_err.log -> stderr of the linux_analyze command
- analysis_log.log -> stdout of the linux_analyze command
- yum.lst -> ???
- installed_rpms.log -> count of installed rpms
If the run is successful the needed rpms are fed back to the application server and shown in the analysis results.
if the DEBUG_MODE_ENABLED property on the Patching Job is set to 'true', then the contents of this directory from each target will be copied back to the <application server install dir>/NSH/tmp/debug/<appserver instance name> directory for later investigation, otherwise the directory is removed.

So any yum configuration on the OS is ignored, and any repos the OS is subscribed to (/etc/yum.repos.d) are also ignored. Only the 'repo' for the BladeLogic-provided catalog is used during analysis, and only the yum options defined via BladeLogic are used.

The following table discusses issues that you might encounter when performing Linux patching.

Issue	Troubleshooting information
Yum failed to execute	Scenario 1: `STDERR: cat: rpm-includes.lst: No such file or directory ERROR::YUM dry run failed. ERROR::cmd: failed!` For more information, see Yum failed to execute - Scenario 1.
Yum failed to execute	Scenario 2: `Could not find repodata.tar.gz corresponding to OsArch:` `‘[ARCH]' in the catalog ( at location '//<repo>/catalog_XXX/[ARCH]/repodata.tar.gz').` For more information, see Yum failed to execute - Scenario 2.
Yum failed to complete	Scenario 1: `Missing Dependency: [rpm1] = [version] is needed by package [rpm2-version.arch] (installed)` For more information, see Yum failed to complete - Scenario 1.
	Scenario 2: `Missing Dependency: [rpm1] = [version] is needed by package [rpm2-version.arch] (repo)` For more information, see Yum failed to complete - Scenario 2.
	Scenario 3: `[rpm1] conflicts with [rpm2]` For more information, see Yum failed to complete - Scenario 3.
Deploy Job failed	Scenario 1: `[rpm-version.arch]: Caching enabled but no local cache of //<staging>/blrepos/repo/packages/[rpm-version.arch].rpm from repo.` For more information, see Deploy Job failed - Scenario 1.
Deploy Job failed	Scenario 2: `Transaction Check Error: package [rpm-version] is already installed.` For more information, see Deploy Job failed - Scenario 2.

_{Back to top}

Yum failed to execute scenarios

Yum failed to execute - Scenario 1

The following scenario describes the No such file or directory error that you might encounter when the yum file fails to execute, as well as steps to troubleshoot the issue.

Error Message	`STDERR: cat: rpm-includes.lst: No such file or directory ERROR::YUM dry run failed. ERROR::cmd: failed!`
Description	The error messages suggest that either blyum is not found on the target or it is found but some libraries that are needed to run blyum were missing.
Troubleshooting	To fix this error or research further, review the analysis_err.log error log file in the staging directory. This error is usually encountered when the supported agent version or architecture is not installed. So, to troubleshoot this issue, validate that the supported agent version or architecture is installed.
Logs to collect	Log files to collect from the application server: Patch Analysis Job log Log files to collect from the target: rscd.log agentinfo.log analysis bundle.log

Yum failed to execute - Scenario 2

The following scenario describes an error in the execution of the yum file, as well as steps to troubleshoot the issue.

Error Message	`Could not find repodata.tar.gz corresponding to OsArch: ‘[ARCH]' in the catalog ( at location '//<repo>/catalog_XXX/[ARCH]/repodata.tar.gz')`
Description	This error message indicates that the Catalog Job did not succeed at a target where the repodata.tar.gz file was not generated. As a result, the Analysis Job was run against an invalid target whose OS level or architecture did not match. This problem might be caused by an issue on the Repo Server.
Troubleshooting	To fix this error, perform the following: Run the Catalog Update Job again, and ensure that it ran successfully at all targets. Validate that the target is correct by right-clicking and verifying the OS information. Validate the ACLs on the Repo server.
Logs to collect	Patch Analysis Job log Catalog Update Job log From the target rscd.log agentinfo.log From the Repo server rscd.log

_{Back to top}

Yum failed to complete scenarios

Yum failed to complete - Scenario 1

The following scenario describes an error where the yum file fails to complete, as well as steps to troubleshoot the issue.

Error Message	`Missing Dependency: [rpm1] = [version] is needed by package [rpm2-version.arch] (installed)`
Description	Both rpm1 of the specified version and rpm2 are installed on the target. A newer version of rpm1 is found in the Catalog and set to be updated. The installed version of rpm1 is also a dependency to rpm2. To approve the installation of a newer rpm1, yum also needs to update rpm2. However, yum cannot find a newer version of rpm2 in repodata.tar.gz, so rpm2 is excluded from analysis. As a new version of rpm2 is not found, the rpm is not offered an update. Because rpm2 is not updated, yum cannot allow the update of rpm1. An error is logged, alerting that rpm1 needs to remain installed to preserve the dependency of rpm2.
Troubleshooting	To troubleshoot this error, follow these steps: Validate that rpm2 is missing from the catalog. If rpm2 is missing from the Catalog, check if it exists in the RHN Channel. If not in the RHN Channel, then analysis happens as expected. Acquire rpm2 by other means and update it along with rpm1. Exclude Rpm1 from the analysis. Note that another rpm might require the newer version of the excluded rpm. Uninstall rpm2. When you uninstall rpm2, consult your administrator and use caution. If present in RHN Channel, run the Catalog Update Job again. If rpm2 is still not in the catalog, and this is not an RBAC-related issue, then collect logs and contact BMC Support. If rpm2 is now present in the catalog, run the analysis again. If Analysis still shows the same error, continue to the next step . If rpm2 is present in the catalog, check whether rpm2 is present in repodata.tar.gz on the target by running the following command: `# cd <staging>/LinuxCatalog_XXX_[target]/` `# yum -C -c yum.conf search [rpm2]` Proceed according to the results that you obtain: If rpm2 is not found, then this could be why it is not offered during Analysis. If rpm2 is found, collect logs and contact BMC Support.
Logs to collect	Log files to collect from the application server Patch Analysis Job log Log files to collect from the target analysis bundle.log (including repodata.tar.gz)

_{Back to top}

Yum failed to complete - Scenario 2

The following scenario describes an error where the yum file fails to complete, as well as steps to troubleshoot the issue.

Error Message	`Missing Dependency: [rpm1] = [version] is needed by package [rpm2-version.arch] (repo)`
Description	Neither rpm1 of the specified version nor rpm2 are installed on the target. Yum sets rpm2 to be updated for one of two reasons: Yum detected an older version of rpm2 installed. Yum offered rpm2 as a dependency to some other rpm. Yum checks if rpm2 needs any dependencies of its own, and detects that rpm1 of the specified version is needed as a dependency. Therefore, yum attempts to set rpm1 to be updated as well, but fails. An error is logged, alerting that rpm1 is required for rpm2 to be installed.
Troubleshooting	To troubleshoot this error, follow these steps: Check if rpm1 of the specified version exists in the Catalog. If rpm1 is not in the Catalog, check if it exists in the RHN Channel. If not in RHN Channel, then analysis happens as expected. Acquire rpm1 by other means and install it manually. Exclude rpm2 from the analysis or uninstall rpm2. When you uninstall rpm2, consult your administrator and use caution. Note that another rpm might require the newer version of the excluded rpm. Furthermore, this step will not work if yum offered rpm2 as a dependency to some other rpm. If present in the RHN Channel, run the Catalog Update Job again. If rpm1 is still not in catalog, and this is not an RBAC-related issue, then collect logs and contact BMC Support. If rpm1 is now present in the catalog, run the analysis again. If Analysis still shows the same error, continue to the next step. If rpm1 is present in the catalog, check whether rpm1 is present in repodata.tar.gz on the target by running the following command:`# cd <staging>/LinuxCatalog_XXX_[target]/# yum -C -c yum.conf search [rpm1]`Proceed according to the results that you obtain: If rpm1 is not found, then this could be why it is not offered during Analysis. If rpm1 is found, something might be preventing it from being installed. In such a case, try performing a dry run installation of rpm1 using the following command: `# rpm -iUv --test rpm1` If the dry run fails, then yum predicted this failure and that is why yum rejected rpm1 from being updated, and rpm1 was no longer considered to be updated. An error is logged, indicating rpm1 as a missing dependency. For a possible cause for this dry run failure, see Knowledge Article KA347757.
Logs to collect	Log files to collect from the application server Patch Analysis Job log Log files to collect from the target rscd.log analysis bundle.log (including repodata.tar.gz) rpm –qa

_{Back to top}

Yum failed to complete - Scenario 3

The following scenario describes an error where the yum file fails to complete, as well as steps to troubleshoot the issue.

Error Message	`[rpm1] conflicts with [rpm2]`
Description	Rpm2 is installed on the target, while rpm1 is not. Yum attempts to offer rpm1 to be installed or updated, but then yum detects that some of the files to be updated by rpm1 are used by rpm2. Therefore, yum rejects the installation or update of rpm1. An error is logged, alerting that rpm1 cannot be installed. In general, the conflict suggests that rpm1 and rpm2 cannot coexist if rpm versions matter.
Troubleshooting	Check the RHN site for known conflict issues. A conflict may arise if either rpm1 or rpm2 are not in the repository. Validate that the rpm is in RHN channel, in the Catalog, and in repodata.tar.gz, as described in scenario 2. Note that resolution cannot be guaranteed if the RPMs come from different channels. Proceed according to your needs: If rpm1 must be installed, check whether rpm2 can be uninstalled, downgraded, or upgraded to a non-conflicting version. If rpm2 must be preserved, consider the following actions: Check whether rpm1 can be excluded. Note that another rpm might require the newer version of the excluded rpm. Check whether another non-conflicting version of rpm1 can be installed. Check whether multiple versions of rpm2 are installed, where the conflicting one can be uninstalled. If the previous steps do not resolve the problem, collect logs and contact BMC Support.
Logs to collect	Log files to collect from the application server Patch Analysis Job log Log files to collect from the target analysis bundle.log (including repodata.tar.gz) rpm –qa

_{Back to top}

Deploy Job failed scenarios

Deploy Job failed - Scenario 1

Error Message [rpm-version.arch]: Caching enabled but no local cache of //<staging>/blrepos/repo/packages/[rpm-version.arch].rpm from repo

Description

Prior to installing the packages, the Deploy Job runs a preliminary yum analysis. During this analysis scan, rpm-version.arch is found as missing. The Deploy Job does not find rpm-version.arch in the list of staged missing patches, and, therefore, the job cannot proceed.

An error is logged, alerting you that the patch payload is not found and cannot be installed. This error indicates that a discrepancy was found between the regular Patch Analysis and the preliminary yum scan during Deploy, or that rpm-version.arch was not copied during staging. The error message is written in either the Deploy Job log or the bldeploy log.

Troubleshooting

Review Patch Analysis results and check whether rpm-version.arch was found as missing.
If the file is missing, check whether it was packaged during patch remediation.
- If it was packaged, check whether it points to an existing source. Open the object from inside the Catalog and review its Installable source value.
  - The root cause of the problem might be that the installable source points to a missing payload. In this case, rerun the Catalog or download the patch manually.
  - If the source points to an available payload, review the stage phase of the Deploy Job. Check for issues that might have occurred during the copying of the payload to the target.
- If the object was not packaged, check for possible RBAC issues.
If patch was not found missing, compare yum scans of Analysis and Deploy:
- Analysis: <staging>/LinuxCatalog_XXX_[target]/yum_analysis.res
- Deploy: <staging>/XXXXX/blres.yum.depl
The deploy log exists if the Deploy Job was set to preserve staging area on failure. If not, configure this setting now, then reproduce the error and collect the log file.
Compare the lists of set to be updated patches.
This comparison might reveal that for some RPMs, the analysis finds one arch file missing, while Deploy finds the other one missing. This might be the cause of the original issue. If so, a fix is available in BMC Server Automation 8.1 Service Pack 3.
If the preceding steps did not reveal the root cause of the issue, collect several logs and contact BMC Support. From the application server, obtain the Patch Analysis Job log. In addition, obtain the following logs from the target:
- Analysis bundle log
- bldeploy log
- <staging>/XXXXX/blres.yum.depl

_{Back to top}

Deploy Job failed - Scenario 2

Error Message	package [rpm-version] is already installed
Description	The Deploy Job installs the patches that were found missing during Analysis. In this case, the Analysis Job packaged the rpm-version, even though it is already installed.
Troubleshooting	Review the Analysis logs to troubleshoot the issue. The error message is located in either the Deploy Job log or the bldeploy log. You might see the following log records: The analysis_log.log is expected to reveal that the Patch Analysis ran with an include filter. The signs for this are: After 'update' you see a list of RPMs. YUM Command: for i in 0 1 2 3 4 5 :; `do echo n; done \| blyum -c ./yum.conf -C update "rpm-version.arch" "…" ...` Command `rpm –q [rpm]` reveals that multiple versions of the rpm are installed. The expected findings described in the previous step are not the standard configuration. Therefore, perform the following further testing: Run yum update with include list. This is expected to produce the following error:`latest rpm as missing` [issue reproduced] The updated rpm is offered for the older version of RPM that is installed even if the new version is also already installed. Run yum update without include list. This should return the following message:`no missing rpm` [good result] If we do not forcefully analyze for patches (with an include filter), then if the latest version is found, the rpm is not offered. Run yum install with include list. This should return the following message:`no missing rpm` [good result] The Install option checks only for the specific version of the rpm that we are attempting to install. Since our specific version of rpm is already installed, it will not be installed again. If you must preserve multiple versions of such RPMs, create a separate analysis job where you would use Install option and include the RPM. Modify the existing Analysis Job include filter and remove the RPM. If the RPM must be included, try excluding the opposite set of RPMs. For example, exclude all where RPM does not equal [rpm-version]. Yum does not install multiple versions of such RPMs by default, so if they are not required, then uninstall the old versions. The Analysis Job should no longer report the latest RPM as missing, because there will no longer be multiple versions.
Logs to collect	Log files to collect from the application server Patch Analysis Job log Log files to collect from the target analysis bundle log bldeploy log <staging>/XXXXX/blres.yum.depl rpm –q [rpm]

_{Back to top}

Third party issues and limitations for patch management

Issues while patching on SUSE Enterprise Linux

The following issues and limitations exist while patching on SUSE Enterprise Linux:

While updating a SUSE catalog with the SUSE 9-x86_64 filter, the count of the Downloaded patches displayed by BMC Server Automation may be incorrect. The count of RPMs that do not contain release version and osArch information do not appear in Downloaded count field, even though they are added to the catalog.

W hile creating a SuSE Linux Catalog, certain rpm files might cause the Catalog Update Job to fail, with the following message: "BLPAT1700 - RPM verification failed on selected repository location. Please use SuSE platform repository location and run the catalog." This issue is due to SuSE Enterprise Linux limitations.

Workaround: For this Catalog Update Job, ensure that you specify a repository location on a SuSE Enterprise Linux host computer.

While you are creating a SuSE Linux Catalog in the Online mode, the Catalog fails with an rpm-python dependency. The error message states rpm-python needed by createrepo-0.4.6-1.el4.rf.noarch.

Workaround: You must check the version of create-repo and python-urlgrabber in the repository server and either ensure that the lower versions are installed or remove the higher versions, if they exist. In addition, you must ensure that rpm-python exists on the system and the version of rpm-python is compatible with the create-repo version that is shipped with the product.
For SUSE Linux Enterprise version 10 SP1, hplip17-hpijs-1.7.2-0.15.x86_64.rpm and hplip-hpijs-0.9.7-19.9.x86_64.rpm packages obsolete each other during installation. If hplip17-hpijs-1.7.2-0.15.x86_64.rpm is installed, the hplip-hpijs-0.9.7-19.9.x86_64.rpm package is removed from the SUSE target and the other way around. Therefore, when one of these packages is installed, the other package is shown as missing on the next Patch Analysis Job run.

Workaround: You must decide which of these files must exist on the SUSE target and mark the other file as excluded.
For SUSE Linux Enterprise version 10, the SP3 Pool catalog contains a lower version of the SPident-0.9-74.27.8.noarch.rpm file. If you perform an analysis on a SUSE Linux Enterprise version 10 SP3 target (for example, by using the Online mode catalog), the SPident-0.9-74.27.8.noarch.rpm is reported as missing. This issue occurs due to a conflict in the repositories provided by Novell and can be ignored. This issue will be resolved when Novell updates its repository with a newer version of the rpm.
For SUSE Linux Enterprise version 10 SP4, the Patch Analysis Job fails with an error message for the kernel-default rpm: STDERR: cat: rpm-includes.lst: No such file or directoryERROR::YUM dry run failedERROR::sysconfig conflicts with kernel-defaultERROR::cmd: failed! This issue occurs due to a conflict in the repositories provided by Novell and will be resolved when Novell updates its repository with a newer version of the kernel-default rpm.
Workaround: If you encounter this package conflict, you must exclude the conflicting kernel-default rpm by using the include/exclude functionality in the Patching Job.

Issues while patching on AIX

The following issues and limitations exist while patching on AIX:

After you create and execute an online AIX patch catalog job with the SUMA download option enabled, you cannot cancel the patch catalog job.The SUMA process continues to run in the repository even after you cancel the job.
AIX remediation job fails to deploy 'rsct.lapi.rte 3.1.6.0' on some targets due to a problem in the third-party patch. For more information about this issue, see the following third-party resource:
https://www-304.ibm.com/support/docview.wss?uid=isg1IZ80922.
AIX remediation job fails to deploy 'idsldap.srv64bit62.rte 6.2.0.16' on some targets due to a problem in the third-party patch.
AIX remediation job fails to deploy 'rsct.lapi.bsr.bsrpd.odmdel' (rsct.lapi.bsr 3.1.5.0) on some targets due to a problem in the third-party patch. For more information about this issue, see the following third-party resource:
https://www-304.ibm.com/support/docview.wss?uid=isg1IZ80922.
After 'bos.rte.archive 5.3.0.51' is deployed on an AIX 5.3 target, the target goes into reboot mode and fails to restart.
After deploying AIX 6.1 TL9SP1 on a target, the 'bos.rte.install 6.1.9.1' fileset enters a broken state if you try to Undo the deploy job. This 'bos.rte.install 6.1.9.1' fileset enters a broken state even if you reject the fileset manually.
Workaround: To fix the 'bos.rte.install 6.1.9.1' fileset in the broken state you can take the following corrective actions:
- If the broken fileset is an update, reinstall the update using options in the installation program that will apply, commit, and automatically install the required software without saving the replaced files (-acgN flags).
- Reinstall the entire fileset at the base level with the desired updates by using the FORCE option (-F flag).
If you are still unable to fix the fileset in the broken state, contact IBM support team for further assistance.
Error while extracting the offline downloader tar package, because of the length of file path input string.
Workaround: BMC recommends using the GNU tar (gtar) utility to extract the offline downloader package.

Issues while patching on Oracle Solaris

The following issues and limitations exist while patching on Oracle Solaris:

Error while extracting the offline downloader tar package, because of length of file path input string.
Workaround: BMC recommends using the GNU tar (gtar) utility to extract the offline downloader package.

Issues while patching on Oracle Enterprise Linux

The following issues and limitations exist while patching on Oracle Enterprise Linux:

For Oracle Enterprise Linux, the Patch Analysis Job fails in the Install Mode because of missing rpms in the repository. A single repository will contain updates for all available packages. The Install Mode is intended to install new packages on the target. Hence, BMC recommends the use of Install Mode on selective packages, rather than using the Install Mode on the complete repository.

Issues while patching on Windows

The following issues and limitations exist while patching on Windows:

You may encounter errors if you try applying more than one patch or hotfix, on a Windows target, at the same time. To resolve this issue, BMC recommends applying only a single patch or a single hotfix at a time. Note that patches and hotfixes must be applied on Windows targets only if it is required to solve a specific issue. For best practices while applying patches and hotfixes, see MSDN - Best Practices for Applying Service Packs, Hotfixes and Security Patches.
Before you apply multiple hotfixes, you must check whether the hotfix changes are available in the latest released service pack. This is because, Shavlik recommends that it is better to apply the latest service pack instead of applying several hofixes on the server. For best practices while applying patches and hotfixes, see MSDN - Best Practices for Applying Service Packs, Hotfixes and Security Patches.
If patch KB2810009 is found missing during patch analysis, BMC recommends that you first separately deploy patch KB2810009 and then re-run the remediation job for the other missing patches. This KB2810009 missing patch needs to be deployed separately because of dependency issues.

BMC Server Automation automatically creates the required pre-installation and post-installation environment on a Windows target server for patching Java installation files. However, BMC Server Automation does not decide whether to reboot the Windows target server.. The target must be rebooted after each version of Java installation patch is deployed on the target. You can specify this reboot option while creating a Deploy Job, see Deploy Job - Job Options for more information.

_{Back to top}

Page tree

Troubleshooting Windows patching issues

Errors encountered while creating or updating a patch catalog

Steps for debugging the shavlik downloader

Errors encountered while running the Patching Job and the Remediation Job

Turning on debug tracing for cl5.exe

Troubleshooting Linux patching issues

Yum failed to execute scenarios

Yum failed to execute - Scenario 1

Yum failed to execute - Scenario 2

Yum failed to complete scenarios

Yum failed to complete - Scenario 1

Yum failed to complete - Scenario 2

Yum failed to complete - Scenario 3

Deploy Job failed scenarios

Deploy Job failed - Scenario 1

Deploy Job failed - Scenario 2

Third party issues and limitations for patch management

Issues while patching on SUSE Enterprise Linux

Issues while patching on AIX

Issues while patching on Oracle Solaris

Issues while patching on Oracle Enterprise Linux

Issues while patching on Windows

Related topics

1 Comment

Matin Shaikh