Action shows completed but patches not applied

ark 2023-04-03 12:58:14 UTC #1

Hi,

The action shows completed with exit code None,but patches are not applied.

Thanks,

Aram 2023-04-03 13:02:21 UTC #2

Which patches were you trying to install exactly? The two in the screenshot above are older cumulative update patches from 2019 that have been superseded (note the ‘(Superseded)’ at the end of the Fixlet title above).

ark 2023-04-03 13:05:45 UTC #3

Hi,

We are applying only Jan ,Feb cumulative updates.We have successfully applied on 15 servers.only 1 server we got the issue.Action shows completed but it was not applied on the endpoint.

Thanks,

Aram 2023-04-03 13:13:18 UTC #5

To be clear, the Jan, Feb cumulative updates in the screenshot above are from 2019…are those the ones you were trying to deploy?

Do you have _BESClient_WindowsOS_EnableSupersededEval set to ‘1’ on this device? (see https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCA_Users_Guide/c_supersededeval.html and “Enable Superseded Patch Evaluation” good or bad idea? for reference) If not, consider sending this Client a refresh as it shouldn’t be showing relevant for these 2 superseded Fixlets.

ark 2023-04-03 13:17:09 UTC #6

Yes ,we are trying to deploy those Jan,feb Patches.we have already enabled _BESClient_WindowsOS_EnableSupersededEval set to ‘1’ .We logged in to the server and checked patches were not applied.

Thanks,

JasonWalker 2023-04-03 13:45:07 UTC #7

It would be useful to see the client log from one of the machines that applied the action, as well as to know whether you have rebooted the server after the action completed.

Aram 2023-04-03 13:45:15 UTC #8

Ah, seems I made a mistake above (my apologies)…these are superseded patches, but not from 2019 (they apply to Server 2019). In any case, with SupersededEval set to 1, we’d expect them to be relevant as needed, and deployable. What does the baseline’s/Multiple action group’s action result show?

ark 2023-04-03 13:59:20 UTC #9

In the logs also it shows completed. We have rebooted the server after patching.

JasonWalker 2023-04-03 14:00:10 UTC #10

That’s not enough - can you paste the log snippet?

ark 2023-04-03 15:19:49 UTC #11

JasonWalker 2023-04-03 15:25:08 UTC #12

That shows the client re-evaluating the content to “Fixed” after it ran - how about the part of the log that shows the patch execution starting, completing, the exit codes?

JasonWalker 2023-04-03 15:30:56 UTC #13

Also check the Windows Event Logs for around that time to show the wusa patch install, failure, or rollback operations.

ark 2023-04-03 16:19:43 UTC #14

we troubleshooted and fixed the issue, but the action shows completed in the bigfix console and why didn’t applied the patches on endpoint ?
Can you please suggest us

JasonWalker 2023-04-03 17:11:31 UTC #15

No, I can’t. Without seeing your logs, Event Viewer, or any other data point, I can’t really say more than “something went wrong”. I also can’t tell whether that’s a problem with Windows or with how you sent the action.

SLB 2023-04-03 17:20:11 UTC #16

I would recommend finding the lines in the client logs that show the action running (search on the action ID) and see what exit code was given. Typically its something like 3010 indicating a soft reboot is needed. A pending restart would make the fixlet be deemed as “Fixed” until the restart has occurred.

If the system is missing a recent SSU then that patch may fail to install. As @JasonWalker suggests, you need to also check the Windows event logs as the underlying installation is done by the Windows Update Agent and any issues or CBS corruption that impeded the file rename operations that occur after the reboot could trigger a rollback which then makes the fixlet applicable again.

Incidentally, you only need to apply the most recent CU, so the Feb one in your case. Trying to install both Jan and Feb CU is wasted cycles.