Is it okay to put a Corrupt patch fixlet in a Baseline.
I am looking at changing our strategy from Open Actions per fixlet (admin headache) to a Baseline per month (ie. November 2006 patches, December 2006 patches, etc) and select all MS patches for that month (ie. for December MS06-072 to MS06-078 including the Corrupt patches assuming they become relevant)
If an Expired or Stopped Action has a PC at a Pending Restart state, that Action stays as Pending Restart even though the PC has been rebooted after the Action has expired. So, my question here is, shouldn’t an Expired or Stopped Action change to Fixed from Pending Restart even though the Action has been Expired or Stopped.
I keep getting PC’s (Servers) showing up in the Pending Restart state and I don’t know why.
Putting a Corrupt Patch in a Baseline is technically OK, but note that Corrupt Patch Fixlets tend to have a “not pending restart” relevance clause in them, which means that the system cannot tell if the corrupt patch is needed until the system restarts. If you put a Corrupt Patch Fixlet in a baseline and another Fixlet in the baseline triggers a “pending restart”, then the corrupt patch Fixlet will not be relevant until the next restart.
Bottom line is that it is probably better to deal with “Corrupt Patches” on a one-by-one basis instead of trying to lump them into a baseline.
When an action is stopped or it expires, the BES Client basically completely forgets about the action (this is a performance optimization). As a result, the agent will not report updated action status information after it is stopped or expired. Whatever was the last reported action status will be “frozen” when the action is stopped/expired. The BES Console indicates this situation when it “grays out” the action status column to indicate it will no longer be updated.
I’ve been looking into machines that are constantly in the Pending Restart state as well. I found an article in the BigFix Knowledge Base, #159. Here is a portion of the article which basically states that BigFix looks at two separate places to determine if a reboot is necessary:
If any action was run with the line “action requires restart”, then the BES Client will show the “Restart Needed” Fixlet message and will report “Pending Restart” in the action status. Taking such an action will create the value “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\BESPendingRestart\BESPendingRestart” on Windows NT based client machines. On Windows 95, 98, and ME, the registry key value “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\BESPendingRestart” is created instead. If the appropriate registry key value exists, the client is considered to be in a “pending restart” state.
The BES Client also looks in the registry under the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager”. If the value “PendingFileRenameOperations” exists, then this indicates that Windows will do some file operations during the next restart. Note that the BES Client will report that the computer needs a restart even if the application that requires the restart was not run by the BES Client. (So if you run a patch or installer manually that requires a restart, the BES Client will notice that the computer needs a restart.)
Note: There have been reports that some applications constantly leave the “PendingFileRenameOperations” value in the registry. Specifically, certain applications will sometimes malfunction and constantly write this value. If this situation is occurring, your BES Client will constantly report that a restart is needed and will report “Failed” if you attempt to take the restart action in the “Restart Needed” Fixlet message. In this situation, look at the “PendingFileRenameOperations” value to see if it has any clues to which applications are misbehaving.
You can search Microsoft’s web site for more information on the “PendingFileRenameOperations” registry value.
My computers had some odd entries in the “PendingFileRenameOperations” field. I determined these were not necessary and deleted them. The computers no longer report in as needing a reboot.