Broken Download Links

I’ve been running into this scenario more frequently lately and was hoping someone could provide me with a solution. I just scheduled some patching activity for this weekend and the baseline contained the below 4 fixlets. They all have broken download urls. In my experience the servers that require these fixlets will not move past these fixlets in the baseline and the remaining fixlets will not be attempted. If i catch this in time i remove them from the baseline and re-create the action. Is there a client setting that can be used to skip fixlets that are unable to download the patch?

MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass - Windows Server 2008 R2 SP1 / Windows 7 SP1 - .NET Framework 3.5.1 - KB2943357 (x64)

MS14-072: Vulnerability in .NET Framework Could Allow Elevation of Privilege - Windows Server 2012 R2 Gold / Windows 8.1 Gold - .NET Framework 4.5.1 - KB2978126 (x64)

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Windows Server 2008 R2 SP1 / Windows 7 SP1 - .NET Framework 3.5.1 - KB3023215 (x64

MS16-019: Security Update for .NET Framework to Address Denial of Service - Windows Server 2008 R2 SP1 / Windows 7 SP1 / Windows Server 2008 SP2 / Windows Vista SP2 - .NET Framework 4.6/4.6.1 - KB3127233 (x64)

Thank you!

If you change the Baseline settings you can bypass errors

Not sure that will resolve this specific issue as it’s not technically an error as far as the client is concerned. It is simply waiting for downloads to be available for the sub-action.

Baselines will execute sub-actions in the order they appear, well, the sub-actions that are applicable that is. If the client skips one and moves on, then it is possible a pre-requisite could be skipped over causing issues.

You can always try using the precache wizard to ensure all the files are downloaded and cached first before your scheduled action is to be executed, thus affording you an opportunity to validate before you leave for the evening that the precache completed successfully and all the files are available.

Mike, thanks. I appreciate the response. What is the difference between using the precache wizard and just simply creating the action with the cache option checked? In both cases the baseline needs to be modified (remove broken fixlet) and either the action has to be re-created or the precache wizard needs to be re-run in order to see whether there are any more broken fixlets. Thanks again.

So, after playing around with the precache wizard one very big benefit is that it attempts to download everything in the baseline simultaneously (when you create an action it will stall on the first broken fixlet and then you have to stop it, remove it, re-create the action and pray it makes it all the way to the end).

If anyone from HCL happens to see this thread here’s all the broken fixlets in the baseline i’m using to patch servers tonight (all the Firefox fixlets are also broken).

@Mike thanks for your response. I would have had to re-create my action more than a dozen times to deal with all the broken content.

KB2966828
KB2966826
KB2972213
KB2973114
KB3023219
KB3072307
KB3074545
KB3097992
KB3127222
KB3135985
KB2894852

You beat me to the answer! :slight_smile:

As you found out, using the Pre-Cache Wizard will ensure all potential downloads are cached whereas just checking the pre-cache option when taking the action will only ensure the patches needed by each endpoint are cached, so you would have to ensure every possible endpoint/patch combination responds back to the action to see if your missing anything, whereas the Pre-Cache Wizard action will tell you in a single action result.

Using the pre-cache option also forces the BES Client to download and cache all the action files on the endpoint. This can be an issue if you don’t have enough disk space to store all this data (we encounter this from time-to-time). Another issue is you are getting the downloads for every action included in the baseline. If you say have 3 fixlets that are relevant, but installing the first in the set makes the other 2 fixlets not-relevant, you spent time/space/network downloading the extra patches that will never execute on the box.

I’m curious… what’s your approach each patch cycle? Do run the pre-cache wizard and target the closest relay and then create a separate action with your baseline targeting your endpoints (excluding the option to cache locally)?

Basically. Since the majority of our servers are located in the datacenter, we simply target that relay with the wizard which will ensure both the core BigFix server and the most likely Relay will have the files ready to go for when the action is ready to run.

1 Like