Clients automatically getting patches

usman · January 30, 2017, 1:39pm

Hi,
Few critical servers were getting the patches automatically as the client log shows restart and fixed statements in its log file. But the system event logs didn’t show that the restart was initiated by bigfix.

I’m confused that how those patches installed on a server , as there is only one master operator exists on bigfix and he didn’t took any action.

Attached is a screenshot of server client log of bigfix.

System event show a reason for restart is

The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000007, 0xfffffa800bb7cae8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\013017-47907-01.dmp. Report Id: 013017-47907-01.

Any one please address me the reason why patches have been deployed on few server automatically. Thank you in advance.

Moreover Internet connectivity is disabled on servers, servers cannot be able to get the updates itself,

Regards,
Usman Ahmed

strawgate · January 30, 2017, 3:01pm

If you are seeing “Fixed” messages then it is likely that Windows Updates is enabled and pointing to a WSUS server that is installing updates.

I have a WSUS analysis here: BigFix.me and on GitHub if you want to double check those settings.

Bill

usman · January 30, 2017, 3:07pm

Thank you for your reply

@strawgate as I mentioned that system cannot be able to reach internet, so how it can be able to update itself?

usman · January 30, 2017, 3:08pm

yes client logs showed “FIXED”, which i guess means that server were getting patches from bigfix.

strawgate · January 30, 2017, 3:13pm

If the organization has a local WSUS server then the device would not need access to the internet to obtain patches.

You can also open the Windows Update control panel applet to see if you can check for updates and to see update install history.

Bill

usman · January 30, 2017, 3:39pm

Servers on which the patches had been applied are not on domain , therefore in my understanding they cant be able to pull the patches from WSUS.

strawgate · January 30, 2017, 3:54pm

Hi,

You do not need to be on a domain to receive patches from WSUS. I’d recommend opening Windows Updates in the control panel and see if it’s able to check for updates.

If you do not have any other management tools on the system then the only other method a server would get patched would be via the normal Windows Updates mechanism.

The other option could be that these patches were pushed out previously but require a reboot – it’s not until the reboot occurs that they will show as fixed. If the server just finally rebooted you may see these fixed messages in the log.

Bill

usman · January 30, 2017, 5:37pm

@strawgate Thank you for your reply. Ok I will definetly check windows update panel.
My question is that, if patches were applied by using another tool or application then why the bigfix reflect fixed in its logs .
Secondly I had deployed bigfix client on that server few days back and I’m 100% percent sure that no action has been deployed on this server by using bigfix, so there will be no action in its pending restart state .

I will check the update panel and will let you know about that.

Is there anything which I was missing or something else ?

strawgate · January 30, 2017, 5:37pm

The, “Fixed” status in the log just means that it was previously relevant and it is now not relevant.

This is common if a patch gets installed from another tool.

usman · January 30, 2017, 5:40pm

Oh that might be a possibility . Thanks for correcting me . I will confirm that by manually installing a relevant patch on any testing machine.
Thank you soo much