(imported topic written by deschodt91)
I’ve been seeing some odd results on the last batch of MS patches…
They show as relevant for practically all our computers, yet I know I’ve pushed them already - several times. When I do so again, the action shows that 90% return non-relevant almost immediately. OK, then why are they relevant in the first place and showing those high numbers?
Some weird DB issue ? Something in the relevance language that only gets processed at runtime?
In my case it is the following patches, but I am not sure it matters:
MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem 4,394 / 6,863
MS11-062: Vulnerability in Remote Access Service NDISTAPI Driver 4,280 / 6,863
MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service 4,204 / 6,863
MS11-057: Cumulative Security Update for Internet Explorer - 3,996 / 6,863
MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure - Microsoft .NET Framework 2.0 SP2 - 3,458 / 6,863
Edit: I read about your pending restart + sha1 ("To try to solve all these issues, we invented a technique to have a “named pending restart”, which we usually use the sha1 of the patch file to avoid conflicts. So the Fixlet will only go unrelevant pre-restart if the pending restart with the unique name
http://…
).
That looks like it but it does not seem to work for those, because while I do see "action may require restart “3048d4c77cc7ef3e586121f69f44fbdeaa56dfff” on a non-relevant PC, it’s still listed as relevant in the fixlets… Is the only way out of this to force a restart on the whole domain then ? (not gonna happen for me). Not the end of the world, just wondering, as people pull (innacurate) reports of our patch status as a result.