Long Server patching times

I’ve recently begun using IBM BigFix to patch Windows Servers. I’ve notices it takes an extremely long time for these servers to complete patching. Almost double that time that I’m used to seeing in WSUS/Batch Patch. Is this normal behavior? Should it take 3 hours to install 8 patches on Win2008 R2 box. I’ve tried selecting “Start client downloads before constraints are satisfied” when setting up the execution, with minimal time savings. Application admin’s are questioning our decision to use BIgFix because of the long patch times. Any Suggestions.

Hi Viakenan,

The usual issue is the “start client downloads before…”, but you said you have addressed that. There should be no reason that it would take longer than any other method. If you manually installed the same 8 patches, how long does it take?

What you might need to do is post the client log file (remove/replace any hostnames or ip addresses) for people to check out and maybe we figure out what is going on.

Also if you can export your action (remove/replace hostnames/ipaddresses) for us to look at.

Martin

1 Like

How big have you made your _BESClient_Download_PreCacheStageDiskLimitMB setting? The default is 250MB so if the downloads for the patches are larger than that they won’t all fit into the cache and thus will download at action execution time instead.

It all depends on the size of the download payloads for the actions you are taking if this is the issue

4 Likes

Are your servers pointing to a relay?

Have you increased your relay and server download caches?

If you haven’t you are probably thrashing your download cache (unloading and loading the same files over and over again): "Fixlet ID 148: “BES Relay / BES Server Setting: Download Cache Size” in the BES Support site to increase your cache sizes on your server and relay.

2 Likes

I would guess that the issue is a combination of @strawgate AND @AlanM 's recommendations.

The default settings for BigFix out of the box are far too low for caches on the root, relays, and clients.

Assuming your servers have a fast connection to your relays, then the issue is most likely the relay and root server caches being too small.

I discovered the issue was related to competing GPO, once I disabled WSUS the issues disappeared

I would also recommend putting the patches into a Baseline and deploy the Baseline to your server as a single Action.