Patch Mangement Baseline Fail

(imported topic written by jdefilip)

I have been struggling with trying to patch machines using the baseline method with little success. The baselines are scheduled to run at 2:00am and reboot after completed. I’ve search the forums and found this has been an ongoing problem. Has anyone figured out a process for deploying patches similar to WSUS?


Baseline1

0.00% Completed (0 of 2 applicable computers)

Status

Count

Percentage

Running (member action 00-1175)

2

100.00%

Member Actions

This multiple action group has the following component actions:

00-1175: MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 2.0 SP2 - Windows XP SP3 / 2003 SP2

00-1176: MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.0 SP2 - Windows XP SP3 / Windows Server 2003 SP2

00-1177: MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5 SP1 - Windows XP SP3 / Windows Server 2003 SP2 / Windows Vista SP2 / Windows Server 2008 SP2

00-1178: MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework

Messages

No user interface will be shown before running this action.

No message will be shown while running this action.

Users

This action will run independently of user presence.

User interface will be shown to all users.

Execution

This action starts 7/3/2013 2:00:00 AM UTC and ends 7/3/2013 5:00:00 AM UTC.

It will run at any time of day, on any day of the week.

If the action becomes relevant after it has successfully executed, the action will not be reapplied.

The action’s downloads will be started before action constraints are satisfied.

If the action fails, it will be retried up to 2 times, waiting 10 minutes between attempts.


Baseline2

18.18% Completed (4 of 22 applicable computers)

Status

Count

Percentage

Completed

4

18.18%

Running (member action 00-1172)

4

18.18%

Failed

2

9.09%

Pending Downloads (member action 00-1172)

4

18.18%

Pending Restart

1

4.55%

Not Reported

7

31.82%

27 targeted computers reported this action non-relevant.Member Actions

This multiple action group has the following component actions:

00-1165: MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution - RDP 6.0/6.1 - Windows XP SP2/SP3

00-1166: MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution - Windows XP SP2/SP3

00-1167: MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution - Windows XP SP2/SP3

00-1168: MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution - Project 2003 SP3

00-1169: MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution - Windows XP SP2/SP3

00-1170: MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP2/SP3

00-1171: MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution - Office 2003 (Local Installation)

00-1172: MS03-011: Flaw in Microsoft VM Could Enable System Compromise - Windows NT/XP/95/98/ME

Messages

No user interface will be shown before running this action.

No message will be shown while running this action.

Users

This action will run independently of user presence.

User interface will be shown to all users.

Execution

This action starts 7/3/2013 2:00:00 AM UTC and ends 7/3/2013 5:00:00 AM UTC.

It will run at any time of day, on any day of the week.

If the action becomes relevant after it has successfully executed, the action will not be reapplied.

The action’s downloads will be started before action constraints are satisfied.

If the action fails, it will be retried up to 2 times, waiting 10 minutes between attempts.

If a member action fails, the action group will continue to run.

Post-Action

After the action completes, the user will be requested to restart the computer.

The restart request will have a deadline of 1 minute after it is initially shown.

When the deadline is reached, the computer will restart automatically.

The following message will be displayed as the reboot/shutdown request:

Restart Now
Your system administrator is requesting that you restart your computer. Please save any unsaved work and then take this action to restart your computer.

(imported comment written by Tim.Rice)

I’m not having trouble with Baselines. I use them all the time.

For baseline 1, I can’t follow what you have posted here. It refers to 2 applicable computers, but then you list a long list of status messages. Way more than 2, so I’m not sure what you are trying to represent.

For baseline 2, when you say you targeted 27 computers, where these 27 computers reporting that they were relevant to the Baseline before you took the action? Were they reporting Relevant to the Baseline after the action completed at 5am?

To troubleshoot a little, open your baseline 2, go to the Actions tab and double click one of the Actions. Then switch to the Reported Computers tab and double click on of the computers. You should get a dialog box showing the status of each of the Components in the baseline that the Computer processed. Each sub-action will list it’s status and the name of the Fixlet/Task. If you have Sub-Actions that have a status of Failed, you can click the Fixlet/Task name next to the status. Close the View Action Info dialog box and your main Console window will have the Sub-Action open. Double click the computer that Failed, and you should be able to see each command from the Action Script and determine which one failed.

(imported comment written by jdefilip)

Baseline 1

The baseline was scheduled to start on 7/32013 2:00am, the reported start time was 7/2/201311:01:40pm. This happened for both systems. The sub-action was stuck in the running state for the two systems on the fixlet below and did not finish.

Start Time

7/2/2013 11:01:40 PM

Running

MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 2.0 SP2 - Windows XP SP3 / 2003 SP2

Waiting

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.0 SP2 - Windows XP SP3 / Windows Server 2003 SP2

Waiting

MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - Microsoft .NET Framework 3.5 SP1 - Windows XP SP3 / Windows Server 2003 SP2 / Windows Vista SP2 / Windows Server 2008 SP2

Waiting

MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Microsoft .NET Framework 3.5 SP1 - Windows XP / 2003 / Vista / 2008

Baseline 2

This action starts 7/3/2013 2:00:00 AM client local time and ends 7/3/2013 5:00:00 AM client local time. The baseline did not end and is still in the open state.

Not Relevant

MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution - RDP 6.0/6.1 - Windows XP SP2/SP3

Not Relevant

MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution - Windows XP SP2/SP3

Not Relevant

MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution - Windows XP SP2/SP3

Not Relevant

MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution - Project 2003 SP3

Not Relevant

MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution - Windows XP SP2/SP3

Not Relevant

MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution - Windows Media Format Runtime 9/9.5/11 - Windows XP SP2/SP3

Not Relevant

MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution - Office 2003 (Local Installation)

Running

MS03-011: Flaw in Microsoft VM Could Enable System Compromise - Windows NT/XP/95/98/ME

(imported comment written by Tim.Rice)

We use Baselines all the time, and I’ve never seen that behavior.

The fact that Baseline 1 seems to have started about 3 hours early is very strange. What time did you submit the action for Baseline 1? Because you told it that it could begin downloads prior to the constraints were met, the client would have begun to download the files as soon as it picked up the action. It would not begin to process the action commands (other than the downloads) until the Start Time for the Action.

(imported comment written by Andrew_TEM)

Are all your clients in the same time zone?

(imported comment written by jdefilip)

I believe I figured out the issue. When Executed the baseline I was using UTC time instead of client local time. My thoughts are this caused the problem.