We are trying to utilize patch polices but having some issues. There is a group of computers that we patch on the first Wednesday after patch Tuesday at noon Client Time. All the computers as well as the bigfix server are located in the eastern time zone. I set the auto refresh for that policy to occur at 9 AM Web Server Time Wednesday. However, the issue is that even though the patching doesn’t occur until noon the patch job gets created at UTC-14 for that day (see https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075838). Since Eastern Standard Time is UTC-5 that means that the job gets created before the auto refresh runs and auto refresh doesn’t update existing jobs so we don’t get the latest patches. So I could backup the time of the auto refresh by more then 9 hours to compensate putting it best case at Tuesday at 11:59PM. However the problem is that bigfix typically doesn’t release the fixes by Tuesday at 11:59PM so the new patches still dont get added to the job. So even though we are patching at noon and the fixes are typically released by noon we can’t get the new updates with this setup. I could set this up using UTC instead of Client Time which I think would solve my issue however that brings up another issue. Because eastern time changes twice a year between Standard Time (UTC-5) and Daylight Time (UTC-4) I can’t just set a policy and leave it be. If I want to always patch at noon local time I would need update the patch policy twice a year or it will automatically patch at the wrong time half the year since the local time to UTC offset changes with daylight saving time. Anyone have any suggestions?
In the scehdule, check the value for 'Download required files X Days/Hours before patching starts". That’s usually an issue when trying to set very specific patching times.
I don’t recall the default value for that, but I think it’s maybe…12 hours? When that value is set, the Patch Action is created that many hours before your scheduled installation time. So if you want your job to execute at 12pm noon local time, with ‘download 12 hours before’, the Patch Action would have to be created at 12am; and it would actually be created at 12am in “the earliest time zone on Earth, UTC+14”.
For a tight schedule like that (where you want the Policy to refresh and the Actions to be issued within an hour of patch installation time), you might benefit from using Maintenance Windows. Your best bet is probably to schedule everything in UTC; base the schedule times on the earlier time zone (Standard Time); select the ‘Run within the Maintenance Window’ option on the Schedule; and use Maintenance Windows to unlock the machines at “noon local time” (where “noon” changes twice a year).