We’re experiencing an issue when pushing patches to machines running Windows Server 2008. We can push the 2008-relevant fixlets to our machines, and things seem normal; the actions will eventually show up as “Pending Restart”. Then, once we reboot the machines, the actions show up as “Completed”, which is great, so far.
However, when we check the list of “Relevant Fixlets” on any one 2008 machine, we still see all of the previously-pushed fixlets, as if we never pushed them in the first place. This only happens on 2008 machines (and sometimes w/ workstations running Vista). All of the other machines on our network work fine w/ Bigfix (systems running 2003, 2003 64-bit, 2000, XP).
In the meantime, we’re able to manually patch the handful of 2008 boxes, and that makes the fixlets disappear from the “Relevant Fixlets” tab. However, this will be a serious problem as we add more 2008 machines in the next year. Please help. Thanks.
I moved our BES Server to 2008 a few months back and have sent several actions of patches to it since then. They have all been successful and did not show back up as relevent again. I believe we just put another 2008 server online and will check on that one and see if displays the symptoms you have seen or if working out ok. Been patching Vista since it was released and have never seen what you are experiencing. I will keep an eye on the 2008 boxes and report if anything strange occurs.
To clarify, our actual Bigfix server and relays are all running Windows Server 2003, SP2. My scenario is different from the one described by mgoodnow. The 2008 machines that I spoke of are simply machines on our network; machines running the Bigfix client.
It sounds like maybe a console caching issue OR maybe the Fixlets themselves have become re-relevant. Can you check to see if the Fixlets are supposed to be relevant?
Sorry if my post was confusing. I was using our BES as an example of a 2008 server that has been receiving actions and patches fine with no symptoms that you are experiencing. Was not infering that there is any need to have BES on 2008. Merely that we have not seen the issues you have reported on any 2008 servers at our location (or any Vista systems).
Ben, I don’t think it’s an issue w/ fixlets becoming re-relevant. It happens to EVERY single 2008 machine on our network (roughly 30 machines right now, but that will grow), and it ONLY happens to those 2008 machines; our deployments run smoothly on all of our other machines (2003, 2003 x64, 2000, XP). And, it does not happen when we manually download and install the patches from Microsoft.
As far as a possible “console caching issue”, how might we investigate that further? What should I check?
Mgoodnow, thanks for the clarification. That’s good news; to know that other people are able to push patches to 2008 machines without issues. That tells me that this IS possible.
I appear to be having the same issue. I have flushed my cache, but still show patches as being needed. I’ve tried pushing out the relevant fixlets numerous times and each time I have gotten successful patch installations. I checked the local logs on some of my servers and the actions show successful completions. I am seeing this across 32bit and 64bit 2008 servers. I know it is not the cache because it is also reflected in web reports. Thoughts?
I actually called into to support and they were very helpful and solved my issue. The resolution is that in order to patch Windows 2008 server (and I guess some other windows operating systems) the “Windows Update” service must be set to “Manual”. There is a fixlet that you guys wrote to do this which I couldn’t find at first. We have a lot of our Windows Update services set to disabled because we still haven’t fully migrated over from WSUS for patching and we were seeing double updates on some computers from WSUS and BigFix. Disabling the service via a fixlet was the easiest way to address this vs. changing group policy etc. What’s odd is that we have not had any issues with setting the service as disabled on 2003 server, 2000 server and XP. We will just incorporate the fixlet into the baseline as a component and set the service to manual before applying the patches and then follow-up with our fixlet to disable the service.
BigFix Support
In regards to win 2008 patches continuing to show relevant, please check and see if your windows update service is started.
We have seen some strange behavior if this service is not started. Please send me a screen shot of your service.