As the x86 patch for IE7 on Xp SP2/SP3 was corrupt, and we received notification of this well after our action to patch machines was already well underway and many machines were already patchhed with the 1st iteration of the patch, do we need to publish a new action with the ‘good’ patch?
We are having numerous issues with machines getting stuck in a restart loop with no apparent resolution. I suspect the corrupt IE7 XP SP2/SP3 patch due to the relevance in the early version of the patch.
Any ideas on how to resolve the reboot loop issue?
We are just implementing BigFix as a patching solution. This is our first big deployment of any patches or actions, and it does not lead to great confidence in the BigFix product.
The relevance change we made was to expand detection to include IE7 releases that had “limited distribution release” files… Basically, on a small subset of computer in our customers, our Fixlets weren’t becoming relevant even though the patch was needed until we adjusted the relevance… It seems very unlikely that this is a cause of your issue.
BigFix is simply running the patch from Microsoft and so I would expect that one of two things is happening:
Microsoft’s patch is broken in some form on your systems and causing problems – We haven’t heard any reports of this patch being a problem ourselves, but it is always a possibility (especially with out-of-band patches).
The BigFix Agent is triggering the reboot somehow – The simplest way to trigger this behavior would be to use the Restart Computer task and to use the “Reapply indefinitely” option (which of course is an action you probably don’t want to run without further contstraints)… If you did something like this, your agent logs should clearly tell you what your agents are doing (and it probably would be very simple to stop the action to stop the behavior).
The key will be to identify what is causing the restart and then we can take further steps… Note that if the MS Patch itself has laid down corrupted files that cause the restart, then we can help you rollback the patch or take other actions, but we are deploying the exact file from Microsoft (we check the SHA1 hash before deployment to be sure) and we won’t be able to make modifications to the patch.