Hey all. I have been reading a lot on the restart needed issues. We just initiated this fixlet on about 2800 systems last week, and a LOT of users are getting a restart request daily. We are working on harvesting the pendingfilerenameoperations key to see what might be causing this, but I would like to know what other have experienced with this.
We have over 12,000 systems that are pending restart (new BES shop) so we are trying to deal with that before we really get into patching, but users are screaming because they are getting prompted daily to restart when they didn’t install or patch anything. How are others handling this? Do a lot of you use the pendingrestartexclusion setting?
From my experiences, I noticed that some AV apps (certain versions of McAfee), some email apps (certain versions of Lotus Notes), many installers, and lots of random other applications will constantly trigger the pendingfilerenameoperations value in Windows (I assume because they are trying to write over a file that is in use).
The trick that I have seen is that sometimes the file is essentially random (like A0536.tmp) so it is hard to know what to exclude from the pending restart exclusion key.
My recommendation is to use the “Pending Restart - BES Triggered” Fixlets to control restart behavior rather than the “Pending Restart” (which includes both BigFix and non-BigFix triggered restarts).
Thanks Ben, the only problem with this is that we have a huge number of systems pending restart NOT triggered by BES action. I’m not sure I understand your last comment since the fixlet of triggered by BES only has about 1200 systems relevant, and the fixlet of not triggered by BES action has over 12,000. The goal is to get that count down since (as I understand it) if we try to patch those 12,000 systems and they are in a pending restart state, they won’t get any patches, because almost every fixlet ends with “and is NOT in pending restart state”. Isn’t that correct?
One other kind of scenario question on this; If I were to enable the Restart needed fixlet for some systems, they get the reboot message but postpone it for 5 hours, then lets say 3 hours later I end the action in the console… will the action on the computer continue to “run”? Meaning will they get prompted again until they take the action that one time, or will the message just not come back since the action isn’t running any longer?
