All,
We’re doing our Patch cycle and having very aggressive schedule to meet 95% in 7 days after Microsoft releases the patches. For majority of machines they download/install/reboot just fine and all is good. But we have subset of machines where we have difficulties to meet that target.
Going to analyze the logs seeing some issues with the retry behavior that’s not consistent and maybe some of the BigFix guru’s in this forum might have idea what could be causing this.
We deploy our patches with following Retry mechanism. If the patch fails retry 5x but wait 1 hour in between these attempts.
Checking 1 client I see the following
- SSU Patch is installed and return 0
- Start installing the Cumulative Update
while command is running the machine is rebooted
after reboot nothing is happening (regarding Patch action). Checking the patch status in the console for this machine it returns failed. I would expect then after 1-2 hours that the action would be retried on the machine but that’s not happening this is now already 2+ hours like this.
Log Snippet
At 08:36:35 -0400 - actionsite (http://bfixroot.pg.com:29450/cgi-bin/bfgather.exe/actionsite)
Command started - waithidden “C:\WINDOWS\system32\wusa.exe” “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\Enterprise Security__Download\ssu-19041.1161-x64_e7e052f5cbe97d708ee5f56a8b575262d02cfaa4.msu” /quiet /norestart (group:435455,action:435459)
Command succeeded (Exit Code=0) waithidden “C:\WINDOWS\system32\wusa.exe” “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\Enterprise Security__Download\ssu-19041.1161-x64_e7e052f5cbe97d708ee5f56a8b575262d02cfaa4.msu” /quiet /norestart (group:435455,action:435459)
Fixed - MS21-AUG: Servicing Stack Update for Windows 10 Version 20H2 - Windows 10 Version 20H2 - KB5005260 (x64) (fixlet:500526001)
Start installing CU Patch
At 08:37:18 -0400 - actionsite (http://bfixroot.pg.com:29450/cgi-bin/bfgather.exe/actionsite)
Command started - waithidden “C:\WINDOWS\system32\wusa.exe” “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\Enterprise Security__Download\windows10.0-kb5005033-x64_ebab415d7a65f0b33f93e9a30875d74baa8930a7.msu” /quiet /norestart (group:435455,action:435474)
…
At 08:41:37 -0400 -
Starting client version 10.0.2.52
At 08:41:38 -0400 -
Initializing Site: actionsite
After that normal eval cycle occurs, but actual patch action is not being retried !!!
I do see the regular messages for DownloadPing command for other actions, some policy actions are running
At 10:15:44 -0400 -
DownloadPing command received (ID=197028)
what we currently do is create new action on Monday targetting devices where the Patch install might have failed and that way we can increase our overall success rate but this is a bit of overkill and extra work we would like to avoid.
Any idea and/or suggestion what could be reason for this behavior?