I’m trying to get to a situation where I can just approve a baseline for the patches for the month and then let lockstate determine when the baseline or fixlet is applied. I’ve been able to get the lockstate to perform correctly by using a custom property called SLA and assigning different time slots depending on when I want it unlocked.
The problem comes when I assign an action. Even though I assign it as a policy and set it to automatically reapply, nothing seems to happen during the window it is unlocked. The staus of the action will just say locked.
Do the actions see that when a computer is locked that the action failed? If so, does that mean I have to set the failure retry to a high number?
I want to assign these as policies and some of the windows may only be a 2 hour window in a month, so using the retry method I’d have to set it at something like 700 retries, waiting an hour between each, which seems inefficient to me.
I’m not sure if this is the best method or not to accomplish this, but it seems like it should work. I’ve attached the task I’m running to set the lock window.
This method should work, but there are a couple notes:
There is no need to set extensive retries because the aciton will not “fail” if the system is locked.
The client needs to “notice” that the action was waiting for the lockstate to change and it will check basically once an evaluation cycle (which can be as low as 5 minutes for the agent, but if you have lots of open actions and baselines, it could be as high as an hour).
When the client notices that the action is no longer locked, it should run the open actions as you would expect.
In your tests, how long were you waiting to see if the actions started running after the computer transitioned to “unlocked”?
I’ve been using a 2 hour window to unlock. In this example, the client window is between 1:00 and 3:00 and as you can see by the log it did perform the task pretty close to that window.
I can see the Task is relevant in the proper time-frame, but does the computer actually run the Task action to change the lockstate? Do you see the agent report “Unlocked” in this time-frame?
I suggest you start a support case to investigate the details more specifically.
I just installed the newest version of the client and server (6.0.20.9) and now everything is working as I expected it would. I’m not sure what was included in the patch that fixed it, but I’m glad that it did. Thanks for your help.