Next Topic

Previous Topic

Book Contents

Patch Failure

After the patch installation attempt completes—including the reboot if requested—the system re-scans the target machine. If a patch still shows missing after the re-scan, failure is reported. Patches can fail for several reasons:

  • Insufficient Disk Space - Patches are downloaded, or copied from a file share, to the local machine's hard disk. Several patches, especially service packs, may require significant additional local disk space to completely install. Verify the target machine has plenty of disk space available.
  • Bad Patch File - The phrase Bad Patch File in the Comments column indicates the patch file failed to execute for some reason. If you schedule multiple patches to install as a batch and even one of them fails, all the patches are marked as Bad Patch File. The system is reporting a script failure and can not distinguish which patch in the script caused the failure.You can determine which patch failed by looking at the Script Log for this machine. The log indicates which patches successfully installed prior to the script failure.
  • Corrupted Patch File - The downloaded patch file is corrupt.
  • Missing Patch Location - The phrase Missing patch location in the Comments column means the URL used to download patches from on the Microsoft website is missing. You can manually enter the correct location using the Patch Location page.
  • No Reboot - Several patches require a system reboot before they take effect. If your Reboot Action settings did not allow a reboot, the patch may be installed but will not be effective until after the reboot.
  • Command Line Failed - If the command line parameters set in the Command Line function are incorrect, the patch executable typically displays a dialog box on the managed machine stating there is a command line problem. This error causes patch installation to halt and the patch installation script to terminate. The patch file remains on the managed machine and Install Failed is displayed. Enter the correct command line parameters for the patch and try again.

    Note: Command line parameters for each patch apply globally and can only be changed by a master administrator.

  • MS Office Command Line Failed - The only command line parameter permitted for use with Microsoft Office related patches is /Q. Because MS Office patches may require the Office installation CD(s), the use of the /Q command line parameter might cause the patch install to fail. If an Office related patch fails, remove the /Q command line parameter and try again.

    Warning: The only switch permitted for use with Microsoft Office 2000, XP, and 2003 related patches (marked as Office) is /Q. If /Q is not specified, Microsoft Office 2000, XP, and 2003 switches will be reset to /INSTALL-AS-USER. Microsoft Office 2003 patches may also include the /MSOCACHE switch used to attempt a silent install if the MSOCache exists on the machine and the /INSTALL-AS-USER switch is set.

  • Patch Download Blocked - The patch file was never delivered to the machine. The system downloads the patch directly from the internet to either the KServer, a file share, or directly to the managed machine, depending on your File Source settings. Your firewall may be blocking these downloads. A patch file delivered to the agent with a size of only 1k or 2k bytes is an indication of this problem.
  • User not logged in - In some cases a user on the machine being patched must be logged in to respond to dialogs presented by the install during the patch. The patch script automatically detects whether a user is currently logged in and will not continue if a user is not logged in. Reschedule the installation of the patch when a user is available and logged in to the machine.
  • Manual install only - Not a patch failure, but a requirement. Some patches and service packs require passwords or knowledge of a customized setup that the VSA can not know. The VSA does not automatically install patches having the following warnings:

Manual install only
Patch only available only available from Windows Update web site
No patch available; must be upgraded to latest version

These updates must be installed manually on each machine.

Troubleshooting Patch Installation Failures

When patch scan processing reports patch installations have failed, a KBxxxxxx.log and the WindowsUpdate.log are uploaded to the KServer. These logs can be reviewed using Scripts > Get File for a specific machine and can help you troubleshoot patch installation failures. The Reports > Logs > Script Log contains entries indicating these log files have been uploaded to the KServer for each machine.