After running BSA Windows Patch Analysis a patch is determind to be missing and a BSA Deploy/Remediation job is executed to install the missing patch. Although the remediation job appears to complete successfully, a subsequent run of the analysis job shows the patch is still listed as missing.
5. In the bldeploy log look for an exit code of 3010 for the particular patch install. 3010 indicates a reboot is needed. Confirm in the Patch Global Confirguration in the BSA GUI that 3010 is listed as a reboot code on the Windows tab.
6. If a reboot happened during the Deploy Job then in the bldeploy log you should see messages such as:
WARN bldeploy - Reboot in progress ... DEBUG bldeploy - Successfully paused the agent before shutting down the system INFO bldeploy - Attempting shutdown REBOOT=true TIMEOUT=0 MSG=System is rebooting
The Deploy Job may have been configured to ignore reboots and therefore completed successfully with exit code -4002. In the bldeploy log, you would see something like this:
DEBUG bldeploy - -jr1jr1 means the Deploy Job was configured to ignore reboots. More information about the bldeploy arguments is in the bldeploy –h (help) output.
WARN bldeploy - Reboot required but did not occur. Manual reboot needed to complete operation. DEBUG bldeploy - Bldeploy done - nRet = 1 (Apply successful; Reboot required to complete) exitCode = -4002 (Deployment succeeded, but requires manual reboot)
7. It is possible that the patch was installed but is incorrectly being reported as missing (VMware/Shavlik issue). Then the Deploy Job, upon trying to install this patch, returned a successful exit code when the patch was found not applicable. In this case, rerun the Patch Analysis to confirm whether the patch is still listed as missing. If it is, but it is confirmed the Patch is installed, follow the troubleshooting steps in KA 000099904
Please see the following video for tips on troubleshooting issues where a patch is listed as Missing but appears to be installed: