This is a general guide for the issues where Windows Patch Analysis Job reports a patch as missing, but the patch is considered to be already installed or not applicable to the target.
Ivanti (Shavlik) metadata XML files are updated weekly and sometimes contain a 'Revision' section with recent fixes. Prior to troubleshooting, check if your possible patch issue is already fixed, and if so, then update your Catalog and validate. To subscribe for Ivanti XML Releases check out this Ivanti article.
If Windows Patch Analysis Job reported the patch as missing, then the patch appeared to be applicable to the system, and the detection logic or 'Reason' did not pass for the affected file or registry key. We need to validate if the patch is truly applicable, and if the correct reason was used to determine this.
1. Patch Analysis was ran to validate after successful Deploy Job
If the Patch Analysis Job was run to validate the Deploy Job results where the patch was presumably installed and the patch still reported as missing, then review the following guide for possible explanations: 000090870
Open the respective Bulletin from the Catalog and review the 'Obsolete' value. If the Bulletin is obsolete, then we have two options to review:
a. If Analysis Job uses include filter, then to resolve the issue the patch needs to be removed from it (this applies to BladeLogic pre-8.2SP1), or added to exclude filter. For more information about the difference in analysis with and without the include filter review the following article: 000077159
b. If Analysis Job does not use include filter, then there is a possibility that the patch as part of Partially Superseded Bulletin, should be considered as not obsolete, and therefore investigation should proceed to the next step. For more information and to validate this, review the following article: 000083735
The reason can be found in one of two places:
a. In the BladeLogic Console / Patch Analysis results / Server View / target / last Column (Reason). Here is example:
b. On the target server in C:\Trace.txt log. Search for Bulletin ID to find the snippet that will contain the reason. Here is example:
For more information on how to analyze Trace.txt logs, review the following article: 000096560
- Get the OS specification from the target server (run 'systeminfo'), or if the patch in question is for a specific product such as Office, SQL, etc., then get the Product specification as well including the SP level.
- Review the Vendor website to verify that files (and their versions) or registry keys seen in the reason of the analysis result, apply to the Product or Windows OS of the target. It is important to note that different OS Service Packs may have different conditions, and this is not to be overlooked.
Essentially, you need to clearly identify the OS or Product of the patch, find the correct affected files and their versions on the Vendor site, and make sure that these files (or registry keys) are used in the Shavlik logic (reason) to make a decision about the patch status. If the logic uses incorrect files, incorrect versions, versions of incorrect builds, then these could lead to incorrect status result of the patch. Such issue needs to be reported to BMC Support for validation and to work with Shavlik to provide the fix.
In the end, if you have identified the defect or still not convinced that the patch is reported as missing correctly, file a ticket with BMC Support and provide the following information: