TrueSight Server Automation (TSSA) : Windows Patch Troubleshooting - A Windows Hotfix is reported as missing by TSSA Patch Analysis but is believed to be installed - INCLUDES VIDEO
TrueSight Server Automation (TSSA) : Windows Patch Troubleshooting - A Windows Hotfix is reported as missing by TSSA Patch Analysis but is believed to be installed - INCLUDES VIDEO
TrueSight Server Automation (TSSA) : Windows Patch Troubleshooting - A Windows Hotfix is reported as missing by TSSA Patch Analysis but is believed to be installed - INCLUDES VIDEO
TrueSight Server Automation
TrueSight Server Patch Management
Windows Operating Systems
TSSA reports a false positive while running a Patch Analysis Job against Windows target server. A false positive is when a Windows patch is reported as missing by a TSSA Windows Patch Analysis Job but the patch is believed to be installed.
Even if a TSSA remediation job is run to install the missing patch a subsequent run of the Patch Analysis Job continues to show the patch as missing.
Need to determine whether the issue is with the Patch Analysis detection logic or is a problem installing this patch on certain servers
Follow these steps to determine whether the problem is related to the Patch Analysis detection logic or if the detection logic is correct and this is a problem installing the patch on certain servers :
Identify the patch for which the problem is reported.
Make sure that the patch catalog has been freshly updated to ensure the most recent metatdata is present. Sometimes detection logic issues are fixed with Ivanti/Shavlik changes and a rerun of the patch catalog update is required to pick-up the updated metadata and detection logic.
First check the Reason column under Patch Analysis results (this column may be hidden to the right of the page initially). This column may indicate "why" the Patch is listed as missing:
Rerun the Patch Analysis job to gather the shavlik_results.xml and AnalysisTrace.txt from the Target Server. To gather these files either run the Patching Job with the DEBUG_MODE_ENABLED property set to true, or in BSA 8.9.01 and beyond, use the Job Run Log Package collector tool. With the former, the files will be copied to a location noted in the BSA job run log.
In the AnalysisTrace.txt and shavlik_results.xml look for mention of the problem patch.
If the patch is reported as missing, check the AnalysisTrace.txt to find out why the patch is missing. A reason like following can be seen in the AnalysisTrace.txt : 2015-11-19T10:06:28.3946865Z 069c V PatchTest.cpp:1219 File 'C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\SYSTEM.DLL' error: 0. 2015-11-19T10:06:28.3946865Z 069c V PatchTest.cpp:1222 File C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\SYSTEM.DLL (2.0.50727.3644) C 2 2.0.50727.8637 (AC 5). 2015-11-19T10:06:28.3946865Z 069c V PatchTest.cpp:1219 File 'C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\SYSTEM.DLL' error: 0. 2015-11-19T10:06:28.4103120Z 069c V PatchTest.cpp:1222 File C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\SYSTEM.DLL (2.0.50727.3644) C 2 2.0.50727.3662 (AC 5). 2015-11-19T10:06:28.4103120Z 069c V PatchTest.cpp:1236 Is *A* FileChange 2015-11-19T10:06:28.4103120Z 069c V PatchTest.cpp:654 A file was tested. 2015-11-19T10:06:28.4103120Z 069c V PatchTest.cpp:658 Did not pass file tests.
In this example, it is shown that the version of DLL file “SYSTEM.DLL” is less than expected and hence the patch is reported as missing.
In the shavlik_results.xml file, a reason as following can be seen for the impacted patch/hotfix MissingReason="File version is less than expected. [C:\Windows\system32\jscript.dll 0.0 < 5.8.7601.21838]"
In this example, it is shown that the version of DLL file “jscript.dll” is less than expected and hence the patch is reported as missing.
In such scenarios, perform the below:
Verify that the same version of DLL is indeed present on the OS.
Check the Microsoft support page to make sure that the reported DLL is actually affected to the product For above example of jscript.dll:
If the version of DLL reported in AnalysisTrace.txt is actually present on the server and it is correct as per Microsoft then there is nothing wrong with the Shavlik analysis and there is a problem with the OS or the patch itself.
If you see any discrepancies between the reporting in AnalysisTrace.txt and the Microsoft page, open a ticket with BMC Support and include the above files and analysis and we will work with Shavlik to diagnose and correct the issue.
If the Analysis results look correct (i.e. the patch is not correctly installed) and the problem seems to be with getting the patch installed via TSSA, review KA 000090870 for further troubleshooting tips.
Please see the following video for tips on troubleshooting issues where a patch is listed as Missing but appears to be installed: