Batchpatch stopped working on workgroup machines

BatchPatch Forums Home Forums BatchPatch Support Forum Batchpatch stopped working on workgroup machines

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 25, 2024 at 1:41 pm #14299
    wayne
    Participant

    batchpatch ver 2024.7.16.15.21

    connecting via IP using alternant creds
    OPT-In to Microsoft updates (enable updates for other MS Products) works
    windows updates receive error Windows Update: Error 1601: Failed to retrieve WMI info. The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

    windows defender firewall is off

    out of 168 workgroup machines only 2 work.
    used to work just fine.
    only change is windows patches that i am aware of.
    batchpatch is installed on a domain joined server and can patch domain joined mach9nes

    I can remote to the machines from the batch patch servers

    workgroup servers are all different operating systems 2016, 2019 and 2022
    working machines are 1 2016 server and 1 windows 10 machine

    October 25, 2024 at 4:21 pm #14300
    doug
    Moderator

    Please see this link. Read carefully through it and check each of the things that it mentions to see if one of those is causing your issue: batchpatch-windows-update-error-1601

    If Windows Firewall is truly disabled, the issue could be another firewall (whether that be software or hardware/network). “The RPC server is unavailable” means that the BP computer is not receiving a response from the target computer. Firewalls are the common reason why this occurs, but it could possibly be anti-virus or similar HIPS or other security software, as these software suites sometimes do some degree of firewalling too. Also consider if any network or other hardware firewall could be the culprit.

    Considering that you are able to use “Opt-in” successfully but NOT a Windows Update action, this indicates that the blocking is specific to WMI queries. That is, the “Opt-in” action copies a script to the target computer and then uses PsExec to execute it. It does not use WMI at all. However, the Windows Update actions use some WMI queries too, and the WMI query is what’s getting blocked/dropped. WMI queries use dynamic ports, by default, and so it does sometimes happen where the firewall is just not configured properly to allow/enable WMI queries to work. A little bit more on that here: batchpatch-ports

    October 29, 2024 at 4:35 pm #14301
    wayne
    Participant

    I figured out what was happening. when i originally used batchpatch on these machines i was using the built-in administrators account the different machines have different passwords which makes it difficult. i deployed a script using batchpatch that added an account to the administrators group of all the machines so i only have to use 1 account. since batchpatch is accessing the C$ admin share you need the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system with a DWORD LocalAccountTokenFilterPolicy that has a value of 1 to allow batchpatch to use a non built-in admin account

    October 29, 2024 at 4:46 pm #14302
    doug
    Moderator

    Excellent. I’m glad you got it working. Thanks for the update.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.