BatchPatch Forums Home › Forums › BatchPatch Support Forum › Batchpatch stopped working on workgroup machines
- This topic has 3 replies, 2 voices, and was last updated 1 month, 3 weeks ago by doug.
-
AuthorPosts
-
October 25, 2024 at 1:41 pm #14299wayneParticipant
batchpatch ver 2024.7.16.15.21
connecting via IP using alternant creds
OPT-In to Microsoft updates (enable updates for other MS Products) works
windows updates receive error Windows Update: Error 1601: Failed to retrieve WMI info. The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)windows defender firewall is off
out of 168 workgroup machines only 2 work.
used to work just fine.
only change is windows patches that i am aware of.
batchpatch is installed on a domain joined server and can patch domain joined mach9nesI can remote to the machines from the batch patch servers
workgroup servers are all different operating systems 2016, 2019 and 2022
working machines are 1 2016 server and 1 windows 10 machineOctober 25, 2024 at 4:21 pm #14300dougModeratorPlease see this link. Read carefully through it and check each of the things that it mentions to see if one of those is causing your issue: batchpatch-windows-update-error-1601
If Windows Firewall is truly disabled, the issue could be another firewall (whether that be software or hardware/network). “The RPC server is unavailable” means that the BP computer is not receiving a response from the target computer. Firewalls are the common reason why this occurs, but it could possibly be anti-virus or similar HIPS or other security software, as these software suites sometimes do some degree of firewalling too. Also consider if any network or other hardware firewall could be the culprit.
Considering that you are able to use “Opt-in” successfully but NOT a Windows Update action, this indicates that the blocking is specific to WMI queries. That is, the “Opt-in” action copies a script to the target computer and then uses PsExec to execute it. It does not use WMI at all. However, the Windows Update actions use some WMI queries too, and the WMI query is what’s getting blocked/dropped. WMI queries use dynamic ports, by default, and so it does sometimes happen where the firewall is just not configured properly to allow/enable WMI queries to work. A little bit more on that here: batchpatch-ports
October 29, 2024 at 4:35 pm #14301wayneParticipantI figured out what was happening. when i originally used batchpatch on these machines i was using the built-in administrators account the different machines have different passwords which makes it difficult. i deployed a script using batchpatch that added an account to the administrators group of all the machines so i only have to use 1 account. since batchpatch is accessing the C$ admin share you need the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system with a DWORD LocalAccountTokenFilterPolicy that has a value of 1 to allow batchpatch to use a non built-in admin account
October 29, 2024 at 4:46 pm #14302dougModeratorExcellent. I’m glad you got it working. Thanks for the update.
-
AuthorPosts
- You must be logged in to reply to this topic.