[doug]

Thanks for confirming. I think the issue must be related to psexec. The actions that you’re executing successfully all do not use psexec. The ones that are getting stuck all use psexec, and they all appear to be getting stuck right when psexec is triggered. The reason I asked about whether or not you were using run-as to launch the app is because I think maybe when using run-as there is something different occurring with how Windows handles the ‘open file – security warning.’ I would suggest for the sake of testing to try logging on to the computer with the account that you are launching BP as, then just launch BP by doubleclicking, rather than using run-as. Or if you log on to the computer as your normal user account and run BP by doubleclicking as your normal user account and then once BP is running enter the domain admin credentials on a per-row basis in the ‘alternate credentials’ field in the BP grid. This is explained more here.

Once you get things working it shouldn’t matter which of these three options you use, but for the sake of troubleshooting I wonder if the run-as could be preventing us from seeing a security file warning dialog, perhaps.

Otherwise please do continue reviewing the troubleshooting guide and your AV/HIPS software too. Let me know how it goes.

Thanks,

Doug

[doug]

Brad – You didn’t answer the question about running BatchPatch with run-as or not. I know that you are running BP using a domain admin account, but what I don’t know is are you logged on to the BP computer as that domain admin account and then launching batchpatch.exe by simply double-clicking, or are you logged on to the BP computer as some other account and then launching the batchpatch.exe by right-click run-as and then entering the domain admin account credentials so that BP runs as a domain admin account while being logged on to the computer as a different account?

Another question…

In your original posting you said that reboot and shutdown commands do not work. I’d like to confirm if this is actually true because most of the built-in reboot command in BP use only WMI and do not use PsExec. However, the issue you are describing sounds like something is getting hung up with PsExec not WMI. Could you please try ‘Actions > Reboot > Reboot (force, if required)’ and let me know if it works or not? Or better yet, maybe you could just paste the contents of the ‘All messages’ column to demonstrate which actions you are testing successfully and which actions are hanging/failing.

The issue that you are describing does indeed sound like we are missing something very simple, and it still sounds to me like the behavior that we would expect if the ‘open file – security warning’ were waiting for input. One other possibility is that some type of security software like anti-virus or HIPS on the target (or on the BP computer) could be blocking things. I’d like to have you follow the instructions in the troubleshooting guide under ‘Windows Update Actions’ and let me know what you discover.

Also please try under ‘Tools > Settings > Remote Execution > Use psexec -r switch’ to specify a custom remote service name. You can put something like ‘BatchPatchExeSvc’ in that box. See if it makes any difference. This setting can sometimes help bypass security software that is specifically blocking psexesvc.exe from running on the target.

-Doug

[doug]

Brad – This sounds like a Windows ‘Open File – Security Warning’ issue for psexec.exe. When you first download and run psexec or any exe from the web, Windows usually prompts you to click “OK” or “Yes” or “Run” to confirm that you want to run the exe. In that window there should also be an option “Don’t prompt again” or “Always ask before opening this file” similar. I suspect that somehow this prompt is waiting for input from you but you are not seeing it. Are you launching BatchPatch with run-as to run it as a different account than the account that you are logged on to the computer with? Or are you simply double-clicking the batchpatch.exe to run it as the same account that you are logged on to the computer with? In either case I would suggest that you run psexec at the command prompt and make sure you have it running/working first. Make sure that on any prompt that appears that you select or deselect the checkbox (depending on how the checkbox text reads) so that subsequent attempts to run the .exe do not trigger the prompt to appear. I *think* the prompt in this case will say “Always ask before opening this file” and so you would need to deselect the checkbox if that is how it reads.

FYI there is no client to install on target systems, so I’m not sure what you are referring to there.

Let me know how it goes.

Thanks,

Doug

[doug]

Please have a look at this posting

[doug]

Windows 2012 R2 does *not* have special/different port requirements as compared to other versions of Windows. Possible causes for ‘RPC server is unavailable’ are outlined here: Troubleshooting Common Errors in BatchPatch

[doug]

No problem. Also FYI Scott did get it working after altering/updating some of our code, so the fix will be included in the next release.

-Doug

[doug]

Thanks, Phil. Unfortunately I don’t think we’ll be able to make this compatible with the ‘retrieve console output’ option in this version of BP. Realistically it probably needs to be re-written in powershell or vbscript or similar to get it working right now. However, Scott thinks he just figured out why it’s not working as-is with the current code, so I think we probably ought to be able to get this working in the next version of BP.

-Doug

[doug]

That checkbox is not compatible with all scripts, hence the note below the checkbox that explains it ‘may cause a deployment to fail/error in some cases.’ If you share your script, I might be able to help get it to work.

-Doug

[doug]

You said “when I run it manually there is a UAC prompt.” Does “run it manually” mean as a BP deployment? Or Does that mean running it without BP just by executing the command at the prompt?

If you’re running it inside of BP, what makes you say that there is a UAC prompt? How do you know there is a UAC prompt? Where you do see this?

Generally speaking if you are running a deployment in BP, you will not ever experience a UAC prompt. If a deployment is hanging indefinitely, it’s generally because the parameter/switch used is not correct for a “silent” or “quiet” installation, and so the installer is popping up some type of prompt or window, but since it’s a remote deployment, that prompt/window cannot be seen and therefore cannot be clicked on to proceed with the installation.

Let’s go over a couple things…

1. Is the account that you are using to execute the deployment in the local admins group on the target computer?

2. Are you using alternate credentials in BP or are you launching BP with the same account that has local admin permissions on the target computer?

3. Is the account a domain account or is it a local account?

4. Can you confirm that you can successfully execute/complete BatchPatch ‘Actions > Windows Updates > Check for available updates’ on this target? Let’s make sure this works properly before trying a deployment. That way we can confirm that permissions are all what they need to be first.

5. In your deployment, can you confirm that your installofficeproplus32.xml file is in the same directory as the setup.exe on the BP computer? Can you also confirm that all of the other setup files that go along with the setup.exe are also in that same directory? If all of the files required for the installation are in the ODT folder, then when ‘copy entire directory’ is checked, they will all be copied to the target computer so that when the setup.exe is executed, it will be able to find all of the files that it needs, including the installofficeproplus32.xml file.

6. If everything is truly setup properly (this feels unlikely at the moment… it feels like there might be something simple that we’re missing) one thing to try is changing the remote execution context under ‘Tools > Settings > Remote’ to ‘Elevated token’.

-Doug

[doug]

This might just need some quotes. Or it might need the -w to specify the working directory. If no -w then you might need to specify the full path to the .xml file instead of just the .xml file with no path. Or instead of manually pre-copying the files to the the target computer and then executing a ‘remote command’ you could instead just use a BP ‘deployment’ instead, in which case the entire thing would be handled for you by BP. See here: Deploying exe file fails but runs ok manually

[doug]

I have a few notes…

1. There is a setting under ‘Tools > Settings > Grid preferences > Automatically stop pinging when host comes online after having been offline’ This is enabled by default, but it can be disabled. If this setting is disabled, BP will never stop pinging a host (unless the host is unavailable, in which case you will see in orange, italic text ‘Ping Failed: Could not find host.’ This generally will only appear if the host actually does not exist, as compared to a host that exists but is taken off the network, which will usually produce a timeout instead of a failure. In your case you might want to simply disable this setting so that your individual row pings never stop and are therefore always accurate.

2. If pinging is active, then the ping reply column value will be in regular, black text. If pinging is no longer active for a given row/host, the ping reply column value will be in gray italic text. Knowing this should help eliminate any confusion as to whether the value might be stale. If it’s gray italic, it’s not running, and so it might not be accurate anymore.

3. The LEDs are affected in two independent ways. If you click on the LED column header image, then a single thread is launched that goes down the list of hosts one by one to check each host’s status. The LED images for each row are then colored according to the results of that thread’s pings. This thread will loop over every host in the grid, indefinitely, until you stop it by clicking again on the LED column header image. Separately from this thread, the LEDs can also be modified by each individual row’s ping thread. So if you select one, some, or all rows, and then you select ‘Actions > Ping > Start pinging’ each row will launch its own individual ping thread, which will change the color of only that row’s LED, depending on the result of the pings.

All that said, I think you are seeing the ping reply column be inconsistent with the LED image because you are using both the LED ping thread as well as each individual row’s ping thread. There is nothing wrong with doing this, but you just have to be aware that if the individual row stops pinging because the machine went offline and then came back online (and you had your settings set to stop pinging when this occurs, as noted at the top of this posting), it’s still possible that at a later time the machine can be taken offline and the LED will turn red if the LED ping thread is running, even though the individual row’s ping thread stopped long ago.

So, if you are using the LED ping thread, and the LED for a row is red, then you can know that the machine is offline, regardless of what the ping reply column says. Alternatively, if you simply pay attention to the color and type of text in the ping reply column, that also tells you if the pinger is actively executing or not (black regular text is running, gray italic text is stopped).

I hope this helps.

[doug]

Hi Kevin – Thanks for the suggestion. We will consider this for a future build.

-Doug

[doug]

Glad to hear that you’re on the right track!

[doug]

When you perform a ‘Windows Update’ action on a target host, you will see the ‘Remote Agent Log’ column populated with the relevant info. Additionally this info is in the remote log under C:Program FilesBatchPatchBatchPatch.log on the target computer. If an update cannot be installed, it will be logged to these logs. Additionally, in BatchPatch you will see the ‘Windows Update Messages’ column turn red on completion instead of blue, indicating ‘succeeded with errors’.

-Doug

[doug]

Tools > Settings > Remote Execution > Remote working directory

[doug]

Hi Rick – I’m glad you’re liking the software so far.

0x80070070 -2147024784 ERROR_DISK_FULL There is not enough space on the disk

Looks like you need to free up some space on the target computer.

-Doug

[doug]

Definitely still review your settings, and in the second link it shows how to see if “dual scan” is actually enabled regardless of what group policy is in use. The problem you are describing really does not seem like an issue or problem or setting with BatchPatch, which has not changed, and which is not causing a problem for any other BatchPatch users.

[doug]

Joseph – What prompts you to ask this question? Did you run into some kind of problem.

When you use BatchPatch to perform a standard Windows Update (online, not using cached mode), then the target computer Windows Update Agent (WUA) checks the integrity of the patches that it downloads. If you use BatchPatch to perform a Windows Update using cached mode, then BatchPatch downloads the updates and then pushes them to the target computer. The target computer Windows Update Agent (WUA) verifies the patch before installing it. If it cannot verify it, then it does not install it.

[doug]

This sounds like it could be a “dual scan” issue, not an issue with BatchPatch. Please review the following links very carefully. Let me know what you find.

Dual Scan Difficulties

Deciphering Dual Scan

[doug]

What email server software do you use? You are the third person ever to report this problem, and yet not only can we not reproduce it, we also have so many other customers who do not experience the issue.

[doug]

To specify -u and -p you must use ‘Actions > Specify alternate logon credentials’. Then when the command is run it will use -u and -p.

-Doug

[doug]

If you want to trigger VNC viewer from a BatchPatch row you would need to create a local command with the VNC viewer command line command for your viewer. For example RealVNC the command is: vncviewer.exe <computer>. In a BatchPatch local command you can use $computer for BatchPatch to insert the host name for the row into the command line. So your local command would be:

vncviewer.exe $computer

or if you need to specify the full path to the viewer then do:

C:pathToViewervncviewer.exe $computer

This link explains how to create commands in BatchPatch:

How to Hard-Code Your Own Custom Commands in the BatchPatch Actions Menu

[doug]

The local update cache directory is on the BatchPatch computer. When BP installs updates (in cached mode) on a target computer, it copies the required updates to a BP temp directory in the BatchPatch working directory on the target computer (default location is C:Program FilesBatchPatch). During the process for installing the updates, the updates are copied from that BP temp directory to the Windows Update cache (in C:WindowsSoftwareDistribution), at which point they are also deleted from the BP temp directory.

[doug]

You don’t need to clear the cache unless you want to. Just because an update is downloaded to the offline cache does not mean that it will get applied.

If you want to delete cached files you can see where your cache folder is located by checking under ‘Tools > Settings > Windows Update > Local update cache directory’

In addition to using the exclude list you may also opt to hide the update on the target computers, which is explained in the section ‘Method 3’ here. Just note that once an update is hidden on a target, Microsoft is able to unhide it by republishing the update, which they do occasionally.

-Doug

[doug]

It has been posted. Again please note that you will be using the following two special items in your job queue, in the order specified below. The tutorial does not mention the multi-queue sequence, which is why I highlight it here.

*Abort advanced multi-row sequence if previous action fails/errors

*Terminate queue if previous action fails/errors

Thanks,

Doug

[doug]

This is a permissions problem. The following links explain what you need to do for permissioning.

Getting Started with BatchPatch

BatchPatch Authentication in Domain and Workgroup (non-domain) Environments

The following link will help you get to the bottom of any remaining problem:

BatchPatch Troubleshooting Guide

[doug]

Hi Marcel –

0. You cannot schedule a basic multi-row queue sequence. You can only execute the basic sequence on-demand. However, you can schedule an advanced multi-row queue sequence, so that is probably what you would want to use in this case.

1. If you want to check for available disk space and then terminate the entire multi-row queue sequence if a threshold is not met, you would need some custom scripting. You would need to write a custom script that checks for disk space and then returns 0 if it meets your threshold or return any non-0 integer if it does not meet your threshold.

Here is an example of integrating this custom script into BatchPatch:

Install Windows Updates Only If Sufficient Space Is Detected On Target C: Drive

Note, in your job queue you would use something like:

Step 1: Your GetDiskSpace custom script deployment (this script can be created following the guidelines in the link above)

Step 2: Abort advanced multi-row sequence if previous action fails/errors

Step 3: Terminate queue if previous action fails/errors

Step 4: Your custom StopService script deployment (this script can be created following the guidelines in the link below)

Step 5: Abort advanced multi-row sequence if previous action fails/errors

Step 6: Terminate queue if previous action fails/errors

Step 7: Your custom ChangeServiceStartupType script deployment (this script can be created following the guidelines in the link below)

Step 8: Abort advanced multi-row sequence if previous action fails/errors

Step 9: Terminate queue if previous action fails/errors

Step 10: Install Windows Updates

Step 11: Your custom StartService script deployment (this script can be created following the guidelines in the link below)

Step 12: Abort advanced multi-row sequence if previous action fails/errors

Step 13: Terminate queue if previous action fails/errors

Step 14: Your custom ChangeServiceStartupType script deployment (this script can be created following the guidelines in the link below)

Step 15: Abort advanced multi-row sequence if previous action fails/errors

Step 16: Terminate queue if previous action fails/errors

2. To start or stop a service inside of a queue in BatchPatch you can follow the same guidelines as mentioned above to create a custom script. We will have a tutorial for this posted in a few days at this link: BatchPatch Custom Script Integration – Install Windows Updates Only After Stopping a Specified Service

3. Same idea as 1 and 2. The above linked tutorial will also show how to set a service to manual/automatic in a custom script.

4. Install Windows Updates

5. Same idea as 1, 2, and 3.

-Doug

[doug]

Your guess is as good as mine. This isn’t really a BatchPatch question/problem. BatchPatch simply executes the Mozilla installer. However, it’s the Mozilla installer that performs the uninstall/install operation.

[doug]

If the server was updated last month with BatchPatch but now this month it’s failing with the error you mentioned above, then I would be concerned about the state of that server. BatchPatch has not changed, but clearly something has become either corrupt or broken on the target server, and there is a pretty good chance that the problems with that server are not going to be just limited to Windows Update. Maybe you’ll get lucky and a simple reboot will fix the issue. However, assuming that does not work then I would suggest you follow the recommendations I made in my previous posting to you.

Thanks,

Doug

[doug]

What OS is on the target computer? Has the computer not been updated in a very long time?

0xC0000142 -1073741502 STATUS_DLL_INIT_FAILED

These are not really BatchPatch errors, but rather they are errors that indicate that the target computer operating system might have some deeper issues. I would suggest you try the following things:

1. Make sure the target computer has the latest Windows Update Agent (WUA):

https://support.microsoft.com/en-us/help/949104/how-to-update-the-windows-update-agent-to-the-latest-version

2. If that does not solve the problem (there is a good chance that it will not) then I would suggest running the Windows Update troubleshooter:

https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter

3. If that does not solve the problem (there is a good chance that it will not) then I would suggest looking at repairing the operating system and/or using the system file checker and/or other system fixit utilities to try to repair problems with the operating system.

[Author]

Posts