[doug]

5 == ACCESS_DENIED. This is a permissions problem.

In order to run BatchPatch on itself, the batchpatch.exe needs to be launched with elevation as administrator. When you enter the local host into the grid, if BatchPatch is not running with elevation it pops a warning message box that it must be run with elevation in order to properly/successfully patch itself.

-Doug

[doug]

BatchPatch can control and monitor in real-time an update process that is triggered with BatchPatch. It cannot control and monitor an update process that is triggered by Group Policy. You can, however, have GPO download the updates but then have BP trigger the installation process. For that please refer back to the link in my previous posting.

If you have GPO setup to do the entire process but you want to prevent the installation after updates have already been downloaded then you would need to modify the GPO.

[doug]

BatchPatch cannot monitor an update process that was triggered by GPO. If you want to use BatchPatch to monitor the process then you should use BatchPatch to also trigger the process. We have recommendations for using BatchPatch with WSUS and Group Policy posted here: BatchPatch Integration with WSUS and Group Policy

[doug]

Hmmm… I can’t reproduce that behavior here and we have not had any other reports of it. Not sure at the moment what to make of it.

For the time being I would suggest you instead either use a .BPP file or note that you can also just highlight the three .bps files and drag and drop them onto the grid to open them (drag-drop only works *without* elevation too), or you can use ‘File > Open’ and then select/highlight all three .bps files to open at once. I hope this helps. I’m sorry that I’m not able to provide a solution for the ‘remember open tabs’ function at this time.

-Doug

[doug]

1. Select ‘Actions > Execute local process/command > Create/modify local commands’. This form with the title ‘Local Process’ User-Defined Commands is where you would save a command to be able to use later inside job queues or from the ‘Execute saved local commands’ menu item. More here: How to Hard-Code Your Own Custom Commands in the BatchPatch Actions Menu

2. The ‘remember open tabs from last session’ setting will not work if you are launching BatchPatch with elevation as administrator. If you are launching BatchPatch normally without using “run-as” then it works as expected. Note, you can alternatively create a .BPP file (BatchPatch Project file) that essentially lets you launch a single .BPP file that will call any number of .BPS files. Explained more here: Getting the Most Out of BatchPatch

3. Also note that if you launch the batchpatch.exe with elevation and make changes or additions such as adding saved local/remote commands etc, then those are saved for the elevated user. If you subsequently launch batchpatch.exe as a standard/different user, you will not see the changes that you made when elevated. And vice versa.

I hope this helps.

-Doug

[doug]

Thanks, Mats. We will look into this.

-Doug

[doug]

You can copy files/folders to target computers using ‘Actions > Copy file/folder’

Copying files or folders to numerous computers using BatchPatch

[doug]

Yes, it’s correct that there is no concurrency while the updates are being copied from the BatchPatch computer to the target computers. The copy operation is the only part that is not concurrent.

[doug]

I’m curious to understand how you concluded that BP tries to download each file one by one instead of retrieving from cache? BP does not do this.

The actual behavior of BP is as follows:

1. BP looks online to see if you have the latest WsusScn2.cab file. If it is able to connect to the internet then it will download the latest one. If it is not able to connect to the internet then it will use the one in the cache, and it will mark that session (in this case ‘session’ means that if you selected multiple rows and chose ‘download/install/reboot’ on all those rows in the same action, then they are part of the same session) as having no internet access so that the WsusScn2.cab file is used straight from cache instead of attempting to download the latest one again for other rows in that session.

2. BP copies files to target computers from cache. BP always checks cache for the existence of the file. If it exists in cache then BP does not try to download it from the internet.

3. The process for copying files to target computers in this case is, in fact, single-threaded as you suggested. In the case where there is internet access this prevents multiple rows from trying to download the same file at the same time. For copying the files to target computers when there is no internet access, it’s still single threaded, but the files are copied directly from cache without checks to the internet. So yes it’s true that each row will only copy files to target computer cache after the previous row finished copying files, no internet checks are involved.

If you believe that I am mistaken about the behavior, I would like to see the logs that illustrate what you are describing. The best way to do this is HTML export ‘File > Export grid to HTML’ and then email that to us, please. Thanks.

[doug]

Tools > Export

Tools > Import

[doug]

This error translates to:

0x80004002 -2147467262 E_Nointerface

I haven’t seen this particular error before, but it’s going to likely mean one of a few possible things, in no particular order:

1. The Windows Update Agent (WUA) on the target computer needs to be updated.

https://support.microsoft.com/en-us/help/949104/how-to-update-the-windows-update-agent-to-the-latest-version

2. The target computer might just need a reboot.

3. There could be some system file corruption on the target computer.

4. One of the following links might have a resolution:

https://support.microsoft.com/en-us/help/2287297/a-com-application-may-stop-working-on-windows-server-2008-when-a-user

https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/9bce56ec-999c-44dd-979f-a0c8e93bdbd5/windows-8-com-error-80004002-no-such-interface-supported?forum=windowsgeneraldevelopmentissues

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f0be9769-a9c7-4003-8e23-8f23592c849c/windows-server-2008-32bit-component-services-error-catalog-error-80004002?forum=winservergen

5. Search google for ‘80004002’ without the quotes and see what else you find that might help.

[doug]

To be clear, you would not have to do them one by one for each target. You could apply one update to ALL targets at the same time. Then apply the next update to ALL targets at the same time. And so on. It really should not take very long. Also, this would only occur when using BatchPatch in cached mode, so if your computers have internet access or access to WSUS, then you could disable cached mode and apply these updates in one action with the standard Windows Update methods in BatchPatch.

In the case that Matt described he was applying updates that go back more than 3 years. This was only an issue for him because of being so out of date. If you are staying relatively up to date, then it’s never going to be an issue. Huib, are you also applying updates from as far back as 3+ years ago?

Another option for deployment is to download the desired/needed .MSU (or .MSI or .MSP etc) update files from the Windows Update catalog from Microsoft. Then you can deploy those all at one time using the ‘Deployment’ feature in BatchPatch, as described in this tutorial:

Remotely Install Multiple .MSU Files (or .MSI and .MSP files) to Numerous Computers

In a future version of BP we will plan to update the behavior so that instead of deleting files individually as we cache them we will delete them after all updates have been cached, which will prevent this issue from occurring. However, for the time being it’s a very rare issue that as far as we know only affects you if you are trying to apply numerous old .NET security updates at the same time. This posting is the first time we have ever heard of this happening to anyone. Most users will not be 3+ years behind on applying security updates.

[doug]

Yes you can update the local computer. You just have to run the batchpatch.exe elevated as administrator. If you do not run the batchpatch.exe elevated, then when you add the local computer name to the grid BatchPatch pops up a message box to tell you that it won’t work properly unless you run elevated. Not sure if you didn’t get that popup or if you ignored it accidentally.

-Doug

[doug]

You can initiate a synch manually following the instructions in this tutorial. Once you have setup the synch parameters, then in the future when you want to synch the grid it’s only a couple of clicks, so you don’t have to add each computer manually. And yes the synch can include multiple OUs.

There is not currently a way to schedule a synch, though we are considering this for a future build.

BatchPatch cannot distinguish between the types of computers in a particular OU, so if you want to synch your servers without synching your clients, then you would have to keep the servers and clients in separate OUs.

-Doug

[doug]

You have a couple of options, I think, to accomplish what you are trying to do.

First, you said you want to activate a task every second Tuesday of the month. In the scheduler recurrence drop-down menu you can use ‘Monthly (2nd Tuesday) + X days’. In this case you would set X=0 so that the task executes on the 2nd Tuesday. And for example if you set X=1 then the task would execute on the Wednesday following the 2nd Tuesday (some months this will be the same day as the 2nd Wednesday, but other months it will not be the same, which is why we provide the option for + X days).

Second, you said you want to essentially be able to modify the execution day separately from the execution time so that you can “activate” your maintenance window and have all the jobs run at their scheduled times on the day specified for the maintenance window without having to always re-apply new scheduled tasks for the desired day/time. While this is not *exactly* doable in BP, you can still accomplish the same thing in a slightly different way. If you set all of your computers to the desired time, and if you set the execution day to a day in the past (so for example you could just set it to yesterday’s date), then if you also set the recurrence drop-down to ‘Daily’, you can enable and disable your maintenance window on the day of the maintenance by simply enabling and disabling the task scheduler using the little clock icon in the upper right corner of the BP window. What will happen is if, for example, you have a server that is set to reboot at 10PM yesterday with daily recurrence, then let’s say your maintenance begins on Saturday. When that Saturday arrives you can enable the task scheduler and the daily recurrence will automatically adjust all of the execution days for every task to be that same day (Saturday, in this case). So even if you enable the task scheduler on Saturday at 11:30AM, the tasks will then execute at 10PM that evening. Does this make sense? Does this solve your problem? As far as I understand from your described requirements is that the only drawback of this solution is that you would have to enable the task scheduler on the day of the maintenance window. You would not be able to enable the scheduler in advance of that day. But when that day arrives you could enable it at any time during that day. And then you would have to disable the scheduler after the maintenance is over and before the scheduled time (10PM) of the following day. We can consider for a future version of BP to provide the ability to schedule a day/time for the scheduler to start/stop, which would allow you to remove the manual step of enabling the scheduler on the day of maintenance and then disabling it when the maintenance is over.

-Doug

[doug]

It’s unclear to me why this is happening, but essentially it seems that when BatchPatch asks the Windows Update Agent for a list of downloaded updates, the returned list includes 2 updates that have isDownloaded=FALSE. It might be that the Windows Update Agent database on the target computer has the updates marked as downloaded but that the actual update content files are missing in the WUA cache, and so isDownloaded=FALSE. I would suggest trying ‘Download and install updates’ in this case instead of ‘Install downloaded updates’. I think this will probably resolve the issue.

-Doug

[doug]

Since the only time that we have ever been able to reproduce this behavior it has been due to permissions, I think that’s still the most likely reason for what is happening. What’s not clear is why you experience it (and a few others have) while 99% of users never encounter this and why we do not encounter it in our lab. That said, I’d like you to please try the following:

1. Uninstall the service.

2. Close all instances of BatchPatch and then see if you can re-apply permissions to the directory that contains the batchpatch.exe. Essentially the goal here would be to give all of the possible permissions to the directory and the batchpatch.exe for whichever account you are using. Then after that, install the service again and see what happens.

3. If after installing the service you still encounter the same issue, go to the service installation directory where you will find BatchPatchService.exe and BatchPatchServiceInstance.exe. Once again please apply all possible permissions to that entire directory and the files it contains for the account you are using. Let me know how it goes.

What I can tell you is that if you take a standard build of Windows without doing anything to it, the service works just fine. So when this issue occurs it is due to something about the way the environment is configured. Most likely it is related to permissions/security in some way.

[doug]

Glad that worked!

[doug]

You can modify the ‘server selection’ under ‘Tools > Settings > Windows Update’ to choose between ‘Default/Managed’, ‘Windows Update’, and ‘Microsoft Update’

---

Default / Managed: Uses the target computer’s existing configuration to determine where to search for updates.

Windows Update: Bypasses the target computer’s configuration and searches for updates on

Microsoft’s public server. Includes only Windows updates.

Microsoft Update: Bypasses the target computer’s configuration and searches for updates on

Microsoft’s public server. Includes Windows updates AND updates for other Microsoft products. Before using Microsoft Update, target servers must be opted-in to the service.

See ‘Actions > Windows Updates > Opt-in…’

[doug]

When you say you are trying to send out and install the update through an ISO, I don’t really know what you are trying to do.

Are you following the instructions posted here?

If you are following the above-linked instructions that we posted and you are having a permissions problem with autorun.inf I think there are probably two things you could do to resolve the issue.

1. You could probably just delete the autorun.inf file from your source directory. Then when BatchPatch copies all of the files needed for installation from the source to the target, there will be no autorun.inf file, and so it would not produce a permissions issue on the autorun.inf since it does not exist. The autorun.inf file is not needed for deployment, so deleting it is safe/fine.

2. Probably the issue could be resolved by forcing new permissions on the entire source directory that contains the installation files. For whatever reason in your case the autorun.inf file (and perhaps other files?) are apparently retaining permissions that create a problem during deployment.

-Doug

[doug]

I ended up resolving this error by opting-out of Microsoft Update and then opting-in once again. I used ‘Actions > Windows Update > Opt-out’ followed by ‘Actions > Windows Update > Opt-in’. Now things work properly regardless of whether the server selection is set to ‘Windows Update’ or ‘Microsoft Update’. I have no idea why this fixed the problem or why the problem was happening in the first place, but I’m posting it here now in case anyone else runs into a similar issue.

EDIT/UPDATE 2021 – We have had a few reports of this issue over the past few years, and the above suggestion worked in each case.

[doug]

Thanks, Matt. Good to know the one-at-a-time method worked. However, I agree it was probably a good idea to just update the framework altogether, so I’m glad you got it all worked out.

-Doug

[doug]

This is peculiar. Considering all of the entries that state the following…

msipatchregfix-amd64_5011cb29b096fb674a4795ee8fc2f7fdad33863a.exe :: Copy To Cache: Failed. HRESULT: -2147024894

…it seems that these .NET updates all utilize the same file (in conjunction with a secondary file that is specific to the particular update and not shared). The -2147024894 means ‘ERROR_FILE_NOT_FOUND’. This is happening because the file is there for the first update, but then BatchPatch deletes it from the target computer temp folder after it successfully caches the file for the first update in the list, and then BP is not able to cache that file for the rest of the updates because it has been deleted. BP does not expect that two updates would have the same filename, so BP deletes the files as it caches them, but apparently there are cases where two updates will utilize the same exact file.

I would suggest trying the following:

1. Delete the files in your cache directory on the BatchPatch computer. Or you can temporarily point the cache location to an empty folder so that when you attempt again BatchPatch will download the update files anew. The goal here is just to make sure you get fresh files in case one or more of the files that currently exist in your BatchPatch cache are corrupt in any way that is preventing them from installing.

2. Check the box ‘Tools > Settings > Windows Updates > Recopy/overwrite updates that have already been cached on target hosts’ You should leave the box checked until all of these updates have been installed and the problem has been resolved.

3. With the above box checked, use BatchPatch filtering to install just a single .NET update at a time. Use ‘Actions > Windows Updates > Filter which updates are included/excluded’ to include just one of the .NET updates at a time. I suspect if you use filtering to install just one update at a time you won’t have any problems, though I can’t say for sure because I have never seen this type of situation before.

-Doug

[doug]

Offline mode utilizes the WsusScn2.cab file that Microsoft publishes on a monthly basis. This file contains the metadata for security updates that allows the Windows Update Agent to determine which updates are available for the computer in question without requiring internet access or a WSUS to perform the scan. When you scan for Windows Updates using the control panel interface on the computer, it does an online scan for available updates against Microsoft’s public update servers, not the WsusScn2.cab file. The WsusScn2.cab file will never contain *all* updates that the public update servers contain. The WsusScn2.cab file generally contains all security updates and service packs along with various other updates that Microsoft deems important enough to include. When they release an out-of-band patch, such as the KB4056892 that you are referencing, it will appear on their public update servers before they publish a new WsusScn2.cab file that also contains the update. If you want to apply the update to systems that do not have internet or WSUS access before Microsoft publishes a new WsusScn2.cab file, then you would have to download the update manually from the Microsoft catalog, and then you can deploy it to target systems using the BatchPatch ‘Deploy’ feature, following this example:

Remotely Deploy a Standalone .MSU Update to Multiple Computers

[doug]

When determining how to uninstall a program you need to first test it at the cmd prompt on the target computer WITHOUT using BatchPatch. This way you can determine what the quiet/silent/unattended parameter is.

I just installed FeedReader 3.14 and tested uninstalling with your commands:

“C:Program Files (x86)FeedReader30unins000.exe” /S

“C:Program Files (x86)FeedReader30unins000.exe”

Neither of those commands will perform a silent/quiet/unattended uninstall.

However, the following command works properly to perform a quiet/silent/unattended uninstallation of FeedReader 3.14:

“C:Program Files (x86)FeedReader30unins000.exe” /silent

[doug]

When you check the box to ‘Run task immediately upon detecting target computer online’ the setting is saved only to the row or rows that you apply it to. Then if you view the task/schedule that is applied to a row that has the setting, then you will see the checkbox is checked. However, if you view the schedule of a row that does not have the setting, then the checkbox will not be checked. Or if you have multiple rows selected when you go to ‘Create/modify scheduled task’ when the Task Scheduler window appears the box will only be checked if all rows have the setting applied. If only one or some of the selected rows have the setting applied then when BP launches the Task Scheduler window, it does not auto-check the box or auto-populate the task/schedule because the multiple rows do not share the same schedule, and only a single schedule can be shown in the window at one time. This does not mean that the setting is not applied to a row that you applied it to. It just means that the GUI won’t show the box checked when you are launching the GUI. If you want to always see it reflect the setting that is applied to the row, then make sure to only have the particular row that you’re interested in selected when you re-open the ‘Create/modify scheduled task window’. I hope this clarifies things for you. It’s a bit tough to explain it clearly in writing, but hopefully you understand what I mean.

-Doug

[doug]

Unfortunately there is not currently a way to have BP pass the $user to your script the way that it can with $computer. We’ll consider this for a future build.

-Doug

[doug]

In the current build it’s not possible, but we are working on it for a future version.

Thanks,

Doug

[doug]

All of the steps are the only/all of the reasons that there would be a discrepancy. How are you determining that there are applicable updates for the computers that BP is not reporting?

[doug]

What action are you executing? Could you provide the verbatim text from the ‘All Messages’ column, please?

[Author]

Posts