Forum Replies Created
-
Posts
-
You have a couple of options, I think, to accomplish what you are trying to do.
First, you said you want to activate a task every second Tuesday of the month. In the scheduler recurrence drop-down menu you can use ‘Monthly (2nd Tuesday) + X days’. In this case you would set X=0 so that the task executes on the 2nd Tuesday. And for example if you set X=1 then the task would execute on the Wednesday following the 2nd Tuesday (some months this will be the same day as the 2nd Wednesday, but other months it will not be the same, which is why we provide the option for + X days).
Second, you said you want to essentially be able to modify the execution day separately from the execution time so that you can “activate” your maintenance window and have all the jobs run at their scheduled times on the day specified for the maintenance window without having to always re-apply new scheduled tasks for the desired day/time. While this is not *exactly* doable in BP, you can still accomplish the same thing in a slightly different way. If you set all of your computers to the desired time, and if you set the execution day to a day in the past (so for example you could just set it to yesterday’s date), then if you also set the recurrence drop-down to ‘Daily’, you can enable and disable your maintenance window on the day of the maintenance by simply enabling and disabling the task scheduler using the little clock icon in the upper right corner of the BP window. What will happen is if, for example, you have a server that is set to reboot at 10PM yesterday with daily recurrence, then let’s say your maintenance begins on Saturday. When that Saturday arrives you can enable the task scheduler and the daily recurrence will automatically adjust all of the execution days for every task to be that same day (Saturday, in this case). So even if you enable the task scheduler on Saturday at 11:30AM, the tasks will then execute at 10PM that evening. Does this make sense? Does this solve your problem? As far as I understand from your described requirements is that the only drawback of this solution is that you would have to enable the task scheduler on the day of the maintenance window. You would not be able to enable the scheduler in advance of that day. But when that day arrives you could enable it at any time during that day. And then you would have to disable the scheduler after the maintenance is over and before the scheduled time (10PM) of the following day. We can consider for a future version of BP to provide the ability to schedule a day/time for the scheduler to start/stop, which would allow you to remove the manual step of enabling the scheduler on the day of maintenance and then disabling it when the maintenance is over.
-Doug
It’s unclear to me why this is happening, but essentially it seems that when BatchPatch asks the Windows Update Agent for a list of downloaded updates, the returned list includes 2 updates that have isDownloaded=FALSE. It might be that the Windows Update Agent database on the target computer has the updates marked as downloaded but that the actual update content files are missing in the WUA cache, and so isDownloaded=FALSE. I would suggest trying ‘Download and install updates’ in this case instead of ‘Install downloaded updates’. I think this will probably resolve the issue.
-Doug
Glad that worked!
When you say you are trying to send out and install the update through an ISO, I don’t really know what you are trying to do.
Are you following the instructions posted here?
If you are following the above-linked instructions that we posted and you are having a permissions problem with autorun.inf I think there are probably two things you could do to resolve the issue.
1. You could probably just delete the autorun.inf file from your source directory. Then when BatchPatch copies all of the files needed for installation from the source to the target, there will be no autorun.inf file, and so it would not produce a permissions issue on the autorun.inf since it does not exist. The autorun.inf file is not needed for deployment, so deleting it is safe/fine.
2. Probably the issue could be resolved by forcing new permissions on the entire source directory that contains the installation files. For whatever reason in your case the autorun.inf file (and perhaps other files?) are apparently retaining permissions that create a problem during deployment.
-Doug
Thanks, Matt. Good to know the one-at-a-time method worked. However, I agree it was probably a good idea to just update the framework altogether, so I’m glad you got it all worked out.
-Doug
This is peculiar. Considering all of the entries that state the following…
msipatchregfix-amd64_5011cb29b096fb674a4795ee8fc2f7fdad33863a.exe :: Copy To Cache: Failed. HRESULT: -2147024894…it seems that these .NET updates all utilize the same file (in conjunction with a secondary file that is specific to the particular update and not shared). The -2147024894 means ‘ERROR_FILE_NOT_FOUND’. This is happening because the file is there for the first update, but then BatchPatch deletes it from the target computer temp folder after it successfully caches the file for the first update in the list, and then BP is not able to cache that file for the rest of the updates because it has been deleted. BP does not expect that two updates would have the same filename, so BP deletes the files as it caches them, but apparently there are cases where two updates will utilize the same exact file.
I would suggest trying the following:
1. Delete the files in your cache directory on the BatchPatch computer. Or you can temporarily point the cache location to an empty folder so that when you attempt again BatchPatch will download the update files anew. The goal here is just to make sure you get fresh files in case one or more of the files that currently exist in your BatchPatch cache are corrupt in any way that is preventing them from installing.
2. Check the box ‘Tools > Settings > Windows Updates > Recopy/overwrite updates that have already been cached on target hosts’ You should leave the box checked until all of these updates have been installed and the problem has been resolved.
3. With the above box checked, use BatchPatch filtering to install just a single .NET update at a time. Use ‘Actions > Windows Updates > Filter which updates are included/excluded’ to include just one of the .NET updates at a time. I suspect if you use filtering to install just one update at a time you won’t have any problems, though I can’t say for sure because I have never seen this type of situation before.
-Doug
Offline mode utilizes the WsusScn2.cab file that Microsoft publishes on a monthly basis. This file contains the metadata for security updates that allows the Windows Update Agent to determine which updates are available for the computer in question without requiring internet access or a WSUS to perform the scan. When you scan for Windows Updates using the control panel interface on the computer, it does an online scan for available updates against Microsoft’s public update servers, not the WsusScn2.cab file. The WsusScn2.cab file will never contain *all* updates that the public update servers contain. The WsusScn2.cab file generally contains all security updates and service packs along with various other updates that Microsoft deems important enough to include. When they release an out-of-band patch, such as the KB4056892 that you are referencing, it will appear on their public update servers before they publish a new WsusScn2.cab file that also contains the update. If you want to apply the update to systems that do not have internet or WSUS access before Microsoft publishes a new WsusScn2.cab file, then you would have to download the update manually from the Microsoft catalog, and then you can deploy it to target systems using the BatchPatch ‘Deploy’ feature, following this example:
Remotely Deploy a Standalone .MSU Update to Multiple Computers
When determining how to uninstall a program you need to first test it at the cmd prompt on the target computer WITHOUT using BatchPatch. This way you can determine what the quiet/silent/unattended parameter is.
I just installed FeedReader 3.14 and tested uninstalling with your commands:
“C:Program Files (x86)FeedReader30unins000.exe” /S
“C:Program Files (x86)FeedReader30unins000.exe”
Neither of those commands will perform a silent/quiet/unattended uninstall.
However, the following command works properly to perform a quiet/silent/unattended uninstallation of FeedReader 3.14:
“C:Program Files (x86)FeedReader30unins000.exe” /silent
When you check the box to ‘Run task immediately upon detecting target computer online’ the setting is saved only to the row or rows that you apply it to. Then if you view the task/schedule that is applied to a row that has the setting, then you will see the checkbox is checked. However, if you view the schedule of a row that does not have the setting, then the checkbox will not be checked. Or if you have multiple rows selected when you go to ‘Create/modify scheduled task’ when the Task Scheduler window appears the box will only be checked if all rows have the setting applied. If only one or some of the selected rows have the setting applied then when BP launches the Task Scheduler window, it does not auto-check the box or auto-populate the task/schedule because the multiple rows do not share the same schedule, and only a single schedule can be shown in the window at one time. This does not mean that the setting is not applied to a row that you applied it to. It just means that the GUI won’t show the box checked when you are launching the GUI. If you want to always see it reflect the setting that is applied to the row, then make sure to only have the particular row that you’re interested in selected when you re-open the ‘Create/modify scheduled task window’. I hope this clarifies things for you. It’s a bit tough to explain it clearly in writing, but hopefully you understand what I mean.
-Doug
Unfortunately there is not currently a way to have BP pass the $user to your script the way that it can with $computer. We’ll consider this for a future build.
-Doug
In the current build it’s not possible, but we are working on it for a future version.
Thanks,
Doug
All of the steps are the only/all of the reasons that there would be a discrepancy. How are you determining that there are applicable updates for the computers that BP is not reporting?
What action are you executing? Could you provide the verbatim text from the ‘All Messages’ column, please?
Well I guess the first question is if you are suggesting that BP is reporting an incorrect result, how are you determining that there are applicable updates for the computers that BP is not reporting?
If you have only gone through *most* of the steps, as you said in your posting, I would suggest going through *all* of the steps because all of the steps are all of the possible reasons why BP would give you unexpected results. There really aren’t any other possible reasons, or at least none that we are currently aware of.
-Doug
Please review the BatchPatch FAQ for the following question (number 2 in the FAQ):
“Why does my search for available updates at the Windows Update control panel GUI not report the same number of available updates that BatchPatch reports when I use it to check for available updates on the same target host?”
Hi James – If you have multiple users logging on to a computer, how do you determine the SID of the ‘primary user’ ? What criteria do you use to make the determination of who is primary vs who is secondary?
I’m actually not quite sure what you are referring to. I’ll try to cover all possibilities here…
1. In BatchPatch you have the ability to enter ‘Alternate Credentials’ for any row/host, which enables you to remotely perform actions on a target host with a logon account that is different from the logon that is used to run BatchPatch.exe. When you save a BatchPatch grid to a .bps file, the default behavior is for BatchPatch to encode/obfuscate the ‘Altnerate Credentials’ password that you entered into the row (or rows) in the .bps file. The password is not in plain text, but still this does not provide any real protection because it’s not encrypted, so if you want to *really* protect the .bps file then you need to either use your own encryption or you may use BatchPatch built-in encryption under ‘File > Password protect’. You can also optionally use ‘Tools > Settings > General > Require/force password protection to be used for all grids’ which forces you to use ‘File > Password protect’ for all grids.
2. Windows provides the ability for a computer to automatically logon with username/password that you store in the registry of the computer.
How to turn on automatic logon in Windows
This information is stored in plain text in the registry, and it has nothing to do with BatchPatch other than that BatchPatch provides the ability for you to input the information into a target computer’s registry automatically so that you don’t have to do it manually. BatchPatch provides this feature under ‘Actions > Reboot > Configure autologon after reboot’
I hope this helps.
-Doug
I’ve sent you an email for further troubleshooting and to see screenshots etc.
Dennis – If ‘dual-scan’ is enabled, it really has nothing to do with BatchPatch. BatchPatch doesn’t bypass your local WSUS– it’s a Windows OS issue. Windows is the culprit for this behavior.
Those articles that I linked to previously explain exactly how to determine if dual-scan is enabled and exactly how to disable dual-scan. It is very specific, and the instructions must be followed carefully and exactly. One of the articles even explains the cause of the error that you mentioned (-102: Failed to execute the search. HRESULT: -2145103860) in the ‘Additional Notes’ section. This error is caused by enabling a particular GPO, but that GPO is *not* the solution to disabling dual scan, so it seems to me that you may not have followed the *exact* instructions in the links that I provided to you.
I would ask you again to *please* follow the instructions *exactly.*
You need first confirm if Dual Scan is enabled or not. The process for this is described in the section titled:
‘How To Confirm If “Dual Scan” Is Or Is Not Enabled’ which appears in the following article:
Deciphering “Dual Scan” Behavior in Windows 10
And then if it is enabled you must follow the instructions to disable Dual Scan under the section titled:
‘How to Disable “Dual Scan”‘ which appears in the following article:
Antivirus or other security related software could be the culprit. If you can you should whitelist psexec.exe, psexesvc.exe, and batchpatchremoteagent.exe. Another thing to try is using a custom remote service name under ‘Tools > Settings > Remote execution > Use PsExec – r switch’. This is sometimes enough to bypass antivirus software.
Great! Thanks for confirming that it worked.
-Doug
Grace – When you posted about this last week I asked you to contact support directly to troubleshoot. When you contacted us directly you then told us that you are not going to manage this server anymore and that we should drop the ticket. And now you are posting about this same error again in a new thread. Would you please instead reply to my last email… In that email I had made a suggestion for you to try and also requested more information if that suggestion failed.
Thanks.
BatchPatch does work with Windows 2000 targets (SP3 and SP4). However, we do not officially support Windows 2000. I would recommend reviewing the following link to help get to the bottom of the issue:
‘Access Denied’ is always a permissions problem. Please review the following two links:
I’m glad you got it worked out. When BP installs the service, it does not allow you to change the user. It must be installed as the user that is running BP. In order for it to be set to Local System, someone would have had to have gone into the services console and changed it. This would definitely break it.
-Doug
Based on what you are describing it sounds like you might have “dual-scan” enabled on these computers. Microsoft introduced new behavior to the Windows Update Agent (WUA) recently that can cause computers to scan against Windows Update or Microsoft Update instead of your local WSUS, and it sounds like you might be affected by it.
We have two blog postings about this topic that explain what it is, how to tell if it’s enabled, and how to disable it. Please read through them very carefully and thoroughly. Let me know what you find.
Deciphering “Dual Scan” Behavior in Windows 10
Other possible reasons for why different updates might be displayed when checking for updates directly on the computer through the Windows Update control panel vs checking for udpates through BatchPatch are explained in question 2 in the FAQ
-Doug
You can certainly try uninstalling/reinstalling though I’m not sure that it will have any effect. The error in your service installation log indicates that you cancelled the installation one time when you first went to install it. It’s not a big deal. I assume you were just testing and then soon after you completed the installation, it seems.
We can see in your log that the BatchPatchServiceInstance.exe starts successfully but then stops or is killed soon after. The question is why does it stop or why is it killed. Do you have any software on the computer that could do such a thing? Antivirus? HIPS? Can you also confirm that you are not launching BatchPatch.exe from within the BatchPatch.zip? This can cause issues. You must first extract BatchPatch.zip so that BatchPatch.exe can be launched on its own instead of directly from within the .zip file.