Forum Replies Created
-
Posts
-
Create a local command in BatchPatch (‘Actions > Execute local process/command > Create/modify local commands‘) with the following syntax:
cmd.exe /c start \\$computer\c$or
cmd.exe /c start \\$computer\SomeOtherFolderYou will then see your local command under ‘Actions > Execute local process/command > Execute saved local command‘. You can also add a toolstrip button with ‘Tools > Customize visible toolstrip buttons‘. Just scroll to the bottom of the ‘Customize Toolstrip’ window and check the box next to the local command that you created.
Use remote desktop to connect to the jump server, and then use BatchPatch inside the remote desktop window.
If the connection drops enough to break the download, it is not resumable, unfortunately.
BatchPatch first does a ping, if the ping is successful, it does a WMI query. If the WMI query is successful, BP considers the target host to be online.
The method for how you determine that a machine is online is probably less important than how you determine that the machine has first actually gone offline and then come back online. If you want to speed up your current process so that you are not always waiting the full 5 minutes in between reboots, if you’re dealing with physical hosts then I would suggest that you consider the job queue option for “Wait for host to go offline and come back online.” If you’re dealing with VMs that can reboot extremely quickly, then this item can be problematic. The issue is that if a reboot of a VM occurs within just several seconds, which isn’t uncommon, then the machine won’t be successfully detected by BP as having ever gone offline. For physical machines, which generally take many seconds (or even minutes) to perform their reboot process, we have not ever observed this to be an issue.
Another way to do this that you could consider is using a custom script that you write that checks the last bootup time property on the target computer before it executes a reboot, and then checks the last bootup time property again on the machine after that. The script can then compare them to determine if the machine has definitely been rebooted and is now back online. We might add something like this in a future version of BP, but at the moment you’d have to script it out yourself.
That sounds right:
0x80244022 -2145107934 SUS_E_PT_HTTP_STATUS_SERVICE_UNAVAIL Http status 503 - temporarily overloadedMy first question is what is the purpose of having step 2? What is the advantage to checking for a logged-on user and logging that user off before you reboot in the following step? And what is the purpose for even checking pending reboot if you’re going to reboot no matter what in step 3? Why not just skip those steps? In the queue you posted they appear to have no real utility that I can discern. What I mean is that a reboot will automatically log the user off anyway, so what advantage is there to logging the user off first and then doing the reboot? For what you have described it seems sufficient to simply do the reboot.
Additionally, consider that what you’re describing with first checking to see if anyone is logged on before executing a logoff procedure would also be unnecessary. That is, if you really want to perform a logoff operation separately from a reboot, you could simply execute a logoff command without ever checking to see if anyone is logged-on. Simply executing a logoff command would be sufficient. It wouldn’t matter whether or not someone was logged on or not.
You can use the following syntax inside of a BatchPatch remote command to perform a standard logoff:
powershell.exe -ExecutionPolicy Bypass -command "(Get-WmiObject -Class Win32_OperatingSystem).Win32Shutdown(0)"or a forced logoff:
powershell.exe -ExecutionPolicy Bypass -command "(Get-WmiObject -Class Win32_OperatingSystem).Win32Shutdown(4)"The scheduler works across all tabs. I’m not quite sure what you’re describing. If you have an active support contract with us you should please contact us directly so that we can review your setup
There is not currently a credentials locker. We’ll consider this.
However, when you enter a username/password that needs to be applied to a group of hosts, you can apply that logon account’s credentials to numerous hosts in the grid at the same time by just selecting multiple rows in the grid before you click “OK” in the BP Credentials form. You don’t have to individually select a credential for each row. You can just do many rows at the same time, so long as all of the selected rows at any given time use the same credential.
You can search with ‘Grid > Find in grid’ or CTRL-F.
A filter option will be available in the next version, which we are hoping/expecting to publish in the next handful of days.
Hmmm… There is no such limitation that we are aware of or that has ever been reported or that we have ever encountered ourselves. I’m not sure what to make of this observation. My initial reaction is that maybe in your troubleshooting something seemed to indicate that it was a BP limitation/issue when in reality it actually turned out to be due to something else such as a setting or password policy or something like that on your computers? I think the only way that we could conceivably figure this out with certainty is if you could provide us with the exact password that you were using… or if you are able to reproduce it with a different password and then provide us with that different password. I wouldn’t want you to do this unless it’s not in use anymore, and also I would have you send it to us via email, not in the forum here. Then we could test that exact password to see if we can reproduce the failure. Maybe somehow a certain character or sequence of characters could possibly create a weird/unexpected interaction in BP? I honestly don’t know how this could occur, but weird/obscure bugs can/do occur, so it would be hard to rule it out with certainty until we can test a password that is known to cause the problem for you. Let me know if you want to try this. Or feel free to email us through the contact form on our main website, and we can go from there. Thanks.
I’m not sure what you’re asking. I need you to please clarify. For that matter, I’m also not sure what you’re describing about setting the local admin password too strong.
Anyway, if you specify alternate credentials in BP for a given row, you just input into the BP Credentials form the username and password that you defined for the particular user account on the target computer. There isn’t anything else special to do there.
I did a full scan and confirmed the following:
The repository generated by the Dec 2021 WsusScn2.cab file is 451GB.
The repository generated by the Jan 2022 WsusScn2.cab file is 467GB. It contains an additional 16GB of update files that are not part of the Dec 2021 repository.
Everything looks normal/correct/expected to me.
Hello – Can you clarify what you mean by “growth to x2 x2.5” ?
It seems like you’re trying to say that the size on disk of the repository has doubled? Is this correct. And what are you comparing this to? Are you saying that the January 2022 repository is double the size of December 2021 repository?
Also, you mentioned that Jan 2022 Microsoft has updated the offline scan file. Yes, Microsoft updates this file every single month. The fact that you mention this leads me to believe that maybe you have not been updating your scan file every month? And so are you comparing the repository size in Jan 2022 to some long time ago instead of to Dec 2021? It usually grows each month.
I did a quick scan, and it looks to me like the Jan 2022 repository is about 15GB larger than the Dec 2021 repository for the particular selections that you mentioned. Are you seeing something different?
You also mentioned a 2012R2 reboot loop issue. What does that have to do with the repository size?
Hello – There is not currently a CLI/API. We will consider this for a future version. Thanks.
First, check the Windows Update control panel on a target computer directly without using BatchPatch. Does the control panel show the same updates that you’re expecting to see based on what you are seeing in WSUS? The link below describes every possible reason why you might not be seeing updates in BatchPatch that you’re seeing in the Windows Update control panel of a given target computer.
BatchPatch and the Windows Update Control Panel Report a Different Number of Available Updates
Thanks. We’ll consider this.
Thanks. This is very helpful feedback.
Can you tell me specifically which menus you’re talking about? When you right-click on a row, the first menu that appears is the Actions menu. Is that the one you’d want to compact? Or is it a submenu of the Actions menu that you’d want to compact, like maybe the ‘Actions > Windows Update’ menu?
Thanks.
No. Are you running BP on a machine with a low resolution?
We realize the menus are not small. This is the tradeoff we made for us wanting items to be readily available without having to drill down multiple layers deep for commonly executed items.
We’ll consider this for a future build.
However, in the meantime you might consider customizing the toolstrip menu items. If you want you could put all of your commonly used items on the toolstrip, and then mostly avoid using the right-click menu altogether. See ‘Tools > Customize visible toolstrip buttons’
You can do this with BP. I would recommend using the ‘Advanced Multi-Row Queue Sequence’. It works in conjunction with the job queue to enable you to orchestrate a sequence across numerous hosts, with whatever dependencies etc. Here are a handful of tutorials/examples, so you can see how it works:
https://batchpatch.com/advanced-multi-row-queue-sequence-video-tutorial
https://batchpatch.com/advanced-multi-row-queue-sequence-contingent-operations-with-custom-scripts
https://batchpatch.com/custom-update-and-reboot-sequences-for-multiple-computers
https://batchpatch.com/virtual-machine-guest-host-update-and-reboot-sequence-automation
https://batchpatch.com/advanced-multi-row-queue-sequence
If, as you mentioned, this would all be much easier to do with a script, what role would you have BP play at all? I mean in that case why not just do it all with a script and not involve BP at all? I’m curious to understand what you had in mind for the role that BP would play (I mean if BP had a CLI/API). It helps for us to understand this kind of thing so that when we are deciding on new features etc, we have an idea for the expectation people have for how things would work. In the particular case that you described, I think perhaps you just weren’t aware of the advanced multi-row queue sequence, which will enable you to do the things that you described. However, if after reviewing the advanced multi-row queue sequence functionality you still believe that your process is better suited to all be manually scripted, then I’d be interested to know specifically which actions you would have BP performing in that process vs which actions you would find preferable to not use BP for. Thanks.
BP does not support command line arguments. There is no API.
That said, BP can handle a lot of dependency situations etc, generally with much more flexibility than an external scheduler. If you describe specifically what you’re trying to do or accomplish, I can let you know if/how you can do that in BP.
I would start by rebooting the BP computer and then try again with just a single row and see what happens. It’s unclear to me what would be causing this aside from an OS CPU/thread bottleneck of some kind.
No, there isn’t debug logging that will provide more info on this error.
Are you using integrated security or are you specifying alternate credentials in the row?
Is the target computer on a domain or is it standalone/workgroup?
Are you able to successfully use ‘Actions > Get information > Get last boot time’ in BatchPatch for that same target computer or does it produce an error too?
Are you able to successfully use ‘Actions > Windows Updates > Check for available updates’ or does that produce an error too ?
I’m honestly not sure how else to explain it. There are two different files. There is PsExec.exe and there is PsExeSvc.exe. PsExec.exe runs on the BP system. PsExeSvc.exe runs on the target systems while an action is executing. The -r switch effectively enables you to change the name of the PsExeSvc.exe to something else, such as BPExeSvc.exe, when it runs on target systems. But for the sake of this discussion, forget about the -r value for a moment. The point is that there are two files. PsExec.exe on the BP system, and PsExeSvc.exe on the target systems. You keep asking if -r is a veil for PsExec.exe, and what I keep trying to describe to you is that -r has nothing to do with PsExec.exe on the BP system because -r is there to change the name of PsExeSvc.exe when it runs on target systems.
Whether or not your protection application will flag PsExeSvc.exe in the same way that it flags PsExec.exe is not something that I can tell you. You will need to test it. PsExec.exe and PsExeSvc.exe are two different files, but PsExeSvc.exe is contained inside of PsExec.exe, so there certainly could be overlap when it comes to a detection algorithm looking at them, but it’s by no means a guarantee. With all that said, from what we have seen, these detection systems are generally not at all sophisticated. Even with PsExec.exe containing PsExeSvc.exe inside of it, it’s still very possible that PsExeSvc.exe will bypass detection. Furthermore, in cases where PsExeSvc.exe does *not* bypass detection, using the -r switch to change the name will in 90% of those cases actually cause detection to be bypassed due to the lack of sophistication in how the detection works in most applications. While your test of renaming PsExec.exe to readme.txt does not enable readme.txt to bypass detection, you should definitely still test PsExeSvc.exe both with and without -r to see how it behaves and if your detection system detects it when it’s PsExeSvc.exe and/or if it detects it when the -r value has been used to rename it to something else such as BPExeSvc.exe or whatever. We simply don’t know enough about exactly how your application will perform detection of these files, and we don’t know exactly what’s happening under the hood of the renaming process when using the -r value, and this is why it’s important to test it. We could go back and forth on it all day long, but until you test it, you won’t know the bottom line.
We haven’t ever heard of this or seen this error, but I suspect it’s not a very commonly used feature/function. I’m not sure why it isn’t passing through a reason… we can look at improving the error handling, which would help troubleshooting. That said, my guess is that if everything else in BP is working fine, then there is some type of permissions issue specific to viewing events on that target, so I would start by assessing permissions. Also try to connect remotely without using BP. I mean open Event Viewer on the BP computer, and then inside Event Viewer on the BP computer try to use the “Connect to Another Computer” option by right-clicking on the upper-left tree view where it says “Event Viewer (Local)”. See if you can connect to the target computer that way. If it’s not successful, maybe it provides a more detailed error.
To be clear… I’m making no comment about how your system detects the file. I’m just telling you the files that are involved and their names and where they run. You’ll have to assess if and how your system identifies the files in question.
There is a file, PsExec.exe, that runs on the BatchPatch system. On every target system there will be a different file that runs, which is named PsExeSvc.exe. If you use the aforementioned setting to specify a new name for PsExeSvc.exe, then on target systems you won’t see PsExeSvc.exe but rather will see it named BatchPatchExeSvc.exe or whatever you choose to call it.
PsExec.exe runs on the BatchPatch system. Its remote agent, PsExeSvc.exe, runs on target systems. In BatchPatch if you use ‘Tools > Settings > Remote Execution > Use PsExec -r switch’ which is both recommended and is also the default setting, then instead of PsExeSvc.exe running on target systems, BatchPatchExeSvc.exe will run on target systems (or whatever name you input in the aforementioned setting box).
106G means that the target computer was able to communicate with the WSUS, but the search was not able to complete properly. In the past we have only ever seen
HRESULT -2145124338 => 0x8024000E WU_E_XML_INVALID Windows Update Agent found invalid information in the update's XML dataHowever, in your case you’re seeing
HRESULT -2145116137 => 0x80242017 WU_E_UH_NEW_SERVICING_STACK_REQUIRED The OS servicing stack must be updated before this update is downloaded or installedMore info at the following link, but I think your easiest option is probably to run Windows Update one time with the server selection in BP set to ‘Windows Update’ or ‘Microsoft Update’. After installing updates that way and rebooting, your check for updates against the managed WSUS should work. If for some reason that doesn’t work then you’ll likely need to locate the standalone servicing stack update that your machines need in the Microsoft Update Catalog directly. Then install it manually or with the Deployment feature in BP.
If you have an active support contract with us please contact us directly for further troubleshooting. We’ll need to see more details to assess what’s going on.