Articles in this section

Missing Windows Patches in Jetpatch with WSUS (No Patching Status or Old Patching Status)

Assumptions

Observations

  • Endpoints have Patching Status = No Status
    • Note: for non-domain joined machines, please check if there is a local policy object overriding registry settings 
  • Endpoints have patching status, but do not have latest patches
  • Some endpoints have latest patches, but some do not 
    • Note: If this is the case, please temporarily disable all compliance rules to see if this solves the problem.  If it does, the problem is one of your compliance rules.

Next Steps

  1. For versions prior to 5.0 deployments that have upgraded major versions, check intigua.properties and remove any line regarding pg.wsus.update.num-to-fetch and then restart tomcat
    For versions post to 5.0 deployments, check intigua.properties and remove any line regarding pg.wsus.update.num-to-fetch.
  2. Run a full WSUS scan (this typically takes 30-40 minutes, spread across a couple script cycles of 5,000 patches each).
     
  3. Make sure the other WSUS Discovery source scripts are running successfully (if not toggle Discovery source)
  4. Check manager logs: vmanage.log (errors on wsus get updates) or discovery.log for wsus get update summaries

If you see transaction timeouts in vmange.log surrounding wsus get updates, set the following properties in intigua.properties and restart tomcat (service tomcat restart) For versions prior to 5.0.

spring.transaction.timeout.sec=14400
spring.datasource.hikari.connectionTimeout=60000

Relevant Configuration

By default, WSUS get Updates runs every 18 hours, you can modify that by adjusting the following property.  Example, if you would like 12 hours:

# Configure the 'WSUS get Updates' Script interval
pg.wsus.update.job.interval.sec=43200

In addition, you can manually run WSUS get updates by following this article.

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.