Assumptions
- Relevant patches are in WSUS
- Relevant machines are reporting fine to WSUS (and show as 100% in endpoint readiness)
- It's been more than 24 hours since patch Tuesday (see relevant configuration below)
Observations
- Endpoints have Patching Status = No Status
- Note: for non-domain joined machines, please check if there is a local policy object overriding registry settings
- Endpoints have patching status, but do not have latest patches
Next Steps
- Check what is the total number of patches in WSUS and compare that to what is showing in JetPatch
- Check intigua.properties and remove any line regarding pg.wsus.update.num-to-fetch and then restart tomcat
- Run a full WSUS scan (it may take 10-20 mins across a few script cycles)
- Check manager logs: vmanage.log (errors on wsus get updates)
If there is still an issue, please do the following in order:
- Remove WSUS discovery source
- Remove WSUS connector from servers tab
- Remove WSUS entry from servers tab
- Re-add WSUS server as standalone device
- Re-deploy WSUS connector (latest version)
- Re-add WSUS discovery source
Relevant Configuration
By default, WSUS get Updates runs once a day, you can modify that by adjusting the following property. Example, if you would like 18 hours:
# Configure the 'WSUS get Updates' Script interval pg.wsus.update.job.interval.sec=64800
In addition, you can manually run WSUS get updates by following this article.
Comments
0 comments
Please sign in to leave a comment.