Assumptions
- Relevant patches are in WSUS
- Relevant machines are reporting fine to WSUS (and show as 100% in endpoint readiness)
- It's been more than 24 hours since patch Tuesday (see relevant configuration below)
Observations
- Endpoints have Patching Status = No Status
- Endpoints have patching status, but do not have latest patches
Next Steps
- Check what is the total number of patches in WSUS
- Edit the intigua properties (cat /usr/share/tomcat/default/conf/intigua.properties) and set the value of fetched patches from WSUS to at least 2,000 more than the value in WSUS
# Maximum number of returned patches for every 'WSUS get updates'
pg.wsus.update.num-to-fetch=10000 - Delete the full scan entry from the database :
- then restart tomcat
If there is still an issue:
- Re-add as discovery source (delete and add)
- Re-add connector
Relevant Configuration
By default, WSUS get Updates runs once a day, you can modify that by adjusting the following property. Example, if you would like 18 hours:
# Configure the 'WSUS get Updates' Script interval pg.wsus.update.job.interval.sec=64800
In addition, you can manually run WSUS get updates by following this article.
delete from configurations where key='wsus.update.full.last.run';