Overview
The Endpoint Readiness Settings allow administrators to configure how JetPatch evaluates whether endpoints are ready for patching.
Settings include enabling or disabling the readiness feature, defining required repository configurations per OS and network segment, configuring Linux subscription checks, and setting readiness check intervals and WSUS communication thresholds.
Settings can be accessed via the button in the upper right corner of the Endpoints → Readiness page.
Readiness Visibility
In the Endpoints > Readiness table, a new column "Last time 100% ready" has been added (v4.2.8). This column displays the specific date and time an endpoint last met all readiness criteria, providing better historical context for troubleshooting intermittent readiness issues.
Enable Endpoints Readiness
The Endpoint Readiness feature can be disabled/enabled.
If Readiness is disabled, all exemptions will not appear, and JetPatch won’t inform the user about endpoint issues related to patching readiness.
Required Repository Configuration
JetPatch needs to know which repositories the environment is configured for in order to make sure it is all set up as expected to ensure high security.
A new configurable repository must have:
- Name
-
Endpoint specifications:
- Operating System: The OS that can work with the configured repository.
- CIDR list: Specify the endpoints needed to be configured in the repository using a CIDR entry.
-
Repository specifications:
- List of enabled repository IDs. To fetch the repository ID from an endpoint:
- Windows OS: The IP/Hostname of the WSUS appears in the endpoint configuration as specified in "Specify intranet Microsoft update service location". More information can be found in WSUS Configuration ("Endpoint server configuration" section).
-
Linux OS - YUM-based systems:
- "yum repolist -v" or "yum repolist all -v" (to see disabled repositories also).
- The value for the settings should be the same as the "Repo-id".
- "yum repolist -v" or "yum repolist all -v" (to see disabled repositories also).
-
Linux OS - ZYPPER-based systems:
- "zypper repos".
- The value for the settings is under the "Alias" column.
- "zypper repos".
- List of enabled repository IDs. To fetch the repository ID from an endpoint:
| Note: You can also run the built-in endpoint readiness task to gather this information for Linux OS. |
- Configured Repositories Exemption Handling: If the "Exempt endpoint not matching any OS and CIDR combination from the list above" flag is marked,
- JetPatch will exempt all endpoints without any matching OS and CIDR entry in the Required Repository Configuration (endpoints with "Unknown" status on the "Repository Configured" criterion).
Add Repositories - Manual
- By selecting the manual addition option, the system will behave as it does currently without any changes.
- The Add button will be disabled until an operating system is selected and all Repository fields are filled.
- When the user presses Add, the repositories will be added to the list with relevant details.
Add Repositories - Autocomplete
| Note: If you just enabled endpoint readiness for the first time, it may take 30 minutes before autocomplete starts working. |
By selecting the Autocomplete Addition option:
- A new Search Field will be displayed.
- Watermark: Enter endpoint name / IP.
- The search will bring all matching Applicable Endpoints and display them in a table with the following information:
- Name
- IP
- Operating System
- Repositories
- When the user selects lines, the repositories will be auto-added to the Repositories list with all relevant details.
Endpoint Repositories - Search Behaviors:
- Search by name: Search type is “Include”.
- The table will be updated according to typed characters – minimum 2 characters.
- No Matches: An information message will be displayed: “No Endpoints found”.
- Delete Search Value: The endpoint repositories table will not be displayed.
Linux Subscription
-
"Check Linux subscription as a readiness criterion".
-
Enabled
- JetPatch will consider endpoint subscription as a readiness criterion.
-
Disabled
- JetPatch will not check for endpoint subscription (to support local repository environments).
-
Enabled
| Note: In any case, there is an exception list to provide endpoints that should be treated differently. |
| # | Setting | Endpoint Exception List | Result |
| 1 | Check Linux subscription as readiness criterion = On | EP1 | JetPatch won’t check subscription readiness for EP1. |
| 2 | Check Linux subscription as readiness criterion = Off | EP2 | JetPatch will check subscription readiness for EP2. |
Readiness Checks Interval and Timeout
Defining readiness checks intervals and timeouts:
| Setting | Description |
| Not-ready endpoints will check readiness criteria every (minute) | The frequency of readiness checks for not-ready endpoints. |
| Ready endpoints will check readiness criteria every (minute) | The frequency of readiness checks for ready endpoints. |
| Timeout for readiness check operation is | Timeout for the readiness check operation. |
Endpoint Communication with WSUS
Defining the “WUA communication” readiness limit (default 1440):
| Setting | Description |
| The last status reported for Windows Update Agent to WSUS should be less than (minutes) | If a Windows endpoint didn’t communicate in the configured time, JetPatch will raise an exemption. |
|
Note: The configured value for Endpoint Communication with WSUS should be higher than the Discovery Source WSUS scripts run frequency: discovery-source.WSUS.success.sleep-time.min (default 20) discovery-source.WSUS.error.sleep-time.min (default 20) For WSUS-less Environments: For endpoints configured for WSUS-less patching, the "WUA communication" limit behaves differently. Since these endpoints do not pre-download patches, ensure your Maintenance Schedule is long enough to cover both the download from Microsoft Cloud and the installation phase. |
Required Repository Configuration Examples
Windows - Single WSUS
Environment details:
- A single (Main) WSUS in the environment.
Required Repository Configuration Settings:
- A single entry that will apply to all environments, without a CIDR limitation. Use CIDR 0.0.0.0/0 – JetPatch will match any endpoint in the environment with the configured repository entry.
Windows - Multi-WSUS (Main-Replica Architecture)
Environment details:
- A Main-Replica WSUS architecture. Usually, the Replica is configured for a remote site with a special CIDR range.
Required Repository Configuration Settings:
- One entry pointing to the main WSUS without CIDR limitation – 0.0.0.0/0.
- Another entry is configured for endpoints that communicate with the Replica with the required CIDR list.
|
Notes: • If an endpoint should communicate with the Replica WSUS but is configured for the Main WSUS – JetPatch won’t detect it; it will be in a “Ready” state. • If an endpoint should communicate with the Main WSUS but is configured for the Replica WSUS (and it’s not in the IP range of the CIDR) – JetPatch will detect it and the endpoint will have an “Unready” status. |
Windows - Multi-WSUS for Public vs. Private Networks
In some environments, you may want all endpoints on private IP ranges to connect to the primary (Main) WSUS and all endpoints with public addresses to connect to the replica WSUS.
| Network | Configuration |
| Private Subnets → Main WSUS |
Create an entry for each private IP range that should use the Main WSUS (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). In these entries, set the OS and repositories as needed, and define each CIDR block. |
| Public Addresses → Replica WSUS |
Create another entry using 0.0.0.0/0 for endpoints outside your private IP ranges. Point this entry to the Replica WSUS. |
Linux - Multi-OS & Several Environments
Environment details: Several Linux flavors in different sites.
Example - RHEL 8 & 7 in two sites (A & B):
- RHEL 8 in site A – should communicate with repositories A and B
- RHEL 7 in site A – should communicate with repository C
- RHEL 8 in site B – should communicate with repository D
- RHEL 7 in site B – should communicate with repository E
Required Repository Configuration Settings: An entry should exist for each Linux flavor in each site:
| OS | CIDR (Site) | Repositories |
| RHEL 8 | Site A | Repositories A and B |
| RHEL 7 | Site A | Repository C |
| RHEL 8 | Site B | Repository D |
| RHEL 7 | Site B | Repository E |
|
Notes: • If you add repo IDs with optional or extra, it will fail the Advisory Ready check, because no advisories exist in optional or extra repos (RHEL example). This is a known issue and will be fixed in a future version. For now, remove those repos from endpoint readiness. • If you don’t have the exact CIDR block for a site, you can put 0.0.0.0/0, but JetPatch will not detect situations where endpoints are communicating as if they are in a different site. • JetPatch assumes that the repositories should be enabled. JetPatch ignores disabled repositories. |
Related Articles
- Endpoint readiness overview
- Readiness criteria guide and troubleshooting
- What is the patching checklist?
- Running a task
Comments
0 comments
Please sign in to leave a comment.