Patch remedy update loop

Support and question forum for Patch Remedy 4 WUA plugin for LabTech. This plugin was retired on 06/01/2022. All new Patch Remedy 5 is now the current plugin. This forum is for retaining the old posts for Patch Remedy 4.
ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Patch remedy update loop

Post by ObeliskStreet »

Hi,

We have patch remedy in use for many clients, mostly successfully we think.

We have one client however which seems to be in a constant bandwidth sucking loop of downloading the same files every time the maintenance script runs.

This seems to be the one which is running over and over again, it doesn't seem to be a valid patch for the machines it is trying to install on. Both Automate and Windows update locally on the machine are reporting 100% up-to-date.

It's bad enough that it uses a whole 50Mbit connection when happening, twice a day as that's how often the maintenance script runs.

I'm not sure where to troubleshoot next.

Has anyone seen this before or offer any assistance?

Code: Select all

http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/12/windows10.0-kb4483234-x64_1181c456953109fbd5b456a8a01c2815ef197e03.msu|!c:\windows\ltsvc\PatchRemedy\windows10.0-kb4483234.msu

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

Have not yet got to the bottom of this but some further info.
On a test machine, Win10 Pro x64, 1809. Only recently setup, not on a domain, only software that didn't ship by Lenovo is Panda Antivirus.

These 3 patches have downloaded to LTSvc\PatchRemedy

1. kb4467682
2. kb4483234
3. kb4483535

None of them are relevant to this machine, 1.67GB in total. This is indicative of what's happening on the other problem machines. These are downloaded every time the maintenance script runs, so kill the bandwidth.

Can anyone help troubleshoot this? What makes Patch Remedy download these patches?

Some further info since writing this.

Seems to be when :UPDATECURRENT is used. I think turning off the Auto Update switch within Patch Remedy has stopped it happening for now but I would like to find out what is happening so we can fix properly.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Patch remedy update loop

Post by Cubert »

Let me have a review of the script and KBs to see whats going on for that version of OS.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Patch remedy update loop

Post by Cubert »

Can not say how this agent on Windows 1809 would get the following for November and then 1809 release for December.

KB-4467682 for Windows 10 1803
Release Date:November 27, 2018
Version:OS Build 17134.441


KB-4483235 for Windows 10 1809
Release Date:December 19, 2018
Version:OS Build 17763.195

The December release would seem to be accurate depending on version of plugin.

Give the following 2 cmds a try in Powershell windows on agent. See what numbers it returns

Windows 10 Build #

Code: Select all

(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name CurrentBuildNumber).CurrentBuildNumber
We are looking for 1809

Windows10 Release version

Code: Select all

(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
We are looking to be equal or greater than 17763.195

If you are above the version number then no updates should download and the agent just skips any processing.

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

Hi Cubert,

I had to switch back on the automatic updating in Patch Remedy to get some recent data and I now have some new data. Same client, picked a machine which I know had the problem.


This machine is on 1809, 10.0.17763.289 is being reported when Patch Remedy script runs, but running ver from command line on the machine shows Microsoft Windows [Version 10.0.17763.316]


This time it's downloading the February update.

http://download.windowsupdate.com/c/msd ... 487044.msu

From Windows Updates and the build number reported by the machine directly, it already has that update.

So what I think is happening is:
1. Patch Remedy checks version number, 10.0.17763.289 is reported.
2. Patch Remedy downloads and tries to run the update above
3. The update to version 10.0.17763.316 is downloaded, it can't be installed because it's already installed, repeat every time script runs.

Things I think need answered:

1. Where is PR pulling the build info from? Is this something which is stale in the LT database?
2. KB4487044 is not yet approved by our LT patching policy, is PR working as designed here? If so, should we be disabling Auto Update completely as we don't want to bypass LT policy.
3. Even if the build number is reported wrong, can PR be stopped repeatedly downloading the same file over and over?

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

Here is another example, I can see in the script where it's pulling these from.

Maintenance script runs, the 3 powershell commands have reported the below, so at this point, Patch remedy knows that this machine is on build 17134.590.

17134
590
1803

It then proceeds to run this command:

Code: Select all

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/02/windows10.0-kb4487017-x64_57e47ba6bfdbaf9ac023ee3f5663110e3262066a.msu|!c:\windows\ltsvc\PatchRemedy\windows10.0-kb4487017.msu
Which is https://support.microsoft.com/en-gb/hel ... -kb4487017 and build 17134.590

So it looks like the powershell command is correctly reporting the version as 17134.590 but the update to 17134.590 is being downloaded anyway.

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

Sorry about the multiple posts but as I find the information and trying to keep each post as easy to make out as possible.

The commands are obfuscated in LT so I can't see exactly what has ran, but earlier in the script, directly after the Windows Update service has been started, the output given is 10.0.17134.466 which is different from what the 3 powershell commands output directly after this, could it be going wrong at this part?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Patch remedy update loop

Post by Cubert »

Hmmm... ok can you add a line to 158 of the else statement in the Patch Remedy maintenance script ?
Capture.PNG
Capture.PNG (61.46 KiB) Viewed 18632 times
This should then log the versions info directly as it would be when we test the variable


Whats its output in agent script logs.

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

I have made the change to the script. I will allow it to run as normal again over one of these machines and let you know what the output is.

I'm unsure if I'm checking the correct place for logs but here is a screenshot of what I can see + copied and pasted the output.

Code: Select all

INSERT INTO plugin_sw_patch_remedy_wua (ComputerID,ClientID,WUAVersion,OS,MicrosoftUpdates) Values (5088, 73,replace('10.0.17763.289
 ','\r',''),replace('Microsoft Windows 10 Pro x64 1809
 ','\r',''),'1' ) ON DUPLICATE KEY UPDATE WUAVersion=Values(WUAVersion) , OS=Values(OS), MicrosoftUpdates=Values(MicrosoftUpdates)

The Script(6106) was successful in the Then section.

Code: Select all

Script: S6106 - Starting at Server Time: 20 February 2019 16:10:44
Script step logging has been disabled. Please set @ScriptEngineEnableLogger@ = True in your script to enable function logging.

Code: Select all

Install Command result -> OK
The Script(6106) was successful in the Else section.

Code: Select all

Script: S6106 - Starting at Server Time: 20 February 2019 16:27:54
Script step logging has been disabled. Please set @ScriptEngineEnableLogger@ = True in your script to enable function logging.
Attachments
2019-02-22 09_42_42-Veitchi_Glasgow - Head Office_VHOLDLPT001PM (5088) Phone_ -- (Primary).png
2019-02-22 09_42_42-Veitchi_Glasgow - Head Office_VHOLDLPT001PM (5088) Phone_ -- (Primary).png (18.39 KiB) Viewed 18610 times
2019-02-22-09-41.png
2019-02-22-09-41.png (39.42 KiB) Viewed 18610 times

ObeliskStreet
Posts: 9
Joined: Wed Dec 12, 2018 10:36 am
5

Re: Patch remedy update loop

Post by ObeliskStreet »

Script ran automatically over my test machine, same thing.

Output from the logging is

Code: Select all

build number = (17763
 )  UBRNUM = (316
 )  Version Num = (1809
 )
Again downloaded file again

Code: Select all

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/02/windows10.0-kb4487044-x64_6024f9853d489cf4eab66ce2145e91df45183de7.msu|!c:\windows\ltsvc\PatchRemedy\windows10.0-kb4487044.msu
  • 1. File being downloaded based on incorrect version
    2. File being downloaded even though it already exists
    3. Why is this being downloaded outside of our LT patching policy? Is the only way to stop this to turn off the auto update switch?

Post Reply

Return to “Patch Remedy for LabTech (Patch Remedy 4) Retired”