A system has to complete a scan after the patch is added to the "Scan" group before it can be repaired, LANDesk needs to know the system is vulnerable before it will patch.
If you right click on that system and choose "Security and Patch Information", does that patch show up as deteted? If not, look under the other items "Not scanned", etc) If you find it in one of them, click on it, it might give you more detail.
Our LANDesk system is added the MS12-020 to Scan group already.
I've also deploy it again to my PC with completely "Security Patch Information Scan" and "Security & Compliance Scan".
The patch still cannot be deployed successfully.
Pls advise, thanks!
OK, lets get a vulscan log file to see what the system is reporting...
If Win XP go here
C:\Documents and Settings\All Users\Application Data\vulScan
If Win 7, go here:
First, delete all vulscan*.log files
Then, on that computer run a Security Scan.
Once that completes, run a repair on it
Now, you should have 2 or more vulscan*.log files, zip them and post them here
We ended up skipping this patch, there were too many bugs with it concerning SAP and some other applications.
Would you mind telling me the info about the bugs you have mentioned...
just several critical bugs is enough and I'll consider to keep applying this patch or not, thanks
I am having the same issue (LANDesk "all patches failed" when trying to repair). I ran the standard windows updates on three machines and even windows updates failed. So I'm thinking these two patches will go into the "do not scan" folder and wait for the next version of this fix.
Sorry, I have been out of the office for a week, on one of the systems that this patch failed on, navigate to:
Manually try to run
Let me know if it fails
Do you have .msu updates that do install succesfully? Be aware that the Windows Update service needs to be running to install msu's, even if you dont want to use Windows Updates itself...
I see, that's the key point.
We disabled the Windows update service since we want to control by ourself...
I try enable one pc and test first.
Thanks for your information.
1 of 1 people found this helpful
Use this to control Windos update and to still be able to deploy MSU's:
In environments where you do not want your end users to have the option to use windows update you can use the following GPO setting to disable access to windows update but leave the service running.
Under Computer Configuration | Policies | Administrative templates | Windows Components | Windows Update. Locate the Configure Automatic Updates and "Disable" it.
On the client this setting translates to the "Never Check for updates (Not Recommended)".
The following GPO can be used to disable the Windows Update service. This needs to be enabled for patching to work.
Computer Configuration | Policies | Windows Settings | Security Settings | System Services. Locate Windows Update, it need to be "Not Defined" or "Enabled"
This method exactly can solve my problem.
The MS12 patch can be downloaded to clients and applied successfully.