4 Replies Latest reply on Apr 22, 2008 2:58 AM by ThomasCollignon

    'Patch System Action' - Fails

    Binskin Apprentice


      I am currently trying to add an action to a provisioning process to automatically work out what windows + system patches are required for a new pc build, download them and install them as part of the one build process.



      So far I am finding the provided tool impossible, it continually errors out on the patch part of the process. Basically so far the provisioning job does the following:



      All the prebuild tasks



      Installs Landesk Agent



      Configures Landesk Agent



      Patch System - Fail Errrrr.



      The description of the action only stipulates the action to be completed after an agent is installed, or after the agent config action, those two steps which a previous to this succeed.



      Any thoughts on where to start looking would be great.



      Cheers - Ben



        • 1. Re: 'Patch System Action' - Fails
          SuperMan SupportEmployee

          Check the root of C: for a folder called ldprovision. There should be a log file in there called ldprovision.log. It may tell you why it's failing. If the ldprovision folder is there, then something went wrong, as it deletes itself after the provisioning template finishes.


          Also in the console right click the failing device and select 'Provisioning history', select the task you want to check, then check which action it failed and the result. You may attach one screenshot of that.

          • 2. Re: 'Patch System Action' - Fails
            ThomasCollignon Apprentice





            If I am not mistaken, the "Configures LANDesk Agent" is only used before "Install LANDesk Agent".

            "Configures LANDesk Agent" is only used for resume communication following a restart after the restored image, and continu the provisionning tasks.



            Install your LANDesk Agent, and only after, make a vulnerability scan.

            Vulscan is only published with your agent not in the "provisionning mini-agent"...









            • 3. Re: 'Patch System Action' - Fails
              Binskin Apprentice


              Thanks for the replies, it does make it a bit more clearer as to the purpose of the 'Patch System' action, all i was really after was an option to simply install all the latest detected patches on a system as part of the installation process, but by the looks of things i will need to create a batch job to run the vulnrability scanner with auto fix on.



              Or am i missing an option further here? Ive tried running the config update with clients setup to auto fix, but during the provision is runs everything but the autofix portion.



              If i manually run the Security Scan it wors as i would want it to during the install, i just want to remove this manual part of the process.



              • 4. Re: 'Patch System Action' - Fails
                ThomasCollignon Apprentice





                If you want to patch ALL Vulnerability, you find attached a template how make this.



                You can adapte this template by using this command line option:


                • /scan=0 : Vulnerability Only,

                • /scan=1 : Spyware only,

                • /scan=3 : LDMS Update only,

                • /scan=4 : Custom definition,

                • etc...

                • /Group=GroupID : to scan group of définition (can not use Spyware and Blocked application)

                • /Repair Group=GroupID


                I hope this help you.