10 Replies Latest reply on Feb 3, 2016 6:06 PM by baotran

    Automated PC Wake-Up and Patching

    sthon Apprentice

      We want to get rid of the users interaction with windows patch management. So we decided to look into automated waking up the PCs at night and installing patches at that time.

       

      At the moment users see when OS-Updates are due to install and the can reschedule the installation for 24hrs and can also reschedule any necessary reboots by 12hrs.

       

      I am a little unclear how to set up LANRev exactly to handle this better.

       

      Here is what i have so far:

       

      • Configure BIOS on each PC to accept magic packet (can be done via DELL Command Configure)
      • Configure Windows Energy Options for the network adapter to wake up on magic packet
      • I am now able to wake up the targeted PC via the wake up command

       

      Here is what i am thinking for the next steps, please correct me if I am wrong:

      • Configure each and every Patch to
        • install only at night (somewhat between 10pm and 4am should be ok)
        • Install only when no user is logged in
      • Create a repeating command for all Computers to wake up once a week or month or whatever
      • Have the computer check for updates

       

      Problems I can think up so far:

      • Powering on all Computers at once will probably blow the fuses
        • I would have to group the systems into smaller groups to minimize the risks
        • How can I update the recurring command I get new Computers? afaik Commands can only be applied to computers, not computer groups (which i could make dynamic)
        • Which command exactly, do i have to send to the newly woken PCs to have them check for updates and install them?
        • Can I automatically shutdown the PCs after all updates have been installed? I know, I can configure the packages to shutdown the PC after installation, but multiple packages are installed, will it shutdown after the first successful installation?
        • 1. Re: Automated PC Wake-Up and Patching
          patgmac1 Expert

          You most certainly can send a command to a smart group. In your command window, drag your smart group to the target computers side tab window.

           

          The command to have them check for updates would be "Run software distribution check". Schedule that for sometime after the wake command, probably at least 10 minutes. But they should do an SDCheck on their own once they're powered on so you might not need it.

           

          The shutdown may be tricky. You can probably schedule it for a couple hours after the original wake command was scheduled. But you may be better off having a power management settings policy to shut machines down after n minutes of inactivity.

          1 of 1 people found this helpful
          • 2. Re: Automated PC Wake-Up and Patching
            sthon Apprentice

            Holy sh*t, i didn't even think of trying to drag a computer group into the commands menu. Thanks Patrick. Will the computers in the group get updated when the computers behind the smart group change?

            • 3. Re: Automated PC Wake-Up and Patching
              patgmac1 Expert

              Stefan Thon wrote:

               

              Holy sh*t, i didn't even think of trying to drag a computer group into the commands menu. Thanks Patrick. Will the computers in the group get updated when the computers behind the smart group change?

              If it is a repeating command, yes.

              1 of 1 people found this helpful
              • 4. Re: Automated PC Wake-Up and Patching
                sthon Apprentice

                I just tested it with a custom field and a repeating Send message, then changing the custom field to change the PCs in the smart group and it works.

                 

                Do you have any other advice on the topic?

                • 5. Re: Automated PC Wake-Up and Patching
                  patgmac1 Expert

                  Another thing you can consider is turning off regular SDChecks. By default, it's set to check for software every 60 minutes. You can set this to zero so that you can fully control what times the SDCheck happens. But this would also mean any non-OS software you have assigned will not be installed during the day either. But setting the install times on the patches will help here too.

                   

                  Also consider setting a global agent pref to prevent SDCheck from occurring when a user logs in. Logging into system triggers SDCheck

                  • 6. Re: Automated PC Wake-Up and Patching
                    sthon Apprentice

                    Regular SDChecks is acutally a thing we like as our users tend to get quite annoying when a installation doesn't happen as fast as they want.

                    • 7. Re: Automated PC Wake-Up and Patching
                      sthon Apprentice

                      I was wondering, why I should send a wake-up bevor the actual command, as I can configure the command to wake the computer up when it's not available.

                       

                      Lanrev Command + wakeup.PNG

                       

                      But with the command like that it produces the error message "Could not connect to target host (target not reachable) (Error=1306)."

                       

                      Funny - thing is, the first time I tried it, it worked flawless.

                       

                      A wake-up on the same hosts wakes them up without problems.

                       

                      Is that the reason why you wrote wake-up then send the command?

                      • 8. Re: Automated PC Wake-Up and Patching
                        jonbays Apprentice

                        There are limitations in the way the magic packet is handled in some network cards, switches and routers.

                         

                        HEAT EMSS has long had Wake on LAN features which may help understand how to make this work in a HEAT LANrev environment.

                         

                        To power-on network endpoints, HEAT EMSS Wake on LAN requires you to designate Wakepoints, PC's that are never switched off!

                         

                        Wakepoints are endpoints that relay server wake requests to other network endpoints, thus waking them without a physical presence. HEAT Wake on LAN sends wake requests to wakepoints using the user datagram protocol (UDP). Wakepoints then relay the request to agent-managed endpoints. Wakepoints disperse relayed wake requests through routers and firewalls. This avoids direct broadcast and multicast, which can cause excessive network bandwidth consumption. Additionally, routers may block UDP packets sent by other subnets. Successful wake request outcomes are contingent upon firewall and router settings.

                         

                        Each segment of your network (VLAN) requires at least one wakepoint. However, HEAT recommends assigning multiple wakepoints to each network segment. This practice ensures there are multiple distribution points within a network segment, therefore ensuring endpoints receive wake requests in the event that a router blocks a wake request.

                         

                        Even then the WOL isn't always consistent due to other factors.

                         

                        For instance Windows 8 endpoints do not respond to HEAT EMSS Wake on LAN wake requests if their last shutdown was initiated using the Windows 8 GUI. Shutting down Windows 8 using this method closes sockets used by HEAT Wake on LAN to initiate wake requests.

                        1 of 1 people found this helpful
                        • 9. Re: Automated PC Wake-Up and Patching
                          baotran Apprentice

                          Just one other piece of info that you might find useful about the repeating commands and how often LANrev recalculates the group memberships of smart groups assigned to these repeating commands. That's done on a 60 minute interval by default. So there's no point to assign a repeating command to an interval shorter than 60 minutes. It's highly unlikely that you'd ever do this but I've seen some folks do very unexpected things with the product that I never thought they would.

                          • 10. Re: Automated PC Wake-Up and Patching
                            baotran Apprentice

                            The LANrev server should automatically pick a subnet representative if you try to wake an agent computer on a subnet other than the one the server is on. The device is chosen based on which devices are currently online (have a last heartbeat within the offline threshold set on the server) and has an IP on the same subnet as the target agents. The server then sends a command to the subnet representatives over TCP 3970 that tells them to send out the magic WOL UDP packet targeting the selected devices.

                             

                            This is not always successful as the chosen subnet representative device may in fact have been shut down recently within the the offline threshold. The HEMMS wake points are more reliable in this regard as they are on at all times. As you've explained in detail there's lots of other factors that come into play so that the WOL action is not always successful so this is just one more factor to add to that list.

                            2 of 2 people found this helpful