Server Patch Management Automation

Hi,
I am looking for a robust reliable tool to automate server patching. I have tried a combination of VB and Powershell scripts along with scheduled task however this was not as reliable as I would have liked. I have also been looking into third party application
but I have not yet found one that is robust and reliable.The end result is that i would like a way to do the following.
1.Work without the need for a SUS server if possible and also handle third party patches
2. perform a pre-scan that shows what patches are needed and allow me to approve those patches/ it would be nice to approve patches for specific groups of servers (critical-noncritical)
3. set groups of servers to patch on a specific day of the month at a set time and be confident that the process will kick off.
I would also like to be able to view status as machines are being patches.
4. The final thing I would like is to receive a report after the patches have been installed indicating success or failure of what has been installed.
I have found scripts that are able to do this in conjunction with WSUS however they have not been as reliable as I would like. My environment is over 90% virtualized and we have a combination of 2008 and 2012 servers.
Please let me know if there are any third party products anyone can recommend.
Thanks,
Ken

1.Work without the need for a SUS server if possible and also handle third party patches
Can you explain what you mean by the first part of this requirement?
e.g. you don't want (W)SUS because......?
Is it because you don't want to download and host the updatefiles/binaries centrally? (i.e. you want to pull them directly from the web source to the updateclient machine?
For the second part of this requirement (handle third party patches), do you mean anything and everything, or typical stuff such as is offered via SCUP catalogs, or shavlik/SPM/secunia/etc?
I assume you are seeking no-cost or low-cost options?
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Similar Messages

  • Solaris 10 - Tools for Patch Management Automation

    Hi,
    What are the best tools (both Sun and third party) for patch management automation for a company using Solaris 10 with zones?
    What are the pros / cons and cost of these tools? Which ones are the most widely used / the most recommended?
    Current objectives for automation are to eliminate the current manual processes and to reduce planned and unplanned downtime.
    Thanks!

    I don't think you would want to fully automate it. You need to be able to test patches first on a test system to ensure they don't conflict with established applications and cause problems. You wouldn't want to install patches that relate to applications you don't have, or for upgrades you do not have or don't plan on having. That said, the smpatch utility can connect with Sun Solve, find patches, and download them, even install them if desired. You could easily script the process and run via cron to make it automated. I just don't think that's a good idea without having someone make decisions on what SHOULD be patched at any given time. The SMC facility also has a function that mimics smpatch, although you could not automate that. Also, smpatch can only be run from the global zone, and patches will percolate down to non-global zones automatically - smpatch will not run in a non-global zone (unless there's been changes made recently that I'm not aware).
    There's also the problem where some patches require reboot while others do not. If the patch kills the system, what mechanism do you have in place for someone to know what patch was applied that killed the system, if the process is automated and a number of patches were applied?

  • Help required in installing VM Server and Manager 3.1.1 + latest patch.

    Hi,
    I have 3 servers with 12GB ram and two 300 GB HDD (local) each, No Shared storage.
    I am planning to install Oracle VM server 3.1.1 Build 544 and VM Manager 3.1.1 Build 524.
    VM manager installed on Dom0 in one of the VM server (found some blog which describes how to implement it).
    I have some questions running through my mind and help to solve it s really appreciated.
    1) Is ORACLE VM SERVER PATCH 3.1.1-524 RELEASE is complete OS or its just patch which has to installed over 3.1.1 VM server. Because the patch readme says *"This patch update is a complete Oracle VM Server 3.1.1 installer ISO" ??*
    2) I read somewhere in the forum that the 3.X version cannot use the disk where OS is installed as storage repository. in that case i will be loosing around 250 GB on each machine, on which i have installed VM server. Is it TRUE??
    3) Is it possible to update VM server first and then update VM manager ( before creating server pool etc) ??
    The servers are not connected to internet or SAN no i cannot use YUM or SAN update methods and I have very limited access to this servers physically.
    Thanks in advance.

    1. Its patch 544. Both can be downloaded and are complete installs. If you have YUM setup in an existing environment.... the VM servers can be upgraded via YUM. The VM Manager has to be upgraded via the installer.
    2. Yes. This is true. Maybe your local RAID controller can present the storage as two separate LUNS/Disks even though they maybe setup as a mirror. If not, then you're out of luck. Virtual box can use local storage that OS is installed on. Oracle VM 3.1.1 can't.
    3. Yes. You can install the 544 version of 3.1.1 on the servers before attaching them to the VM Manager. YUM should be used to upgrade the servers if they are already attached to a VM Manager. You would then upgrade the manager first and then upgrade the servers.

  • Eval of Patch Management in ZCM 11.2

    Hi
    I'm currently running an evaluation copy of ZCM 11.2, trying to get a
    feel for the Zenworks Patch Management product. I have a couple of
    questions/problems that I hope can be answered here.
    First, there seems to be quite a lot of trouble getting patches to
    cache. The process just stops in the middle of a patch and hangs until
    I reboot the zcm server. I've seen references to some ftf patches that
    help - is this a common problem that's helped by the ftf?
    Second, the number of vendors for which patches are available seems
    quite limited. Most of the commonly attacked ones are there, Microsoft,
    Adobe, etc., but many more are not. Google, for example is not listed.
    Some patching products have many more vendors in their database. Does
    Lumension/Novell have any strategy to expand this list?
    Lastly, the available patches for each vendor are often very out of
    date. For Sun (should be Oracle), JRE 1.7 is available, and 1.6.31, but
    not 1.6.32. 1.6.31 is a really bad version - it was a vulnerability in
    it that started us looking at patch management products in the first
    place! The Citrix list has the 12.0 client, but no Citrix Receiver,
    which is their current client..
    There's a lot of really good features in ZPM, but the problems I've
    experienced so far has made me a bit wary.
    Regards,
    Phillip E. Thomas

    Phillip,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

  • Need a Vulnerability Severity Report for Patch Management

    In the standalone version of patch management (v6.4) there was a dashboard feature on the server home page called Vulnerability Severity. It was a graphic chart that displayed the percentage of un-remediated applicable vulnerabilities vs applicable vulnerabilities grouped by vulnerability severity. This feature is not available in the BusinessObject Enterprise InfoView. It looks like the only way I have of getting this feature is to create a report, but I am not an expert at using InfoView. I was wondering if anyone had any tips on creating such a report?
    The only predefined report that even comes close is the Vulnerability Analysis report, but it's hundreds of pages long. I need something on a single page, like a chart, showing the percentages grouped by vulnerability severity (critical, recommended, optional).

    mdstewar,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Patch Manager lists patches i already installed... help!

    Update Manager is still showing 173 patches which i already installed on May 20th.
    The "Installed Patches" section is showing 0 patches.
    I am Running Solaris 10 on x86 Dual Xeon
    Once all the patches were applied I linked 2 folders off to *{color:#0000ff}/export/home{color}* to save space on the root drive...
    but as far as i was aware this should not make a difference.
    Below you can see my {color:#0000ff}*/var/sadm*{color} folder
    # pwd
    /var/sadm/patch
    # cd ..
    # ls -al
    total 38
    drwxr-xr-x  13 root     sys          512 May 21 11:16 .
    drwxr-xr-x  43 root     sys         1024 May 22 10:12 ..
    drwxr-xr-x   2 root     root         512 May 20 16:26 .patchRec
    dr-xr-xr-x   4 root     bin          512 May 20 16:26 install
    drwxr-xr-x   2 root     sys          512 Jul 21  2007 install_data
    lrwxrwxrwx   1 root     root          28 May 21 11:16 patch -> /export/home/var/sadm/patch/
    lrwxrwxrwx   1 root     root          26 May 21 11:16 pkg -> /export/home/var/sadm/pkg/
    drwxr-xr-x   2 root     root         512 Jul 21  2007 prod
    -r--r--r--   1 root     sys         1092 Jan 10  2005 README
    dr-xr-xr-x   2 root     sys          512 May 20 16:00 security
    drwxr-xr-x   7 root     bin          512 Jul 21  2007 smc
    drwxr-xr-x   2 root     sys          512 Jul 21  2007 softinfo
    drwxr-xr-x   5 root     sys         3072 Jun  6 10:26 spool
    drwxr-xr-x   2 root     sys          512 Jul 21  2007 svm3
    drwxr-xr-x   5 root     sys          512 Jul 21  2007 system
    drwxr-xr-x   6 root     sys          512 Jul 24  2007 wbemWhen i cd to {color:#0000ff}*/export/home/var/sadm/patch*{color} it lists the 173 patches.
    When i cd to {color:#0000ff}*/export/home/var/sadm/pkg*{color} it lists 1057 packages.
    In the Update Manager, the spool directory is{color:#0000ff} */export/home/patches*{color}, there are no patches in here. I cleaned them out.
    When i attempt to install an already installed patch, it fails (which is good) but doesn't remove the patch from the list.
    Has anyone any ideas how i can get Update Manager back to normal?
    Thanks
    Michael
    Please find below my suc.sh output
    Fri Jun  6 11:22:10 BST 2008
    SERVERNAME
    smpatch settings:
    patchpro.backout.directory      ""              ""
    patchpro.baseline.directory     -               /var/sadm/spool
    patchpro.download.directory     /export/home/patches    /var/sadm/spool
    patchpro.install.types          -               rebootafter:reconfigafter:standard
    patchpro.patch.source           -               https://getupdates1.sun.com/
    patchpro.patchset               current         current
    patchpro.proxy.host             my-company-proxy        ""
    patchpro.proxy.passwd           ****            ****
    patchpro.proxy.port             8089            8080
    patchpro.proxy.user             ""              ""
    smpatch analyze:
    120901-03 SunOS 5.10_x86: libzonecfg patch
    121334-04 SunOS 5.10_x86: zoneadmd, zlogin and zoneadm patch
    119255-53 SunOS 5.10_x86: Install and Patch Utilities Patch
    126420-01 SunOS 5.10_x86: umountall patch
    113000-07 SunOS 5.10_x86: SUNWgrub patch
    117435-02 SunOS 5.10_x86: biosdev patch
    121264-01 SunOS 5.10_x86: cadp160 driver patch
    122035-05 SunOS 5.10_x86: awk nawk Patch
    118344-14 SunOS 5.10_x86: Fault Manager Patch
    123840-04 SunOS 5.10_x86: Fault Manager Patch
    119043-11 SunOS 5.10_x86: svccfg & svcprop patch
    118855-36 SunOS 5.10_x86: kernel patch
    119082-25 SunOS 5.10_x86: CD-ROM Install Boot Image Patch
    124629-06 SunOS 5.10_x86: CD-ROM Install Boot Image Patch
    119253-25 SunOS 5.10_x86: System Administration Applications Patch
    120200-13 SunOS 5.10_x86: sysidtool Patch
    124631-16 SunOS 5.10_x86: System Administration Applications, Network, and Core Libraries Patch
    121431-22 SunOS 5.8_x86 5.9_x86 5.10_x86: Live Upgrade Patch
    124189-02 SunOS 5.10_x86: Trusted Solaris Attributes Patch
    121309-12 SunOS 5.10_x86: Solaris Management Console Patch
    123122-02 SunOS 5.10_x86: usr/lib/libwsreg.so.1 Patch
    128338-01 SunOS 5.10_x86: aac patch
    119964-08 SunOS 5.10_x86: Shared library patch for C++_x86
    120754-05 SunOS 5.10_x86: Microtasking libraries (libmtsk) patch
    118677-03 SunOS 5.10_x86: patch for Solaris make and sccs utilities
    119961-03 SunOS 5.10_x86, x64, Patch for assembler
    126539-01 SunOS 5.10_x86: i.manifest and r.manifest patch
    119784-05 SunOS 5.10_x86 : bind patch
    119813-07 X11 6.6.2_x86: Freetype patch
    118919-21 SunOS 5.10_x86: Solaris Crypto Framework patch
    119575-02 SunOS 5.10_x86: su patch
    120273-21 SunOS 5.10_x86: SMA patch
    122641-06 SunOS 5.10_x86: zfs genesis patch
    127756-01 SunOS 5.10_x86: Fault Manager patch
    125504-02 SunOS 5.10_x86: package-move-of-IP-objects patch
    125548-02 SunOS 5.10_x86: zoneadm indirect dependency patch
    126424-03 SunOS 5.10_x86: bootadm patch
    120012-14 SunOS 5.10_x86: kernel patch
    126207-04 SunOS 5.10_x86: zebra ripd quagga patch
    122829-02 SunOS 5.10_x86: lsimega driver patch
    127889-07 SunOS 5.10_x86: ipf patch
    128335-01 SunOS 5.10_x86: ibd patch
    127128-11 SunOS 5.10_x86: kernel patch
    128325-02 SunOS 5.10_x86: ixgb driver patch
    120236-01 SunOS 5.10_x86: Live Upgrade Zones Support Patch
    121429-09 SunOS 5.10_x86: Live Upgrade Zones Support Patch
    120293-01 SunOS 5.10_x86 : mysql patch
    127891-03 SunOS 5.10_x86: nge patch
    119318-01 SunOS 5.10_x86: SVr4 Packaging Commands (usr) Patch
    138053-01 SunOS 5.10_x86: marvell88sx driver patch
    128007-04 SunOS 5.10_x86: usbsksp patch
    125365-02 SunOS 5.10_x86: adpu320 driver patch
    126869-02 SunOS 5.10_x86: SunFreeware bzip2 patch
    137322-01 SunOS 5.10_x86: p7zip patch
    121454-02 SunOS 5.10_x86: Sun Update Connection Client Foundation
    137022-01 SunOS 5.10_x86: format patch
    124998-01 SunOS 5.10_x86: /usr/bin/tip patch
    137018-02 SunOS 5.10_x86: crontab patch
    138045-01 SunOS 5.10_x86: bge patch
    138043-01 SunOS 5.10_x86: MAC patch
    119144-02 SunOS 5.10_x86: patch lib/libinetutil.so.1
    121013-02 SunOS 5.10_x86: traceroute patch
    121005-04 SunOS 5.10_x86: sh patch
    123913-01 SunOS 5.10_x86: ppriv patch
    137290-01 SunOS 5.10_x86: st driver patch
    127738-01 SunOS 5.10_x86: fifofs patch
    137281-01 SunOS 5.10_x86: dld patch
    126656-01 SunOS 5.10_x86: poll driver patch
    125175-02 SunOS 5.10_x86: tl driver patch
    128401-01 SunOS 5.10_x86: sd driver patch
    121297-01 SunOS 5.10_x86: fgrep patch
    122365-01 SunOS 5.10_x86: bscbus, bscv driver patch
    118368-04 SunOS 5.10_x86: csh Patch
    128333-01 SunOS 5.10_x86: conskbd patch
    128331-01 SunOS 5.10_x86: pax patch
    128295-02 SunOS 5.10_x86: rpcmod patch
    128307-04 SunOS 5.10_x86: devfs patch
    125907-01 SunOS 5.10_x86: pcn driver patch
    128301-03 SunOS 5.10_x86: zoneinfo timezones patch
    126541-02 SunOS 5.10_x86: libumem library patch
    127965-05 SunOS 5.10_x86: UFS utilities patch
    127960-01 SunOS 5.10_x86: rpcsec patch
    117181-01 SunOS 5.10_x86: /kernel/drv/pcscsi patch
    121604-02 SunOS 5.10_x86: libcfgadm.so.1, scsi.so.1 patch
    137131-01 SunOS 5.10_x86: xpv driver patch
    137094-01 SunOS 5.10_x86: logindevperm patch
    137092-01 SunOS 5.10_x86: arp patch
    127923-04 SunOS 5.10_x86: cpio patch
    121134-02 SunOS 5.10_x86: power patch
    126441-01 SunOS 5.10_x86: rm patch
    121082-08 SunOS 5.10_x86: Disable Transport Agentry for Sun Update Connection Hosted EOL
    120831-06 SunOS 5.10_x86: vi and ex patch
    127854-02 SunOS 5.10_x86: sad driver patch
    138076-01 SunOS 5.10_x86: mpt driver patch
    137033-01 SunOS 5.10_x86: namefs patch
    118960-03 SunOS 5.10_x86: patch usr/bin/acctcom and usr/bin/lastcomm
    128001-01 SunOS 5.10_x86: in.ftpd patch
    119975-08 SunOS 5.10_x86: fp plug-in for cfgadm
    119131-33 SunOS 5.10_x86: Sun Fibre Channel Device Drivers
    125165-10 SunOS 5.10_x86: Qlogic ISP Fibre Channel Device Driver
    125185-05 SunOS 5.10_x86: Sun Fibre Channel Device Drivers
    120223-27 SunOS 5.10_x86: Emulex-Sun LightPulse Fibre Channel Adapter driver
    120347-09 SunOS 5.10_x86: Common Fibre Channel HBA API and Host Bus Adapter Libraries
    120349-02 SunOS 5.10_x86: Fibre Channel HBA Port utility
    136883-01 SunOS 5.10_x86: ImageMagick patch
    124944-01 SunOS 5.10_x86: SunFreeware gzip man pages patch
    125214-02 SunOS 5.10_x86: SunFreeware zlib man pages patch
    127785-01 SunOS 5.10_x86: SunFreeware bzip2 man pages patch
    120295-01 SunOS 5.10_x86 : mysql man patch
    121668-02 SunOS 5.10_x86 : pilot-link header patch
    121805-03 SunOS 5.10_x86: GRUB patch
    120720-02 SunOS 5.10_x86 : SunFreeware gzip patch
    125173-01 SunOS 5.10_x86: llc2 patch
    126654-02 SunOS 5.10_x86: md patch
    122086-01 SunOS 5.10_x86: nispasswd patch
    122078-03 SunOS 5.10_x86: NIS yp utilities patch
    119471-11 SunOS 5.10_x86: Sun Enterprise Network Array firmware and utilities
    138166-01 SunOS 5.10_x86: sppp driver patch
    123591-08 SunOS 5.10_x86: PostgresSQL patch
    120330-02 SunOS 5.10_x86: rexec patch
    128293-01 SunOS 5.10_x86: rsm patch
    126134-03 SunOS 5.10_x86: sshd Patch
    119758-12 SunOS 5.10_x86: Samba patch
    122655-05 SunOS 5.10_x86: jumpstart and live upgrade compliance patch
    137872-01 SunOS 5.10_x86: tk patch
    128305-03 SunOS 5.10_x86: ehci and scsa2usb patch
    128329-01 SunOS 5.10_x86: usbms patch
    127885-01 SunOS 5.10_x86: awk patch
    125732-02 SunOS 5.10_x86: XML and XSLT libraries patch
    137047-01 SunOS 5.10_x86: amd8111s patch
    119091-27 SunOS 5.10_x86: Sun iSCSI Device Driver and Utilities
    137148-04 SunOS 5.10_x86: libexpat patch
    120202-06 X11 6.8.0_x86: Xorg client libraries patch
    123614-01 X11 6.6.2_x86: OpenGL patch
    125720-21 X11 6.8.0_x86: Xorg server patch
    121621-03 SunOS 5.10_x86: Patch for mediaLib in Solaris
    120536-15 SunOS 5.10_x86: Updated video drivers and fixes
    123896-04 SunOS 5.9_x86 5.10_x86: Common Agent Container (cacao) runtime 2.1 upgrade patch 04
    119214-17 NSS_NSPR_JSS 3.11.9_x86: NSPR 4.7 / NSS 3.11.9 / JSS 4.2.6
    118668-16 JavaSE 5.0_x86: update 15 patch (equivalent to JDK 5.0u15)
    118669-16 JavaSE 5.0_x86: update 15 patch (equivalent to JDK 5.0u15), 64bit
    119060-41 X11 6.6.2_x86: Xsun patch
    124394-06 CDE 1.6_x86: Dtlogin smf patch
    123612-05 X11 6.6.2_x86: Trusted Extensions patch
    119281-18 CDE 1.6_x86: Runtime library patch for Solaris 10
    119279-23 CDE 1.6_x86: dtlogin patch
    121735-07 SunOS 5.10_x86: patch to support addition of new UTF-8 locales
    119704-11 S10_x86: Patch for localeadm issues
    125901-01 SunOS 5.10_x86: audiohd patch
    122762-01 SunOS 5.10_x86: Sun Update Connection Bootstrapper
    118778-11 SunOS 5.10_x86: Sun GigaSwift Ethernet 1.0 driver patch
    119247-32 SunOS 5.10_x86: Manual Page updates for Solaris 10
    121976-01 CDE 1.6_x86: Xsession patch
    120411-28 SunOS 5.10_x86: Internet/Intranet Input Method Framework patch
    119811-05 SunOS 5.10_x86: International Components for Unicode Patch
    120100-08 APOC 1.2_x86: Sun Java(tm) Desktop System Configuration Shared Libraries
    119547-08 APOC 1.2_x86: APOC Configuration Agent Patch
    125280-05 CDE1.6_x86: dtsession patch
    125282-02 CDE 1.6_x86: sdtimage patch
    122670-01 Evolution 1.4.6_x86: Cryptographic Library patch
    123939-01 GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch
    119415-14 GNOME 2.6.0_x86: Gnome Accessibility Libraries Patch
    119599-08 GNOME 2.6.0_x86: Gnome Screen Reader and Magnifier Patch
    120461-14 GNOME 2.6.0_x86: Gnome libs Patch
    122213-25 GNOME 2.6.0_x86: GNOME Desktop Patch
    119901-05 GNOME 2.6.0_x86: Gnome libtiff - library for reading and writing TIFF Patch
    119549-12 GNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Patch
    125544-02 GNOME 2.6.0_x86: GNOME panel applets
    121096-02 GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital cameras
    120740-04 GNOME 2.6.0_x86: GNOME PDF Viewer based on Xpdf
    137081-01 SunOS 5.10_x86: libpng Patch
    119116-34 Mozilla 1.7_x86 patch
    125333-03 JDS 3_x86: Macromedia Flash Player Plugin Patch
    119904-02 Openwindows 3.7.3_x86: Xview Patch
    125726-02 X11 6.6.2_x86: xinerama patch
    124458-01 X11 6.6.2_x86: xdm patch
    119064-01 SunOS 5.10_x86: libXpm patch
    Sun UC patch revision:
    119789-08
    119789-09
    120336-04
    121082-06
    121082-08
    121119-09
    121119-12
    121119-13
    121454-02
    123004-02
    123006-05
    123631-01
    123631-03
    123896-04
    124187-03
    124187-07
    124615-01
    Solaris release:
                            Solaris 10 11/06 s10x_u3wos_10 X86
               Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
                            Use is subject to license terms.
                               Assembled 14 November 2006
    Java -version:
    java version "1.5.0_15"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_15-b04)
    Java HotSpot(TM) Server VM (build 1.5.0_15-b04, mixed mode)
    Cacao Java version:
    java-home=/usr/jdk/jdk1.5.0_15
    Software Cluster:
    CLUSTER=SUNWCall
    All ccr properties:
    20:
    Property not defined: 20
    cns.assetid:
    69e3IYbsEWGYkbEj4Sh7IC/MmzM=
    cns.br.SunUCenabled:
    true
    cns.ccr.keyGenPath:
    /usr/lib/cc-ccr/bin/ccrKeyGen
    cns.clientid:
    a71dcd7d-80ad-460e-a90d-2ccad3c61a6a
    cns.httpproxy.auth:
    cns.httpproxy.ipaddr:
    my-company-proxy
    cns.httpproxy.port:
    8089
    cns.patchsvr.cachelocation:
    /var/sadm/spool/patchsvr
    cns.patchsvr.patchsource:
    https://getupdates1.sun.com/
    cns.regtoken:
    f6deec68-e017-4b69-a454-17fb2734b587:1216944000000:T
    cns.security.password:
    YztBI1HobSLyOaRhjA7lJjZf8RkBtlsGnD+E6zw7WYIT
    cns.security.privatekey:
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIv2RwN5o570YCAggA
    MBQGCCqGSIb3DQMHBAjH7/9IpzuBjASCAoC45re2Cl5g1V3a8mVvzXK4ZAzoB6cw
    BqFh6LfuYAxRRSvu0QIqWKCts8LfNtBgBwX3hdhusM3Ds1wNfNpM2wo49za9H9ON
    HVBh8o2DSU7QZ7Gj5usqHsSRM5EWUwS72kKwNol8D+SN8w4gK67VSW2qoXtumkFC
    G8QXlJgH8koOtazKcR9ituLyigCDpPcZNM/Fooo/yBUKWuIZSh1iwV7WEi0yh6PA
    zYybO4USIET/BDHjZkU9+YBN8IJn7g9SEJtOwP7JO955X5KCvXg/jXpNBCXUdIcH
    KVP45SHF0pB90Wu+gYONF3hYGW1PM2O7NJIbrrLpPowVOzY0B1wxahGHnwZmMfO0
    VwN5a/WtKoVW/dx9E6dIDl+16IivwOp9D4kXfXkY7mqLO+/A50/Ho4NETXWFTmH+
    ZboO1NguFKMyQcGvP1lbefHMkMmAsWcOBLJ2xfANOp7Z2sltWwZXpE/JVxCULiob
    128w09GE4+iFjAAQdFR1eyCyyYRUiqe24RbA2/hh8Ca1OJykEo703HC0R/HzQYIQ
    GXJs1ZyIRGCLtOWU1nmpikz1wWHPgq/x0dSBNmMNQWwy2pKzIrnwtVdZ8OYgi4te
    EJk1c058zldviq7KXHwCy40lgdI17DEYr/IM7MnBorjtQPodMuUdyQv89ju4C0id
    KJ7XAY2/mRdoIisi1OxDC5mQ/KaIbv1ylz7BgPxo/Py8Yg1XpnriTqLYurwBDJ8B
    WX9Puk1s66GkFEu/Ro4UJ/r2MGCQPvXbtZ/k/dQLXPNg4Suh1SDcb3J7yrkslEez
    2HAIBX0JDmTP+xzztK6ZOk7haAf9N50dWh/511TAU+XRyCCk/mtRQTMf
    -----END ENCRYPTED PRIVATE KEY-----
    cns.security.publickey:
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiAk601x255FlI/+B/1ol/pVXM
    aco3+SOjm1Otxy8T66MmmLNnCHskqVEo1Y5+WrirfMDslaPBjBEeu4iSK4sgbGpK
    InSXobdF7h7HecLtPBlczV8+lPBD0bEHYPwSVAZBIL0IhrEx8/Jl/SUgxz9Driaf
    E9iWD+oViJ+JSmw5IwIDAQAB
    -----END PUBLIC KEY-----
    cns.swup.UMautolaunch:
    false
    cns.swup.autoAnalysis.enabled:
    true
    cns.swup.checkinInterval:
    2
    cns.swup.lastCheckin:
    0
    cns.swup.patchbaseline:
    current
    cns.swup.regRequired:
    true
    cns.transport.serverurl:
    https://cns-transport.sun.com
    patchsvr settings:
    Patch source URL: https://getupdates1.sun.com/
    Cache location: /var/sadm/spool/patchsvr
    Web proxy host name: my-company-proxy
    Web proxy port number: 8089
    Sun UC package status:
    SUNWbreg not installed
    SUNWdc not installed
    Please attach /tmp/sv4503-060608-suc-out.Z in your reply to the Sun Update Connection Technical Support Team.Edited by: mdreelin on Jun 6, 2008 10:32 AM

    Try moving the files in /export/home/var/sadm/patch and /export/home/var/sadm/patch back to their correct locations.
    You might then find that updatemanager works as expected again. Did you ever stop to think what those directories were used for?

  • Handling of pending reboot, exclusive updates for patch management with SCCM 2012

    Hello,
    Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
    Assuming I have the following:
    - A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
    - A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
    - Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
    --> when the maintenance window will be reached:
    - will the server first be restarted to clean the pending reboot ?
    - will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
    Another scenario on workstation side:
    - can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
    would have the following behavior. For instance:
    - patches are automatically installed on Monday at 10 AM
    - as soon as deployment is done, warning message is displayed to ask users to reboot
    - then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
    --> Can such a scenario be managed by SCCM 2012 ?
    Regards.

    Hi,
    I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012.  Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked?  There seems to
    be only 2 different options for reboots, Suppress them all or don't suppress them at all.  We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
    a notification that their machine needs to be rebooted (at their convenience). 
    We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
    option to postpone or delay.
    This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
    For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
    Please tell me there is a way to achieve our desired result.
    Thanks,
    Dan 

  • System.Management.Automation.MethodInvocationException: Exception calling "ExecuteQuery" with "0" argument(s): "$Resources:core,ImportErrorMessage;" --- Microsoft.SharePoint.Client. ServerException: $Resources:core,ImportErrorMessage;

    Hi,
    I am getting an error  System.Management.Automation.MethodInvocationException: Exception calling "ExecuteQuery" with "0" argument(s): "$Resources:core,ImportErrorMessage;" ---> Microsoft.SharePoint.Client. ServerException:
    $Resources:core,ImportErrorMessage;
    Following is my powershell script on line
    $context.ExecuteQuery(); it is throwing this error.
    function AddWebPartToPage([string]$siteUrl,[string]$pageRelativeUrl,[string]$localWebpartPath,[string]$ZoneName,[int]$ZoneIndex)
        try
        #this reference is required here
        $clientContext= [Microsoft.SharePoint.Client.ClientContext,Microsoft.SharePoint.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c]
        $context=New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
        write-host "Reading file " $pageRelativeUrl
        $oFile = $context.Web.GetFileByServerRelativeUrl($pageRelativeUrl);
        $limitedWebPartManager = $oFile.GetLimitedWebPartManager([Microsoft.Sharepoint.Client.WebParts.PersonalizationScope]::Shared);
        write-host "getting xml reader from file"
        $xtr = New-Object System.Xml.XmlTextReader($localWebpartPath)
         [void] [Reflection.Assembly]::LoadWithPartialName("System.Text")
        $sb = new-object System.Text.StringBuilder
             while ($xtr.Read())
                $tmpObj = $sb.AppendLine($xtr.ReadOuterXml());
             $newXml =  $sb.ToString()
        if ($xtr -ne $null)
            $xtr.Close()
        #Add Web Part to catalogs folder
        write-host "Adding Webpart....."
        $oWebPartDefinition = $limitedWebPartManager.ImportWebPart($newXml);
        $limitedWebPartManager.AddWebPart($oWebPartDefinition.WebPart, $ZoneName, $ZoneIndex);
    $context.ExecuteQuery();
        write-host "Adding Web Part Done"
        catch
        write-host "Error while 'AddWebPartToPage'" $_.exception| format-list * -force
    ERROR:
    Error while 'AddWebPartToPage' System.Management.Automation.MethodInvocationException: Exception calling "ExecuteQuery" with "0" argument(s): "$Resources:core,ImportErrorMessage;" ---> Microsoft.SharePoint.Client.
    ServerException: $Resources:core,ImportErrorMessage;
       at Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream responseStream)
       at Microsoft.SharePoint.Client.ClientRequest.ProcessResponse()
       at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
       at ExecuteQuery(Object , Object[] )
       at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)
       --- End of inner exception stack trace ---
       at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)
       at System.Management.Automation.DotNetAdapter.MethodInvokeDotNet(String methodName, Object target, MethodInformation[] methodInformation, Object[] arguments)
       at System.Management.Automation.Adapter.BaseMethodInvoke(PSMethod method, Object[] arguments)
       at System.Management.Automation.ParserOps.CallMethod(Token token, Object target, String methodName, Object[] paramArray, Boolean callStatic, Object valueToSet)
       at System.Management.Automation.MethodCallNode.InvokeMethod(Object target, Object[] arguments, Object value)
       at System.Management.Automation.MethodCallNode.Execute(Array input, Pipe outputPipe, ExecutionContext context)
       at System.Management.Automation.ParseTreeNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)
       at System.Management.Automation.StatementListNode.ExecuteStatement(ParseTreeNode statement, Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)
           

    Thanks Sethu for your comments. However i am running this powershell directly on server so believe
    SharePointOnlineCredentials is not required.
    I have tried it but still giving me same error

  • What is the best approach for patch management

    Hi,
    I'm new about patch management. I would like to ask you how manage patch on few Solaris 10 servers using command line.
    I would like to know:
    1. Using only command line how to download latest patches
    2. There are some dependencies how to check this and install only those patches which meets dependecy requirements?
    3. Is there possiblity to atomate this?
    4. Is it possible to have one patch server and others servers will download and install this patches?
    5. What if some patches are not installed?
    6. How to find out which patches are necessary and which patches don't have to be installed? Or maybe or patches to be installed?
    7. Could you please describe your approach for managing patches? Or maybe you can recommend some books/web page/articles that can help me to understand patch management.
    Thanks in advance,
    Daniel

    smpatch is the command line tool to manage solaris patching. first you need to register yours system - this can be done using sconadm, detailed here:
    http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1
    smpatch analyze will list all required patches and resolve dependencies. smpatch download will download all the required patches, and smpatch update will apply them. You can set up a Local Patch Server to download patches, then your clients will download the patches they require from it. This is detailed in chapter 6 of the update connection admin guide

  • ZCM Patch Management Dashboard blank

    I'm using ZCM 10.2 RC1 and am trying to test Patch Management. I have patch management working, patches have downloaded and DAU is running. One thing that is not working is the dashboard. I have flash installed but the dashboard is blank. Are there any special requirements for the dashboard? Has anyone else got it working?
    BTW, I'm running ZCM under Windows Server 2003 Standard x64 SP2.
    Jim Webb

    Originally Posted by jwebb
    I'm using ZCM 10.2 RC1 and am trying to test Patch Management. I have patch management working, patches have downloaded and DAU is running. One thing that is not working is the dashboard. I have flash installed but the dashboard is blank. Are there any special requirements for the dashboard? Has anyone else got it working?
    BTW, I'm running ZCM under Windows Server 2003 Standard x64 SP2.
    Jim Webb
    Which browser are you running? There is a known bug affecting IE...

  • ZCM Patch Management Patch Status Inaccuracies

    We currently have issues with ZCM Patch Management incorrectly reporting the status of a couple of Microsoft updates. Specifically, we have firm evidence of this for the following patches (but suspect there may be more):
    Microsoft Office 2007 SP3 - Microsoft Baseline Security Analyzer shows it as required, ZCM says its already applied.
    MS11-049 InfoPatch 2007 - Microsoft Baseline Security Analyzer shows it as required, ZCM says it's not applicable.
    We are checking the ZCM status in both the {guid}.state file on the device (which has today's date stamp) and in ZCC - both of these places show the same, incorrect, status.
    We see this issue on multiple managed devices. The zone is 10.3.3. Devices have 10.3.3 with Patch Management Agent Update 2.
    This isn't a timing issue, as we have left things several days before checking the status again.
    I am raising a call with our Novell reseller, but am interested to find out if anyone else is seeing similar issues.
    Thanks,
    Martin

    metheridge,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

  • ZCM 11.2.4 - 11.3.1FRU1 Patch Management Agent Update 1

    Tried the "updated" exe files, patch management now says all of our win7 machines with Office 2007 are missing SP3 (KB2526086) which is completely wrong.
    https://download.novell.com/Download...d=G072RdrX4b0~

    dtemple-sgi,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://www.novell.com/support and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Forums Team
    http://forums.novell.com

  • Patch Manager for Solaris 9 9/05

    I am trying to locate the Patch Manager download for Solaris 9 9/05 but all I have been able to locate on the downloads site is the version for Solaris 8. Does anyone have a link to the Solaris 9 version? Thanks.

    Exactly, whith that configuration all works well (if my server is connected to Internet).
    The problem is when I have another server, not connected to Internet, that requires new patches.
    If I have good understood I can install patch manager(2.0) on that server, require patches to my local patch server and if the patches required aren't on the disk the local patch server requires them to Sun. During this request it seems that my local patch server doesn't connect trough the proxy (snoop doesn't report connections). even if the configuration is set. (I have tried a reboot too).

  • Novell-iprint-server patch-11778

    Hi.
    I just installed patch-11778 via rug on a clustered node for the iprint
    server and now I can not even start ipsmd on that node, iprint stops
    with "FATAL Error (506D000C) occurred while initializing the Managed
    Object database". Luckily I have not upgraded the other node in the
    cluster so I can still start the iprint server there.
    I searched everywhere on novell.com about this patch but could not even
    find any confirmation that the patch exists. The patch info in rug
    claimed to resolve the issues we have (needing to restart iprint every
    couple of hours/days).
    Anyone know anything more?
    /anders

    I have just encountered the problem with the same results. Fortunately,
    Novell came out with a patch that I installed via Linux Patch Manager.
    The iPrint patch is Open Enterprise Server Patch 11856, released
    10/16/07, and it resolved my Print Manager's inability to start.
    Good Luck with yours.
    Glen
    > Hi again, seems noone has seen this before?
    >
    > Well, I kind of found a solution last night. It seems to be the
    > driverprofile-database that crashes the new iprint-server. I tried to
    > find out where the driverprofiles are stored and it seems that it is in
    > the psmdb.dat file.
    >
    > I put the whole iprint server on a test system, still the same error.
    > Deleted psmdb.dat and started up the iprint-server, it started just
    fine
    > this time and all printers and settings were left except for the
    > driverprofiles.
    >
    > I restored the database again and reverted to the old iprint-server, I
    > then removed all driverprofiles from iManager, upgraded to new
    > iprint-server and it starts just fine and printing works.
    >
    > In our iprint production system we only have about 30 printers so I'm
    > going to go with this solution, recreating the profiles is a pain but
    if
    > iPrint stays stable we might migrate our other 250+ printers. Hope
    > someone else finds this useful.
    >
    > /anders
    >
    >
    > Anders Westerberg wrote:
    > > Hi.
    > >
    > > I just installed patch-11778 via rug on a clustered node for the
    iprint
    > > server and now I can not even start ipsmd on that node, iprint stops
    > > with "FATAL Error (506D000C) occurred while initializing the Managed
    > > Object database". Luckily I have not upgraded the other node in the
    > > cluster so I can still start the iprint server there.
    > >
    > > I searched everywhere on novell.com about this patch but could not
    even
    > > find any confirmation that the patch exists. The patch info in rug
    > > claimed to resolve the issues we have (needing to restart iprint every
    > > couple of hours/days).
    > >
    > > Anyone know anything more?
    > >
    > > /anders

  • Disable Patch Management temporarily on clients?

    I've just noticed now that we've got ZPM enabled it seems to get a bit overexcited and start trying to patch machines while they're still being configured during our imaging process. For example our scripts go:
    Image > drivers Novell Client > ZCM Agent > pre-load Bundles > AV = finish
    Seems like ZPM kicks in as soon as the Agent registers into the zone. In theory it shouldn't do anything as I have the DAU set to 30 minutes after refresh (with ZCM auto refresh disabled) but yet I still see a Novell patch manager popup slide in from the corner (then disappears as quickly as it arrived)
    Is there a command that can be used to temporarily disable all ZPM activity on a client? Might also be important for us for any online exams that could fall in the overall patching window.

    gshaw0,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

Maybe you are looking for

  • Transfer a char type varialble value to NUMC type variable

    Hi all, I have a BSEG-PROJK  type NUMC(8) variable and one xyz type CHAR(50)  variable. I have to pass value from xyz to BSEG-PROJK my e.g is that while I am passing xyz= 'M-000064' BSEG-PROJK  = xyz then the value of BSEG-PROJK is 00000064 but i nee

  • Error message GBB_____BSA 7925

    Hi,        During stock determination ( mb1c) ,i got an error message account determination int gbb__bsa 7925 is not possible. How to solve this problem. Please suggest. Regards, Abhishek Kumar

  • Handling SAP Events from CPS

    Hello ,           is there anyway can we handle SAP events from CPS  , our scenario is if we schedule a job in SAP from CPS , the job in SAP is firing an SAP event based job , how can we get the status of event based job from SAP to CPS. Regards Ragh

  • Duplicating an existing Aperture Library on another machine: problem unsolved

    I'm trying to duplicate one existing A3 library onto another machine. It's not working: the folder structure is different there. My aim is to be able to work with a duplicate library on the other machine in another location. Images are referenced, no

  • Blu error screen! STOP 0x000000F4​. Need help.

    Hi. i have this laptop with win 7 installed. it worked fine,until i did one o cleaning procceses with TuneUp2009. ( i do it regulary every month and it was ok ) but now after tuneup2009 restarted my pc, on start up he show this stop error. STOP  0x00