Server Patch Management Automation
Hi,
I am looking for a robust reliable tool to automate server patching. I have tried a combination of VB and Powershell scripts along with scheduled task however this was not as reliable as I would have liked. I have also been looking into third party application
but I have not yet found one that is robust and reliable.The end result is that i would like a way to do the following.
1.Work without the need for a SUS server if possible and also handle third party patches
2. perform a pre-scan that shows what patches are needed and allow me to approve those patches/ it would be nice to approve patches for specific groups of servers (critical-noncritical)
3. set groups of servers to patch on a specific day of the month at a set time and be confident that the process will kick off.
I would also like to be able to view status as machines are being patches.
4. The final thing I would like is to receive a report after the patches have been installed indicating success or failure of what has been installed.
I have found scripts that are able to do this in conjunction with WSUS however they have not been as reliable as I would like. My environment is over 90% virtualized and we have a combination of 2008 and 2012 servers.
Please let me know if there are any third party products anyone can recommend.
Thanks,
Ken
1.Work without the need for a SUS server if possible and also handle third party patches
Can you explain what you mean by the first part of this requirement?
e.g. you don't want (W)SUS because......?
Is it because you don't want to download and host the updatefiles/binaries centrally? (i.e. you want to pull them directly from the web source to the updateclient machine?
For the second part of this requirement (handle third party patches), do you mean anything and everything, or typical stuff such as is offered via SCUP catalogs, or shavlik/SPM/secunia/etc?
I assume you are seeking no-cost or low-cost options?
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)
Similar Messages
-
Solaris 10 - Tools for Patch Management Automation
Hi,
What are the best tools (both Sun and third party) for patch management automation for a company using Solaris 10 with zones?
What are the pros / cons and cost of these tools? Which ones are the most widely used / the most recommended?
Current objectives for automation are to eliminate the current manual processes and to reduce planned and unplanned downtime.
Thanks!I don't think you would want to fully automate it. You need to be able to test patches first on a test system to ensure they don't conflict with established applications and cause problems. You wouldn't want to install patches that relate to applications you don't have, or for upgrades you do not have or don't plan on having. That said, the smpatch utility can connect with Sun Solve, find patches, and download them, even install them if desired. You could easily script the process and run via cron to make it automated. I just don't think that's a good idea without having someone make decisions on what SHOULD be patched at any given time. The SMC facility also has a function that mimics smpatch, although you could not automate that. Also, smpatch can only be run from the global zone, and patches will percolate down to non-global zones automatically - smpatch will not run in a non-global zone (unless there's been changes made recently that I'm not aware).
There's also the problem where some patches require reboot while others do not. If the patch kills the system, what mechanism do you have in place for someone to know what patch was applied that killed the system, if the process is automated and a number of patches were applied? -
Help required in installing VM Server and Manager 3.1.1 + latest patch.
Hi,
I have 3 servers with 12GB ram and two 300 GB HDD (local) each, No Shared storage.
I am planning to install Oracle VM server 3.1.1 Build 544 and VM Manager 3.1.1 Build 524.
VM manager installed on Dom0 in one of the VM server (found some blog which describes how to implement it).
I have some questions running through my mind and help to solve it s really appreciated.
1) Is ORACLE VM SERVER PATCH 3.1.1-524 RELEASE is complete OS or its just patch which has to installed over 3.1.1 VM server. Because the patch readme says *"This patch update is a complete Oracle VM Server 3.1.1 installer ISO" ??*
2) I read somewhere in the forum that the 3.X version cannot use the disk where OS is installed as storage repository. in that case i will be loosing around 250 GB on each machine, on which i have installed VM server. Is it TRUE??
3) Is it possible to update VM server first and then update VM manager ( before creating server pool etc) ??
The servers are not connected to internet or SAN no i cannot use YUM or SAN update methods and I have very limited access to this servers physically.
Thanks in advance.1. Its patch 544. Both can be downloaded and are complete installs. If you have YUM setup in an existing environment.... the VM servers can be upgraded via YUM. The VM Manager has to be upgraded via the installer.
2. Yes. This is true. Maybe your local RAID controller can present the storage as two separate LUNS/Disks even though they maybe setup as a mirror. If not, then you're out of luck. Virtual box can use local storage that OS is installed on. Oracle VM 3.1.1 can't.
3. Yes. You can install the 544 version of 3.1.1 on the servers before attaching them to the VM Manager. YUM should be used to upgrade the servers if they are already attached to a VM Manager. You would then upgrade the manager first and then upgrade the servers. -
Eval of Patch Management in ZCM 11.2
Hi
I'm currently running an evaluation copy of ZCM 11.2, trying to get a
feel for the Zenworks Patch Management product. I have a couple of
questions/problems that I hope can be answered here.
First, there seems to be quite a lot of trouble getting patches to
cache. The process just stops in the middle of a patch and hangs until
I reboot the zcm server. I've seen references to some ftf patches that
help - is this a common problem that's helped by the ftf?
Second, the number of vendors for which patches are available seems
quite limited. Most of the commonly attacked ones are there, Microsoft,
Adobe, etc., but many more are not. Google, for example is not listed.
Some patching products have many more vendors in their database. Does
Lumension/Novell have any strategy to expand this list?
Lastly, the available patches for each vendor are often very out of
date. For Sun (should be Oracle), JRE 1.7 is available, and 1.6.31, but
not 1.6.32. 1.6.31 is a really bad version - it was a vulnerability in
it that started us looking at patch management products in the first
place! The Citrix list has the 12.0 client, but no Citrix Receiver,
which is their current client..
There's a lot of really good features in ZPM, but the problems I've
experienced so far has made me a bit wary.
Regards,
Phillip E. ThomasPhillip,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Need a Vulnerability Severity Report for Patch Management
In the standalone version of patch management (v6.4) there was a dashboard feature on the server home page called Vulnerability Severity. It was a graphic chart that displayed the percentage of un-remediated applicable vulnerabilities vs applicable vulnerabilities grouped by vulnerability severity. This feature is not available in the BusinessObject Enterprise InfoView. It looks like the only way I have of getting this feature is to create a report, but I am not an expert at using InfoView. I was wondering if anyone had any tips on creating such a report?
The only predefined report that even comes close is the Vulnerability Analysis report, but it's hundreds of pages long. I need something on a single page, like a chart, showing the percentages grouped by vulnerability severity (critical, recommended, optional).mdstewar,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Patch Manager lists patches i already installed... help!
Update Manager is still showing 173 patches which i already installed on May 20th.
The "Installed Patches" section is showing 0 patches.
I am Running Solaris 10 on x86 Dual Xeon
Once all the patches were applied I linked 2 folders off to *{color:#0000ff}/export/home{color}* to save space on the root drive...
but as far as i was aware this should not make a difference.
Below you can see my {color:#0000ff}*/var/sadm*{color} folder
# pwd
/var/sadm/patch
# cd ..
# ls -al
total 38
drwxr-xr-x 13 root sys 512 May 21 11:16 .
drwxr-xr-x 43 root sys 1024 May 22 10:12 ..
drwxr-xr-x 2 root root 512 May 20 16:26 .patchRec
dr-xr-xr-x 4 root bin 512 May 20 16:26 install
drwxr-xr-x 2 root sys 512 Jul 21 2007 install_data
lrwxrwxrwx 1 root root 28 May 21 11:16 patch -> /export/home/var/sadm/patch/
lrwxrwxrwx 1 root root 26 May 21 11:16 pkg -> /export/home/var/sadm/pkg/
drwxr-xr-x 2 root root 512 Jul 21 2007 prod
-r--r--r-- 1 root sys 1092 Jan 10 2005 README
dr-xr-xr-x 2 root sys 512 May 20 16:00 security
drwxr-xr-x 7 root bin 512 Jul 21 2007 smc
drwxr-xr-x 2 root sys 512 Jul 21 2007 softinfo
drwxr-xr-x 5 root sys 3072 Jun 6 10:26 spool
drwxr-xr-x 2 root sys 512 Jul 21 2007 svm3
drwxr-xr-x 5 root sys 512 Jul 21 2007 system
drwxr-xr-x 6 root sys 512 Jul 24 2007 wbemWhen i cd to {color:#0000ff}*/export/home/var/sadm/patch*{color} it lists the 173 patches.
When i cd to {color:#0000ff}*/export/home/var/sadm/pkg*{color} it lists 1057 packages.
In the Update Manager, the spool directory is{color:#0000ff} */export/home/patches*{color}, there are no patches in here. I cleaned them out.
When i attempt to install an already installed patch, it fails (which is good) but doesn't remove the patch from the list.
Has anyone any ideas how i can get Update Manager back to normal?
Thanks
Michael
Please find below my suc.sh output
Fri Jun 6 11:22:10 BST 2008
SERVERNAME
smpatch settings:
patchpro.backout.directory "" ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory /export/home/patches /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset current current
patchpro.proxy.host my-company-proxy ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port 8089 8080
patchpro.proxy.user "" ""
smpatch analyze:
120901-03 SunOS 5.10_x86: libzonecfg patch
121334-04 SunOS 5.10_x86: zoneadmd, zlogin and zoneadm patch
119255-53 SunOS 5.10_x86: Install and Patch Utilities Patch
126420-01 SunOS 5.10_x86: umountall patch
113000-07 SunOS 5.10_x86: SUNWgrub patch
117435-02 SunOS 5.10_x86: biosdev patch
121264-01 SunOS 5.10_x86: cadp160 driver patch
122035-05 SunOS 5.10_x86: awk nawk Patch
118344-14 SunOS 5.10_x86: Fault Manager Patch
123840-04 SunOS 5.10_x86: Fault Manager Patch
119043-11 SunOS 5.10_x86: svccfg & svcprop patch
118855-36 SunOS 5.10_x86: kernel patch
119082-25 SunOS 5.10_x86: CD-ROM Install Boot Image Patch
124629-06 SunOS 5.10_x86: CD-ROM Install Boot Image Patch
119253-25 SunOS 5.10_x86: System Administration Applications Patch
120200-13 SunOS 5.10_x86: sysidtool Patch
124631-16 SunOS 5.10_x86: System Administration Applications, Network, and Core Libraries Patch
121431-22 SunOS 5.8_x86 5.9_x86 5.10_x86: Live Upgrade Patch
124189-02 SunOS 5.10_x86: Trusted Solaris Attributes Patch
121309-12 SunOS 5.10_x86: Solaris Management Console Patch
123122-02 SunOS 5.10_x86: usr/lib/libwsreg.so.1 Patch
128338-01 SunOS 5.10_x86: aac patch
119964-08 SunOS 5.10_x86: Shared library patch for C++_x86
120754-05 SunOS 5.10_x86: Microtasking libraries (libmtsk) patch
118677-03 SunOS 5.10_x86: patch for Solaris make and sccs utilities
119961-03 SunOS 5.10_x86, x64, Patch for assembler
126539-01 SunOS 5.10_x86: i.manifest and r.manifest patch
119784-05 SunOS 5.10_x86 : bind patch
119813-07 X11 6.6.2_x86: Freetype patch
118919-21 SunOS 5.10_x86: Solaris Crypto Framework patch
119575-02 SunOS 5.10_x86: su patch
120273-21 SunOS 5.10_x86: SMA patch
122641-06 SunOS 5.10_x86: zfs genesis patch
127756-01 SunOS 5.10_x86: Fault Manager patch
125504-02 SunOS 5.10_x86: package-move-of-IP-objects patch
125548-02 SunOS 5.10_x86: zoneadm indirect dependency patch
126424-03 SunOS 5.10_x86: bootadm patch
120012-14 SunOS 5.10_x86: kernel patch
126207-04 SunOS 5.10_x86: zebra ripd quagga patch
122829-02 SunOS 5.10_x86: lsimega driver patch
127889-07 SunOS 5.10_x86: ipf patch
128335-01 SunOS 5.10_x86: ibd patch
127128-11 SunOS 5.10_x86: kernel patch
128325-02 SunOS 5.10_x86: ixgb driver patch
120236-01 SunOS 5.10_x86: Live Upgrade Zones Support Patch
121429-09 SunOS 5.10_x86: Live Upgrade Zones Support Patch
120293-01 SunOS 5.10_x86 : mysql patch
127891-03 SunOS 5.10_x86: nge patch
119318-01 SunOS 5.10_x86: SVr4 Packaging Commands (usr) Patch
138053-01 SunOS 5.10_x86: marvell88sx driver patch
128007-04 SunOS 5.10_x86: usbsksp patch
125365-02 SunOS 5.10_x86: adpu320 driver patch
126869-02 SunOS 5.10_x86: SunFreeware bzip2 patch
137322-01 SunOS 5.10_x86: p7zip patch
121454-02 SunOS 5.10_x86: Sun Update Connection Client Foundation
137022-01 SunOS 5.10_x86: format patch
124998-01 SunOS 5.10_x86: /usr/bin/tip patch
137018-02 SunOS 5.10_x86: crontab patch
138045-01 SunOS 5.10_x86: bge patch
138043-01 SunOS 5.10_x86: MAC patch
119144-02 SunOS 5.10_x86: patch lib/libinetutil.so.1
121013-02 SunOS 5.10_x86: traceroute patch
121005-04 SunOS 5.10_x86: sh patch
123913-01 SunOS 5.10_x86: ppriv patch
137290-01 SunOS 5.10_x86: st driver patch
127738-01 SunOS 5.10_x86: fifofs patch
137281-01 SunOS 5.10_x86: dld patch
126656-01 SunOS 5.10_x86: poll driver patch
125175-02 SunOS 5.10_x86: tl driver patch
128401-01 SunOS 5.10_x86: sd driver patch
121297-01 SunOS 5.10_x86: fgrep patch
122365-01 SunOS 5.10_x86: bscbus, bscv driver patch
118368-04 SunOS 5.10_x86: csh Patch
128333-01 SunOS 5.10_x86: conskbd patch
128331-01 SunOS 5.10_x86: pax patch
128295-02 SunOS 5.10_x86: rpcmod patch
128307-04 SunOS 5.10_x86: devfs patch
125907-01 SunOS 5.10_x86: pcn driver patch
128301-03 SunOS 5.10_x86: zoneinfo timezones patch
126541-02 SunOS 5.10_x86: libumem library patch
127965-05 SunOS 5.10_x86: UFS utilities patch
127960-01 SunOS 5.10_x86: rpcsec patch
117181-01 SunOS 5.10_x86: /kernel/drv/pcscsi patch
121604-02 SunOS 5.10_x86: libcfgadm.so.1, scsi.so.1 patch
137131-01 SunOS 5.10_x86: xpv driver patch
137094-01 SunOS 5.10_x86: logindevperm patch
137092-01 SunOS 5.10_x86: arp patch
127923-04 SunOS 5.10_x86: cpio patch
121134-02 SunOS 5.10_x86: power patch
126441-01 SunOS 5.10_x86: rm patch
121082-08 SunOS 5.10_x86: Disable Transport Agentry for Sun Update Connection Hosted EOL
120831-06 SunOS 5.10_x86: vi and ex patch
127854-02 SunOS 5.10_x86: sad driver patch
138076-01 SunOS 5.10_x86: mpt driver patch
137033-01 SunOS 5.10_x86: namefs patch
118960-03 SunOS 5.10_x86: patch usr/bin/acctcom and usr/bin/lastcomm
128001-01 SunOS 5.10_x86: in.ftpd patch
119975-08 SunOS 5.10_x86: fp plug-in for cfgadm
119131-33 SunOS 5.10_x86: Sun Fibre Channel Device Drivers
125165-10 SunOS 5.10_x86: Qlogic ISP Fibre Channel Device Driver
125185-05 SunOS 5.10_x86: Sun Fibre Channel Device Drivers
120223-27 SunOS 5.10_x86: Emulex-Sun LightPulse Fibre Channel Adapter driver
120347-09 SunOS 5.10_x86: Common Fibre Channel HBA API and Host Bus Adapter Libraries
120349-02 SunOS 5.10_x86: Fibre Channel HBA Port utility
136883-01 SunOS 5.10_x86: ImageMagick patch
124944-01 SunOS 5.10_x86: SunFreeware gzip man pages patch
125214-02 SunOS 5.10_x86: SunFreeware zlib man pages patch
127785-01 SunOS 5.10_x86: SunFreeware bzip2 man pages patch
120295-01 SunOS 5.10_x86 : mysql man patch
121668-02 SunOS 5.10_x86 : pilot-link header patch
121805-03 SunOS 5.10_x86: GRUB patch
120720-02 SunOS 5.10_x86 : SunFreeware gzip patch
125173-01 SunOS 5.10_x86: llc2 patch
126654-02 SunOS 5.10_x86: md patch
122086-01 SunOS 5.10_x86: nispasswd patch
122078-03 SunOS 5.10_x86: NIS yp utilities patch
119471-11 SunOS 5.10_x86: Sun Enterprise Network Array firmware and utilities
138166-01 SunOS 5.10_x86: sppp driver patch
123591-08 SunOS 5.10_x86: PostgresSQL patch
120330-02 SunOS 5.10_x86: rexec patch
128293-01 SunOS 5.10_x86: rsm patch
126134-03 SunOS 5.10_x86: sshd Patch
119758-12 SunOS 5.10_x86: Samba patch
122655-05 SunOS 5.10_x86: jumpstart and live upgrade compliance patch
137872-01 SunOS 5.10_x86: tk patch
128305-03 SunOS 5.10_x86: ehci and scsa2usb patch
128329-01 SunOS 5.10_x86: usbms patch
127885-01 SunOS 5.10_x86: awk patch
125732-02 SunOS 5.10_x86: XML and XSLT libraries patch
137047-01 SunOS 5.10_x86: amd8111s patch
119091-27 SunOS 5.10_x86: Sun iSCSI Device Driver and Utilities
137148-04 SunOS 5.10_x86: libexpat patch
120202-06 X11 6.8.0_x86: Xorg client libraries patch
123614-01 X11 6.6.2_x86: OpenGL patch
125720-21 X11 6.8.0_x86: Xorg server patch
121621-03 SunOS 5.10_x86: Patch for mediaLib in Solaris
120536-15 SunOS 5.10_x86: Updated video drivers and fixes
123896-04 SunOS 5.9_x86 5.10_x86: Common Agent Container (cacao) runtime 2.1 upgrade patch 04
119214-17 NSS_NSPR_JSS 3.11.9_x86: NSPR 4.7 / NSS 3.11.9 / JSS 4.2.6
118668-16 JavaSE 5.0_x86: update 15 patch (equivalent to JDK 5.0u15)
118669-16 JavaSE 5.0_x86: update 15 patch (equivalent to JDK 5.0u15), 64bit
119060-41 X11 6.6.2_x86: Xsun patch
124394-06 CDE 1.6_x86: Dtlogin smf patch
123612-05 X11 6.6.2_x86: Trusted Extensions patch
119281-18 CDE 1.6_x86: Runtime library patch for Solaris 10
119279-23 CDE 1.6_x86: dtlogin patch
121735-07 SunOS 5.10_x86: patch to support addition of new UTF-8 locales
119704-11 S10_x86: Patch for localeadm issues
125901-01 SunOS 5.10_x86: audiohd patch
122762-01 SunOS 5.10_x86: Sun Update Connection Bootstrapper
118778-11 SunOS 5.10_x86: Sun GigaSwift Ethernet 1.0 driver patch
119247-32 SunOS 5.10_x86: Manual Page updates for Solaris 10
121976-01 CDE 1.6_x86: Xsession patch
120411-28 SunOS 5.10_x86: Internet/Intranet Input Method Framework patch
119811-05 SunOS 5.10_x86: International Components for Unicode Patch
120100-08 APOC 1.2_x86: Sun Java(tm) Desktop System Configuration Shared Libraries
119547-08 APOC 1.2_x86: APOC Configuration Agent Patch
125280-05 CDE1.6_x86: dtsession patch
125282-02 CDE 1.6_x86: sdtimage patch
122670-01 Evolution 1.4.6_x86: Cryptographic Library patch
123939-01 GNOME 2.6.0_x86: GNU Transport Layer Security Library Patch
119415-14 GNOME 2.6.0_x86: Gnome Accessibility Libraries Patch
119599-08 GNOME 2.6.0_x86: Gnome Screen Reader and Magnifier Patch
120461-14 GNOME 2.6.0_x86: Gnome libs Patch
122213-25 GNOME 2.6.0_x86: GNOME Desktop Patch
119901-05 GNOME 2.6.0_x86: Gnome libtiff - library for reading and writing TIFF Patch
119549-12 GNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Patch
125544-02 GNOME 2.6.0_x86: GNOME panel applets
121096-02 GNOME 2.6.0_x86: GNOME EXIF tag parsing library for digital cameras
120740-04 GNOME 2.6.0_x86: GNOME PDF Viewer based on Xpdf
137081-01 SunOS 5.10_x86: libpng Patch
119116-34 Mozilla 1.7_x86 patch
125333-03 JDS 3_x86: Macromedia Flash Player Plugin Patch
119904-02 Openwindows 3.7.3_x86: Xview Patch
125726-02 X11 6.6.2_x86: xinerama patch
124458-01 X11 6.6.2_x86: xdm patch
119064-01 SunOS 5.10_x86: libXpm patch
Sun UC patch revision:
119789-08
119789-09
120336-04
121082-06
121082-08
121119-09
121119-12
121119-13
121454-02
123004-02
123006-05
123631-01
123631-03
123896-04
124187-03
124187-07
124615-01
Solaris release:
Solaris 10 11/06 s10x_u3wos_10 X86
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 14 November 2006
Java -version:
java version "1.5.0_15"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_15-b04)
Java HotSpot(TM) Server VM (build 1.5.0_15-b04, mixed mode)
Cacao Java version:
java-home=/usr/jdk/jdk1.5.0_15
Software Cluster:
CLUSTER=SUNWCall
All ccr properties:
20:
Property not defined: 20
cns.assetid:
69e3IYbsEWGYkbEj4Sh7IC/MmzM=
cns.br.SunUCenabled:
true
cns.ccr.keyGenPath:
/usr/lib/cc-ccr/bin/ccrKeyGen
cns.clientid:
a71dcd7d-80ad-460e-a90d-2ccad3c61a6a
cns.httpproxy.auth:
cns.httpproxy.ipaddr:
my-company-proxy
cns.httpproxy.port:
8089
cns.patchsvr.cachelocation:
/var/sadm/spool/patchsvr
cns.patchsvr.patchsource:
https://getupdates1.sun.com/
cns.regtoken:
f6deec68-e017-4b69-a454-17fb2734b587:1216944000000:T
cns.security.password:
YztBI1HobSLyOaRhjA7lJjZf8RkBtlsGnD+E6zw7WYIT
cns.security.privatekey:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIv2RwN5o570YCAggA
MBQGCCqGSIb3DQMHBAjH7/9IpzuBjASCAoC45re2Cl5g1V3a8mVvzXK4ZAzoB6cw
BqFh6LfuYAxRRSvu0QIqWKCts8LfNtBgBwX3hdhusM3Ds1wNfNpM2wo49za9H9ON
HVBh8o2DSU7QZ7Gj5usqHsSRM5EWUwS72kKwNol8D+SN8w4gK67VSW2qoXtumkFC
G8QXlJgH8koOtazKcR9ituLyigCDpPcZNM/Fooo/yBUKWuIZSh1iwV7WEi0yh6PA
zYybO4USIET/BDHjZkU9+YBN8IJn7g9SEJtOwP7JO955X5KCvXg/jXpNBCXUdIcH
KVP45SHF0pB90Wu+gYONF3hYGW1PM2O7NJIbrrLpPowVOzY0B1wxahGHnwZmMfO0
VwN5a/WtKoVW/dx9E6dIDl+16IivwOp9D4kXfXkY7mqLO+/A50/Ho4NETXWFTmH+
ZboO1NguFKMyQcGvP1lbefHMkMmAsWcOBLJ2xfANOp7Z2sltWwZXpE/JVxCULiob
128w09GE4+iFjAAQdFR1eyCyyYRUiqe24RbA2/hh8Ca1OJykEo703HC0R/HzQYIQ
GXJs1ZyIRGCLtOWU1nmpikz1wWHPgq/x0dSBNmMNQWwy2pKzIrnwtVdZ8OYgi4te
EJk1c058zldviq7KXHwCy40lgdI17DEYr/IM7MnBorjtQPodMuUdyQv89ju4C0id
KJ7XAY2/mRdoIisi1OxDC5mQ/KaIbv1ylz7BgPxo/Py8Yg1XpnriTqLYurwBDJ8B
WX9Puk1s66GkFEu/Ro4UJ/r2MGCQPvXbtZ/k/dQLXPNg4Suh1SDcb3J7yrkslEez
2HAIBX0JDmTP+xzztK6ZOk7haAf9N50dWh/511TAU+XRyCCk/mtRQTMf
-----END ENCRYPTED PRIVATE KEY-----
cns.security.publickey:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiAk601x255FlI/+B/1ol/pVXM
aco3+SOjm1Otxy8T66MmmLNnCHskqVEo1Y5+WrirfMDslaPBjBEeu4iSK4sgbGpK
InSXobdF7h7HecLtPBlczV8+lPBD0bEHYPwSVAZBIL0IhrEx8/Jl/SUgxz9Driaf
E9iWD+oViJ+JSmw5IwIDAQAB
-----END PUBLIC KEY-----
cns.swup.UMautolaunch:
false
cns.swup.autoAnalysis.enabled:
true
cns.swup.checkinInterval:
2
cns.swup.lastCheckin:
0
cns.swup.patchbaseline:
current
cns.swup.regRequired:
true
cns.transport.serverurl:
https://cns-transport.sun.com
patchsvr settings:
Patch source URL: https://getupdates1.sun.com/
Cache location: /var/sadm/spool/patchsvr
Web proxy host name: my-company-proxy
Web proxy port number: 8089
Sun UC package status:
SUNWbreg not installed
SUNWdc not installed
Please attach /tmp/sv4503-060608-suc-out.Z in your reply to the Sun Update Connection Technical Support Team.Edited by: mdreelin on Jun 6, 2008 10:32 AMTry moving the files in /export/home/var/sadm/patch and /export/home/var/sadm/patch back to their correct locations.
You might then find that updatemanager works as expected again. Did you ever stop to think what those directories were used for? -
Handling of pending reboot, exclusive updates for patch management with SCCM 2012
Hello,
Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
Assuming I have the following:
- A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
- A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
- Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
--> when the maintenance window will be reached:
- will the server first be restarted to clean the pending reboot ?
- will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
Another scenario on workstation side:
- can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
would have the following behavior. For instance:
- patches are automatically installed on Monday at 10 AM
- as soon as deployment is done, warning message is displayed to ask users to reboot
- then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
--> Can such a scenario be managed by SCCM 2012 ?
Regards.Hi,
I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012. Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked? There seems to
be only 2 different options for reboots, Suppress them all or don't suppress them at all. We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
a notification that their machine needs to be rebooted (at their convenience).
We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
option to postpone or delay.
This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
Please tell me there is a way to achieve our desired result.
Thanks,
Dan -
Hi,
I am getting an error System.Management.Automation.MethodInvocationException: Exception calling "ExecuteQuery" with "0" argument(s): "$Resources:core,ImportErrorMessage;" ---> Microsoft.SharePoint.Client. ServerException:
$Resources:core,ImportErrorMessage;
Following is my powershell script on line
$context.ExecuteQuery(); it is throwing this error.
function AddWebPartToPage([string]$siteUrl,[string]$pageRelativeUrl,[string]$localWebpartPath,[string]$ZoneName,[int]$ZoneIndex)
try
#this reference is required here
$clientContext= [Microsoft.SharePoint.Client.ClientContext,Microsoft.SharePoint.Client, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c]
$context=New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
write-host "Reading file " $pageRelativeUrl
$oFile = $context.Web.GetFileByServerRelativeUrl($pageRelativeUrl);
$limitedWebPartManager = $oFile.GetLimitedWebPartManager([Microsoft.Sharepoint.Client.WebParts.PersonalizationScope]::Shared);
write-host "getting xml reader from file"
$xtr = New-Object System.Xml.XmlTextReader($localWebpartPath)
[void] [Reflection.Assembly]::LoadWithPartialName("System.Text")
$sb = new-object System.Text.StringBuilder
while ($xtr.Read())
$tmpObj = $sb.AppendLine($xtr.ReadOuterXml());
$newXml = $sb.ToString()
if ($xtr -ne $null)
$xtr.Close()
#Add Web Part to catalogs folder
write-host "Adding Webpart....."
$oWebPartDefinition = $limitedWebPartManager.ImportWebPart($newXml);
$limitedWebPartManager.AddWebPart($oWebPartDefinition.WebPart, $ZoneName, $ZoneIndex);
$context.ExecuteQuery();
write-host "Adding Web Part Done"
catch
write-host "Error while 'AddWebPartToPage'" $_.exception| format-list * -force
ERROR:
Error while 'AddWebPartToPage' System.Management.Automation.MethodInvocationException: Exception calling "ExecuteQuery" with "0" argument(s): "$Resources:core,ImportErrorMessage;" ---> Microsoft.SharePoint.Client.
ServerException: $Resources:core,ImportErrorMessage;
at Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream responseStream)
at Microsoft.SharePoint.Client.ClientRequest.ProcessResponse()
at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
at ExecuteQuery(Object , Object[] )
at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)
--- End of inner exception stack trace ---
at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments)
at System.Management.Automation.DotNetAdapter.MethodInvokeDotNet(String methodName, Object target, MethodInformation[] methodInformation, Object[] arguments)
at System.Management.Automation.Adapter.BaseMethodInvoke(PSMethod method, Object[] arguments)
at System.Management.Automation.ParserOps.CallMethod(Token token, Object target, String methodName, Object[] paramArray, Boolean callStatic, Object valueToSet)
at System.Management.Automation.MethodCallNode.InvokeMethod(Object target, Object[] arguments, Object value)
at System.Management.Automation.MethodCallNode.Execute(Array input, Pipe outputPipe, ExecutionContext context)
at System.Management.Automation.ParseTreeNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)
at System.Management.Automation.StatementListNode.ExecuteStatement(ParseTreeNode statement, Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)
Thanks Sethu for your comments. However i am running this powershell directly on server so believe
SharePointOnlineCredentials is not required.
I have tried it but still giving me same error -
What is the best approach for patch management
Hi,
I'm new about patch management. I would like to ask you how manage patch on few Solaris 10 servers using command line.
I would like to know:
1. Using only command line how to download latest patches
2. There are some dependencies how to check this and install only those patches which meets dependecy requirements?
3. Is there possiblity to atomate this?
4. Is it possible to have one patch server and others servers will download and install this patches?
5. What if some patches are not installed?
6. How to find out which patches are necessary and which patches don't have to be installed? Or maybe or patches to be installed?
7. Could you please describe your approach for managing patches? Or maybe you can recommend some books/web page/articles that can help me to understand patch management.
Thanks in advance,
Danielsmpatch is the command line tool to manage solaris patching. first you need to register yours system - this can be done using sconadm, detailed here:
http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1
smpatch analyze will list all required patches and resolve dependencies. smpatch download will download all the required patches, and smpatch update will apply them. You can set up a Local Patch Server to download patches, then your clients will download the patches they require from it. This is detailed in chapter 6 of the update connection admin guide -
ZCM Patch Management Dashboard blank
I'm using ZCM 10.2 RC1 and am trying to test Patch Management. I have patch management working, patches have downloaded and DAU is running. One thing that is not working is the dashboard. I have flash installed but the dashboard is blank. Are there any special requirements for the dashboard? Has anyone else got it working?
BTW, I'm running ZCM under Windows Server 2003 Standard x64 SP2.
Jim WebbOriginally Posted by jwebb
I'm using ZCM 10.2 RC1 and am trying to test Patch Management. I have patch management working, patches have downloaded and DAU is running. One thing that is not working is the dashboard. I have flash installed but the dashboard is blank. Are there any special requirements for the dashboard? Has anyone else got it working?
BTW, I'm running ZCM under Windows Server 2003 Standard x64 SP2.
Jim Webb
Which browser are you running? There is a known bug affecting IE... -
ZCM Patch Management Patch Status Inaccuracies
We currently have issues with ZCM Patch Management incorrectly reporting the status of a couple of Microsoft updates. Specifically, we have firm evidence of this for the following patches (but suspect there may be more):
Microsoft Office 2007 SP3 - Microsoft Baseline Security Analyzer shows it as required, ZCM says its already applied.
MS11-049 InfoPatch 2007 - Microsoft Baseline Security Analyzer shows it as required, ZCM says it's not applicable.
We are checking the ZCM status in both the {guid}.state file on the device (which has today's date stamp) and in ZCC - both of these places show the same, incorrect, status.
We see this issue on multiple managed devices. The zone is 10.3.3. Devices have 10.3.3 with Patch Management Agent Update 2.
This isn't a timing issue, as we have left things several days before checking the status again.
I am raising a call with our Novell reseller, but am interested to find out if anyone else is seeing similar issues.
Thanks,
Martinmetheridge,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
ZCM 11.2.4 - 11.3.1FRU1 Patch Management Agent Update 1
Tried the "updated" exe files, patch management now says all of our win7 machines with Office 2007 are missing SP3 (KB2526086) which is completely wrong.
https://download.novell.com/Download...d=G072RdrX4b0~dtemple-sgi,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com -
Patch Manager for Solaris 9 9/05
I am trying to locate the Patch Manager download for Solaris 9 9/05 but all I have been able to locate on the downloads site is the version for Solaris 8. Does anyone have a link to the Solaris 9 version? Thanks.
Exactly, whith that configuration all works well (if my server is connected to Internet).
The problem is when I have another server, not connected to Internet, that requires new patches.
If I have good understood I can install patch manager(2.0) on that server, require patches to my local patch server and if the patches required aren't on the disk the local patch server requires them to Sun. During this request it seems that my local patch server doesn't connect trough the proxy (snoop doesn't report connections). even if the configuration is set. (I have tried a reboot too). -
Novell-iprint-server patch-11778
Hi.
I just installed patch-11778 via rug on a clustered node for the iprint
server and now I can not even start ipsmd on that node, iprint stops
with "FATAL Error (506D000C) occurred while initializing the Managed
Object database". Luckily I have not upgraded the other node in the
cluster so I can still start the iprint server there.
I searched everywhere on novell.com about this patch but could not even
find any confirmation that the patch exists. The patch info in rug
claimed to resolve the issues we have (needing to restart iprint every
couple of hours/days).
Anyone know anything more?
/andersI have just encountered the problem with the same results. Fortunately,
Novell came out with a patch that I installed via Linux Patch Manager.
The iPrint patch is Open Enterprise Server Patch 11856, released
10/16/07, and it resolved my Print Manager's inability to start.
Good Luck with yours.
Glen
> Hi again, seems noone has seen this before?
>
> Well, I kind of found a solution last night. It seems to be the
> driverprofile-database that crashes the new iprint-server. I tried to
> find out where the driverprofiles are stored and it seems that it is in
> the psmdb.dat file.
>
> I put the whole iprint server on a test system, still the same error.
> Deleted psmdb.dat and started up the iprint-server, it started just
fine
> this time and all printers and settings were left except for the
> driverprofiles.
>
> I restored the database again and reverted to the old iprint-server, I
> then removed all driverprofiles from iManager, upgraded to new
> iprint-server and it starts just fine and printing works.
>
> In our iprint production system we only have about 30 printers so I'm
> going to go with this solution, recreating the profiles is a pain but
if
> iPrint stays stable we might migrate our other 250+ printers. Hope
> someone else finds this useful.
>
> /anders
>
>
> Anders Westerberg wrote:
> > Hi.
> >
> > I just installed patch-11778 via rug on a clustered node for the
iprint
> > server and now I can not even start ipsmd on that node, iprint stops
> > with "FATAL Error (506D000C) occurred while initializing the Managed
> > Object database". Luckily I have not upgraded the other node in the
> > cluster so I can still start the iprint server there.
> >
> > I searched everywhere on novell.com about this patch but could not
even
> > find any confirmation that the patch exists. The patch info in rug
> > claimed to resolve the issues we have (needing to restart iprint every
> > couple of hours/days).
> >
> > Anyone know anything more?
> >
> > /anders -
Disable Patch Management temporarily on clients?
I've just noticed now that we've got ZPM enabled it seems to get a bit overexcited and start trying to patch machines while they're still being configured during our imaging process. For example our scripts go:
Image > drivers Novell Client > ZCM Agent > pre-load Bundles > AV = finish
Seems like ZPM kicks in as soon as the Agent registers into the zone. In theory it shouldn't do anything as I have the DAU set to 30 minutes after refresh (with ZCM auto refresh disabled) but yet I still see a Novell patch manager popup slide in from the corner (then disappears as quickly as it arrived)
Is there a command that can be used to temporarily disable all ZPM activity on a client? Might also be important for us for any online exams that could fall in the overall patching window.gshaw0,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/
Maybe you are looking for
-
Transfer a char type varialble value to NUMC type variable
Hi all, I have a BSEG-PROJK type NUMC(8) variable and one xyz type CHAR(50) variable. I have to pass value from xyz to BSEG-PROJK my e.g is that while I am passing xyz= 'M-000064' BSEG-PROJK = xyz then the value of BSEG-PROJK is 00000064 but i nee
-
Error message GBB_____BSA 7925
Hi, During stock determination ( mb1c) ,i got an error message account determination int gbb__bsa 7925 is not possible. How to solve this problem. Please suggest. Regards, Abhishek Kumar
-
Hello , is there anyway can we handle SAP events from CPS , our scenario is if we schedule a job in SAP from CPS , the job in SAP is firing an SAP event based job , how can we get the status of event based job from SAP to CPS. Regards Ragh
-
Duplicating an existing Aperture Library on another machine: problem unsolved
I'm trying to duplicate one existing A3 library onto another machine. It's not working: the folder structure is different there. My aim is to be able to work with a duplicate library on the other machine in another location. Images are referenced, no
-
Blu error screen! STOP 0x000000F4​. Need help.
Hi. i have this laptop with win 7 installed. it worked fine,until i did one o cleaning procceses with TuneUp2009. ( i do it regulary every month and it was ok ) but now after tuneup2009 restarted my pc, on start up he show this stop error. STOP 0x00