Troubleshoot your Patch Manager deployment
If you are having problems, look here for guidance in troubleshooting and resolving an issue in your Patch Manager deployment.
See the following sections for more information:
When this issue occurs, the WSUS views may display inaccurate information or connection timeout errors. These issues occur when the WSUS database or the disk storing WSUS content is full. As a result, the Patch Manager Web Console can timeout when you select any WSUS view.
To resolve these issues, use the Server Cleanup Wizard to remove all unnecessary updates based on rules. This procedure will free up space on your disk and help your WSUS server run at optimal performance.
See Remove unnecessary updates from the WSUS server for details.
See Troubleshoot downstream WSUS server issues in Patch Manager located on the SolarWinds Support website for instructions.
See Change the account or password used for the Patch Manager service for details.
See How to run Patch Manager Diagnostics and enable logging for instructions.
See Unable to connect to clients using WMI for details.
See Managed Computers and Update Services inventories do not match for details.
When you target a remote system for a Managed Computer Inventory task, Patch Manager displays that system in the Enterprise > Managed Computers node. Select a system in the center pane of this view to see useful information about the most recent WMI connection attempt.
See Unable to connect to the Patch Manager server using a remote console for details.
When you maximize Enterprise and select Managed Computers in the navigation column, a minus sign icon displays on one of the managed computer icons.
This issue is caused by a failed inventory attempt or the WMI providers installed on the managed computer. To address this issue:
When you maximize Enterprise and select Managed Computers in the navigation column, a yellow triangle icon displays on one of the managed computer icons.
To address this issue, check the exception table in the Patch Manager database for errors.
This message can display when you connect Patch Manager to a remote computer, deploy updates to remote systems, or execute other tasks on a remote computer, such as opening Computer Explorer.
See Troubleshoot Access Denied errors in Patch Manager located on the SolarWinds Support website for details about access denied errors.
This error occurs when Patch Manager servers are not running identical Windows Server operating systems.
If Windows Server Update Services (WSUS) is configured on a separate system with a different Windows Server operating system, install and enable the Automation Server role on that server to translate the API communications between the WSUS server and the Primary Application Server.
See WSUS API Mismatch error in Patch Manager located on the SolarWinds Support website for details.
This message displays when you publish updates to WSUS.
See CreateDirectory Failed error when publishing updates to WSUS for details.
See Troubleshoot Patch Manager error 1064 located on the SolarWinds Support website for details.
This error may occur when you publish packages from Patch Manager to the WSUS server.
See Unable to publish packages from Patch Manager to the WSUS server located on the SolarWinds Support website for details.
This error message can display when you connect to a WSUS server displays when connecting to a WSUS server.
See Patch Manager cannot retrieve the Update Server information located on the SolarWinds Support website for instructions.
This error can occur when you connect to a WSUS server from the Patch Manager server.
See HTTP status 401 error when testing the WSUS connection to Patch Manager located on the SolarWinds Support website for instructions.
The Patch Manager installer does not support an installation on Web Only versions of the SolarWinds Platform.
See Error: Incompatible installation type found located on the SolarWinds Support website for instructions.
This error displays when the Patch Manager server cannot access the WMI Providers or the WMI Providers are not present on the client systems.
See Troubleshoot "Invalid Namespace" errors from the Patch Manager server or managed clients located on the SolarWinds Support website for details.
The Patch Manager server can generate this error when User Account Control (UAC) prevents the server from communicating with the WSUS server. Managed clients can also receive this error when WMI Providers are not installed on these systems.
See Troubleshoot Invalid Namespace Errors - server or managed clients located on the SolarWinds Support website for instructions.
See this KB article located on the SolarWinds Support website for details.
This error may display when you execute an Update Services task. Timeout issues can be caused by an unhealthy update server.
See Troubleshoot Timeout Errors in Patch Manager located on the SolarWinds Support website for instructions.
The number of managed nodes exceeds your product license count. SolarWinds licenses Patch Manager according to the number of managed systems. Managed systems include all WSUS, ConfigMgr, and Patch Manager servers, as well as all managed clients. The Primary Application Server (PAS) calculates the number of managed systems using the Managed Computers and Task History nodes located in the Patch Manager menu.
To resolve this issue, use the Managed Computers and Task History nodes to calculate the number of computers for your product license. If the number of nodes exceeds your product license count, upgrade your license or reduce the number of monitored nodes.
This error may occur when you publish packages from Patch Manager to the WSUS server. See Publishing packages error: Verification of Signature failed for file in Patch Manager located on the SolarWinds Support website for details.
See Unable to connect to the Application Server located on the SolarWinds Support website for instructions.
The SQL Server name was not entered correctly during the installation.
See Error when installing Patch Manager on Microsoft SQL Server 2008 or 2012 located on the SolarWinds Support website for details.
See Error displays when generating a Patch Manager report for details.
When you deploy a Microsoft Installer (MSI) package and the installation fails, troubleshoot the issue at the installer lever. For example, you can run the installer from the command line or troubleshoot MSI logging.
See Troubleshooting Microsoft Installer Error Message and Failures located on the SolarWinds Support website for instructions.
See Third party packages do not display in the SCCM Console located on the SolarWinds Support website for instructions.
The following issues may occur due to downstream WSUS server configurations:
- Systems cannot be moved from an unassigned group
- Systems will not change groups
- Options to change groups or settings are disabled in WSUS
- Patch Manager reports only display upstream server information
- The downstream WSUS does not display added systems
When a WSUS server is in Replica Mode, it inherits the update approvals and computer groups from the parent WSUS server. Most options and settings are disabled (including moving computers and group) because the downstream WSUS server mirrors the parent WSUS server. As a result, a generated report will only show the upstream WSUS server to prevent duplicate information.
The following table lists the differences between autonomous and replica downstream WSUS server configurations.
|Autonomous Downstream||Replica / Downstream|
|Uses another WSUS server as the master repository. Any updates downloaded by the master server are available to the downstream server.||Uses another WSUS server as the master repository. Any updates downloaded by the master server are available to the downstream server.|
|Not required to be in the same Active Directory forest as the master to provide full reporting.||Must be in the same Active Directory forest as the master to provide full reporting.|
|Allows individual approvals for updates different from the master.||Updates must be approved on the upstream (master) server. Mirrors update approvals, settings, computers, and groups from its parent.|
|Downstream WSUS servers must be administered separately.||Downstream WSUS servers are administered by the upstream server.|
|Allows flexibility in creating computer groups.||Reports on status of its clients available to the master server.|
|Reduces overall bandwidth off-campus as the updates are downloaded from Microsoft once and then distributed to other servers.||Does not upload reports to the master server.|
To resolve downstream WSUS server issues, adjust the settings using the WSUS Administrator Console.
- Log in to the server hosting WSUS Server.
- Open the WSUS Administrator Console.
- Expand the server name and click Options.
- In the Options pane, click Update Source and Proxy Server.
- On the Update Source page, select Synchronize from another Windows Server Update Service server.
- In the Server name field, type the name of the local upstream WSUS server.
- In the Port number field, type the port number that this WSUS server will use to communicate with the upstream WSUS server. The default port number is 80 (port 8530 on Windows Server 2012).
- Deselect the This is a replica of the upstream server option, and then click OK.
A server looping issue can occur if you duplicate a virtual machine (VM) running a Patch Manager agent.
For example, if you create a VM with a Patch Manager agent, connect the VM to the Patch Manager server, and duplicate the VM, your CPU and network traffic will increase when you run both VMs at the same time.
To correct this issue, uninstall the Patch Manager agent on one VM and then reinstall the agent.
Uninstall the Patch Manager agent
Select one of the client machines hosting the agent.
Log in to the targeted client machine.
Right-click the Start menu and select control Panel.
In the Adjust your computer's settings window, click Programs and Features.
Right-click SolarWinds Client Components - x64 and select Uninstall.
Follow the prompts to complete the uninstall.
Close the Control Panel window.
Reinstall the Patch Manager agent
- Log in to the Patch Manager Console.
In the navigation menu, maximize Administration and Reporting.
Select Software Publishing, and then right-click and select Client Publishing Setup Wizard.
- Complete the Client Certificate Management window.
Select Distribute and install Update Services Signing Certificate.
Choose Select certificate from WSUS server. This option may be selected for you.
Click the drop-down menu and select your WSUS server.
Select Distribute and install Update Services Server SSL Certificate.
In the window, select Browse computers.
- In the navigation pane, expand Enterprise > Update Services.
Maximize your WSUS server > Computers and Groups > All Computers and select Unassigned Computers.
In the top center panel, locate the targeted computer.
Click Add selected.
The client machine displays in the bottom center panel.
- Click Next > Next > Finish.
- Click Yes, and then click Cancel.
In the navigation pane, expand Administration and Reporting and select Task History.
In the Task History window check the task status in the bottom center panel. If the task was successful, Success displays in the Status column.
Complete the installation
See Patch Manager agents for instructions on how to deploy, approve, and configure the agent in your deployment.