Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ePO doesn't distribute AV8 hotfixes to all PC's

Status
Not open for further replies.
PredatorUK

PredatorUK

MIS
Feb 23, 2004
38
GB
I administer just over 3000 PC's using ePO 3.5 (Patch1) and am in the middle of rolling out AV8 (inc Hotfix 1,4,5,7,8,9). However, not all the PC's appear to be getting the hotfixes, so when I run reports, I have some PC's with hotfix 7, some with 1&7, some with 8 etc.

This has pretty much stayed the same for the last couple of weeks and the PC's still arn't updating to all the hotfixes.

Has anyone else experienced this?
 
Sort by date Sort by votes
Yeah, I haven't figured out why, must be a feature of ePO, Try putting them all in the package through Install shield and you won't have to worry about your machines updating.
 
Upvote 0 Downvote
I've tried using "Installation Designer", but when I go to add the hotfixes, it doesn't accept that file extension.... At the moment I just use the default AV8 install imported in to ePO
 
Upvote 0 Downvote
i've noticed that as well
but a lot of the pc's that are showing as only say having patch 7
if you check it when it's updating - ie i can see it checking the patches and saying not required
and if you remote the pc and check virus properties - they are all on but just not being reflected in the console

even tried removing them for a while and putting on one at a time but still doesnt truelly rfect whats out there
 
Upvote 0 Downvote
I tried bundling it within Installation Designer using the Programs portion of Installation Designer, but I wouldn't recommend doing it, especially since Patch 7 triggers a reboot. And because Patch 7 requires a reboot, I found that sometimes the install would end (sometimes automatically reboot) after the patch install leaving the VirusScan corrupted on my test PCs.

Instead, I checked in all the patches into the Repository. I then created my custom Installation Designer package so that VirusScan does not do an AutoUpdate at the end of the install and also configured the install to force a reboot after the install. I created a "Deployment" group in the directory and moved the PCs I want to upgrade from 7.1 to 8.0 into that new group. I modified the policies for that group so that PCs automatically reboot the PC within 30 seconds and the ePO Agent is set to communicate with the server every 10 minutes so that it doesn't affect my other clients.

I modified the Deployment job for that group to install VSE 8.0i at 8:30 PM. I then created an AutoUpdate task to run the task every 15 minutes between 9:00 PM to 10:00 PM. So with that setup, VSE 8.0i install will trigger an automatic reboot, which should solve that access protection/buffer overflow protection pop-up indicating a reboot is required first. Then AutoUpdate kicks in and does Patches 4 and 7. Since Patch 7 triggers a reboot, the clients should reboot automatically. After the reboot, the AutoUpdate task triggers the remaining updates.

So far, it appears to be working for me and I've just started deploying the VSE 8.0i upgrade for the past 3 weeks (taking it slowly to make sure I don't affect other users' productivity)

One thing I should mention is that I've got a separate reboot job going out to clients at 8:00 PM and 10:00 PM (using a third patch deployment product). That way the PC is freshly rebooted before the upgrade and rebooted after 10 PM in case Patch 7 fails to trigger the reboot. So far, it has worked well for over 200 clients that I've updated. (Again, I'm taking it slowly to make sure the upgrade goes well and smoothly because anytime something fails to work, VirusScan is the first thing user blames)

You may want to work out the ePO deployment bugs and kinks first to a bunch of test PCs first and then once you've got that nailed, proceed with the production environment.
 
Upvote 0 Downvote
Cheers for the info. Its kinda hard to administer when you have over 3200 PC's and 80 sites;)

Its going quite well, but there seems to be a bug getting the latest info from the client PC. You are indeed correct about web surfing to the agent and seeing that all hotfixes are installed.

I do have a task set to get the latest info from the client, but perhaps this isn't as efficient as its supposed to be. I find sending a manual wake up call to the PC / Site seems to update the dbase correctly and making my reports look better.
 
Upvote 0 Downvote
I too have found that in some cases, ePO reports the clients as having Patch 9 when I know they have all. And I too also had to issue a manual Agent Wakeup Call with Full Properties scan to be able to get the right info populated into the report. (Even though I set my ePO Agent policies to do a full inventory scan each time and not just the minimal scan)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
811
Johnkite
Johnkite
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
317
ChrisHirst
ChrisHirst
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
774
nnaarrnn
nnaarrnn
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
219
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top