Problem
I am using Offline Default Scan Source and facing the following issues:
- Patch Status shows no patch data (only dashes) even after patch scan
- Patch Status shows no missing patches but you believe there should be some
- Patch Status numbers do not appear to be changing over time when you believe they should
Cause
The Primary Data Source (Online Scan) for patch management is the Microsoft Update Catalog (MUC). Kaseya leverages the Windows Update Agent (wua.api) to check the Microsoft Update Catalog (MUC) for all patches currently available and to determine which of those patches are applicable to the endpoint. In offline Patch Scan, the scan source is wsusscn2.cab
file. This file is copied to the agent's working directory from the Kaseya Server at the time of the scan. There is a file size limit to WSUSscn2.cab, it contains only an extremely limited number of patches - only current, active Service Packs, Security Updates, and Update Rollups. For example, where the MUC might contain 10,000, the .cab file might contain only 100. Of those, only one might potentially apply to the endpoint and if that patch is already installed (Windows 7 SP1, for example), then patch scan would not report any needed patches.
Solution
1) Please set Set Default Scan Source to Online
2) Ensure the five websites necessary for patching are allowed by Firewall, Proxy, web filter, or other security services (allow anonymous browse access to these sites). The five sites are:
- update.microsoft.com
- download.microsoft.com
- download.windowsupdate.com
- www.windowsupdate.com
- vsaupdate.kaseya.net
More Information
If the problem persists, refer to these resources for further troubleshooting steps
Troubleshooting incorrect data on Patch Status page:- https://helpdesk.kaseya.com/entries/33782016-Troubleshooting-failed-patch-installs-and-failed-patch-scans-and-incorrect-data-on-Patch-Status-page
Applies to
Kaseya VSA - V6.3 and above
Kaseya Patch Management