What logs can I go through to find information about Failed Patch Installations?
There are some log files we can review to gather more information regarding patch failures. These are the ptchscn2.xml, Agent Procedure log, Setup Event Logs, and WindowsUpdate.log. In order to find the patch information in the logs you will need to gather the patch Update Identifier number to find the exact patch.
To obtain the Update Identifier Code, the steps below would need to be followed:
- Check Patch Management > Patch Status Page >Check for the failed patch.
- Click on the KB link
- The patch details window will open. Here look for the "Update Identifier" number and copy the first line. For example:
Once this is obtained you can look for the number within the Windows Update log mentioned and find information for the failed patch.
Gathering Information through ptchscn2.xml
You can find this file on the Agent's working directory. Using the same Update Identifier number obtained before you can find information if the patch actually shows as installed on the machine after the patch scan was done. There will be a section for "isInstalled= number" . If the number = 0, the patch is not installed, if = 1 installation was successful. Example:
If the patch shows as installed there but the scan still shows it as failed, the information may not have processed correctly. You can delete/rename ptchscn2.xml and re-run a patch scan. If there is an issue with patch scan please review the following link: https://helpdesk.kaseya.com/entries/33782016-Troubleshooting-failed-patch-installs-and-failed-patch-scans-and-incorrect-data-on-Patch-Status-page
Gathering Information through Agent module> Agent logs> Agent Procedure Logs
Through these logs you can review when the patch was executed and if the patch script may have timed-out or if it shows any error regarding this patch. If it timed-out try scheduling the patch again. The "agent logs" can also indicate if there was an issue with the patch executing, permissions.
Gathering Information through Windows Update log:
Open WindowsUpdate.log located on the machine directory => C:\Windows directory. You may also obtain this file via Agent Procedure module > Get File option.
Select "CTRL + F" to search for the Update Identifier number. Once you find this, if there is any error for that patch check the information provided on those lines. The information can vary as there can be different reasons why the patch failed. For example, It can provide an error code starting with "0x0...". This can then be further research by using search engine (web).
Gathering Information via Setup Event logs:
You can also review the patch failure information by accessing the Event logs>Setup logs. This can only be viewed if the machine is set to collect such logs, if not you would have to configure it to do by following steps on Microsoft sites.
- To review the logs, you may establish a Live Connect session and select > Event Viewer > Setup. Filter by the date the patches were sent to be installed and review the patches information. If there was an error installing the patch it will show here as well. The error may provide a code as well which can be used to search on the web for more information.
Note: By checking on these logs you may be able to use the search engines to determine the reason the patch failed to install. If the results do not provide much assistance please feel free to create a ticket with Kaseya Support for further assistance. Please include as much detail as possible with what you've done to troubleshoot the failed patch installations.