This document details common patch content download issues and the troubleshooting steps involved in troubleshooting and resolving the issue.
Patch content download activity is logged to the following log files on the core server:
\Program Files (x86)\LANDesk\ManagementSuite\log\console.exe.log
\Program Files (x86)\LANDesk\ManagementSuite\log\vaminer.log
\Program Files (x86)\LANDesk\ManagementSuite\log\vaminer.details.log
Antivirus content downloads are also logged in the following log files:
\Program Files (x86)\LANDesk\ManagementSuite\log\getbases.exe.log
\Program Files (x86)\LANDesk\ManagementSuite\log\updatevirusdefinitions.exe.log
Each section with a bold heading represents a different issue followed by a discussion and troubleshooting steps regarding the issue.
Summary of the issues covered within this document:
- Cannot connect to LANDesk Patch Content servers and/or vendor patch download locations
- Vulnerability content category not showing up in the Download Updates window
- A particular vendor's updates fail to download
- Error when downloading content "Hash for patch does not match with host. Discarding."
- Error: "Waiting for file lock" when downloading patch content
- How to exclude scanning of patches from a certain vendor
- Spyware content not downloading properly or Spyware content not appearing in console
- Patch storage folder resetting back to defaults
- How to change the default patch download location
- Error: "Object does not match the specified SHA-256" hash
- Error: "You have not specified a site from which to download updates" when downloading updates in Patch Manager
Cannot connect to LANDesk Patch Content servers and/or vendor patch download locations
There are three different patch content servers:
- US West Coast (patch.landesk.com)
- US East Coast (patchec.landesk.com)
- EMEA (patchemea.landesk.com)
DNS on the core server must be able to resolve these host names.
In addition the LANDesk core server will contact the following addresses:
- community.landesk.com
- cswebtools.landesk.com
- licensing.landesk.com
- Various vendor patch URL's as detailed in this article.
If using LANDesk Antivirus, the following URL's will be used for pattern file downloads:
- Downloads-us##.kaspersky-labs.com
- dnl-##.geo.kaspersky.com
- Downloads#.kaspersky-labs.com
The following ports need to be allowed to the core server:
- Port 80 (for access to patch download URL's)
- Port 21 (for access to patch downloads from FTP sources)
- Port 443 (for secure HTTPS access to the patch content servers)
Check the proxy configuration and credentials within the Proxy tab of the Download Updates section of the Patch and Compliance tool.
- Is it set to use a proxy server?
- Does your environment require a proxy server?
- Is the proxy server address correct? (Can the core server reach the IP, server name or FQDN?)
- Is the port correct for what the proxy server is configured to use?
- Is this an HTTP based proxy?
- Does it require login credentials?
If it does require login credentials which format does it require?
- DOMAIN\username
- username
Note: Some proxy servers require authentication protocols not supported by LANDesk (such as NTLMv2, etc)
Vulnerability content category not showing up in the Download Updates window
This is typically caused by an issue with the product license. There are several reasons this can happen:
- Product license is invalid, missing, or expired. It is very common to have a license for one version, then upgrade to another version and the license is no longer valid. (Example: License is for LDMS 8.8, however the installed version is LDMS 9.0)
- Subscription license is invalid, missing, or expired.
The following steps should be followed:
- From the Start menu on the core server go to All Programs --> LANDesk --> and run "Core Server Activation"
- Within the "Activate LANDesk Core Server" utility click on "Licenses"
- Compare the licenses listed with your licensing agreement. Are any expired? Do you have all of the licenses you expect to have?
- Reactivate the core server by clicking on "Activate"
If anything is missing, incorrect (such as product version is wrong), or shows as expired you should reactivate your core server.
From within the Core Server Activation Tool, make sure the Contact Name and Password are correct, and click "Activate".
If you have reactivated and the information still does not appear correct, contact LANDesk Support to investigate further. If either is expired, contact your Sales Representative or the Licensing Queue at LANDesk Support for further assistance. This can be done through the Self Service Portal or via Telephone.
A screenshot of the Licensing screen from the Core Activation Utility would be advised to give to LANDesk Support.
A particular vendor's updates fail to download
If a particular vendor's updates fail to download (for example Adobe, Java, etc), this is most likely due to a proxy or other internet appliance configuration.
The proxy or internet appliance must be configured to allow the core server access to various vendor download sites, both on HTTP and FTP.
For a complete list of the URL's used by LANDesk patch content, consult this article.
Error when downloading content: "Hash for patch does not match with host. Discarding."
See article Error when downloading content "Hash for patch does not match with host. Discarding."
"Waiting for file lock" error when downloading patch content
When this error occurs, there is likely another update process that is still taking place, possibly from a scheduled task, or a previous download process has hung.
Another possible cause is another user logged into the core server using Remote Desktop in a separate session.
Typically closing and reopening the Managementsuite console will resolve this error.
If a Remote Desktop session is not being used or is being used in an Admin Session, and the Core Server has been rebooted and the error still does not go away, it is possible that there is a lock entry in the database that needs to be cleared.
Within SQL Management Studio, connect to the Management Suite database, open the Query Tool, and do the following:
select * from PatchSettings where Name like '%LOCK.UpdVulnLock%'
If entries as pictured below are returned, those rows should be deleted:
In order to delete the rows, run the following query:
deletefrom patchsettings where Name like '%LOCK.UpdVulnLock%'How to download definitions to a core server that does not have internet access (dark core)
See article How to configure Patch Definitions on a Darkcore with LANDesk 9.0
How to exclude scanning of patches from a certain vendor
For patches that are already in the Scan folder that are from the vendor you wish to exclude:
1. In the "Find" section put in the name of the vendor you wish to exclude and then under "In column" select "Vendor"
2. Select all of the vendor patches that show as a result of the search, and then drag them into the "Do Not Scan" folder.
To automatically assign the unwanted vendor patches to the "Do not scan" folder as they are downloaded:
1. Click the "Download updates" tool. (Yellow diamond with black down arrow).
2. Under "Definition Grouping" click the "Definition group settings" button.
(Note, the definition grouping option is not available in SP2 or earlier, it is a feature added with the Patch Manager component patch)
3. Click "New" to define a new filter.
4. Select "Vulnerability" under "Definition Type" and "Any" under "Severity"
5. Under "Comparison" select "Vendor" and "equals" and put in the vendor name you wish to exclude.
Spyware content not downloading properly or Spyware content not appearing in console
First check the licensing as detailed under " the "Vulnerability content category not showing up in the Download Updates window" of this article.
If this checks out, apply the latest Patch Manager component patch.
Patch storage folder resetting back to defaults
See article Patch Download Settings - custom settings reverted back to original options
Changing default patch download location
See articleHow to change the default Patch Location for Security and Patch Manager?
Error: "Object does not match the specified SHA-256 hash"
When trying to download updates for definitions through Patch and Compliance Manager all patches and of the following errors is given:
"Object does not match the specified SHA-256 hash" or "Signature is not valid, failed to download platform information"
To resolve this, uncheck the box "Verify definition signatures/hashes before downloading" on the Content tab of the Download Updates window.
Error: You have not specified a site from which to download updates when downloading updates in Patch Manager