Repair Tasks not Showing After Portal Refreshes

Purpose

This article explains the behavior of optional and recommended Patch Repair tasks as they relate to the LDMS Portal

.

Symptoms

When creating a patch repair task as a policy, and setting the task to be optional or recommended in the LDMS Portal, the task may:

• Take multiple refreshes to show in the portal
• May not show in the portal at all

Cause

When a patch repair task is set as a policy, and is made optional or recommended in the LDMS Portal, the following occurs:

• The policy is made available to the client
• The client runs policy sync (clicks refresh in the portal)
• The policy is downloaded and triggers vulscan to scan for the patches in the repair task
  • A patch must be detected as 'missing' to be displayed in the portal.
• A secondary policy.xml file is created on the client containing a list of which patches were found as missing
• The client runs poilcy sync (clicks refresh in the portal)
• The second policy.xml file is parsed, and any patches listed within it are published to the portal

If 'show one portal entry with the following title:' is selected, a single entry will be created in the portal which when ran will repair all detected patches.

Note: If no patches were found as missing, no items will be shown in the portal.

If 'show each definition seperately' is selected in the scheduled tasks properties, patches will be contained per definition within the portal.

Example: Definition MS15-020_MSU contains patch kb3039066 and kb3032323.

In our test scan, both of these patches were detected as missing, but since they belong to the same definition (MS15-020_MSU), only the definition is advertised in the portal.

Because vulscan checks patches listed for repair first, and only offers those needed through the portal for repair, policysync (refresh in the portal) is required to be ran a second time after vulscan finishes its scan.

Running policysync (refresh in the portal) prior to vulscan completing its scan will not populate any items in the portal.

If policysync (refresh in the portal) is not manually ran, it will be ran on its scheduled interval as defined in the agents settings.