Description
By default, patches are downloaded and stored in the core servers LDLogon\Patch directory. It is often desirable to store the patches on a separate server, such as a Preferred Package Server.
Configuring the Patch Download Location
- Open the Ivanti EPM Console and go to Tools | Security | Patch and Compliance and click on the first icon
![Download Icon.png]()
to open the Download Updates window. - Click the Patch Location tab.
- Enter a UNC path where the patches are to be stored.
Note: The default location is the Core Server's \LDLogon\Patch directory. - If the UNC path entered above is to a location other than the core server, enter a valid username and password to authenticate to that location.
- Enter a Web URL where devices can access the downloaded patches for deployment. This Web URL should match the UNC path above.
- Click Test Settings to check to see if a connection can be made to the Web address specified above.
Note: If you want to restore the UNC path and Web URL to their default locations, click Restore to Default.
Creating the UNC Share
- Connect directory or through remote desktop to the share server where the patches will be stored.
- Create a new directory.
- Right-click the newly created directory and click Properties
- Click the Sharing Tab.
- Verify the Share name is correct.
- Click Share...
- The account you specified in step 3 of "Changing Patch Location" needs Full control permissions to this UNC share. Note: You will also need to set up the permissions on the new share to have the same security settings as the original patch location.
- Click Share
- Click the Security tab.
- You will need to set up the Group or User Names section to match the original patch location.
- If you click Test settings when you are setting the patch location in the Security and Patch Manager Tool and you get the error "Failed to write test file to UNC path \\ServerName\sharename\TestWritePatchData.txt" it means you have not given the user in the credentials field write rights to the share.
Note: In IIS Manager be sure that the folder your are using is not an application. To check this simply right click on the folder and if near the field Application Name (in the Virtual Directory tab of the properties) the button Remove exists, click on it. Then the Application Name field will become gray.
How to properly set up a web and UNC share for the new patch location in Server 2008/2012
Creating the Web Share
- Go to Start > Administrative Tools > Internet Information Services (IIS) Manager:
- Expand Server Name > Sites
![Add Virtual Directory.png]()
- Right click on Default Web Site and then click on 'Add Virtual Directory'
- Alias will be the name of the folder in IIS. It should be the same as the actual folder name and should not contain any spaces
- Browse to your physical path that you created and then hit OK.
- Ensure that Directory Browsing is enabled by double-clicking the Directory Browsing icon in the features view.
- Test the share by going tohttp://CORESERVER/PathToHTTPShare
How to properly set up a web and UNC share for the new patch location in Server 2003
Creating the UNC Share
- Connect directory or through remote desktop to the share server where the patches will be stored.
- Create a new directory.
- Right-click the newly created directory and choose Sharing and Security.
- Click the Sharing Tab.
- Click Share this folder.
- Verify the Share name is correct.
- Click Permissions.
- An account needs Full control permissions to this UNC share. These are the credentials you will use in step 3 of "Changing Patch Location" (In download updates tool). Note: You will also need to set up the permissions on the new share to have the same security settings as the original patch location.
- Click OK.
- If you click Test settings when you are setting the patch location in the Security and Patch Manager Tool and you get the error "Failed to write test file to UNC path \\ServerName\sharename\TestWritePatchData.txt" it means you have not given the user in the credentials field write rights to the share.
Creating the Web Share
- Right-click on the folder you want to share and select Properties.
- Click on the Web Sharing tab.
- Click Share this folder.
- Check Read and Directory browsing.
- Click OK once.
- Click on the Security tab.
- Add the IUSR_computername account and give it Read & Execute permissions.
- Click OK.
- Open IIS Manager, navigate to the default web site and expand its contents.
- Right-click on the newly created virtual directory and select properties
- Click on the Directory Security tab, then Edit... under Authentication and access control.
Check Enable anonymous access and apply the changes.
If you click Test settings when you are setting the patch location in the Security and Patch Manager Tool and you get the error "Failed to read test file from HTTP URL http://serverName/shareName/TestWritePatchData.txt" you have not enabled Anonymous access correctly (Steps 7 - 12).
If you click Test settings when you are setting the patch location in the Security and Patch Manager Tool and you get the error "Failed to write test file from HTTP URL http://serverName/shareName/TestWritePatchData.txt" the UNC share permissions have not been set correctly. The share permissions for the patch share should mimic the permissions assigned by default to the LDLogon share.
If you have moved the patch directory to a new server and receive an "HTTP Error 404 File or Directory not found" when attempting to download any files, open the IIS manager, right click the Web directory, choose properties, click the HTTP Headers tab, click MIME types..., and add .* All File Types to the MIME types. Now at the run line type iisreset and after IIS restarts the files should be available for download.