Versions / Builds AffectedAll LanGuard versions
Problem SummaryLanGuard fails to install patch KB3024777 on target computers
TT / JIRAID2503
How to IdentifyKB3024777 was released to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2, but this fails to be installed with the error 'State: failed (Unknown error: -2146498555)'.
You can also find the error mentioned above in the PatchAgent.txt log file:
2015-02-20,14:25:06,"info ",ActionsExecuter::ExecuteAction - Created process 'agent_execute.bat' with path 'C:\Windows\Patches\'.
2015-02-20,14:25:06,"info ",ActionsExecuter::ExecuteAction - Waiting for process to finish to ensure sequentiality.
2015-02-20,14:25:09,"info ",Process is over.
2015-02-20,14:25:09,"info ",ActionsExecuter::ExecuteAction - Process '"KB3024777-amd64.exe"' returned -2146498555.
2015-02-20,14:25:09,"info ",Waited for process to finish 2654 milliseconds.
2015-02-20,14:25:09,"info ",ActionsExecuter::ExecuteAction - Deleted bat file 'C:\Windows\Patches\agent_execute.bat'.
2015-02-20,14:25:09,"debug ",ActionsExecuter::ExecuteAction - << '"KB3024777-amd64.exe"' 'C:\Windows\Patches\' result '1' '-2146498555' '0'
2015-02-20,14:25:09,"info ",Performed command '"KB3024777-amd64.exe"' from path 'C:\Windows\Patches\' x64 aware.
Workaround / Fix Details- Development pulled this patch (KB3024777) from the patch definitions. However, it has returned (most likely because of the automated way we pull in MS Update definitions.
* Development is working to remove it permanently.
* Until then we will tell the customers the following:
We actually removed this patch from our patches database some time ago. However, it apparently has come back because of the automated processes we use to incorporate Microsoft patches in our patch definitions. We have informed development of this are awaiting a resolution.
We removed the patch because of all the problems all Microsoft customers were having with the patch. It is a patch made to fix another patch that has to do with windows update components (which you are not using).. It is not a security patch.
Until development fixes this we recommend you use the workaround choosing the "ignore" option and re-scanning so that it no longer shows as missing and no longer attempts to deploy. To "ignore" a patch. Find the patch on the Dashboard -> Patches tab, select it and click the "Ignore" link under the Actions pane and select to ignore for all computers. Then, after the next scan of your machines the patch should not show up in the list of missing patches.
Required Actions1. Confirm the issue is this issue per the "How to Identify" section above.
2. Tell the customer the workaround above.
3. Close the case
NOTE: This issue affects ALL LanGuard customers.