cancel
Showing results for 
Search instead for 
Did you mean: 

Patch management issues

blendfish
Novitiate I

Hi

I'm testing the patch management at the moment but things haven't gone too well.  My requirements were to preinstall a list of choco software onto the machine and to keep it updated.  I'm not expecting a full featured patching system.

For the test I've used a clean windows 11 pro VM.

1. The main issue is that there appears to be no retry logic, if a package fails (for example visual studio which requires some other prerequisites to be installed first, or because windows reboots do to an update process) then that's it.  Its not smart enough to install to the others and then reboot/retry.  There's also no option in the dashboard to reinstall a failed package manually.  I ended up manually rebooting and running the choco installers manually in powershell.

2. If reboots are required then the installer appears to just list things as pending instead of rebooting.

3. On a new machine windows may update and reboot at any point in the install which will cause the above issues.

4. I can see no patch update schedule or report option to show failures.  When do the packages update?

In short I can't see how this can be used to install software onto new PC's without the retry/reboot logic and I can't see that it's particularly useful for patching existing machines without at least a failure report.

 

 

3 REPLIES 3

BenGarrison
JumpCloud Alumni
JumpCloud Alumni

Hey. great questions. So I want to take a moment to clarify a few things. Our Patch Management feature is for the operating systems only. Our patch management does not have currently patch third party or applications. 

Sounds like you are referring to the Software Management feature. Which, for windows, uses the Chocolately community repository in order to provide installations and updates. So whatever is on the community repo is what will/should be installed on the machines correctly. This isn't aimed to be a patch management solution for applications, merely an avenue to install applications and to keep them updated when they are verified on the community repo. You can create your own private repo and use that to upload packages as well. This is a great way to version control and to have internal testing before deploying applications to your fleet. 

To your other point, you are correct. The software management will attempt to try to install the software and there is a queue of about 10 minutes before it gets flushed out. If the system is offline or to your point it fails the installation, it will not attempt to reinstall. This is to avoid any type of issues where application installations just continue to retry, causing performance impacts globally. 

We are continuously working on ways to improve the Software Management capabilities of our platform and would love to hear more about suggestions. Please feel free to submit a feature request so we can have those very valid points looked into 🙂

Here is the support article covering software management for Windows. The update options are explained a bit more on this article however. 

It seems like there are three possible uses.

1. Install new PC

 - Not possible without reboot support, and/or retry logic.  I've tested this comprehensively, its just not suitable.

2. Add software to existing group of pcs.

- Not possible without support for offline devices (retry logic again.)

3. Update existing group of PC's.

- Not if offline devices don't updated when switched on (maybe the checks are performed by the agent when it starts up?)

I assume you are using this in your own offices, I'd be interested to know how you're getting around these problems.

 

BScott
Community Manager Community Manager
Community Manager

@RBaconJC do you want to chime in here re: what we do in our offices? Not sure if what you do covers this or not.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.