Chat now with support
Chat with Support

KACE Systems Management Appliance 14.0 Common Documents - Administration Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings Configuring Content Security Policy
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Manage quarantined file attachments
Using reports and scheduling notifications Monitoring devices
Getting started with monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Error codes caused by patching and scripting

Error codes caused by patching and scripting

The following Fail error codes that can be encountered during patching (Detection or Deployment phase only) or scripting.

Table 29. Error codes encountered during patching or scripting

Error code

Description

8001

The command sent to the plugin unrecognized by the KPluginsKacePatch

8002

Failure parsing the command sent to the plugin

8003

Failure downloading a Manifest file

8004

Failure to extract the downloaded Manifest file

8005

General failure while handling the PreDetect command (for example, invalid function inputs)

8007

Failure to generate PreDetect results

8008

General failure while handling the Detect command (for example, invalid function inputs)

8009

Failure parsing the Detect Manifest file

8010

Failure to generate Detect results

8011

A reboot is pending

8012

Failure to upload a results log

8013

General failure while handling the Detect file (for example, invalid function inputs)

8014

Failure downloading a patch Detect file

8015

Checksum mismatch between the patch Detect file and the detection Manifest record

8016

Failure to create a checksum file for the patch Detect file

8017

Failure to load the patch Detect file

8018

Failure to decrypt the patch Detect file

8019

Failure to unzip the patch Detect file

8020

Failure to parse the json in the patch Detect file

8021

Detection type in the patch Detect file not recognized as a valid detection method

8100

Failure parsing the Manifest file

8101

General failure while handling the Deploy command (for example, invalid function inputs)

8102

General failure while handling the Rollback command (for example, invalid function inputs)

8103

Invalid Handler Specific Data (HSD) type

8150

Checksum mismatch between the requested file and the Manifest record

8151

Failure downloading a requested file

8152

Failure to create a checksum file for a downloaded file

8200

Invalid command scalar operation

8201

Invalid command string operation

8202

Invalid command

8250

Invalid path to the results file

8251

Failure to create a results file

Viewing patch schedules, status, and reports

Viewing patch schedules, status, and reports

View a list of patch schedules
Review patch schedule details
Patching status definitions
View patch status
View patch status by device
View files within patches
View patch reports

You can view patch schedules as well as the status of patches, either in general or by device. In addition, you can search for individual packages within patches, and you can view patch-related reports.

View a list of patch schedules

View a list of patch schedules

You can view summary information for the patch schedules that have been created on the appliance. If the Organization component is enabled on your appliance, you view patch schedules for each organization separately.

1.
Go to the Patch Schedule page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click Patch Management.
c.
On the Patch Management panel, in the Schedules section, click Detect, Deploy, Rollback missing patches.
Columns available on the Patch Schedules page include:

Option

Description

Last Update

The date and time the patch schedule was updated.

Name

The name of the patch schedule. Click to see more details on the Patch Schedule Summary page. For more information, see Review patch schedule details.

Schedule

The frequency at which the patch schedule is set to run. Disabled indicates that the patch is not set to run on a schedule.

Action

The type of patch action to be performed.

Reboot Option

Whether the patch schedule requires managed devices to reboot when the patch runs.

All Devices

Whether the patch schedule is targeting all devices (Yes) or selected devices (No).

Pending

The number of managed devices on which the patch is scheduled to run. Patches with this status show one of the following in the Security section of the Device Detail page:
waiting to connect
scheduled
waiting to schedule

Downloading

The number of managed devices that are downloading the patch. Patches with this status show the following in the Security section of the Device Detail page: downloading

Executing

The number of managed devices on which the patch is running. Patches with this status show one of the following in the Security section of the Device Detail page:
handshake
detecting
rolling back
deploying
cleanup
verifying
alerting
upload

Rebooting

The number of managed devices that are rebooting as part of the patching process. Patches with this status show one of the following in the Security section of the Device Detail page:
rebooting
reboot pending
connecting

Paused

The number of managed devices on which the patching process is paused or snoozed. Patches with this status show one of the following in the Security section of the Device Detail page:
reboot snoozed
snoozed

Completed

The number of managed devices on which the patching process finished successfully. Patches with this status show the following in the Security section of the Device Detail page: completed.

Failed

The number of managed devices for which errors were reported during the patching process. Patches with this status show one of the following in the Security section of the Device Detail page:
suspended
cancelled

Offline

The number of managed devices that were not connected when the patching process was scheduled to run. Patches with this status show the following in the Security section of the Device Detail page: not scheduled.

% Complete

The number of managed devices on which the patching process completed with a status of Succeeded, Failed, or Offline.

2.
(Optional) To change column visibility, select Column Visibility from the Table Options drop-down list above the table on the right.

Review patch schedule details

Review patch schedule details

When you configure a patching schedule, this page displays details about the schedule configuration and its status.

1.
Go to the Patch Schedule Summary page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click Patch Management.
c.
On the Patch Management panel, in the Schedules section, click Detect, Deploy, Rollback missing patches.
d.
Click the name of a patch schedule.
2.
Review the contents of the Configuration section.

Option

Description

Created

The date and time the schedule is created.

Modified

The date and time the schedule is last modified.

Last Run

The date and time the schedule is last run.

Name

The name of the schedule.

Action

The action associated with the schedule:
Detect: Detects patches that are installed on, or missing from, managed devices. Detect-only actions are recommended when the Patch Download Settings are configured to download only . Running a detect-only action before the deploy creates a list of patch files to download before deployment begins.
Detect and Stage: Detects patches that are installed or missing from managed devices, and downloads patch files to the agent device for later deployment.
Detect and Deploy: Detects and deploys patches to managed devices. These types of actions are used when managing desktops and servers. Detect and Deploy patching jobs require a connection between the device and the appliance; they do not run offline. For more information about messaging protocol connections, see Configure Agent communication and log settings.
Detect, Stage and On-demand Deploy: Detects patches that are installed or missing from managed devices, downloads patch files to the agent device, and causes the Windows system tray on the agent device to alert the user that the patches are ready for deployment. The user can then initiate the deployment process at their convenience.
These schedules are only available for Windows devices with agents version 11.0 or later.
The Agent Status Icon On Device option must be enabled in the agent communication settings. You can find these settings on the Organization Detail page, under Communication and Agent Settings (if one or more Organization components are enabled), or on the Communication Settings page (if you do not have an Organization component). For more information, see Configure Agent communication and log settings.
Deploy: Deploys applicable patches to managed devices. This is useful when you know that specific patches need to be deployed to managed devices. A final Detect job runs either after the patch is deployed or, if a reboot is required, after the device reboots and the Agent reconnects to the appliance.
Detect and Rollback: Detects and removes unwanted patches from managed devices. Rollbacks may not be available for some patches. See Determine whether a patch can be rolled back.
Rollback: Removes unwanted patches from managed devices. Rollbacks may not be available for some patches. See Determine whether a patch can be rolled back.

Description

A brief description of the patch schedule.

Devices

This field only appears when the schedule is configured to apply to all devices.

Device Label

One or more Smart Labels associated with the devices against which the schedule runs. For more information, see Using Smart Labels for patching. This field only appears when the schedule is configured to apply to selected devices.

Device Name

One or more selected devices against which the schedule runs. This field only appears when the schedule is configured to apply to selected devices.

Patches to Detect

Detect schedules only. This field only appears when the schedule is configured to detect all patches.

Detect Label

Detect schedules only. One or more Smart Labels associated with the scheduled patches. For more information, see Using Smart Labels for patching. This field only appears when the schedule is configured to detect selected patches.

Patches to Deploy

Deploy schedules only. This field only appears when the schedule is configured to deploy all patches.

Deploy Label

Deploy schedules only. One or more Smart Labels associated with the scheduled patches. For more information, see Using Smart Labels for patching. This field only appears when the schedule is configured to deploy selected patches.

Patches to Rollback

Rollback schedules only. This field only appears when the schedule is configured to remove all patches.

Rollback Label

Rollback schedules only. One or more Smart Labels associated with the scheduled patches. For more information, see Using Smart Labels for patching. This field only appears when the schedule is configured to remove selected patches.

Alerts

Schedules without the Deploy action only. The alerts displayed to users when patch actions run:
OK: Run immediately.
Cancel: Cancel until the next scheduled run.
Snooze: Prompt the user again after the Snooze Duration.

Reboot

Schedules without the Deploy action only. The options for rebooting the managed device:
No Reboot: The device does not reboot even though a reboot might be required for the patch to take effect. This option is not recommended because deploying patches without rebooting when required can leave systems unstable. Further, patches that require reboots are only shown as deployed after the reboot.
Prompt User: Waits for the user to accept the reboot before restarting the device. If the user snoozes or cancels the reboot, patching stops until a reboot occurs. Selecting a Snooze Duration in the agent dialog box that appears on the target device pauses the reboot prompt for the specified snooze interval.
Force Reboot: Reboots as soon as a patch requiring it is deployed. Forced reboots cannot be canceled. Force Reboot works well for desktops and servers. You might not want to force reboot on laptops. Force Reboot works well with servers because they usually have no dedicated users. However, it is important to warn users that services will not be available when servers are being patched and re-booted. See Best practices for patching.

Schedule

The selected schedule details. Click View Task Schedule to see a detailed task scheduler. In the dialog box that appears, click a task to review the task details. For more information, see View task schedules.

Run on Next Connection in Offline

Indicates if the schedule runs the action the next time the managed device connects to the appliance, if the device is currently offline.

Delay Run After Reconnect

If configured, this option indicates the amount of time the schedule is delayed for. The time delay period begins when the patch action is scheduled to run.

End After

If configured, this option indicates the maximum amount of time the schedule can run for. When this time limit is reached, any patching tasks that are in progress are suspended.

3.
In the Schedule Status section, review the overall patch schedule status on any of the following tabs:

Tab

Contents

By Machine

Devices selected for patching. Each entry displays the device name, its IP address, the patching status (see Patching status definitions), patch results, and the date the patching completed. You can expand a device node to view the applicable patches. Each patch entry shows the patch ID, associated Knowledge Base article number, patch name, and the current status (Patched, Not Patched, Staged, and Detect, Stage, or Deploy Failure).

By Patch

Patches selected for detection, staging, and deployment. Each entry displays the patch ID, associated Knowledge Base article number, patch name, and the numbers of devices that are patched, not patched, and those that encountered detect or deploy failures.

Patched

Patches successfully installed on devices. Each entry displays the patch ID, associated Knowledge Base article number, and the patch name. You can expand a patch node to view the devices on which the patch is installed.

Not Patched

Patches that are not installed on devices. Each entry displays the patch ID, associated Knowledge Base article number, and the patch name. You can expand a patch node to view the devices on which the patch is to be installed.

Staged

Patches that are staged for installation. Staging refers to patch files being copied to the agent device for later deployment. Each entry displays the patch ID, associated Knowledge Base article number, and the patch name. You can expand a patch node to view the devices on which the patch is to be installed.

Detect Failures

Incomplete patches that resulted in a detection failure. Each entry displays the patch ID, associated Knowledge Base, patch name, and the associated error code (see Error codes caused by patching and scripting). You can expand a patch node to view the devices on which the failure is encountered.

Stage Failures

Incomplete patches that resulted in a staging failure. Each entry displays the patch ID, associated Knowledge Base article number, patch name, and the associated error code (see Error codes caused by patching and scripting). You can expand a patch node to view the devices on which the failure is encountered.

Deploy Failures

Incomplete patches that resulted in a deployment failure. Each entry displays the patch ID, associated Knowledge Base, patch name, and the associated error code (see Error codes caused by patching and scripting). You can expand a patch node to view the devices on which the failure is encountered.

4.
Optional. After reviewing the schedule details, you can perform any of the following actions:
To edit the patching schedule, click Edit. For more information, see Configure patch schedules.
To run the patching schedule, click Run Now.
To make a copy of the patching schedule, click Duplicate.
To delete the patching schedule, click Delete.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating