Troubleshooting Patch

If Patch is not performing as expected, you might need to do some troubleshooting or change settings. You can also contact your TAM for assistance.

Collect a troubleshooting package

For your own review or to assist support, you can compile Patch logs and files that are relevant for troubleshooting.

  1. Get the Patch log.
    1. On the Patch home page, click Help .
    2. Click Collect Troubleshooting Package.

    The log zip file might take a few moments to download. The files have a timestamp with a Patch-YYYY-MM-DDTHH-MM-SS.mmmZ  format.

  2. (Optional) On the endpoint, copy the Tanium\Tanium Client\Patch\scans folder, excluding the CAB file.

Configure endpoint logging

Distribute the Patch - Set Patch Process Options package to your endpoints to change the default logging type and log rotation settings.

  1. Target the systems on which you want to configure logging.
  2. Click Deploy Action. Select the Patch - Set Patch Process Options package.
  3. Configure the logging type and log rotation settings.
    By default, a new log is created when the log size reaches 1 MB. For example, you might have patch0.log, patch1.log, patch2.log, and so on, up to 10 log files.

Patches are not listed in the Patches view

If you are having difficulty getting patches to appear:

  1. Verify that the Patch - Is Process Running sensor is running on your endpoints.
  2. Check the scheduled actions for Patch.
    1. From the Main menu, go to Actions > Scheduled Actions.
    2. In the Action Groups pane, click Patch.
    3. Review the issue details of the Patch - Ensure Patch Process and Patch - Distribute Deployment # (name) actions.
  3. Check the endpoint log at \Tanium Client\Patch\patchx.log.
  4. For offline CAB file scan configurations, check that a CAB file is available at \Tanium Client\Patch\Scans\
  5. For WSUS or Microsoft Online scan configurations, check the c:\Windows\WindowsUpdate.log for details.
  6. In the Scan Configuration, change the Random Scan Delay setting.

Change the patch visibility aggregation

When a configuration scan is enforced against a computer group, a saved question is sent to the endpoints to check if a patch is applicable. This returns as an aggregate count in the Patch Visibility section. If you need to reduce the load on the Tanium Service or Client, you can limit which computer groups are included in the aggregation. Patch actions are still performed on all targeted endpoints; however, the applicability counts only include the selected computer groups.

  1. On the Patch home page, click Settings .
  2. From the Computer Groups for Patch Visibility grid, select the computer groups.

    The All Computers group is targeted by default, resulting in a single saved question that is necessary for Patch to function. Each additional computer group creates an additional saved question.

  3. Click Save.

    Only users with the administrator role can make changes to Patch settings.

Patch actions are still performed on all targeted endpoints; however, the applicability saved questions only include the selected computer groups.

Check and update the Windows Update Agent

You can use Tanium to check which Windows Update Agent versions are installed on your Windows endpoints.

  1. In Interact, ask the Get WUA Version from all machines saved question.
  2. Update any below 6.1.0022.4. See the Microsoft article Updating the Windows Update Agent.

Uninstall Patch

If you need to uninstall Patch, first clean up the Patch artifacts on the endpoint and then uninstall Patch from the server.

  1. Clean up patch artifacts from the endpoints.
    1. Use Interact to target endpoints. To get a list of endpoints that have Patch, you can ask the Patch - Is Process Running saved question.
    2. Click Deploy Action. Choose the Patch - Clean Up Patch 2 Processes and Files package.
    3. Check the status of the action on the Actions > Action History page.
  2. Remove the Patch solution from the Tanium Module Server. From the Main menu, click Tanium Solutions.
    1. In the Patch section, click Uninstall and follow the process.
    2. Click Proceed with Uninstall.
    3. The uninstaller disables any actions and reissuing saved questions.
    4. Return to the Tanium Solutions page and verify that the Import button is available for Patch.

      If the Patch module has not updated in the console, refresh your browser.

Restore the state of the Patch database

You can import the patch.db file to restore the Patch configuration.

  1. Stop the Patch service on the Tanium Module Server.
  2. Copy your patch.db file into the c:\Program Files\Tanium\Tanium Module Server\services\patch\ directory, replacing the existing file.
  3. Restart the Patch service.
  4. In the Tanium Console, refresh the Patch workbench.
  5. Reset the service credentials. Click Set your service account and enter your user name and password.
  6. Any existing data, including patch lists, deployments, and associated patches and actions are displayed in the Patch workbench.

    If a deployment scheduled action is missing, you might need to wait up to 5 minutes for it to show up.

Last updated: 8/9/2018 12:06 PM | Feedback