I would like to get some community feedback about something and hopefully a response from Syncro support if the issue seems like a real problem to others.
I got a call from a client that the Sage Application server is acting up. First thing I check is whether any updates ran in the last couple days. No updates since Nov 2020 in Syncro.
Get on the device, confirm in CP that no updates have ran since 2020. At least Syncro is reporting correctly. Try to manually run Updates only to get the “Your system is being managed” error.
I had to go into registry and change a 1 to a 0 in a key to make it work. That’s not Syncros fault, but I did have a “Windows Server Update” policy applied to this machine.
My issue is that Syncro does not report that anything is wrong. Not in the device WU tab, and not in the Vulnerable Systems report.
So Syncro is just asking the machine to self report whether any updates are pending and then taking the machine at it’s word. If the machine does not see the problem, Syncro is good with that.
Should we not have Syncro validating the updates that the machine has against a list of updated patches from the WU website? In other words, Ideally my machine would have reported to Syncro that the last update was Nov 2020, Syncro would have thrown a flag because it knows that Server 2012 has x number of critical patches since that time?
How many other of my 400+ systems are out of date and I won’t know until I manually go look?
Or am I missing some type of report that would have shown me this issue?
I’m hoping we can bring up issues like this for improving WU. Other RMMs have a pass/fail system. If a patch fails to install x amount of times, there are flags raised. There are 2 reports to go through, Missing Patches By KB, and Vulnerable Systems. Vulnerable Systems will give you some idea if something is going wrong, however, a lot of patches get superseded with the monthly rollups, so whereas we would see 30 missing patches for a system, it may only be a handful now, which doesn’t raise suspicion like it should.
I setup a script to run regularly and check to make sure updates have run recently:
Curious if it will flag assets in your situation. I do not use Syncro’s patching.
What do you use to patch your servers then? I see in the code it’s explicitly set to not do anything if “server” is found.
So @isaacg does this script just write to the Output on the script history so I have to manually check? Or is there a way to have it throw an alert or write to a custom field?
I just ran it on a server and the output looks like this:
Last Search Success: 2021-11-18 2:02:03 PM (67 days ago)
Last Installation Success: 2021-11-10 3:12:35 AM (75 days ago)
Recent rollup or cumulative update detected:
2022-01 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5009586)
Is that what I should expect to happen?
Nevermind I see now. I ran it on all my servers and the ones that failed opened an alert and sent me an email.
Great script. Thanks.
The server exclusion is only for the Windows 10 build check portion. Patching is handled by Windows itself, time can be set using local/group policy.
I definitely would prefer a system that had a list of known patches on Syncro’s side that would be tested against a list of installed patches on the system’s side. Using Windows Update at all to handle the updates is no good. There are plenty of times when a machine would fail Windows Update for any number of reasons.
Many of the other RMM solutions work this way, and it’s why they can whitelist/blacklist patches (another item missing in Syncro).