Patching Problems Part 2
Now that I had fixed the problem of the patches being applied to all servers I had second problem – the manually installed agents. Actually although I had manually installed some agents before the Gateway server was installed I found that with this in place it could patch the agents. A useful distinction to make. You only need to do a manual patch if you do not have the same type of access that you would have if you were pushing an agent out i.e. firewalls.
The problem is with the SCCM 2007 servers. These happen to be 64 bit servers but as the current SCCM MP does not work with the 64 bit agent you have to manually install the 32 bit agent on those servers for the MP to work. The 32 bit agent seems to work quite happily monitoring the 64 bit Windows and 64 bit SQL 2005 as well but it is a bit worrying as you are never 100% sure. It is supported though. It surprises me that the Configuration Manager team who are are responsible for inventory and therefore should have no problem determining 32 bit and 64 bit servers have problems with this.
I did a manual install of those hotfixes on a couple of the servers. You can not push out the agent as it wants to push the 64 bit agent but sees the 32 bit agent and errors. I forgot and mistakenly tried to push it hence I know that that it produces an error. Initially I used the msi file as that is what it seems to says in the KB article.The hotfixes seem to work but when I looked at the console I saw the alert – “Health Service Unloaded System Rules(s)” and the server was greyed out. In the OpsMgr log on that server it was full of 4507 Health Service events for all the internal System Center rules it had unloaded. I tried restarting the OpsMgr service but all the same 4507 events reappeared in the log.Looking at Control Panel, it seems that on the agent where I had run the hotfix (msi) manually both showed up in the main list where on an agent with a successful patch both hotfixes were under the OpsMgr entry and only show when you tick Show Updates. I uninstalled the 2 hotfixes and then run the momagent.msi with the 2 MSPs in the directory and chose repair. This put them in Control Panel in the right place but still got all the 4507 errors along with related 1206 information events.I uninstalled the agent and made sure the directory and event log was deleted and deleted it from the list of agents. Interestingly if you do an uninstall of the agent from the Administrators page in the console it says succeeded and removes the server from the list. On the server, however, the agent is still there but can no longer connect to the management server. I then reinstalled the x86 agent manually. Although the MSPs were in the same directory they were not picked up when I did a new install but the agent was working correctly. I double clicked on one of the MSPs and that installed the first patch (rather than using the MSI that the patch is in). Left it for a while and it was OK so I did the other one and that was fine as well. On the second server I uninstalled the agent and deleted it from OpsMgr. After the reinstall I confirmed that the MSPs had not been installed even though they were in the directory. I tried running momagent.msi with the Repair option but that did nothing. It seems like the only way is to copy the MSP files from the management server and install the MSP files. But a bit of a fuss to do but it works. The SCCM team need to pull their finger out and sort their MP out.A strange thing. Even though you delete an agent in the console when you reinstall it it remembers that it has the Proxy settings box ticked. So it must not be fully deleted from the database. I suppose it needs to keep track of it for historical reasons until all the data is gone.Another weird thing is that most of the agents in the Administrator agent view now show the version as 6.0.6278.36 with the 36 coming from the version of mommodules.dll I presume. But some agents still show 6.0.6278.0 even though they have the patch. All the management server and gateway servers are also at 0. It is a bit inconsistent.Summary – The best way to install patches on a manually installed agent seems to be to copy the MSP files down to the server and double click them to install them. You can find these files in the agent directory of the management servers that have had the patches installed.