How do I know which hotfixes have been applied to which agents?


***UPDATE***  A new hotfix has been released, which is a simple updated management pack.... which fixes the Patchlist table to include all hotfixes, and cleans up the formatting.  I recommend you get it and install it on your SP1 environments.


http://support.microsoft.com/kb/958253 


------------------------------------------------------------------------------------- 


As more hot-fixes are applied to our OpsMgr 2007 SP1 environments.... how can we know which hot-fixes have been applied to our agents?  How can we detect an agent that needs patching but got missed?


In MOM 2005... this was rather simple... in the Admin console, under Agent-managed Computers, there was a column called "version" which incremented the agent version number in most cases.


In OpsMgr... we do not update this field in the Administration tab.  See graphic:  The version here shows the major version number... like RTM 6.0.6500, SP1 6.0.6278.... etc....


image


So.... how do we examine this now for minor updates?


Create a new State view.  Call it "Custom - Agent Patch List" or something you like.  Target "Health Service" for "Show Data Related To".  You can filter it further to the "Agent Managed Computer Group".


Then - personalize this view, and show the columns for "Name" and "Patch List"  See graphic:


image


Now.... the "Patch List" column isn't super user friendly - because of the amount of text in the single column.... but it will let you see what has been installed.  For instance - here is an example of KB950853 installed:


image



To make this a bit easier.... I wrote the following SQL query which does essentially the same thing.... you can create a web based SQL report from this and the data will be much easier to manage in Excel:



select bme.path AS 'Agent Name', hs.patchlist AS 'Patch List' from MT_HealthService hs
inner join BaseManagedEntity bme on hs.BaseManagedEntityId = bme.BaseManagedEntityId
order by path


If you want to query for all agents missing a specific hot-fix... you could run a query like this.... just change the KB number below (thanks to Brad Turner for providing the idea):



select bme.path AS 'Agent Name', hs.patchlist AS 'Patch List' from MT_HealthService hs
inner join BaseManagedEntity bme on hs.BaseManagedEntityId = bme.BaseManagedEntityId
where hs.patchlist not like '%951380%'
order by path




I have noticed, however, that this field, "Patch List" is limited to 255 characters in the database.... which I imagine will run out of space fairly soon.  I will also be interested to see how we handle this table column, once SP2 comes out.... as any pre-SP2 applied hotfixes will no longer apply.



The Patch List information is discovered and updated once per day across all agents in the management group.


 


For a report which shows you the same information, but lets you query for all agent missing a specific hotfix - check out my more recent post with the report download:


http://blogs.technet.com/kevinholman/archive/2008/06/27/a-report-to-show-all-agents-missing-a-specific-hotfix.aspx


 

Comments (13)

  1. Anonymous says:

    Uvádím zde seznam důležitých oprav pro SCOM 2007 SP1, které používám a doporučuji nasadit v každém prostředí.

  2. Kevin Holman says:

    Hi Tom – yes – that's totally normal – we only collect for agents.  For RMS/MS/GW – you need to manually inspect DLL.

  3. Anonymous says:

      This is a continuation of my previous post on determining which agents are missing a hot-fix:

  4. Anonymous says:

    Hey guys – a new hotfix is published, and I recommend this for all SP1 environments.  This cleans

  5. Anonymous says:

      In general – you should evaluate all hotfixes available, and only apply those applicable to your

  6. Kevin Holman says:

    CU’s are *cumulative*.  That implies that if you apply CU2, you do not need CU1… as you already have all the fixes in CU1 included in CU2.

  7. Sandy Wood says:

    I found that by manually installing the update on an agent machine that the version column is indeed updated in my opsmgr 2007 console. Why is this?

  8. JOBBO says:

    Hi Kevin,

    I have done installed CU1 on SCOM Server, then installed CU2 on SCOM Server and deployed update CU2 (KB979257) all agents.

    if I already installed CU2 (KB979257) to all agents, do I need to install update CU1 (KB974144) ?

    your answer really make me appriciate.

  9. martit01 says:

    Hi Kevin,

    The patch list column is blank for all our management servers (RMS, MS & GW). But, all other servers are showing as expected. Is this normal?

    Thanks,

    Tom

  10. Dominique says:

    Hello,

    Does this patch list works for Windows and Unix/Liniux?

    Thanks.

    Dom

  11. harish kumar says:

    Hi Kevin

    We have upgraded to Scom CU5 (6.1.7221.81.) And all the agents, we have checked the version of dll's and we have verified that is correct, (6.1.7221.81.).

    my question is whether the agent old version is updated to new in console,  now the console shows old version (6.1.7221.0) but not new (6.1.7221.81). thanks.

  12. Dominique says:

    Hello,

    Does this view shows also SCOM 2012 …?

    My SCOM 2012 SCOM agent appeared as monitored but the Patch List is empty…

    Thanks,

    Dom

  13. WyattWong says:

    Dear Dominique,

    I found the following SQL statement also works for SCOM 2012:

    select bme.path AS ‘Agent Name’, hs.patchlist AS ‘Patch List’ from MT_HealthService hs

    inner join BaseManagedEntity bme on hs.BaseManagedEntityId = bme.BaseManagedEntityId

    order by path

Skip to main content