Replication within a Hierarchy is not designed to be an instantaneous process, however because of the critical nature of Microsoft patching speed is desired for Patch replication.
This article explains some of the processes and the order they should occur in to ensure the fastest possible replication process, with respect to Patch Management Solution for Windows.
Order
Task \ Process
Parent \ Child
Verification Methods
1
Microsoft Patch Management Import - Task
Parent
Check the status of the task. Manage> Jobs and Tasks> System Jobs and Tasks> Software> Patch Management> Microsoft Patch Management Import
2
Patch Management Import Data Replication for Microsoft - Replication rule
Parent to Child
This can be monitored by using the Current Replication Activity report, keep in mind that this report will not show that this is the replication running just show the replication tasks that are currently running
3
Stage the bulletins - Patch Remediation Center
Wait for the process dialog box to state task completed or check Manage> Jobs and Tasks> System Jobs and Tasks> Software> Patch Management> Download Software Update Package task to verify it has completed
4a
Site Server in the SMP Server site downloads the packages
Step 1 - Look at the UI on the Site Server and verify that the packages have been downloaded. Step 2 - Look at the Site Server in the Console and verify that the package count matches what the agent had
4b
Create the Software Update Policies - Patch Remediation Center
Wait for the wizard to complete After going through the wizard select the policy in the tree. There can be a delay depending on the size of the policy
4c
Add the policies to Patch Management Software Distribution Replication For Microsoft rule - Replication Rule
Save the replication rule and open it again if needed to verify that the changes were saved
Important Note: If any of the above items have not completed before the Software Distribution replication rule runs it will need to run again.
5
Patch Management Software Distribution Replication For Microsoft - Replication Rule
Look at the location the policies will be replicated to, and verify that they exist.
* Use the Current Replication Activity report to monitor the process.
Note: Only include policies that have not been previously replicated and run in Complete mode.
6
Download Software Update Package - Task
Child
View the policies, they will no longer show a message that the bulletins need to be staged and or look at the Download Software Update Package task
7
Site Server downloads the packages
Step 1 - Look at the UI on the Site Server and verify that the packages have been downloaded. Step 2 - Look at the Site server in the Console and verify that the package count matches.
8
Client updates configuration and installs updates
Use the Compliance and Vulnerability reports.
Note: See the diagram to get a better feel for the flow of data
Hi,
btw: great article Doug.
I did forget something in my previous post:
the replicated Software Update Policy (SUP) does not allow to attach another target to it.
I am only allowed to enable or disable it. There was no option on the parent to specify that the target may be changed on the client as it is with other policies.
Kind regards
Robert
for testing purposes I did create one Software Update Policy on the Parent SMP including the Bulletin/Updates related to the outlook junk email filter.
I did enable it for replication as described above, and it did replicate to the child. I was looking forward to see that the updates belonging to this policy are staged automatically.
But surprise: a large number of bulletins got marked for staging and are downloaded.
None of the colleagues did right click those bulletins for staging, nor have they been marked for staging on the parent.
Any ideas?
Are they flagged to be staged automatically because of dependencies?
> does anyone know if this behaviour changes in 7.1? there is no plan to change it for 7.1.
Nice to have this for reference, thanks.
As part of the setup of PM in a hierarchy there is an initial communication from the child to the parent advising of the "PM Hierarchy Installed Culture".
In PM 7.0 if a bulletin is staged, but has no policy then the package is not replicated.. does anyone know if this behaviour changes in 7.1?
The step 4c is eliminated in Patch 7.1.
The patch policies will be replicated in the same way as other policies, e.g. managed software delivery.
Unfortunately there is not, the behavior will be automated in the next version but currently it must be done manually.
Great article... Any way to automate step 4c? We've completely automated this patch process from staging of bulletins to patch policy creation. However, the only manual step we have is having to add the patch policy to the replication rule.
It seems a bit redundant to have to create the replication rule to replicate patch policies, then have to add any newly created policies to the rule. For software managed policies you can replicate everything, etc.
I can't believe I forgot to specify but yes it is for version 7.
I guess I should have said NS7 or NS71? since hierarchy doesn't apply to NS6x
is this for NS6x, NS7x ?
This is the type of detail we need when designing hierarchy and replication structures. Thanks, Doug.