kPmChk.exe %WorkingDirectory%\kPmChk.exe http://vsaupdate.kaseya.net/components/patch/kPmChk.

exe

1. Ensure the five websites necessary for patching are not disallowed by Firewall, Proxy, web filter or other security services (allow anonymous browse access to these sites). The five sites are: update.microsoft.com download.microsoft.com download.windowsupdate.com www.windowsupdate.com vsaupdate.kaseya.net

If you do not have direct access to the firewall/proxy configuration, you can verify this most of the time by logging into the endpoint using the account defined in Agent > Set Credential. Using Internet Explorer (the MS sites require IE), browse to each of the websites listed.

If you are using a LAN share as a patch file source, the LAN share will need the ability to download .exe, .msu, and .msi files from the internet.

3. BITS is a built-in Windows service that can be managed in the same way as other Windows services (generally accessible by right-clicking "Computer" and selecting "Manage"). Ensure the service is enabled and set to start automatically. You can find general information regarding 4. If the patch scan error being thrown is 0x80248014 and the endpoints in question are Windows7/Server2003 or earlier, stop the Windows Update or Automatic Update SERVICE, Delete c:\Windows\SoftwareDistribution, and then start the Windows Update/Automatic Update service. This error often indicates that the SoftwareDistribution folder (Microsoft's temporary patch folder, similar to Temporary Internet Files folder for Internet Explorer) has become corrupt or unreadable to WUA. The folder and any necessary contents will be recreated automatically by the OS. If you choose, you can rename the folder instead. Either way, you must stop the WUA service before making a change to the folder and restart the service after the change is complete. The

windows service name is wuauserv and can be called via command line using "net stop wuauserv" and "net start wuauserv". Please refer to Microsoft documentation for further information. If the endpoints in question are Windows8/Server2012, this is caused by Microsoft's new requirement for these products to manually opt-in to the Microsoft Update service (which is needed to run the scan against the online catalog/primary data source). Microsoft provides details here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa826676(v=vs.85).aspx. Kaseya is preparing a hotfix address this. While no admin action is required at this time, VSA admins can opt to create a custom script to deploy to end machines or request end users opt into the service as a work-around until the hotfix is released. Please check these settings, adjust as necessary, and re-run patch scan. If the scan continues to report the failure of the primary source, research the error code via a web search. Three helpful sites are:

If the endpoint is configured to use a file share of "From Internet...", log into the endpoint as the account defined in Agent > Set Credential and attempt to browse to the following website: http://vsaupdate.kaseya.net/components/patch/kPmChk.exe. Either a file should download successfully OR the web browser should display an error indicating why the page is not accessible. Most often, the page is not accessible (or the .exe download is disallowed) due to network infrastructure such as a web filter, firewall rules, or a proxy. Please review KKB000900 for details on ensuring this infrastructure is configured to allow the necessary access. If the kPmChk.exe file downloads successfully, save (or move) the file to the Working Directory and then execute the file. One of two text files should create: kPmChk.txt OR kPmChk-bad.txt. If kPmChk.txt creates, delete kPmChk.exe and kPmChk.txt from the working directory and re-run patch test within the VSA. IF kPmChk-bad.txt creates, review the file for indication of the failure. If you are unable to locate the cause, please open a ticket with Kaseya Support and attach the kPmChk-bad.txt file to the ticket.

Delete the kPmChk.exe file from the agent temp directory. If File Source for the agent is configured for a file server, delete it from the share as well.