|
Information
If a deployment to an Update Agent fails, a hexadecimal code is returned to the Prism Patch Manager Server indicating the reason for the failure. The following is the list of deployment failure codes and their meanings. Note that clicking on the deployment failure in the Prism Patch Manager Server web interface will display detailed information regarding the failure, which may assist in troubleshooting.
0x0000190A
This rare failure indicates an issue with the metadata of the package being deployed. Re-caching the vulnerability will solve this behavior.
0x0000190C
The most common failure, this error indicates the Update Agent encountered a problem executing the script associated with the deployment or the Windows Installer returned a generic 1603 installation failure.
The most common reason for a script failure is the operating system has not registered the wshom.ocx or vbscript components. Re-registering wshom.ocx on the machine in question will typically solve this, typed from a Run or CMD prompt or deployed through a Custom Package (use the -s switch in the command line of a Custom package to hide the notification message from the End-User):
regsvr32 wshom.ocx
If the preceding registration does not solve the behavior, you may also re-register vbscript:
regsvr32 vbscript
If a generic Windows Installer 1603 error is encountered during script execution, you may also receive a 190C. This may be caused by lack of available disk space, permissions issues, missing files, missing prerequisites, or other OS-related issues. To determine root cause, attempt the “Manual Deployment” option described at the bottom of this page.
0x0000190D
This code indicates a download failure. Drilling down into the failure will display the exact reason for the 190D. In most cases this occurs if the package is not reachable due to a missing or invalid registry value in the Prism Patch Manager Server (KB510) or the file is physically no longer available (re-caching the vulnerability will solve this behavior).
0x0000190E
This code indicates a package execution failure and is similar to issues encountered in 190Cs. These are some of the more difficult issues to troubleshoot due to the lack of detail returned by the Windows Installer to the Update Server via the Update Agent. In most cases, this is caused by the failure of the patch to install properly due to a missing prerequisite (e.g., Microsoft Word install files are missing; some of the program's files are missing) or an OS problem (Windows Installer is damaged).
To determine root cause, it is recommended to attempt installation of the patch manually, since return codes from the Windows Installer to the Update Agent are not detailed. Running the file manually will typically display more information in a dialog box explaining the exact reason for failure, as described below:
Manual Deployment (-pldo)
To determine the reason for a Windows Installer failure, deploying the package using the -pld0 option (the last digit is the number zero) within Prism Patch Manager is a solution that will yield more detail. To deploy with -pld0, click the Edit icon in the Package Deployment Order and Behavior page of the Deployment Wizard and replace the Optional Flags with:
-pld0
Once deployed, this option will leave the package in the %TEMP% location (e.g., C:\WINDOWS\TEMP) where you may then execute the package manually. In most cases, the error encountered will explain in detail the reason for the MSI failure, allowing you to correct the OS or Program-related issue.
An alternative to deploying the package through Prism Patch Manager is to visit the Microsoft KB article associated with the vulnerability in question, downloading, and then executing the patch on the end-point. |