To patch a server in our company our admins have to execute a multistep process to bring the server into “Maintenance Mode” where they can safely apply the patch, test the server after teh patch has been applied and return the server from “Maintenance Mode”
Automating the tasks from Altiris seems straight forward but I can’t figure out how to tell the Endpoints within this sequence that they may download and install their patches.
Once I get that solved I’m hoping it won’t be too difficult for Altiris to acknowledge that the patches have been installed and proceed with the automated testing and restoration of the server.
To give you an idea of what I have been able to build:
I’ve created a Server Patch Job with tasks that:
Run a script locally on the endpoint that tells our monitoring system that the endpoint is now in maintenance mode and to ignore any events or triggered alerts for this endpoint.
Checks to see if any sessions are open and moves them to one of the other available servers
Pulls Server from Cluster
Checks to see if any admins are logged into the server and passively waits or aggressively kicks them out of the server
I thought I could script the execution of AexPatchUtil.exe but that doesn’t seem to install the patches that have been listed on the endpoint for installation.
Places Server back into cluster
Confirms application is running again
Executes quick test of application
Removes Server from Maintenance Mode
The Symantec documentation and Support say to create a Software Update Policy per target and set the schedule to neve run. Then when I want to patch my endpoints modify the schedule and settings so the endpoint will patch itself after the successful config update. Seem slike extra work to turn policies on and off and let the servers do as they please during the patch window.