To use the reporting system in Patch Manager does require the creation of an inventory task.
There are two types of inventory tasks:
- WSUS Inventory -- captures information from the WSUS server about updates, approvals, computers, groups, and update status on those computers.
- Managed Computer Inventory -- captures information from the client systems about hardware, software, and other system configuration aspects.
The WSUS Inventory talks only to the WSUS server and does so using the WSUS API -- just like a console does.
The Managed Computer Inventory uses WMI and requires RPC/WMI to be accessible on the target systems, and requires the Patch Manager WMI Providers to be installed on the client systems.
You can get some of the Managed Computer Inventory information via WSUS by enabling the Extended Inventory Collection option for the WSUS server. This will trigger the WUAgent to report inventory data to the WSUS server (so the WSUS database will be larger), and Patch Manager can then inventory this data via the WSUS Inventory -- eliminating the need to connect directly to the client systems.
Once you have the WSUS Inventory completed, the Computer Update Status report (found in the Windows Server Update Services Analytics report category) will provide you the information you need to identify machines that are missing patches and the patches that are missing.
A WSUS Inventory task can be created on any Application Server and targeted to any WSUS server. An appropriate administrator credential is necessary to authenticate the inventory task connection to the WSUS server. The data retrieved from the WSUS Inventory is stored in the Management Server. In an organization with multiple application servers and/or geographically distributed console users, it is very important to ensure that only *one* WSUS Inventory is configured per Management Server. Generally the WSUS Inventory task is created when the Management Server is first deployed, so the inventory data you need for reporting may already be available.
There is no specified number of downstream WSUS servers that can be supported by a single upstream server -- but there is a practical limit. Considering data throughput, especially across slower WAN connections, there's a certain time factor involved in how long it takes a downstream servers to synchronize and transfer files via BITS. Assuming the upstream server supports NO client systems, but just services downstream servers, it's a question of how many servers can successfully synchronize in a 24-hour period. If the upstream server also has clients to provide updates to, then you need to consider the total number of systems (clients + downstream servers) that are being serviced by the upstream server.
Reporting rollup is almost always something that should be enabled in a replica server environment -- unless the reporting requirements are fully distributed, and the central server administrators do not care about the patch status of downstream environments.
Thanks for this. I know this has been 3 years ago but I hope you still get this and able to respond.
I managed to enable the "Extended Inventory Collection" option for the downstream WSUS server (for this example call it ServerA) and then ran a "WSUS inventory" on it with the option "direct or all" = ALL.
After the "WSUS inventory" task , I created a report using the datasource = "Update Services Computer Programs and Features" but I am getting a blank report.
On the SQL DB end, I checked the dbo.dt_wsus_inventory_WsusInternal_ARP in the Eminentware DB, and it is empty.
I suspect the "WSUS inventory" task did not collect those "Extended Inventory Collection" information.
Can you help guide me how to troubleshoot the "WSUS inventory" process so that the extended inventory data is able to get into the Patch manager DB? (I ran a query on the SUSdb on the ServerA and confirm that the software inventory of the clients were found in the ServerA SUSdb database).
Just to put this in context, ServerA is the downstream server of the Main Patch Manager server.
You may want to ask Solarwinds tech support. Unfortunately Lawrence passed away so will not be able to help with this.