1 of 1 people found this helpful
Clients do not report to the Patch Manager server; rather the Patch Manager server retrieves from the WSUS server what ever data is available at the time of the console query.
If the Patch Manager server does not reflect accurate information, this could be caused by a couple of things:
- SERVER level information, such as Last Sync Time, Computer Groups, Total Updates, Total Computers, Certificates, are all obtained via a refresh of the WSUS node. The WSUS node is not refreshed automatically, this must be done explicitly from time to time (at least once a day is a good approach).
- UPDATE and GROUP level information (Update Lists, Computer Groups) are refreshed on a per list/group basis. The currency of a Computer Group can be easily determined by the newest Last Contact Date shown in the list of computers. The currency of an Update List can be (less accurately) determined by the newest Arrival Date shown in the list of updates. If the Last Contact Date for computers is more than 24 hours old on the Patch Manager server, but not on the WSUS Server, this could indicate an issue with the Patch Manager server communicating with the WSUS Server (which should manifest as a real-time error dialog).
If that guidance does not resolve the inconsistencies, my recommendation would be to open a Support Ticket via the Customer Portal, and let Support take a closer look at what may be happening.
One other thing to keep in mind with respect to installations and Last Report Time (which is really an entirely different animal than Last Contact Time) ... REPORTING in the WSUS Server is handled asynchronously. If you deploy updates to multiple systems simultaneously, and accounting for the 20 minute delay post-install before reporting to the WSUS Server, the WSUS Server then processes that reporting information asynchronously (one of the features of Service Broker introduced in SQL 2005), and depending on the number of clients affected, it's not unusual that the WSUS console may not reflect a current Report Date for yet another 20-30 minutes.
Also, if a machine is in a pending reboot state, the REPORT actually occurs AFTER the system restart, so that may also be a factor in how the client state is updated in WSUS, and then in Patch Manager.
However, regardless of all of those vagaries between the WUAgent and the WSUS Server, a Patch Manager server, following a refresh, should show exactly the same information in the PM console as is displayed in the WSUS console. If it doesn't, we'll want to look into that situation.
Thanks. Let me clarify what I was seeing. Patch Manager seemed not to sync or get updated information from WSUS (including Last Report Time and what patches had been installed on all clients, which had been refreshing automatically from WSUS up until I rebooted both servers for Microsoft Updates).
I rebooting both Patch Manager and WSUS this morning and now everything is now synced between Patch Manager and WSUS (i.e. The Last Reported Time on Patch Manger matches Last Status Report on WSUS and patches recently installed on clients are being reflected in Patch Manager). I don’t know what or where the problem was, but everything on Patch Manager and WSUS is now functioning as expected.