To make the msu install work you must have the following:
1. The MSU needed to install.
2. The Stand-alone msu installer called "Wusa.exe" from http://msdn.microsoft.com/en-us/library/windows/desktop/aa372856%28v=vs.85%29.aspx
3. Create a batch file to call the Wusa.exe which will install the msu.

Process:
Syntax for batch can be found at: http://support.microsoft.com/kb/934307
YOU MUST HAVE A /QUIET SWITCH FOR IT TO INSTALL
1. You must then push out the msu, wusa.exe, and batch file to the target machine. 
2. Call the batch file
3. The batch should look something like this:
" "wusa.exe C:WINDOWSProPatchesInstallexample.msu /quiet""

Please note:Protect:  9.1 is set to be released late Q1 of 2014.

Protect Console support for the following platforms will be removed in Protect 9.1:

• Windows XP
• Server 2003
• Windows Vista
• Server 2008 (prior to R2)
• 32-bit architecture Operating Systems
• Windows 8 (Windows 8.1 is supported)

In response to Microsoft’s strategic direction and recent end of life announcements, Shavlik is removing support for the above platforms with its next version of Protect. Recently released Protect 9.0 is the last version to support these platforms as a Protect Console.  They are all still supported as agentless and agent-based targets. 

To help ease the migration to newer platforms, we are developing a migration tool that will help administrators to transition a console from one machine to another. 

Microsoft has announced an end of life for Windows XP in April 2014 and for Server 2003 in April 2016. We are recommending customers on these platforms migrate to newer operating systems as soon as possible.

Windows 8.1 support will be added with Protect 9.1; however, Shavlik is dropping Windows 8 support due to an incompatibility issue with Powershell 4.0 which is a new prerequisite in Protect 9.1.

Virtualization support for VMware ESX Hypervisors will be removed in Protect 9.1:

• ESX 4.0
• ESX 4.1 (ESXi 4.1 Hypervisors are still supported)

Shavlik is removing support for hypervisor patching and offline VM, template, and snapshot features as VMware is ending support for these platforms in 2014.  Protect 9.0 is the last version to support these versions. 

Server 2000 support for Agentless Scan and Remediation will be removed after 9.1:

Shavlik is announcing that Protect 9.1 will be the last version to support Server 2000 as an agentless target.  Protect 9.1 will support this until it reaches its end of life, which has not yet been announced.

Shavlik Protect has the ability to take VMware snapshots. You can set this in a Custom Deployment Template, Under the tab Hosted VM/Templates. You also have the ability to delete old snapshots.

Protect waits to delete the snapshots until the next deployment. If your deployments are spread out, and you would like your snapshots erased sooner, you can do this by deploying a custom patch that is always detected as missing. (QSK2745, MSST-001)

Step 1 - Create a new Patch Scan Template by going to New-> Patch Scan Template and name is "Custom Action Scan". The only thing you need to change is under Patch Properties in the bottom right, click the radio button for "Scan Selected" and click the "Custom Actions" box.

Step 2. Create a New Deployment Template by going to New-> Deployment Template and name it "Custom Action for VMware Snapshot"

• On the General Tab, deselect the ‘Send Tracker status’ option. This change is so that the tracker doesn’t falsely report the deployment as failed. Be aware you will not receive a tracker status for this deployment.

Step 3. Go to the Post-deploy Reboot tab, and set this to ‘Never reboot after deployment’.

Step 4. Under the Hosted VMs/Templates Tab, choose Delete old snapshots created by Shavlik Protect Advanced (age in days): (I set 2. You set your desired results. I also chose to take pre-deployment snapshots. This is also optional.)

Click Save.

Step 5. Click Home,

1. Type a name in step 1. (I used to "Remove VMware Snapshots")
2. Select your machine group with your VM's (Mine is names "VM's")
3. Select how often you would like this to run to remove your snapshots (I chose Sundays, Tuesdays & Thursdays)
4. Select "Custom Action Scan"
   1. Click Auto-Deploy patches after scan
   2. Chose "Custom Action for VMware Snapshot"
   3. Click "Install immediately.
5. Click Schedule.

Congratulations! You have successfully setup an automatic removal of VMware Snapshots in Protect.

Symptom

Error Message while attempting a asset scan "Cannot connect to WMI Service. It might be stopped or firewalled" can indicate that the neccessary ports for an Asset scan are not accessible from the Protect Console to the Target Workstation.

Solution

When performing an asset scan, Windows Management Instrumentation (WMI) service must be enabled on the target machine and the protocol allowed to the machine (TCP port 135).

In addition to the WMI port, other ports are necessary for an Asset scan to work properly.  Refer to the following document Port Requirement for Shavlik Protect:

http://community.shavlik.com/docs/DOC-2161 to ensure all appropriate ports are open in the firewall.

Symptoms

Offline Activation file does not contain all intended keys.
This can cause a lower number of seats than intended.

Solution

All active, non-expired keys that will be used in the Protect console must be entered in the primary box under Help > Enter/Refresh License when generating the offline license file.

Solution

Once the active, non-expired keys that will be used in the Protect console have all been added in the primary box under Help > Enter/Refresh License, click Create Request.
You can verify all necessary keys are included in the LicenseInfo.xml file by opening the file with a text editor and verifying that all keys are listed.

Alternative Solution

If an offline activation file (LicenseInfo.xml) was created from the console already and only needs to have a key added or removed, this can be done by modifying the file in a text editor.

Adding a License Key to LicenseInfo.xml

Locate the current list of license keys:
<a:string>1234123412341234513135121</a:string>
and copy /paste the tags immediately after the current key. Next add the additional key to this new set of tags.
<a:string>1234123412341234513135121</a:string> <a:string>67896789678967896789</a:string>

Removing a License Key from LicenseInfo.xml

Locate the current list of license keys, and delete the key and its surrounding tags.
(Original)
<a:string>1234123412341234513135121</a:string><a:string>ABCABCABCABCABCABCABCABCA</a:string>
(Deleted Second Key and corresponding tags)
<a:string>1234123412341234513135121</a:string>

Symptoms

Purpose

This article provides information on manually un-installing VMware vCenter Protect or Shavlik Netchk Protect.

Cause

Occasionally, the application may not be removed completely due corruption to the Windows Installer, Installer folder or other corruption to the automated uninstall process. When this occurs a manual un-install of the application is necessary.

Resolution

Microsoft provides assistance with the manual uninstall process by providing a Fix it tool.  The link to the tool is:  http://support.microsoft.com/mats/Program_Install_and_Uninstall

Here are instructions on how to use the Fix it tool

1. Use the link above to navigate to the Fix it main page.
2. Click on ‘Run Now’ and choose ‘Save File’.
3. Run the EXE that is downloaded and choose ‘Accept’ on the first page.
4. Choose the second option ‘Detect problems and let me select the fixes to apply’.
5. Choose the ‘Uninstalling’ option
6. You will see a list of the installed products on the server.  Choose the product if you see it on the list for instance. ‘VMware vCenter Protect’.  If you do not see the product on the list then select ‘Not listed’.

If vCenter Protect or Netchk Protect is listed:

1. Choose vCenter Protect or Shavlik NetChk Protect and click ‘Next’.
2. Choose ‘Yes, try uninstall’
3. Verify both options are check-marked and click ‘Next’.
4. You should see a screen that indicates whether vCenter Protect was uninstalled or not.
5. Click ‘Next’ and the close out of the screen.

If vCenter Protect or Netchk Protect is Not Listed:

1. Choose ‘Not Listed’ and click ‘Next’.
2. Enter the product code for the version of the Product installed and click ‘Next’. (Include the brackets)

     Product codes for vCenter Protect/NetChk Protect are listed below.

1. Verify both options are check-marked and click ‘Next’.
2. You should see a screen where it indicates whether the product was uninstalled or not.
3. Click ‘Next’ and the close out of the screen.

Product GUID codes:

Impact/Risks

The Fixit utility is provided by Microsoft. Make sure you read any known issues or guidelines for this tool on Microsoft's site prior to use.

Products

Shavlik NetChk Protect 7.x
VMware vCenter Protect 8.x

Shavlik Protect 9.x

Symptoms

Scanning fails, and you recieve the message Error 621: OS of target is an unsupported version of Windows.

Cause

The target system is not a supported version of Windows. The specified system may be a non-Microsoft platform running SMB services or otherwise emulating a Microsoft product.

Resolution

You will need to ensure that you are scanning a supported version of Microsoft Windows operating system.

1. Review the requirements for Protect, here: http://www.shavlik.com/products/protect/requirements/

2. Verify that Windows is activated. If Windows is not activated it's possible to recieve a 621 error.

3. Ensure that you are not running a beta, release candidate, or preview version of Windows.

4. Did you recently apply an operating system service pack or apply patches? Make sure to reboot the system if any major changes have recently taken place.

5. You can check the below listed registry key on the target system to verify the version and service pack level of Windows. If you are unable to resolve the issue on your own and believe the system is a supported version of Windows, it may prove helpful to support to provide an export of this key as well.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Other reasons:

See if st.protect.exe is running in xpsp3 compatibility mode. That is stored by each user profile.  Right click on the exe and check the properties (compatibility tab).  You may need to remove/disable compatibility mode.

Applies To:

vCenter Protect 8.x

Shavlik Protect 9.x

ISSUE / SYMPTOMS

-You scan a system with Firefox or Thunderbird ESR versions that Protect does not see an update available or shows a standard release update as missing when the target system has an ESR version.

-There may be an error during installation that you are upgrading to a non-ESR version.

CAUSE & RESOLUTION

The reason some Mozilla ESR products are not getting updated or updating to non-ESR is essentially because we are not able to differentiate the two (regkey and file detection are identical) for a specific version and not able to release that specific ESR version. Because of this, when customers install this non-supported version manually it can cause the updating to non-ESR version error. Even if we drop support of ESR this will continue to happen because we are not detecting the ESR versions whether intentionally or not. In the end it comes down to Mozilla releasing versions that have build files that are not unique between the two. Some releases they get it right. We can't control this, but below is the list of currently known ESR versions that are unsupported with Protect and may have this problem.

If you avoid patching the listed versions you will not see an update error:

Known unsupported versions of ESR with Protect:
Firefox 10.0.1 ESR
Firefox 17.0 ESR
Thunderbird 10.0.1 ESR
Thunderbird 10.0.2 ESR
Thunderbird 17.0.2 ESR
Thunderbird 17.0.3 ESR

APPLIES TO

Shavlik Protect 9.x

vCenter Protect 8.x

Shavlik SCUPdates

Symptoms

Unable to delete/edit a filter in Patch View:

(Disabled)

(Enabled)

Cause

If the Smart Filter name begins with *Patch Group this indicates that the filter is based on a specific Patch Group and cannot be directly removed or edited from the Patch View.

Solution

Edit the Patch Group by left clicking the Patch Group from the Navigation Panel.

Delete the Patch Group by right clicking the Patch Group from the Navigation Panel and choosing Delete.

Purpose

This document lists all current Software Distribution Patches as of : 09/19/2013

Related Document:Distributing software with vCenter Protect Essentials using a patch group

When searching Patch View for a version of Microsoft Office, the Service Packs are not displayed.

This is the cause of an issue. Explain - Why did the issue occur? This field is only applicable if there is a problem or issue that the document covers.

Search using the full product name:
Example - Office Standard 2007

• Shavlik Protect 9.x

This is a list of highly recommended documents for improving general knowledge of the Configuration Management product (formerly titled Shavlik Configure). This article is not a comprehensive list of documents.

• System Requirements
• Installation Guide
• Product Download
• Obtaining & Installing the SCAP Processor
• Administration Guide

• Configuration Management Trace Logging file location
• vMotion breaks activation of Configuration Management
• Scanning for RSOP checks may cause access denied errors



• Online Help Guide
• Supported operating systems for SCAP Processor XCCDF to Shavlik conversion
• Training Videos (Listed under "Shavlik Netchk Configure 4.2 or earlier")
• Shavlik Validation on NIST Website

This is a list of highly recommended documents for improving general knowledge of the Shavlik SCUPdates product. This article is not a comprehensive list of documents.

• Quick Start Guide for SCUP 2011 (PDF)
• Quick Start Guide for SCUP 4.5 (PDF)
• SCUPdates Content Download (Login Required)

• Publishing Apple Application Support with SCUPdates
• Supersedence with SCUPdates & Expiring Updates
• SCUP Proxy Information
• Google Chrome Update Guide (PDF)



• Tips for troubleshooting issues when using SCUPdates
• Publishing SCUPdates content fails with Digest or Hash verification failed
• Too Many Locally Published Categories
• 32bit Java fails install on 64bit systems
• Exception occurred during publishing: CreateDirectory Failed
• Exception occurred during publishing: Verification of file signature failed
• Automatic updating enabled after installation of patches when publishing with SCUPdates



• Supported Products List
• Language Support for Patch Data (PDF)

This is a list of highly recommended documents for improving general knowledge of the Shavlik Protect product. This article is not a comprehensive list of documents.

• Download Site
• Protect 9 Installation Guide
• Protect 9 Upgrade Guide
• Protect 9 Quick Start Guide
• Shavlik Protect Requirements Guide
• Firewall & Proxy Exception White-List
• Installing Prerequisite Software

• How to Activate Shavlik Protect
• Managing License Seat Usage
• Offline Activation Process
• Sales/Licensing Contact Information

• Best Practices Guide
• How To Configure Windows Firewall for Protect
• Offline Environment: How To Manually Update patch data files
• Offline Environment: How to Manually Update threat definitions
• Best Practices: Java Deployment
• Best Practices: Software Distribution
• Best Practices: Agentless Scanning & Deployment of Service Packs
• Best Practices: Using Security Tools

Installation & Upgrade

• Data Conversion error during Upgrade
• Cleaning up broken installs of Protect
• Resolving database upgrade timeout failures

Obtaining Trace Logs

• Console, Client Side (agentless), and Agent log files
• Console Install and Setup Logs
• DPD Trace (for scan detection issues)
• Listing & Purpose of All Log Files

Scanning & Detection

• Troubleshooting Patch Scan Error Codes
• Scans running slow or taking long time to complete
• Scan Results fail to import (Incomplete results)
• Why Shavlik Protect scan results may differ from Windows Update
• Java patches not shown missing or installed
• How to include or exclude specific patches in scan
• Adobe & Mozilla Incremental Updating process
• Patch install/uninstall loops (patches that always show missing)

Patch Deployment & Shavlik Scheduler

• Deployed patches appear as missing
• Deployment Tracker Status Message Values
• Service Pack Deployment Guidelines
• Reinstalling the Shavlik Remote Scheduler Service

Database Related

• Cleaning up (purging) a Protect Database
• Increasing database timeout period
• Moving/migrating Protect database

Agents

• Agent Diagnosis Commands
• Agent Install failing at 67% (registration failure)
• How to fully uninstall and reinstall an agent

Other

• Issues adding machines to a group via Active Directory/OU
• Verifying Proxy Settings for Download Issues
• Role Based Administration Lockout Fix

• XML (Patch Definitions) Update Information
• List of Currently Supported Products
• Feature or Change Requests

The purpose of this document is to explain how patches are tested prior to being included in an XML update or content release.

Shavlik tests each patch that is released in every supported language for each Operating System\Service Pack\Application combination to ensure proper detection, installation, and rollback (where applicable). File by file comparisons are performed before and after patch installation to ensure patch supersedence has been properly taken into account. The Shavlik labs are equipped to test patches against hundreds of Operating System and Application combinations to ensure patch assessment and deployment functions will operate as intended on client systems.

Shavlik Protect 9.x

vCenter Protect 8.x

The purpose of this document is to list the minimal permissions required for VMware host credentials (browse credentials) that are provided for operations in Protect.



Required Roles

These permissions are set within vSphere.

At the vCenter level (if used):

A role is needed with at least *Global->Licenses checked at the root level (vCenter level) to be able to see the license.Otherwise one role that matches the ESX host level below at all levels.

At the ESX host level: (propagated to all sub levels)

Make sure the permissions listed are checked

*Global->Licenses

*Datastore->Browse

*Global->Licenses

*Resource->Assign Virtual machine to resource pool

*Virtual Machine->Interaction->Acquire quest control ticket

*Virtual Machine->Interaction->Device Connection

*Virtual Machine->Interaction->Power Off

*Virtual Machine->Interaction->Power On

*Virtual Machine->Provisioning->Allow disk access

*Virtual Machine->Provisioning->Mark as template

*Virtual Machine->Provisioning->Mark as virtual machine

*Virtual Machine->State->Create snapshot

*Virtual Machine->State->Remove snapshot

Some additional information worth noting:

-Protect needs to connect to the vCenter server to be abel to patch VM templates.

-VMware tools must be installed on VMs and VM templates.

-It is required to provide a local administrator account for the target system set in the machine group (to deploy to offline VMs).

Virtual Machine Template Patching Requirements & Informational Document

Patching process of a virtual infrastructure

Shavlik Protect 9.x

vCenter Protect 8.x

This document will provide a resolution for the error 'Failed to commit or save the database installation' when attempting to upgrade from Protect 8.x to Protect 9.x.

After performing a database update, you receive the error "Failed to commit or save the database installation."

The following is seen within the ST.DatabaseConfiguration.log located within the C:\ProgramData\LANDesk\Shavlik Protect\Logs directory:

1955-11-0509:27:36.9106438Z 0001 E InstallWizard.WizardFinishClick|Failed to commit or save the database installation.: ST.BusinessObjects.Capabilities.LicensingException: Invalid license

The Protect Upgrade is unable to complete as the license key needs to be reactivated.

1) Browse to C:\Program Files\LANDesk\Shavlik Protect and open ST.Activation.exe.

2) Remove the license key by highlighting the key and selecting the 'Remove' button.

3) Once the license key has been removed, enter the license key within the Activation Key text box and select either the 'Online' Avitcation, or 'Manual' Activation method if you are on a closed or firewalled network.

Please see the following community article for activation assistance: http://community.shavlik.com/docs/DOC-22975

4) You should now be able to launch the Protect Console.

Shavlik Protect 9.x

The purpose of this document is how to create a patch group to and to exclude those patches from your scans. This is sometimes neccesarry when scanning for patches but you do not want specific patches to be installed.

1. To scan or exclude specific patches, begin by assigning the desired patches to a Patch Group. In Protect, open Patch View.
2. Locate the specific patch by searching or filtering.
3. Right click the patch, choose Add to Patch Group, then choose New Patch Group.
4. In the Patch Group window, enter a Name and Description to identify what the Patch Group will be used for, then click Save.
5. Next create a new Patch Scan Template.
6. In the Patch Scan Template window, enter a Name and Description to identify the scan template. Under Patch type filter settings select Scan All. Under Patch filter settings select Skip Selected, then click the Patch group(s) browse button
7. In the Select Patch Groups window, add a checkmark to the Patch Group(s) that contain the specific patch to be scanned for, then click Select
8. The selected Patch Group should now show as selected in the Patch Group(s) list. Click Save.
9. Scan using the Scan Template created. Results will only show those patches included in the Patch Group.

How to Include or Exclude specific Patches in Scan Results

Qnumbers