> Services > Patch Status Service

Patch Status Service

The Patch Status service is automatically added to all Windows devices. It provides insight into the state of patching on a specific device as well as providing metrics for your reporting. You can configure settings through the Status, Service Details, Self-Healing, Reports tabs on this window.

Recommendations for setting up this service:

  • On the Service Details tab, set Threshold for Monitoring old patches (days) to 31 days.
  • On the Thresholds tab, turn off all thresholds except for Patches installed with errors, Missing Patches Older Than (x) Days, and Reboot Required. The service will now only alert you if something has gone wrong with your patch schedule, a patch has failed or a reboot is needed. The data will still be available for reporting.

Instances on a Device

1

Device Class

Laptop - Windows, Server - Windows, and Workstation - Windows

Monitored By

Windows agent

Scan Interval

The default interval is five (5) minutes.

Time To Stale

The time (in minutes) that MSP N-central waits to receive data about the service. If no data is received within the specified time period, the service will transition to a Stale status. The default is 4320 minutes (72 hours, or 3 days).

Threshold for Monitoring old patches

The duration (in days) that a patch can be approved but not installed before the patch is added to the Missing Patches That Were Approved Over xx Days Ago metric. The default is 60 days.

Include Patches in the following categories

The types of patches to be reported by the service.

Status

Overview

The overview shows a graphical representation of your patch state, including approved but not yet installed patches, and unapproved patches. The summary shows high level alerting information, including reboot details, patches installed with errors and upcoming scheduled patch events.

The information on this tab is useful for patch troubleshooting. It updates each time a scheduled patch detection occurs or after completing a patch cycle.

Patch Details

A table providing the total number of software patches listed by category that are Approved but Not Installed or Not Approved.

Patch Summary

Additional detail provided for the installation of software patches including:

  • Patches installed with errors - Identifies the total number of patches with installation errors.
  • Next Patch Scan Schedule - Indicates the date and time when the next scan of the status of software patch installations will take place.
  • Next Installation Schedule - Indicates the date and time when the next installation of software patches will take place. Note that for versions of MSP N-central earlier than MSP N-central 9.5, Patch installation is in progress may be displayed when software patches are being downloaded and are not actually in the process of being installed.
  • Patch Download Source - Indicates the source from which the device is synchronizing software patches.
  • Reboot Required - Indicates whether the device must be restarted for software patch installation to be completed. If this value is True, the service will transition to a Warning state.

Patch Download Source Messages

In the Values column of the Summary table, the system provides you with messages to let you know what sources a device is configured to download patches from and if that source is functioning.

Each message is split in to two parts. The first part of the message provides download source information about Windows Updates, and the second part of the message provides download source information about Third Party Updates.

Microsoft Updates = Message 1

Meaning

Unmanaged

Patch Management is disabled.

Windows Update

The agent will only download patches from Microsoft Server.

Probe 123.123.123.123

The agent will download patches from the Probe.

Windows Update (Probe unavailable)

The agent is unable to reach the probe and will download patches from Microsoft servers.

No source (Probe unavailable, Windows Update not allowed)

The agent is unable to reach the probe and is not allowed to download patches from Microsoft’s servers. Patching will fail.

Note: You can fix this issue and allow the device to contact external sources by selecting a Patch Profile that has the Communicate Externally for Updates option selected. For more information refer to Patch Management Profile Settings.

Third Party Updates = Message 2

Meaning

Unmanaged

Patch Management is disabled.

Not Enabled

Third Party Patching is disabled.

Direct from vendors

The agent will only download patches from third party product vendors.

Probe 123.123.123.123

The agent will download patches from the Probe.

Direct from vendors(Probe unavailable)

The agent is unable to reach the probe and will download patches from third party product vendors.

No source (Probe unavailable, Direct from vendors not allowed)

The agent is unable to reach the probe and is not allowed to download patches from third party product vendors. Patching will fail.

Note: You can fix this issue and allow the device to contact external sources by selecting a Patch Profile that has the Communicate Externally for Updates option selected. For more information refer to Patch Management Profile Settings.

The following are examples of combined messages and their meanings:

Example Combined Message 1 | Message 2

Meaning

Microsoft Updates: Unmanaged | 3rd Party Updates: Unmanaged

N-central is not managing patching on this device

Microsoft Updates: Probe 123.123.123.123 | 3rd Party Updates: Unmanaged

Microsoft updates are managed and will be downloaded and distributed by the probe. Third Party updates are not managed by N-central.

Microsoft Updates: Probe 123.123.123.123 | 3rd Party Updates: Probe 123.123.123.123

Microsoft and 3rd Party updates are managed by N-central and will be downloaded and distributed by the probe.

 Microsoft Updates: No source (Probe unavailable, Windows Update not allowed) | 3rd Party Updates: Unmanaged

Microsoft updates are managed by N-central, but the agent cannot reach the probe and is not allowed to download patches directly from the internet. Microsoft updates will fail. Third Party updates are not managed by N-central.

Microsoft Updates: Windows Update| 3rd Party Updates: Direct from vendors

Both Microsoft and Third Party updates are managed and will be downloaded from the internet.

Approved Patches

This tab provides a summary of patches that the device is waiting to install.

Missing Patches Details

A table providing the total number of missing software patches categorized as:

  • Missing Patches - Identifies the total number of missing patches.
  • Missing Patches Older Than 60 Days - Identifies the total number of patches that have been missing for more than 60 days.

Missing Patches by Category

Lists the total number of missing patches by the following categories:

  • Security Updates
  • Critical Updates
  • Service Packs
  • Third Party Updates
  • Update Rollups
  • Feature Packs
  • Updates
  • Software Driver Updates
  • Definition File Updates
  • Tools Updates

Not Approved Patches

This tab displays a list of patches available to that devices that have not yet been approved. They will remain on the page until approved by the Approve/Decline patches process or by an automatic approval. From this tab you have the ability to review and selectively approve patches for this device.

Not Approved Patches by Category

Lists the total number of software patches that have not been approved by the following categories.

Click View to display the missing patches for each category. Once the list of missing patches is displayed, click OK to conceal the list of missing patches.

  • Security Updates
  • Critical Updates
  • Service Packs
  • Third Party Updates
  • Update Rollups
  • Feature Packs
  • Updates
  • Driver Updates
  • Definition File Updates
  • Tools Updates
  • Unknown Updates

Service Details

Choose to adjust key metrics including threshold for old patches to be used in the monitoring metric, Threshold for Monitoring old patches (days).

Thresholds

Threshold adjustments can be made to details patch status will monitor and alert on from various templates that apply it.

The Laptops - Windows Service template. Thresholds may be turned off, which will prevent alerts on the number of patches available but this data will still be available to reporting.

Self-Healing

This tab enables you to configure Self-Healing actions for patch status.

Reports

This tab provides per-device reporting.