About This File
This monitor identifies the current agent version for OSX, Linux and Windows Agents. Every 5 minutes the monitor checks for agents that are below the current version and issues the Agent Update command to a small batch of online agents. It will only issue the command once per day for any particular agent, and only if there are no pending/executing commands already in the queue for the agent. It will dynamically calculate the concurrency limit so that it can process all of your agents in about 12 hours time. This spreads the load out while quickly bringing all agents up to date as soon as possible. Commands from before the agent was restarted are ignored, so it can update right away after a reboot even if it already failed to update within the past 24 hours.
The monitor will only report verified update failures, so you can use this monitor to generate a ticket or to run your own update remediation script since you know the self-update has failed. Even though only a small number will be asked to update each time it runs, the monitor will report ALL online, out of date agents. You do not need to run a script or generate a ticket or do anything else, the monitor is issuing the update commands directly in SQL. If you don't generate a ticket, you should check the monitor periodically and see which agents are reported since they are failing to update and will need some sort of manual intervention.
This file has been specially prepared to be safe for importing in Control Center through Tools -> Import SQL. The monitor will be named "CWA AGENT - Needs Update". If you have imported a previous version of this monitor, most of your customization's (Monitor Name, Alert Template, Ticket/Report Category, etc.) will be preserved but the necessary changes will be made automatically. Unlike prior versions of this monitor, you can safely "Build and View" and it will not continue to add more update commands.. Pending/In Process update commands will reduce the concurrency limit so that it never overloads the system with too many update commands at once.
FAQ:
My agent is outdated but the monitor doesn't show it. Why?
These are the criteria for an update command to be issued. Until the monitor tries to update an agent, it will never report it as failing to update. If any of these conditions are not met, this is why you aren't seeing the agent update command:
- Is the agent version out of date?
- Is the agent online? (lastcontact within past 15 minutes)
- Are there no commands currently pending or executing?
- Have no update commands been issued within the past day for the current version?
- Have fewer than LIMIT (a custom value dynamically adjusted for your environment) update commands already been issued and have not completed?
After answering YES to all of these checks, the monitor will issue the command to update the agent. It will only permit up to LIMIT update commands to be pending/executing at once, so if you have a large number of agents to update it might be awhile (up to 12 hours) before any particular agent is asked to update. Once an agent has been asked to update, the following criteria determines if the agent will be reported as failed:
- Has an update command been issued within the past day?
- Is the agent online? (lastcontact within past 15 minutes)
- Did the update command report failure? OR has the update command been executing/completed for over 2 hours?
- Is the agent version still out of date?
After answering YES to all of these checks the monitor will report that the agent has failed to update.
Why won't my agent update?
This can be caused by many reasons.
Some common ones:
- Insufficient Agent resources (low ram/disk space/available cpu)
- Another software install is in progress.
- The agent is pending a reboot.
- A file cannot properly extract from the update. (Check for ReadOnly attributes or invalid file/folder permissions for "%WINDIR%\Temp\_LTUpdate")
- A file is locked and cannot be replaced. (LTSvc.exe, LTTray.exe, etc. might fail to stop. A .DLL might be open or locked by AV or a third party program.)
Nearly all of these are resolved with a reboot, so that is a good troubleshooting step after checking the file attributes/permissions.
What alternative methods are available to update my agent?
Look for this section to be expanded on in the future.
- LTPoSh has an Update-LTService function. Calling this function through Control is a highly effective way to resolve update failures for Windows agents.
-
LTPoSh (or other solutions) can be used to reinstall the agent using Control, PSExec, or any other method as your disposal. (I have used ESET Remote Administrator to execute an install command for example).
update outdated out of date updated current agent version automatic automated internal monitor rawsql
What's New in Version 2.2.0 See changelog
Released
This version adds the following features:
- The monitor will no longer report failure for an agent until the update has failed. (Failed means the command reported failure, or the command has been executing for over 2 hours, or the command "succeeded" over 2 hours ago but the agent version has not changed) Agents that have not been told to update or are in the process of updating will not be reported by the monitor. This allows you to tie the monitor to a remediation script or to generate a ticket as only failed updates will be returned.
- Agents with pending or executing commands will not be instructed to update. This will prevent disruption of other commands the agent may be processing.
- Executing commands or an Update command issued before a computer was restarted will be ignored. If the update fails, then the agent restarts, the monitor will try to update again right away instead of waiting 24 hours.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.