Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Patch Remediation

LayerMan_
New Contributor
‎01-10-2013 01:10:PM
‎01-10-2013 01:10:PM

Patch Remediation

Good day,

 

I've opened a case with JTAC for assistance on this, but I was wondering if anyone else was having this issue.

 

I have configured a Host Checker policy to perform patch assessment and remediation using Shavlik.  This was working for a bit, but I've recently encountered an Adobe Flash patch and a MS patch that Pulse detect are not installed on the system, but when I try to install them manually, report as already being installed.  This of course then would lend the user to being stuck in the remediation vlan without a way of being able to resolve the situation on their own.

 

Has anyone else encountered such behavior before with this auto-remediation feature?

 

 

Thanks,

 

L

0 Kudos
2 REPLIES 2
LayerMan_
New Contributor
‎01-10-2013 01:55:PM
‎01-10-2013 01:55:PM

Re: Patch Remediation

So I believe I resolved the issue.

 

I started digging through Windows Event Log entries again and noticed a correlation - each time Host Checker ran, an error was registered from source "DistributedCOM" with an eventID of 10016.  The error was:

 

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

I started Googling these CLSID and APPIDs, and found a link to this article:

http://networkadminkb.com/KB/a351/how-to-fix-nap-agent-service-dcom-error.aspx

 

...where it indicated that the APPID GUID is associated with the NAP (Network Access Protection) service.  Once I started this service, my remediation issue was resolved.  I set this service to auto and it appears to be golden.  I didn't see this service requirement in the documentation anywhere for Pulse - perhaps I missed?

 

 

Cheers,

 

L

0 Kudos
LayerMan_
New Contributor
‎01-10-2013 02:07:PM
‎01-10-2013 02:07:PM

Re: Patch Remediation

I may have spoken too soon - results are intermittent; first login fails host check (from machine auth -> user auth @ credential provider) and then succeeds at the desktop.  Weird.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.