You can monitor patch deployments through the Patches page, Windows dashboard, and the Device page as explained in the Reports for patch management article.
This article contains some ideas that you can try if you notice problems in managing patches on your Windows devices.
Check the requirements for patch management
Miradore's Patch management supports Windows devices that meet the following requirements:
Does your device have a 64-bit version of Windows?
Patch management features are not available for devices with the 32-bit version of Windows, because Miradore client only supports 64-bit Windows devices.
Is Miradore client installed on the device?
Miradore utilizes an MDM work account and/or a Miradore client for managing Windows computers. In order to work properly, patch management requires that the devices have the Miradore client installed. Read Windows device management methods for more information about this topic.
Patch management features are not available for devices that don't have a Miradore client installed.
You can check the device management type from the Management table which is located on the Device page.
Note: Miradore's automatic client deployment doesn't work on Windows 10 Home devices. For those devices, you need to download and install Miradore Client manually.
Is the software running in the System context?
As stated in the Patch management – Supported vendors and products article, Miradore's patching solution supports software that is installed in a per-machine context (machine-wide). If the software runs in the user's context (per-user installation), Miradore patch management cannot detect or patch the software.
Some of the most common software that has a per-user installer are:
- Zoom Client for Meetings
- Microsoft Teams
- Google Chrome
- Slack
- RingCentral
- Fiddler
- Opera
- Remote Desktop
- Webex
- WinSCP
Check the configuration of the Windows Update
Windows Update may interfere with Miradore when it tries to install Windows patches. If the installation of Windows patches is failing on your managed Windows computers, we recommend checking the configuration of Windows Update on the managed Windows computers.
- Make sure that the Windows Update Service is enabled.
- Set Windows Automatic Updates to Never check for updates (Windows 7 & 8).
- On Windows 10 computers you cannot modify this setting from the Control panel, but you can edit the settings through the Group Policy Editor or use Miradore's Windows Update configuration profile to disable the automatic updates. On domain-joined computers, this setting is most likely managed through group policies by your administrator.
The Windows Update settings don't affect the installation of software patches from other vendors.
Check certificates in case of a patch scan failure
Sometimes the problem might be that the patch scan fails on a device. There have been some issues at least with the devices having the Windows LTSC version installed. The reason for this failure might be an issue regarding some trusted certificates on the device.
If you find out an issue with the patch scan, check that the required certificates exist on the device.
- Trusted CA: DigiCert Assured ID Root CA with serial number 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39
- Intermediate CA: DigiCert SHA2 Assured ID Code Signing CA with serial number 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08
If these trusted certificates are missing, download them from the links above and install certificates manually to the machine certificate store.
Have feedback on this article? Please share it with us!
Previous Article:
« Windows patch management