You can monitor patch deployments through the Patches page, Windows dashboard and from the Device page as explained in Viewing available and installed patches for Windows devices article.
This article contains some ideas that you can try if you notice problems in managing patches on your Windows devices.
Check the requirements for patch management
Miradore’s Patch management supports Windows devices which meet the following requirements:
Device has a 64-bit version of Windows
Patch management features are not available for devices with 32-bit version of Windows, because Miradore Client only supports 64-bit Windows devices.
Device needs to have a Miradore Client installed
Miradore utilizes an MDM work account and/or a Miradore Client for managing Windows computers. In order to work properly, patch management requires that the devices have the Miradore Client installed. Read Windows device management methods for more information about this topic.
Patch management features are not available for devices which don’t have a Miradore Client installed.
You can check the device management method from Management type table which is located on the Device page. Both means that the device has a Miradore Client and Miradore’s MDM profile installed.
Notice that Miradore’s automatic client deployment doesn’t work on Windows 10 Home devices. For those devices, you need to download and install Miradore Client manually.
Check the configuration of Windows Update
Windows Update may interfere Miradore when it tries to install Windows patches. If the installation of Windows patches is failing on your managed Windows computers, we recommend to check the configuration of Windows Update on the managed Windows computers.
- Make sure the Windows Update Service is not disabled
- Set Windows Automatic Updates to Never check for updates (Windows 7 & 8).
- On Windows 10 computers you cannot modify this setting from the Control panel, but you can edit the settings through the Group Policy Editor or use Miradore’s Windows Update configuration profile to disable the automatic updates. On domain-joined computers this setting is most likely managed through group policies by your administrator.
The Windows Update settings don’t affect the installation of software patches from other vendors.
Check certificates in case of patch scan failure
Sometimes the problem might be that the patch scan fails on a device. There have been some issues at least with the devices having the Windows LTSC version installed. The reason for this failure might be an issue regarding some trusted certificates on the device.
If you find out an issue with the patch scan, please check that the required certificates exist on the device.
- Trusted CA: DigiCert Assured ID Root CA with serial number 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39
- Intermadiate CA: DigiCert SHA2 Assured ID Code Signing CA with serial number 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08
If these trusted certificates are missing, download them from the links above and install certificates manually to the machine certificate store.
Retrying patch deployments
You can retry failed patch installations using the Retry patch installation button on the Device page.