# IT Inventory Management Software ## 1. There are no patches listed in the Applicable and Missing Patches sections. Why? If you cannot see patches listed in the Applicable and Missing patches sections, do the following: - Check if the Endpoint Central agents have been installed in all computers that you are managing. If agent installation has failed, read this [document](https://www.manageengine.com/products/desktop-central/agent-installation-knowledge-base.html) to understand and rectify the possible reasons for the agent-installation failure. - Ensure that the computers have been scanned atleast once. To learn more about setting up periodic scanning, see [patch scanning](https://www.manageengine.com/products/desktop-central/help/patch_management/patch_management_configurations.html#Configure_Patch_Scan_Mode_and_Scan_Interval). [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 2. I could not complete the task of scanning for patches manually. It failed. Why? When you scan for patches manually, it could fail because of any of the following reasons: **Access Denied** If you get the "Access Denied" error, do the following: - Check whether the Domain Administrator credentials supplied while defining the Scope of Management is still valid and has not been changed. - Enable DCOM settings in all the computers in your network. To enable DCOM settings, follow the steps given below: 1. Click **Start** > **Run** 2. Enter **dcomcnfg** 3. Click **OK** The dialog box that appears depends on the Windows operating system that is installed in your computer. If you are using Windows NT/2000, you will see the Distributed COM Configuration Properties dialog box. If you are using Windows XP, you will see the Component Services dialog box. To access the Properties tab, follow the steps given below: a. Expand **Component Services** b. Expand **Computers** c. Right-click on **My Computer** d. Click **Properties** 4. Click the **Default Properties** tab 5. Select **Enable Distributed COM on this computer** 6. Select an appropriate authentication level 7. Select an appropriate impersonation level You have enabled DCOM settings in the computers in your network. - Turn off the **Force Guest** feature if client computers are part of a workgroup (not part of a Windows Domain). Make the following change in all the client computers: 1. Click **Start** > **Run** 2. Enter **explorer** 3. Click **OK** 4. Select **Tools** > **Folder Options** 5. Click the **View** tab 6. Deselect the option **Use simple file sharing** 7. Click **OK** **RPC Server Unavailable** If you get the error message, "RPC Server Unavailable", check if the following are switched on or enabled: - Remote computer: If the remote computer is not reachable, ensure that the system is switched on and running when the inventory scan is in progress. - Remote Administration feature: If the Remote Administration feature is disabled in the computer's firewall, enable it using the steps given [here](https://www.manageengine.com/products/desktop-central/miscellaneous-knowledge-base.html#AgentInstallation). - File and Printer Sharing for Microsoft Networks: If this is not enabled in the network adapter of the computers, enable this option using the steps given [here](https://www.manageengine.com/products/desktop-central/agent-installation-knowledge-base.html#fileprinter). **Scanning Timed Out** If you get the error message, "Scanning Timed Out", complete the following tasks: - Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall: - 8020: Used for agent-server communication and to access the Web console - 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed. - Check if the computers are switched on when inventory scanning is in progress. Ensure that the service "ManageEngine Desktop Central 10-Remote Control" is running in the computers. **Note**: This is applicable if the scanning has failed for computers in remote offices. - Disable virtual adapters, if any, when the computer in which the Endpoint Central server is installed has multiple IP addresses (for example, a virtual adapter and two NICs). [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 3. I had scheduled the scanning for patches to take place automatically. It failed. Why? If scheduled patch scanning fails, do the following: - Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall: - 8020: Used for agent-server communication and to access the Web console - 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed. - Enable the local group policy. For steps to enable the local GPO, click [here](https://www.manageengine.com/products/desktop-central/configurations-knowledge-base.html#enablegpo). [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 4. I cannot update the list of latest patches in the computers in my network. Why? The reason you cannot update the list of latest patches in the computers in your network could be because the proxy server credentials specified in the Proxy Server settings are no longer valid. Reconfigure the proxy server settings by specifying a valid set of credentials. [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 5. I am unable to deploy patches to the computers in my network. Why? If you are unable to deploy patches to computers in your network, do the following: - Check the following: - Versions of the agents installed in the computers. You can view the version of the agents installed in the computers on the Scope of Management page. To access this page, click **Admin** > **Scope of Management**. - Status of the computers to which you want to deploy patches. - Status of the patch-download process. You can check this in the Downloaded Patches page. To access this page click **Patch Mgmt** > **Patches** > **Downloaded Patches**. - Proxy-server credentials specified in the Proxy Server settings. Reconfigure these credentials if they are no longer valid by specifying valid credentials. - Local group policy in the computers. If the local group policy is disabled in the client computers, scheduled scanning for patches will fail. For steps to enable the local group policy, click [here](https://www.manageengine.com/products/desktop-central/configurations-knowledge-base.html#enablegpo). - Availability of users and computers in an Organizational Unit (OU) or group that is specified as a target for a configuration. If required, login as the user or restart the computers in an OU or group to ensure that the required patches are deployed. - Event logs in computers where you want to deploy patches for errors, especially when the Domain Controller is not reachable from the client computers. To open the Event Viewer: 1. Click **Start > Run** 2. Enter **eventvwr** 3. Press **Enter** 4. Select the required application from the left tree and look for errors with the following event IDs: - 1030 - 1054 - 1058 5. Refer to the [Microsoft Knowledge Base](http://support.microsoft.com/) articles to resolve these errors. - Ensure that you have opened the following TCP ports in the Endpoint Central server and added them to the exceptions list in the firewall: - 8020: Used for agent-server communication and to access the Web console - 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another This ensures that no data is blocked by Endpoint Central when a firewall is enabled in the computer where the Endpoint Central server is installed. [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 6. Why does the vulnerability database not get updated? The reason why the vulnerability database does not get updated could be because the proxy server is blocking the data. Ensure that you do the following: - Specify ports 443 and 80 through which the proxy server communicates. - Add **"patchdb.manageengine.com"** to the exception list of your proxy server. [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 7. Patch installation fails while downloading the patches. Why? The reason why patch installation fails while downloading patches could be because the authentication provided in the proxy settings does not have necessary privileges to download .exe files. [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) ## 8. Patch installation fails with error "Fatal Error during Installation". Why? Patch installation could fail with the error "Fatal Error during Installation" because of patch-specific errors. Check the `%windows%\KB******.log` for possible reasons. If the problem persists, contact support with the following logs: - `%windows%\KB******.log` - Agent logs pertaining to the computers where the patch is being installed. [Questions](https://www.manageengine.com/products/desktop-central/knowledge-base.html#patch-management) [Inventory Management - Knowledge Base](https://www.manageengine.com/products/desktop-central/inventory-management-knowledge-base.html#inventory-management-knowledge-base) [Software Installation - Knowledge Base](https://www.manageengine.com/products/desktop-central/software-installation-knowledge-base.html#software-distribution-knowledge-base)