- Newest
- Most votes
- Most comments
This will be addressed in the future releases. Meanwhile this work around might help.
_Please configuring the IE settings under the SYSTEM context via PSExec _
_PS C:\Users\Administrator\Downloads\PSTools> .\psexec -i -s -d cmd _
_Then in the System User Context CMD prompt; _
_C:\Windows\system32>whoami _
_nt authority\system _
_C:\Windows\system32>inetcpl.cpl _
Then configured the same settings that were stored in HKCU & re-ran the document.
Hi I am facing the similar issue Here.
We are trying to use Patch Manager to do patching on an EC2 instance running Windows server 2016.
This EC2 instance has a Private IP (no public ip) and is using SQUID to connect to internet.
We have defined Proxy and also configuring the IE settings under the SYSTEM context via PSExec.
However, the Windows patching will always fail with this Output (see at end)
Any advise?
++The command output displays a maximum of 2500 characters. You can view the complete command output in either Amazon S3 or CloudWatch logs, if you specify an S3 bucket or a CloudWatch logs group when you run the command.++
++Patch Summary for++
++PatchGroup :++
++BaselineId :++
++SnapshotId :++
++OwnerInformation :++
++OperationType : Scan++
++OperationStartTime : 0001-01-01T00:00:00.0000000Z++
++OperationEndTime : 0001-01-01T00:00:00.0000000Z++
++InstalledCount : -1++
++InstalledRejectedCount : 0++
++InstalledOtherCount : -1++
++FailedCount : -1++
++MissingCount : -1++
++NotApplicableCount : -1++
++UnreportedNotApplicableCount : -1++
++STB-MM-2FA - PatchBaselineOperations Assessment Results - 2019-04-30T12:45:30.802++
++Scan found no missing updates.++
++----------ERROR-------++
++Invoke-PatchBaselineOperation : Instance Id i-0ca6ecd1648836185 doesn't match++
++the credentials++
++At C:\ProgramData\Amazon\SSM\InstanceData\i-0ca6ecd1648836185\document\orchestr++
++ation\349aa1e6-fd35-4687-a8b2-78db99323015\PatchWindows_script.ps1:195 char:13++
+++ $response = Invoke-PatchBaselineOperation -Operation Scan -SnapshotId ...++
+++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~++
+++ CategoryInfo : OperationStopped: (Amazon.Patch.Ba...UpdateOpera++
++tion:FindWindowsUpdateOperation) [Invoke-PatchBaselineOperation], AmazonSi++
++mpleSystemsManagementException++
+++ FullyQualifiedErrorId : PatchBaselineOperations,Amazon.Patch.Baseline.Op++
++erations.PowerShellCmdlets.InvokePatchBaselineOperation++
++failed to run commands: exit status 4294967295++
Any idea when the fix will make it into the ssm agent? It's been 2 years since the original post about this and I just tried the suggested workaround but the ssm agent still seems to ignore the proxy settings and tries to communicate out directly to:
ssm.us-east-1.amazonaws.com
Same issue - but we are not using any proxy server. The Invoke-PatchBaselineOperation fails for only one of the machines in the Patch Group with this error:
Invoke-PatchBaselineOperation : The install operation did not complete
successfully. Additional failure information from Windows Update:
HResult: -2145124318 | Result Code: orcFailed
At C:\ProgramData\Amazon\SSM\InstanceData\i-03a9dad67ec4ced1a\document\orchestr
ation\fbc6a0a2-c2ad-45ec-81ee-688711b881eb\PatchWindows_script.ps1:195 char:13
- $response = Invoke-PatchBaselineOperation -Operation Install -Snapsho ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
CategoryInfo : OperationStopped: (Amazon.Patch.Ba...UpdateOpera
tion:InstallWindowsUpdateOperation) [Invoke-PatchBaselineOperation], Excep
tion -
FullyQualifiedErrorId : Exception Level 1:
Error Message: The install operation did not complete successfully. Addit
ional failure information from Windows Update:
HResult: -2145124318 | Result Code: orcFailed
Stack Trace: at Amazon.Patch.Baseline.Operations.PatchNow.Implementati
ons.InstallWindowsUpdateOperation.InstallUpdates(IEnumerable`1 filteredUpd
ates)
at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWi
ndowsUpdateOperation.InstallUpdates()
at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWi
ndowsUpdateOperation.DoWindowsUpdateOperation()
,Amazon.Patch.Baseline.Operations.PowerShellCmdlets.InvokePatchBaselineOpe
ration
-
failed to run commands: exit status 4294967295
I am using RunPatchbaseline for installing windows updates on the Windows server 2k12,2k16 and 2k19. It works fine with 2k12 and 2k19 however this fails in case of 2k16. Also, there are cases to be considered here. Below are my test cases.
- Server hosted in public subnet with outbound traffic enabled - Success
- Server hosted in public subnet with outbound traffic disabled - Success
- Server hosted in private subnet with outbound traffic enabled - Fail
I don't understand why it fails on windows server 2k16. Can anyone guide me in the right direction to get it resolved.
I had a similar problem. Windows 2016 with no external address, accessing windows update via NAT. It turns out that windows firewall service must be enabled for windows update to download patches.
Once I started the windows firewall service the server was able to download patches.
I also had this message in the windows update log.
2020/04/02 08:26:21.6793588 1128 3080 DownloadManager BITS job {3E75293B-FE35-4A1B-9877-F624F4A18DA6} hit a transient error, updateId = {034DE509-A373-470E-A1D7-2432D5399D70}.201 <NULL>, error = 0x800706D9
2020/04/02 08:26:21.6803449 1128 3080 DownloadManager Error 0x800706d9 occurred while downloading update; notifying dependent calls.
Hope this helps you.
Relevant content
- asked 2 years ago
- asked 9 months ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 9 months ago