Use > Server patching > Patch management for Windows > Patch management process > Step 2 - Configure patch policies > Windows patch policy remediation job option—Windows Patch Installation Order

Windows patch policy remediation job option—Windows Patch Installation Order

When working in Offline Catalog patching mode, the Windows Patch Installation Order option enables you to control patch installation sequence during remediation. Because the Microsoft Offline Catalog of patches (wsusscn2.cab) only contains security updates, HPE provides patch supplements via HPELN. Selecting this option prevents the collision of Windows patch data derived from different sources.

Some newer patches from the offline catalog have incorporated or enhanced the fixes that were previously defined in the patch supplement, which rendered the supplement patches obsolete. Consequently, patch data can be corrupted if you install the patch supplement patches before the wsusscn2.cab patches.

  • HPE  strongly recommends using this option when remediating Windows patch policies in Offline Catalog patching mode.
  • This setting is not available in WSUS patching mode. This is because SA can retrieve all required Microsoft updates from your WSUS server. For more information see Accessing the Microsoft patch database

How it works:

  1. When running a Windows Patch Policy remediation job, select the Windows Patch Installation Order setting in the Options view.

Windows Patch Installation Order setting in the Remediate window

  1. When you run the remediation job, all the Microsoft Offline Catalog patches (wsusscn2.cab) will be deployed first, and the HPELN Patch Supplement patches will be excluded until the job no longer contains any Microsoft Offline Catalog patches.

Note When this option is not selected, the default order is by KB #, which can cause problems if you are installing patches from both sources: Windows Offline Catalog (wsusscn2.cab) and HPELN Microsoft Patch Supplement.

  1. You will need to run the remediation job multiple times in order to deploy all the patches and achieve full compliance.

Note If you use this option, you must run multiple remediation jobs to make a server fully compliant.

  1. The status of each patch installation is provided in the Preview or Job Status view of the Remediate window.

    To view additional details about a specific item, select the row in the table to display details in the bottom pane, as shown in the Preview Patch Install Status figure.

Preview Patch Install Status

Note If the policy has patches from both sources, wsusscn2.cab and the HPELN supplement, then the job will not install the HPELN patches. The following message should be displayed:

This patch is not a Windows Offline Catalog patch. The Windows Patch Ordering option was enabled for this job, so only Windows Offline Catalog patches will be considered.