Troubleshooting for Patching
This topic provides guidance on resolving issues related to Patching.
Patch Installation Failure
In some cases, patch installation can result in a failure. Any errors related to patch deployment on a devices are displayed in the device view. When a patch installation results in a failure, the Status column on the Patching tab shows the error message and the associated exit code.
To investigate further, review the following KACE Cloud Agent log files:
| Directory | File name | Contents |
|---|---|---|
| Windows: C:\ProgramData\Quest\KACECloud\cloudpatch\kpd macOS: /Library/Application Support/Quest/KACECloud/data/cloudpatch/kpd |
KPATCH_DETECT_OUTPUT.txt | Results of patch detection actions. |
| Windows: C:\ProgramData\Quest\KACECloud\cloudpatch\kpd macOS: /Library/Application Support/Quest/KACECloud/data/cloudpatch/kpd |
KPATCH_DEPLOY_OUTPUT.txt | Results of patch installation actions. In this file, patch errors are listed in the EXIT_CODE field. For example: "EXIT_CODE" : "1,0x1" |
| Windows: C:\ProgramData\Quest\KACECloud\logs macOS: /Library/Application Support/Quest/KACECloud/data/logs |
cloudpatch.log | Logging specific to patching. |
| Windows: C:\ProgramData\Quest\KACECloud\logs macOS: /Library/Application Support/Quest/KACECloud/data/logs |
kacecloud.log | Logging specific to agent communication. |
Delay in Inventory calls during Patching on Windows devices
The inventory call experiences delay in completing during patching. It should complete within a few seconds after linking the deployment policy.
The delay is because Microsoft Defender's real-time scanning slows down the patching process by scanning the cloudpatch.exe file.
Solution:
- Add cloudpatch.exe to Defender exclusions
Exclude the cloudpatch.exe file from Microsoft Defender’s real-time scanning to prevent delays. -
Use KACE Cloud Defender Configuration for MDM-managed devices
For MDM-managed devices, use the KACE Cloud Defender Configuration to automatically exclude cloudpatch.exe. -
Disable the real-time scanning (optional)
Temporarily disable real-time scanning if exclusions are not feasible. Re-enable scanning after patching is complete to maintain security.