Some Patches not updating Patched status

  • 7012721
  • 26-Jun-2013
  • 12-Feb-2018


Novell ZENworks Configuration Management 11.2
Novell ZENworks Patch Management 11


Some Microsoft Security patches show "Not Patched" for devices after ZPM installed the patch.

Test to know if the bug reported applies to specific patches:

  1. Delete all entries from registry under HKEY_LOCAL_MACHINE][SOFTWARE\\Discovery Agent\NativeScan and HKEY_LOCAL_MACHINE\SOFTWARE\\cache\SYSTEM_HASH
  2. Rescan device with zac patch-scan.
Note:  After the test above the device should show as patched.  Unfortunately however, subsequent patch scans will mark it as not patched again, so this isn't a good workaround for the problem unless the reg keys were deleted daily in advance of DAU schedule.


This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at http://// 

Workaround: if it is not possible to upgrade to ZCM 11.2.4 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at as "ZCM/ZPM 11.2.3a MU1 Patch Management Agent fix for Some Patches not updating Patched status (see KB 7012721) and Unable to detect the latest 32 bit patches when using a Windows Server (see KB 7012776)". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.