How to get verbose debug logging from LM.Detection.exe

  • 7014131
  • 18-Nov-2013
  • 09-Nov-2018

Environment

Novell ZENworks Patch Management 11
Novell ZENworks Patch Management 2017

Situation

How to get verbose debug logging from LM.Detection.exe

Note:  Note:  It may be necessary to first delete HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\cache SYSTEM_HASH entry so that the logging is bypassing the cache.

Resolution

  1. Rename registry value HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\cache\SYSTEM_HASH entry to bypass cache and rescan fully.
  2. Run lm.detection_x64 /r /l 4 /e "tmpScan" and collect lm.detection.log
for individual patch verbose log (this is not as verbose as above steps):
  1. Look in registry HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\Discovery Agent\NativeScan search below for the name of the patch to test.  
  2. Example:  2018-02 Security Only Quality Update for Windows 7 x64 (KB 4074587) is found under HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\Discovery Agent\NativeScan\038b7343-567a-489c-9a7b-99359061b585
  3. Or do a database query to get the guid from patch signature table. 
    Example:  select type from patchsignature where name =  '2018-02 Security Only Quality Update for Windows 7 x64 (KB 4074587)' gives this:  038B7343-567A-489C-9A7B-99359061B585 (remove the brackets)
  4. Rename the registry key above so that it will force re-scan.
  5. Run the following command from %ZENWORKS_HOME%\zpm directory:

    LM.Detection_x64.exe or LM.Detection.exe /ErrorStdOut /registry /loglevel 4 /e /g 038B7343-567A-489C-9A7B-99359061B585
    "/g" is guid of the patch. 
  6. Once the patch has run on the device there will be a corresponding log file at the root of "%ZENWORKS_HOME%\zpm".

    Example:  "lm.detection-038B7343-567A-489C-9A7B-99359061B585.log"
  7. Confirm that the registry key under NativeScan is re-populated by the scan.
Note:  The guids are consistent across different zones, so the same patch will have the same guid for everyone.

Note:

Run LM.Detection_x64.exe /ErrorStdOut /registry /loglevel 4 /e to get logging for all patches.

/registry means populate the HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\Discovery Agent\NativeScan registry (that is not done when /g is used).  If /registry is not used, an xml file with results is created instead.

Cause

At times the need to troubleshoot LM.Detection.exe is needed to isolate why a patch will not install.

Tips for reading the log:

Look for failure to match values in HKLM

Look for entries querying cbc, example:

 _WindowsCbsPackage: RuleType='isinstalled'

_WindowsCbsPackage: Applicability: '7' CurrentState: '6'

_WindowsCbsPackage: Result: False


for more information about CBS servicing states see https://blogs.technet.microsoft.com/tip_of_the_day/2015/10/12/tip-of-the-day-cbs-servicing-states-chart-refresher/


Additional Information

Other things to help with lm.detection.  Disable PD cache in case files in workdir are corrupt.  Ensure latest ospx files are present.  Sometimes corruption in system %temp% files also can contribute.

In standard agent patch scanning (running DAU or zac ps), analyze.exe launches lm.detection.  lm.detection writes to HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com\Discovery Agent\NativeScan registry.  analyze reads from that registry and writes to the .state file.