Overview

Agents are having issues getting definition updates, and you receive "The patch management database is unavailable." error in the client devices scan results from the missing patches Agent Scan or an Interactive/Scheduled Scan.

Solution

The above issue happens when the GFI LanGuard Patch Management Database lanss_xx_patchmngmt.mdb is not present on agent machines or became corrupted. The Patch Management Database contains all Microsoft and non-Microsoft patch definitions, download links, as well as information on which patches are superseded by others.

The common root cause is that an agent or the server has not been able to complete a software update session since its installation and therefore has not been able to create the Patch Management database on the server or agent machine. Other possible reasons are name resolution issues between the LanGuard server and the agent or the corruption of the database file or files in the updates folder.

Forcing an update

1. If you are not using the latest LanGuard version - Upgrade the GFI LanGuard.

2. Environmental changes may be preventing LanGuard from automatically downloading the latest patch detection and vulnerability definitions. Update LanGuard Server Manually to ensure you have the most recent definitions.
3. Run a custom scan on the agent machine from the console by right-clicking the computer and going to Scan > Custom scan. Check if the error is gone.

If the issues persists, proceed with the environmental checks below.

Ensuring proper DNS resolution

Both LanGuard and the client machines need to be able to resolve one another names and IP addresses. Hostname has to resolve into the actual IP address (and IP address into the hostname) to function properly - Forward and Reverse DNS Lookup is one of the base Network Connectivity prerequisites for LanGuard successful operations. Fix all the issues you find during these checks.

Checks on the GFI LanGuard server

1. Verify if the Patch Management database exists, and the drive is not full or nearly full: 

   1. Navigate to C:\ProgramData\GFI\LanGuard 12\PatchManagement\.

   2. Check if the lanss_xx_patchmngmt.mdb file is present or missing.

   3. Check if the drive available space and if it is full or almost full remedy this.

2. Check the access to GFI Servers:

   1. Open the web browser on the machine hosting the GFI LanGuard Console.

   2. Try to access the GFI Software Updates Site.

   3. If you are unable to access this site, your network administrator may be blocking access with a web filter. Request an exception for *.gfi.com.

Checks on the Agent machine(s)

1. Verify if the Patch Management database exists, and the drive is not full or nearly full: 

   1. Navigate to C:\ProgramData\GFI\LanGuard 12\PatchManagement\.

   2. Check if the lanss_xx_patchmngmt.mdb file is present or missing.

   3. Check if the drive available space and if it is full or almost full remedy this.

2. Go through the article 'Resolving LanGuard Agent's Status Listed as 'Unable to contact server' in the Console' to check the agent's ability to connect to the LanGuard Apache Communication Server.

3. From the Agent/Relay Agent:

   1. Open Internet Explorer.

   2. Type in the URL as per the following syntax (replace the LanGaurdServerIP and port numbers with the actual values as per the existing setup):

      Default Ports are 1070 (v11 and previous) or 1072 (v12 or later). If needed, these can be changed.

      http://LanGuardServerIP:Port/files/update/wsusscn2.cab

      For example http://192.168.1.200:1072/files/update/wsusscn2.cab

      Do not substitute the hostname for the IP address. LanGuard uses IP addresses to connect to the server for this component.

   3. Download the file and verify if the download was completed successfully.

If the download is unsuccessful, then there is likely an issue in the client's networking environment, which is out of scope for LanGuard support. Correct the networking / DNS issue with the help of your network administrator. As a last resort, you can add manual records to the hosts file on the LanGuard server and client machines, though proper DNS resolution is still recommended.

Testing

Perform the scan that was having errors and verify whether it completes successfully. If the issue persists, contact GFI LanGuard Support.