Overview
When deploying patches or large packages with the LanGuard, the following error message is displayed in the Remediation job details:
Timed out: The Patch Agent did not respond in the permitted time interval.
This only means that the patch wasn't installed in the configured deployment timeout interval, or the result wasn't communicated to the server, the actual patch auto-deployment operations on the target machine may complete successfully.
Solution
These deployment timeout interruption issues may happen with patches that require a long time to install, e.g., service packs, .NET Framework updates, new Internet Explorer releases, etc., with stuck large packages downloads, or due to communications reasons.
Ensure HTTP Communications Are Not Blocked
Ensure the agent can access the GFI LanGuard server's communication server port (by default 1072).
-
Verify that the communication server port is open on the GFI LanGuard server. This can be done by running the following command from the command line:
netstat -ano | find ":1072"
If nothing is listening on the port, it means that either the default port was changed (check under Agents Settings > General tab) or something is wrong with the integrated Apache webserver (check whether two httpd.exe processes listed in Task Manager). Fix the root cause and rerun the checks.
-
From any agent machine open http://<LanguardServerIP>:port/files/update/index.txt (for example, http://192.168.1.200:1072/files/update/index.txt). This should return a page with a single number.
Alternately, you can test by using the telnet command from the agent command prompt:
telnet <LanGuard_IP> <port>
ex. telnet 192.168.1.200 1072 -
If the port isn't responding, the firewall or any security devices on the network need to be re-configured to allow TCP/IP traffic on port 1072 to the LanGuard server. Ensure that necessary firewall exclusions are in place and repeat the verification steps.
Increase the Deployment Timeout
If communications are not blocked, the most probable root cause is that the time needed to install the patches exceeds the Deployment Timeout setting. When deploying big patches, it is normal to reach a default timeout of 10 minutes.
The Patch Agent service sends back status messages for each patch deployed (starting, finished, result). After each message, the LanGuard server resets a timeout timer. If the timer reaches the timeout interval configured (by default, 10 minutes) or the deployment timeout has expired, it displays the Timed Out message and allows the deployment thread to be used by the next machine.
When this happens, the remaining updates are listed as failed. However, the patch agent service on the target machine continues to deploy the remaining updates. Therefore the updates may, in fact, be installed successfully. A scan must be done to see if the patches were deployed successfully.
To increase the Deployment Timeout, follow the steps below:
- Go to the GFI LanGuard Console and select Remediate.
- Choose the computers/groups to patch on the left pane and select the patch(es) desired to be sent.
- Click the Remediate... button.
- Select the Advanced Options hyperlink.
You may also select the third listed Customize hyperlink, then click Advanced. - Increment the value for Deployment Timeout, then click OK.
To make this change constant use Remember settings checkmark.
- Click OK to run the Remediation job with selected patches and increased timeout.
The maximum deployment timeout value that can be set for remediation jobs is 6000 seconds.
Purge Patch Download History
Please follow the steps described in our KB article Purging Patch Download History.
If the patch deployment still times out, increase the Timeout even more. If you are already at the maximum timeout value and the issue persists, update the LanGuard server definitions manually and repeat the remediation job.
Testing
Watch the remediation job progress and verify that the Timed Out error message is gone.
If the issue persists, contact GFI LanGuard Support.