HIP Reports missing patch in spite of Windows Machine has latest Patch Installed

HIP Reports missing patch in spite of Windows Machine has latest Patch Installed

18233
Created On 03/25/21 20:27 PM - Last Modified 02/02/23 22:00 PM


Symptom


  • HIP report shows Windows patch(es) is missing on both end user Host Profile and Gateway side, although the latest update from Microsoft is installed resulting in a failed HIP match
  •  The following error is reported on PANGPHIPMP.log file :
(T9860)Debug(2065): 03/29/21 11:56:51:568 Opswat Error(-17): An error where there is no connection when one is expected. Product: Windows Update Agent (Ver: 10.0.19041.867, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_MISSING_PATCHES(V4), Signature: 1103, Category: 12(PATCH_MANAGEMENT), OESIS (V4 ver: 4.3.1513.0, V3V4 ver: 4.3.1066.0)

Environment


  • GlobalProtect App
  • Windows endpoint with the latest patch installed
  •  Existing GlobalProtect infrastructure configured 

Cause


The OPSWAT SDK Patch list information is not updated properly which results in a mismatch of information between the endpoint and the GlobalProtect App

Resolution


The resolution to this problem is by allowing the OPSWAT SDK to update its patch list information by contacting the Microsoft Update Center which you can ensure by implementing the following steps:

Note: If an end user is denied Internet access due to the firewall's configuration, then this would result in the same behavior

  1. Confirm the user has functional Internet access (ping, web browser, etc)
  2.  Type CMD into your search bar and run it as an administrator

  3.  Change your directory to C:\Program Files\Palo Alto Networks\GlobalProtect by executing cd C:\Program Files\Palo Alto Networks\GlobalProtect

  4.  Run the PANGPHIPMP.exe software.
  5.   Check the PANGPHIPMP.log and confirm no errors are present similar to the one below:
(T9860)Debug(2065): 03/29/21 11:56:51:568 Opswat Error(-17): An error where there is no connection when one is expected. Product: Windows Update Agent (Ver: 10.0.19041.867, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_MISSING_PATCHES(V4), Signature: 1103, Category: 12(PATCH_MANAGEMENT), OESIS (V4 ver: 4.3.1513.0, V3V4 ver: 4.3.1066.0)(T9860)Debug(2065): 03/29/21 11:56:51:568 Opswat Error(-17): An error where there is no connection when one is expected. Product: Windows Update Agent (Ver: 10.0.19041.867, Vendor: Microsoft Corporation), Method: WAAPI_MID_GET_MISSING_PATCHES(V4), Signature: 1103, Category: 12(PATCH_MANAGEMENT), OESIS (V4 ver: 4.3.1513.0, V3V4 ver: 4.3.1066.0)

Note: If the above procedure ended with the same error, disable any Anti-Virus software or other security products that may block the neccessary connections to the Microsoft Update Server.

Additional Information


  1. PANGPHIPMP.exe is unknown program to many security software and they may block any connection request from this PANGPHIPMP.
  2. Run PANGPHIPMP.exe at least 3 time, keep at least 2 minutes between each time to confirm the connection with Microsoft is established and update is good.
  3. If you want to check the connection to Microsoft, use the Netstat -an command and look for IP range of 52.X.X.X where Microsoft Update Server is located.
C:\Program Files\Palo Alto Networks\GlobalProtect>netstat -an

Active Connections
  TCP    10.73.108.21:50670     52.242.211.89:443      ESTABLISHED
  TCP    10.73.108.21:50852     52.114.133.61:443      TIME_WAIT
  TCP    10.73.108.21:50853     40.70.224.145:443      TIME_WAIT
  TCP    10.73.108.21:50854     104.72.136.47:80       ESTABLISHED
  TCP    10.73.108.21:50855     52.114.132.47:443      TIME_WAIT
  TCP    10.73.108.21:50856     52.242.97.97:443       ESTABLISHED
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UxYCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language