I've got a few users who have Java Development Kit installed, but KACE isn't updating the software. When I look in the Security Catalog, I see 
    Oracle Java SE Development Kit (JDK) 8 Update 151 (8.0.1510.12) (Full Install) for Windows
    Oracle Java SE Development Kit (JDK) 9.0.1 (Full Install) for Windows 
Both have a release date of 10/17/2017, but the status of them is Disabled (there are 17 versions of JDK in the Catalog, and they're all Disabled). When I try to change the status to Active, I get the message 
    Status not changed as one or more patch selected is in disabled state.

Is there a reason why they're disabled, rather than Inactive (or Active)? Is there a known issue where installing these on top of an old version will break something? Is there a reasonable way to get this working?
1 Comment   [ - ] Hide Comment


  • can you post your patch subscription settings?
    • In my patch subscriptions, I've got most of the publishers enabled, including Oracle Corporation. We are able to patch Java Runtime, so I know we are downloading Oracle patches. The other settings are:
      All Windows in inventory
      Locales: English
      OS Patches
      Types: All types
      Impacts: All Impacts
      Application Patches
      Types: Non-security, Security (Software Installers is NOT checked...maybe that's the problem)
      Publishers: Most of them, including Oracle Corporation
      Impacts: All impacts
      Disable Windows Embedded Patches: Unchecked
      Inactivate Superseded Patches: Checked
      Detect Disabled Patches: Unchecked

      My best guess that this point is under Application Patches, I do NOT have Software Installers checked. I'm wondering if JDK is considered a Software Installer rather than a patch. I'll have to look at this more and see if I can safely enable Software Installers. When I initially played with KACE I had that turned on and a whole bunch of junk was installed on my test computers. My may patch Smart Label explicitly blocks them, but I need to check all of the patch Smart Labels to verify that before enabling Software Installers in the patch subscription.

      FYI, in the Security Catalog I'm now seeing a new JDK, but it's also disabled.
      Package: ORCJDK:180417
      Name: Oracle Java SE Development Kit (JDK) 10.0.1 (Full Install) for Windows
      Released: 4/17/2018

      Thanks for the suggestion.
      • My understanding is that "Software Installers" are for installing a program on computers that don't have it currently, rather than regular patches that don't apply unless the program is already installed. In our environment we are not patching JDK. For JRE, we do not use the patching module but Managed installs in order to run the installs "at bootup"
Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity


Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.