Q: How does the OnGuard agent finds the missing patches from the SCCM server?
Will ClearPass OnGuard contact the SCCM server for missing patches?
The below OnGuard log shows the Missing Patch for a client from SCCM server.
2017-02-16 18:05:50,883 [null] DEBUG WinSHA.PMHealthClassInfoFactory - UpdateMissingPatchesListInMap: Updating Missing Patches Info for System Center Configuration Manager, criteria - 0 in map. Missing Patches Count - 1
2017-02-16 18:05:50,883 [null] ERROR WinSHA.PMHealthClassInfoFactory - UpdateMissingPatchesListInMap: Missing Patches List - [3127932]
2017-02-16 18:05:50,883 [null] INFO WinSHA.PMHealthClassInfoFactory - UpdateMissingPatchesListInMap: Detected missing patches for the first time. Setting Missing Patches Found time
2017-02-16 18:05:50,883 [null] INFO WinSHA.PMHealthClassInfoFactory - UpdateMissingPatchesListInMap: Updated Patch Agent info of current app - Name=System Center Configuration Manager | SearchCriteria=0 | LastScanDateTime=2017-Feb-16 18:05:50 | LastScanTimeStamp=X¥y~ | LastMissingPatchesDetectionDateTime=2017-Feb-16 18:05:50 | LastMissingPatchesDetectionTimeStamp=X¥y~ | MissingPatchesGracePeriod=7200 | MissingPatchesScanInterval=3600 | MissingPatchesList=[3127932]
A: ClearPass OnGuard will not contact the SCCM server for missing patches. The OnGuard agent triggers the SCCM agent "Software Updates Scan Cycle" on the client to fetch the missing patches list. So, it depends on the SCCM agent's result whether any patch is missing or not.