Troubleshooting Jobs Stuck in Pending Status
Click to view navigation pane


Troubleshooting Jobs Stuck in Pending Status for Patch Management

When a deployment job status is changed to enabled, all assets associated with the job are marked as pending. Once the deployment job schedule is executed, a job definition file is sent to all associated assets, and the Job Sent On date is shown for the assets.

The following table lists the reasons why a job can be stuck in the Pending status, troubleshooting steps, and actions that can help resolve the issue:

Reason Troubleshooting Steps Action

Based on the deployment job schedule, the job is not scheduled to be executed yet.

Check if the JOB SENT ON date is available for the agent on the Job Details page. The JOB SENT ON date is available on Patch UI when the job is sent to the Cloud Agent Server from Patch Management.

The job is sent to agents 3 hours before the job execution schedule for jobs scheduled in the future. The on-demand jobs are sent to agents immediately after the job is enabled.

Navigate to Job > View Details > Assets. If job schedule is not yet arrived for the asset, JOB SENT ON Date will not be shown.

Job Sent On Date

If the JOB SENT ON date is not shown even after deployment job schedule time, contact Qualys Support for further assistance.

Deployment job for an asset is processed from Server, but the Cloud Agent has not downloaded the job definition file from the server yet.

- If the job status is still Pending after the job execution date and the JOB SENT ON date is available, check if the deployment job is available to the Cloud Agent.

Check the Resource directory using the following path:
C:\ProgramData\Qualys\QualysAgent\PatchManagement\Resources

 - The Cloud Agent does not have a prerequisite definition file available. In this case, it will reject all Patch Management job definition files.

 - The prerequisite_*.json file must be available in the folder. For example, the windows file name should be prerequisite_windows.json.

 - The deployment.manifest.json file should be available under the Resources directory. If the file is available, then check if deployment job UUID is present in the deployment.manifest.json file. If deployment job UUID is not available in the deployment.manifest.json file, then this job is not received or downloaded by the Cloud Agent.

 - If the prerequisite_*.json or the deployment.manifest.json file is not available in Resources directory or deployment.manifest.json file does not have deployment job UUID in it then wait for the next CAPI call to the server to download above files.

 - Sample job UUID: 43459887-d497-475f-8e88-8c25bfc95116

 - Check for below CAPI logs in cloud agent logs:

10/25/2021 15:51:30.0089 [3E94]"3ck": Information: CAPI starting.
10/25/2021 15:51:30.0089 [3E94]"8j3": Information: Timezone is (UTC+05:30
10/25/2021 15:51:30.0099 [3E94]"03n": Information: Agent CAPI json: 10/25/2021 15:51:51.0508 [3E94]"2ic": Information: Server CAPI json:

If troubleshooting steps do not help, contact Qualys support for further assistance.

The Cloud Agent has downloaded the job definition file from the server but has not started executing the current deployment job.

 - Check if the Cloud Agent has started executing the job, check for following log line in the Cloud Agent logs:

   Information: Patch: Scheduling deployment job 43459887-D497-475F-8E88-8C25BFC95116 (run #1) of manifest 666F577B-0C8D-4238-81F9-D870054C0C81 (instance #1) in 0 seconds, local timezone: UTC+05:30

Note: You can find the instance ID in the deployment.manifest.json file: “manifestinstanceid”:1 and the run ID against the job in the deployment.manifest.json file as: "jobs":[{"runid":1,"id":"43459887-d497-475f-8e88-8c25bfc95116",..}]

- If the Cloud Agent has downloaded the job definition file from the server, but it is not executing the current deployment, check below reasons:

   - If the deployment job requires a reboot and the Cloud Agent has not rebooted the machine, all subsequent jobs will be blocked for execution. This can be because of deployment job has Suppress Reboots flag enabled, and the job requires a reboot. In this case, you need to restart the machine manually as the Cloud Agent does not prompt you for a reboot.

    “Patch: Waiting for user to reboot. The Suppress Reboots flag is set for this job.”

   - Another job is executing, or there is a backlog of jobs or a job is scheduled. Also, the immediate or on-demand jobs with a higher priority might be executed before the current job can be executed.

To determine if a job is running currently, check the last entry of token "3tc" in the log file. A job that needs to be run immediately will log the following entry.

If a scheduled job has reached the start time and no other immediate jobs are there in the queue, the following entry is added to the logs, and the time will be 0 seconds.

If there is still time to start the job, the seconds show when the job will start.

Line 2250: 10/21/2021 14:12:40.0368 [20DC]"3tc": Information: Patch: Scheduling deployment job 99AC9BA2-99F7-400D-ACAF-E22FACD117C4 (run #1) of manifest C0B6EC49-4E19-4ADA-A51C-BAF2C5A47DCE (instance #14) in 0 seconds, local timezone: UTC+05:30

   For a job in the pending state, you must search for its ID with "3tc”, and seconds should be 0; if it is not found, the job has not started executing because another job is running.

   After the following entries are added to the logs, you can determine that the job is finished.

Line 20945: 10/21/2021 16:33:14.0010 [2DC]"30w": Information: Patch: End of deployment results for job 005E6D23-9CFF-4528-B9E2-D98ED82D749A (run ID #1) of manifest 37C48DA8-D309-465D-A50A-0C92BF20D927 (instance ID #2)

Line 20997: 10/21/2021 16:33:14.0991 [2DC]"3qk": Information: Patch: Patch deployment job results successfully uploaded to remote server.

- If a job is stuck due to pending reboot for other jobs in the queue, restart the machine once.

- If a job is stuck due to other running jobs, then wait for the other job to complete.

- If the above steps do not help then contact Qualys Support and share the Cloud Agent logs.

The Cloud Agent is offline and it has not checked-in to the Cloud Agent server.

Check if the Cloud Agent is online and communicating with the server. Navigate to Cloud Agent UI > Agents > Select Agent Host > View Asset Details > check Last Checked-in Date.

Qualys Cloud Agent Service

Check if the Qualys Cloud Agent service is running. If the service is not running, start the service.

If the service is running, then contact Qualys Support for further assistance.

If an asset was not a part of the job when the job definition file was generated, then the JOB SENT ON will be empty, and the status will be shown as Pending.

This issue can occur because when the job might have been enabled the  asset might not have been assigned the tag or the asset tag might have been removed at the time when the job definition file is generated.

Check if asset is still part of job via tag. If not, then ensure that you assign the necessary tags to the asset. If the job is recurring one, the asset will be added to the job in the next run.

If the issue still occurs, contact Qualys support for further assistance.