ConnectWise Automate agents online in console but patch jobs never start on endpoints

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Issue Summary

This article covers a ConnectWise Automate issue where agents appear healthy in the console but scheduled patch jobs never actually begin on the endpoint. Use the path below to separate monitor noise from real agent, policy, or scripting problems before reissuing jobs broadly.

Symptoms and Scope

  • Automate shows the endpoint online and checked in recently.
  • Patch tasks remain pending, skipped, or never transition into active execution on affected devices.
  • A comparison with one working endpoint using the same patch policy helps isolate whether the issue is policy scope, agent health, or job queue behavior.

Tier I: Basic Checks

  1. Confirm the affected machines are in the intended patch policy, group, and schedule window before forcing another run.
  2. Check the Automate agent status on the endpoint, including service state, recent command execution, and whether the machine is actually reachable.
  3. Validate whether patching works on one known-good endpoint in the same policy so you know whether the problem is local or systemic.
  4. Capture the exact job status, timestamps, and last successful patch action before making administrative changes.

Tier II: Admin Investigation

  1. Review Automate patch policy configuration, script permissions, maintenance windows, and any command queue backlog for the affected agents.
  2. Compare the failing endpoint against a healthy device for agent version, policy inheritance, patch scanner status, and credential context.
  3. Check whether endpoint security, reboot state, or Windows Update components are blocking Automate from starting the patch workflow.
  4. Apply the least disruptive fix first, then validate whether the patch job enters active execution and reports accurate state.

Tier III: Advanced Remediation

  1. Rebuild or repair the Automate agent only after proving the failure is not policy assignment, queue blockage, or Windows Update component drift.
  2. If multiple endpoints are affected, validate whether the issue aligns to a group, patch policy, probe, or Automate server-side service problem.
  3. Review server-side logs, database queue health, and plugin state if jobs fail across many clients or many locations.
  4. Confirm the final state from both the console and endpoint-side logs so the resolution is not just a stale dashboard refresh.

Escalation Guidance

  • Escalate when patch jobs fail across many clients, maintenance windows are being missed, or Automate server services appear unhealthy.
  • Include agent IDs, client/site names, patch policy details, queue status, server logs, and the exact Tier I / II / III checks already completed.
  • State clearly whether the blocker is agent health, patch policy scope, command queue, Windows Update, or Automate platform behavior.

Prevention and Documentation

  • Document the final root cause and whether it was agent corruption, policy inheritance, maintenance window mismatch, or server-side queue issues.
  • Update patching standards so similar endpoints can be checked quickly for the same failure mode.
  • Add alerting or reporting for stale patch jobs so support sees the drift before patch windows are missed.
Subjects
RMM / PSA / Automation
ConnectWise Automate