SSM Patch Manager failed on "Cannot access a closed file."

Question

Hello team,

I encountered an error during a patch operation using Patch Manager on one of our EC2 instances.
Below is the error message captured:

```
Invoke-PatchBaselineOperation : Cannot access a closed file.
At C:\ProgramData\Amazon\SSM\InstanceData\i-123\document\orchestration\bd0d2868-c7f1-4b29-947b-e8593b9b3b
c9\PatchWindows\_script.ps1:250 char:13
+ $response = Invoke-PatchBaselineOperation -Operation Install -Snapsho ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Amazon.Patch.Ba...UpdateOperation:InstallWindowsUpdateOperation) [Inv 
   oke-PatchBaselineOperation], ObjectDisposedException
    + FullyQualifiedErrorId : Exception Level 1:
	Error Message: Cannot access a closed file.
	Stack Trace:    at System.IO.__Error.FileNotOpen()
	   at System.IO.FileStream.SetLength(Int64 value)
    	   at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.SaveStateFileForReb 
   oot()
    	   at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.DoWindowsUpdateOper 
   ation()
,Amazon.Patch.Baseline.Operations.PowerShellCmdlets.InvokePatchBaselineOperation
 
failed to run commands: exit status 0xffffffff
```

This is the first time I'm seeing this error, and I'm not sure what it means. Could you advise on what actions I should take when this occurs, and how I can prevent it from happening again?

re:Post Agent · Answer

This error indicates that the Patch Manager operation failed because it attempted to access a file that was already closed. This is typically related to file handling during the patching process, specifically when the operation is trying to save state information before a reboot.

To address this issue, you can try the following steps:

1. Check disk space: Ensure that the EC2 instance has sufficient disk space, as file operations can fail when storage is limited.

2. Verify permissions: Make sure the SSM Agent has appropriate permissions to write to the necessary directories, particularly in the C:\ProgramData\Amazon\SSM path.

3. Restart the SSM Agent: Sometimes, restarting the SSM Agent can resolve transient issues:
- Open PowerShell as Administrator
- Run: Restart-Service AmazonSSMAgent

4. Update the SSM Agent: An outdated agent might cause compatibility issues with Patch Manager operations.

5. Review Windows Update settings: Ensure that Windows Update services are properly configured and running.

6. Check for conflicting processes: Other software or processes might be interfering with the patching operation.

To prevent this issue in the future:

- Implement regular maintenance windows for patching to ensure consistent and controlled updates.
- Test patches in a non-production environment before applying them to production systems.
- Use patch baselines that are appropriate for your environment.
- Monitor patching operations using the Patch Manager Dashboard to identify patterns or recurring issues.
- Consider automating patch management to reduce manual errors and ensure consistency.

If the issue persists after trying these steps, you may need to review the detailed logs in the SSM Agent log directory or contact AWS Support for further assistance.  
**Sources**  
[OPS05-BP05 Perform patch management - AWS Well-Architected Framework (2022-03-31)](https://docs.aws.amazon.com/wellarchitected/2022-03-31/framework/ops_dev_integ_patch_mgmt.html)  
[Viewing patch Dashboard summaries - AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-view-dashboard-summaries.html)  
[OPS05-BP05 Perform patch management - AWS Well-Architected Framework](https://docs.aws.amazon.com/wellarchitected/latest/framework/ops_dev_integ_patch_mgmt.html)  
[OPS05-BP05 Perform patch management - Operational Excellence Pillar](https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/ops_dev_integ_patch_mgmt.html)

SSM Patch Manager failed on "Cannot access a closed file."

Füge deine Antwort hinzu

Relevanter Inhalt