A couple of questions:
- What is the Patch System action? Scan only, Scan and remediate vulnerability or Scan and remediate group?
- If set to either of the last 2 settings, does your "OSD agent" actually scan for the vulnerabilities before the Patch action?
- If you look at the vulscan.log on the machine, do you see anything about patches that are vulnerable?
- If set to scan and remediate group, are the patches set to "Auto-Fix"?
These are some of the things that I was running into...