🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Expected security updates are not installed on schedule, increasing vulnerability exposure and creating compliance exceptions on managed RHEL 8 nodes.

Environment & Reproduction

Hosts using dnf-automatic with custom timer settings run checks but do not download or apply available security patches.

Root Cause Analysis

Configuration mode is set to notify only, timer units are disabled, or repository access fails silently due to policy or entitlement issues.

Quick Triage

Verify timer state with systemctl list-timers, inspect /etc/dnf/automatic.conf, and read journalctl -u dnf-automatic for execution details.

Step-by-Step Diagnosis

Confirm apply_updates and download_updates values, validate repo entitlement, and run a manual dnf-automatic cycle with debug logging.

Illustrative mockup for rhel-8 — dnf-automatic-problem
Scheduled timer ran but no updates were applied — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set update mode to apply, enable and start dnf-automatic timer via systemctl, ensure repo access, then monitor next scheduled run output.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-8 — dnf-automatic-fix
dnf-automatic timer and config corrected — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use Satellite-managed patch jobs, Ansible patch orchestration, or maintenance-window batch patching for strict change-control environments.

Verification & Acceptance Criteria

Timer triggers on schedule, updates are installed, and vulnerability scans confirm expected security advisories are remediated.

Rollback Plan

Disable auto-apply and revert to notify-only mode if unexpected package changes impact workloads, then patch manually with approval.

Prevention & Hardening

Audit timer state regularly, alert on stale patch age, and keep firewalld and proxy rules compatible with repository egress requirements.

See dnf mirror timeout and subscription-manager entitlement failures that commonly disrupt unattended update workflows on RHEL 8.

Related tutorial: View the step-by-step tutorial for rhel-8.

View all rhel-8 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Review Red Hat dnf-automatic and lifecycle security patching guidance for enterprise Linux update governance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.