I just downloaded Technet Magazine - January 2007 HTML help file and when I opened, I noticed the topics in the .chm file cannot be viewed and I realized that it was getting blocked and all I had to do is to unblock the file (see the procedure below) and this time I can see the contents happily:-)
| 1. |
Right-click the CHM file, and then click Properties. |
| 2. |
Click Unblock. |
| 3. |
Double-click the .chm file to open the file. |
More information is available in the KB article - http://support.microsoft.com/kb/902225/EN-US/
On Tuesday, November 28, 2006, Rights Management Services Client with Service Pack 2 (KB917275) was downloaded by WSUS Server as classified under Service Packs.
According to Brian Lich [MSFT], "The RMS client should be not offered via WSUS because it is not considered a critical update. We are investigating this."
The RMS client is offered on Windows Update and Microsoft Update to Windows 2000 and Windows XP computer as an Optional/Recommended update. It's also available on the Microsoft Download Center.
I have approved this update for INSTALL and so far I haven't seen any issue. Happy patching!
A question was asked in the WSUS Mailing List (hosted by Shavlik Technologies on www.patchmanagement.org) -
I am using WSUS 2.0 and I was wondering if there was a way to extract the computer hardware information it collects?
Oh yes, this is possible.
You can extract computer hardware data in table 'dbo.tbComputerTarget' in SUS database (SUSDB). You can query for the following information;
TargetID ComputerID SID LastSyncTime LastReportedStatusTime LastReportedRebootTime IPAddress FullDomainName OSMajorVersion OSMinorVersion OSBuildNumber OSServicePackMajorNumber OSServicePackMinorNumber OSLocale ComputerMake ComputerModel BiosVersion BiosName BiosReleaseDate ProcessorArchitecture ClientGuid RequestedTargetGroupName IsRegistered
For instance, you can query it directly using SQL Query Analyzer or OSQL;
USE SUSDB
SELECT FullDomainName, IPAddress, ComputerMake, ComputerModel, BiosName, BiosVersion, OSMajorVersion, OSServicePackMajorNumber
FROM tbComputerTarget
Hope that helps! Happy patching.
WSUS Product Team has already announced the release of WSUS 3.0 beta 2 public beta. This is the first public beta for WSUS 3.0 which is preceded by a private TAP beta.
Quick Info:
| Program Start Date |
8/14/2006 |
| Program End Date |
2/28/2007 |
| Nomination Start Date |
8/8/2006 |
| Nomination End Date |
2/28/2007 |
You can register and download WSUS 3.0 Beta 2 from http://connect.microsoft.com/availableconnections.aspx or from http://www.microsoft.com/windowsserversystem/updateservices/default.mspx.
Once registered, you can download WSUSSetup-x86.exe, 56.23 MB using Microsoft File Transfer Manager automatically.
| Title |
WSUS 3 Beta 2 Setup-x86 |
| Release Date |
8/11/2006 |
| Size |
56.23 MB |
| Version |
5451.90 |
| Category |
Build |
| Milestone |
Beta 2 |
| Description |
| WSUS 3.0 beta 2 Setup x86 |
Get Started:
WSUS 3.0 Beta 2 Prerequisites
- Microsoft Internet Information Services (IIS) 6.0
- Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 Windows Server 2003. To download this software, go to the Download Center (http://go.microsoft.com/fwlink/?LinkID=47251).
- Microsoft .NET Framework Version 2.0 Redistributable Package
- (x86) - To download this software, go to the Download Center http://go.microsoft.com/fwlink/?LinkID=68935
- (For x64) - also go to the Download Center http://go.microsoft.com/fwlink/?LinkID=70637
- Microsoft Report Viewer Redistributable 2005. To obtain this software, go to the Download Center (http://go.microsoft.com/fwlink/?LinkID=70410).
- Microsoft Management Console 3.0 for Windows Server 2003 (KB907265).
- (x86) - To download this software, go to the Download Center http://go.microsoft.com/fwlink/?LinkID=70412
- (For x64) - also go to the Download Center http://go.microsoft.com/fwlink/?LinkID=70638
* Note: WSUS 3.0 beta 2 does not support Vista beta clients at this time.
From Connect Windows Server Update Services 3.0 Beta 2:
WSUS 3.0 Beta 2 Vista RC client support! After beta 2 releases, we will be adding a new download that will make sure your WSUS 3.0 beta 2 server can service the new RC version of Vista clients when it ships. This downloadable beta update will be available from the WSUS beta Connect site in the downloads section in the 4th quarter of calendar year 06 - when Vista RC releases! Check back for news on this update to test WSUS 3.0 beta 2 with your Vista RC beta clients.
Happy patching!
Listen to this article
Talkr.com allows you to listen to text-only blogs on your iPod. It's a free service to convert the blog text into podcast (Podcasting your blog). Registration is very easy. Once registered, you can add your blog RSS Feed in Talkr Partners Account.
This is for your information. Happy podcasting.
More information is available on http://www.talkr.com.
Listen to this article
Many a times folks in WSUS newsgroup want to know if -
Is there a way to disable the SSL warning in the To-Do list in WSUSAdmin Console?
WSUS has detected that you are not using Secure Sockets Layer (SSL). Microsoft recommends using SSL to secure administration and client to server communications for better security. For more information, see Using Secure Sockets Layer (SSL).
I used to answer that as - "That is not documented anywhere!!. We will have to live with that". But, thanks to Josh (poster in NG) for this cheeky workaround.
WORKAROUND
Make a backup of "C:\program files\Update Services\administration\home\welcome.aspx" file.
Then open the file in notepad and find the last section at the bottom that starts like this:
<td id="tskNotUsingSSL" class="Tasks" style="display: none;">
Now you can't delete that line, but delete everything between the <div> and </div> right below that line - Which means you have to delete the following text between <div> and </div>;
<div>
<a href="" onclick="ShowHelp('utilizing_SSL.htm');return false;"
class="B"><img src="<%= Constants.VirtualRoot %>/Common/Images/Warning.gif"
align="absmiddle" /><%= Resources.GetString("L_HomeNotUsingSSLTitle_Text")
%></a></br>
<%=
String.Format(Resources.GetString("L_HomeNotUsingSSLDescription_Text"),
"<a href=\"\" onclick=\"ShowHelp('utilizing_SSL.htm ');return
false;\" class=\"Normal\">" +
Resources.GetString("L_HomeNotUsingSSLHelpLink_Text") + "</a>") %>
<br />
</div>
Save the file and Voila! Happy Patching :-).
lf the logged in user is part of Local Administrators group, then he can use the custom install option to unselect the updates which will be eventually hidden. These updates will not be offered by the WUA at the next detection/scheduled installation time.
Scripting Guru Torgeir Bakken has posted an excellent .vbs script to unhide those hidden updates.
According to Torgeir Bakken (MVP)
If you are afraid that some users will hide some updates using the custom install option, here is a counter-measure you can use if the computers are in an Active Directory domain.
Use a script that unhides all hidden updates every time the computer starts up.
You could put the vbscript below in a computer startup script (with a GPO) that runs as part of the boot up process (before the user logs in). It runs under the system context and has admin rights.
--------------------8<----------------------
On Error Resume Next
Dim oSearcher, oSearchResult, i, oUpdate
Set oSearcher = CreateObject("Microsoft.Update.Searcher")
' use locally cached information
oSearcher.Online = False
' find updates that are hidden
Set oSearchResult = oSearcher.Search("IsHidden=1")
If Err.Number = 0 Then
If oSearchResult.Updates.Count > 0 Then
For i = 0 to oSearchResult.Updates.Count - 1
Set oUpdate = oSearchResult.Updates(i)
' unhide the update
oUpdate.IsHidden = False
Next
End If
End If
'--------------------8<----------------------
Tip:
IF you configure the deadline whilst approving an update then it will restrict local Administrator from being able to unselect or hide updates.
Steven Manross has created Windows Server Update Services add-ons in the form of an SQL stored procedure and .vbs / Perl scripts to determine if computers currently show as needing updates.
The SQL stored procedure (spSRMCountComputersNeedingUpdates.sql) is used in conjunction with the WSUSReport.vbs or (WSUSReport.pl) scripts to automatically notify an admin via email that there are computers needing Windows Security-related updates.
In step 1, let’s add the sql stored procedure on WSUS Database Server and in step 2 we will run the .vbs script scripts to automatically notify WSUS Administrator via email that there are computers needing updates.
SAMPLE OUTPUT AS SEEN IN EMAIL:
Subject: WSUS: There are computers needing updates
| Type: Software |
KB Article: 816093 |
Bulletin: MS03-011 |
| Title: 816093: Security Update Microsoft Virtual Machine (Microsoft VM) |
| Description: This update helps resolve a vulnerability in the Microsoft virtual machine. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed. |
| More Information: http://go.microsoft.com/fwlink/?LinkId=14964 |
| Server Name(s): computer1.domain.com,computer2.domain.com,computer3.domain.com |
PRE-REQUISITES:
The .vbs code below requires Outlook CDO components to be installed or some other application that installs the CDO.Message object from the computer running WSUSReport.vbs.
STEP 1:
Let’s start by adding the following code as a stored procedure (spSRMCountComputersNeedingUpdates.sql);
- In SQL Enterprise Manager under “instancename\Databases\SUSDB\Stored Procedures”.
- Right click on the Stored Procedure – click on New Stored Procedure.
- Paste the code below – click on Check Syntax and make sure it is successful.
spSRMCountComputersNeedingUpdates.sql:-
CREATE PROCEDURE [dbo].[spSRMCountComputersNeedingUpdates] AS
declare @computersNeedingUpdates int
declare @updatesNeededByComputers int
SELECT @computersNeedingUpdates = COUNT(DISTINCT(C.TargetID)),
@updatesNeededByComputers = COUNT(DISTINCT(U.LocalUpdateID))
FROM tbUpdate AS U
INNER JOIN dbo.tbUpdateStatusPerComputer AS S WITH (INDEX (nc3UpdateStatusPerComputer)) ON U.UpdateID=S.UpdateID
INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
WHERE S.SummarizationState IN (2,3,6)
AND EXISTS (SELECT * FROM dbo.tbDeployment AS D
INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
WHERE Re.LocalUpdateID=U.LocalUpdateID AND
D.ActionID IN (0,2) AND
tg.Name <> 'All Computers'
)
select @computersNeedingUpdates as computersNeedingUpdates,@updatesNeededByComputers as updatesNeededByComputers
IF @computersNeedingUpdates > 0
BEGIN
SELECT U.LocalUpdateID,
C.FullDomainName as FullDomainName
FROM tbUpdate AS U
INNER JOIN dbo.tbPreComputedLocalizedProperty AS PCLP ON PCLP.UpdateID=U.UpdateID
INNER JOIN dbo.tbLanguage as L on L.ShortLanguage = PCLP.ShortLanguage
INNER JOIN dbo.tbLanguageInSubscription as LIS on LIS.LanguageID = L.LanguageID
INNER JOIN dbo.tbUpdateType AS UT ON UT.UpdateTypeID=U.UpdateTypeID
INNER JOIN dbo.tbUpdateStatusPerComputer AS S ON U.UpdateID=S.UpdateID
INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
INNER JOIN dbo.tbTargetInTargetGroup AS TITG ON TITG.TargetID = C.TargetID
INNER JOIN dbo.tbTargetGroup AS TG ON TG.TargetGroupID = TITG.TargetGroupID
INNER JOIN dbo.tbRevision AS Re ON Re.LocalUpdateID = U.LocalUpdateID
LEFT JOIN dbo.tbKBArticleForRevision AS KB ON KB.RevisionID = RE.RevisionID
LEFT JOIN dbo.tbSecurityBulletinForRevision AS SB ON SB.RevisionID = RE.RevisionID
INNER JOIN dbo.tbMoreInfoURLForRevision AS MI ON MI.RevisionID = RE.RevisionID and MI.ShortLanguage = L.ShortLanguage
WHERE S.SummarizationState IN (2,3,6) AND
EXISTS (SELECT * FROM dbo.tbDeployment AS D
INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
WHERE Re.LocalUpdateID=U.LocalUpdateID AND
D.ActionID IN (0,2) AND
tg.Name <> 'All Computers'
)
SELECT U.LocalUpdateID,
UT.Name as UpdateTypeName,
KB.KBArticleID,
case when SB.SecurityBulletinID IS NULL Then 'None' Else convert(varchar(15),SB.SecurityBulletinID) End as SecurityBulletinID,
MI.MoreInfoURL as MoreInfoURL,
PCLP.Title as UpdateTitle,
PCLP.Description as UpdateDescription
FROM tbUpdate AS U
INNER JOIN dbo.tbPreComputedLocalizedProperty AS PCLP ON PCLP.UpdateID=U.UpdateID
INNER JOIN dbo.tbLanguage as L on L.ShortLanguage = PCLP.ShortLanguage
INNER JOIN dbo.tbLanguageInSubscription as LIS on LIS.LanguageID = L.LanguageID
INNER JOIN dbo.tbUpdateType AS UT ON UT.UpdateTypeID=U.UpdateTypeID
INNER JOIN dbo.tbUpdateStatusPerComputer AS S ON U.UpdateID=S.UpdateID
INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
INNER JOIN dbo.tbTargetInTargetGroup AS TITG ON TITG.TargetID = C.TargetID
INNER JOIN dbo.tbTargetGroup AS TG ON TG.TargetGroupID = TITG.TargetGroupID
INNER JOIN dbo.tbRevision AS Re ON Re.LocalUpdateID = U.LocalUpdateID
LEFT JOIN dbo.tbKBArticleForRevision AS KB ON KB.RevisionID = RE.RevisionID
LEFT JOIN dbo.tbSecurityBulletinForRevision AS SB ON SB.RevisionID = RE.RevisionID
INNER JOIN dbo.tbMoreInfoURLForRevision AS MI ON MI.RevisionID = RE.RevisionID and MI.ShortLanguage = L.ShortLanguage
WHERE S.SummarizationState IN (2,3,6) AND
EXISTS (SELECT * FROM dbo.tbDeployment AS D
INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
WHERE Re.LocalUpdateID=U.LocalUpdateID AND
D.ActionID IN (0,2) AND
tg.Name <> 'All Computers'
)
GROUP BY U.LocalUpdateID,UT.Name,KB.KBArticleID,SB.SecurityBulletinID,MI.MoreInfoURL,PCLP.Title,PCLP.Description
END
--ENDIF
RETURN 1
GO
STEP 2:
Now save the following .vbs code as WSUSReport.vbs for computers needing updates using the stored procedure above. The following code requires Outlook CDO components to be installed or some other application that installs the CDO.Message object from the computer running WSUSReport.vbs.
WSUSReport.vbs:-
'On Error Resume Next
Const adCmdStoredProc = 4
Const adUseClient = 3
'Requires the Outlook CDO components to be installed or some other application that installs the CDO.Message object.
smtp_mail_from = "Some Friendly Name <someaddress@somesite.org>"
smtp_mail_to = "Recipient Name <recipient@somesite.org>"
smtp_server = "somesmtpserver.somesite.org"
smtp_port = "25"
db = "SUSDB"
appname = "SUSDB Mailer"
db_server = "YOUR-DB-SERVER"
Set Conn = CreateObject("ADODB.Connection")
if Err.Number <> 0 Then
WScript.Echo "Failed creating ADODB.Connection object -> " & Err.Description
WScript.Quit(0)
End If
Conn.ConnectionTimeout = 15
Conn.CursorLocation = adUseClient
Conn.Open = "DRIVER={SQL Server};SERVER=" & db_server & ";APP=" & appname & ";DATABASE=" & db & ";Trusted_Connection=yes;"
if Err.Number <> 0 Then
WScript.Echo "Failed opening ADODB.Connection object with DB info-> " & Err.Description
WScript.Quit(0)
End If
Set Cmd = CreateObject("ADODB.Command")
if Err.Number <> 0 Then
WScript.Echo "Failed creating ADODB.Command object -> " & Err.Description
WScript.Quit(0)
End If
Cmd.CommandText = "spSRMCountComputersNeedingUpdates"
Cmd.CommandType = adCmdStoredProc
Cmd.ActiveConnection = Conn
Cmd.Prepared = 1
Cmd.CommandTimeout = 15
Set RS = Cmd.Execute
if Err.Number <> 0 Then
WScript.Echo "Failed opening ADODB.Recordset object for Command -> " & Err.Description
WScript.Quit(0)
End If
rs_count = RS.RecordCount
Dim string
string = "<HTML><BODY>" & vbCrlf
if RS.Fields(0) > 0 Then
WScript.Echo "Count = " & RS.Fields(0).Value
Set RSUpdates = RS.NextRecordSet
Set RSData = RS.NextRecordSet
Else
WScript.Echo "No updates. Quitting successfully"
WScript.Quit(1)
End If
'Loop through all the computers that need updates
Dim Updates
Dim Computers
Dim vContainer
' Create the dictionary instances.
Set Updates = CreateObject ("Scripting.Dictionary")
Updates.CompareMode = StringCompare
x = 0
while (RSUpdates.EOF <> True)
if Not Updates.Exists(RSUpdates.Fields("LocalUpdateID").Value) Then
Updates.Add RSUpdates.Fields("LocalUpdateID").Value, RSUpdates.Fields("FullDomainName").Value
Else
Updates.Item(RSUpdates.Fields("LocalUpdateID").Value) = Updates.Item(RSUpdates.Fields("LocalUpdateID").Value) & "," & RSUpdates.Fields("FullDomainName").Value
End If
RSUpdates.MoveNext
Wend
while (RSData.EOF <> True)
strUpdateID = RSData.Fields("LocalUpdateID").Value
strSrv = Updates.Item(strUpdateID)
strUpdateType = RSData.Fields("UpdateTypeName").Value
strKBID = RSData.Fields("KBArticleID").Value
strBulletinID = RSData.Fields("SecurityBulletinID").Value
strInfoURL = RSData.Fields("MoreInfoURL").Value
strUpdateTitle = RSData.Fields("UpdateTitle").Value
strUpdateDesc = RSData.Fields("UpdateDescription").Value
string = string & "<TABLE border = 1>" & vbCrlf & _
"<TR><TD><b>Type:</B> " & strUpdateType & "</TD><TD><B>KB Article:</B> " & strKBID & "</TD><TD><B>Bulletin:</B> " & strBulletinID & "</TD></TR>" & vbCrlf & _
"<TR><TD colspan = 3><B>Title:</B> " & strUpdateTitle & "</TD></TR>" & vbCrlf & _
"<TR><TD colspan = 3><B>Description:</B> " & strUpdateDesc & "</TD></TR>" & vbCrlf & _
"<TR><TD colspan = 3><B>More Information:</B> <A href=" & strInfoURL & ">" & strInfoURL & "</A></TD></TR>" & vbCrlf & _
"<TR><TD colspan = 3><B>Server Name(s):</B> " & strSrv & "</TD></TR></TABLE>" & vbCrlf
RSData.MoveNext
Wend
string = string & "</BODY></HTML>"
Set cdoMessage = CreateObject("CDO.Message")
cdoMessage.Subject = "WSUS: There are computers needing updates"
cdoMessage.From = smtp_mail_from
cdoMessage.To = smtp_mail_to
cdoMessage.HTMLBody = string
cdoMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
cdoMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = smtp_server
cdoMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = smtp_port
cdoMessage.Configuration.Fields.Update
cdoMessage.Send
If Err.Number = 0 Then
WScript.Echo "Success"
WScript.Quit(1)
Else
WScript.Echo "Error sending CDO Message: " & Err.Description
WScript.Quit(0)
End If
MORE INFORMATION
Kudos to Steven - http://www.manross.net/links.html
WSUS SP1 Readme is updated (on 21st June 2006) with known issues once you apply WSUS SP1.
Readme for WSUS Service Pack 1: This document describes known issues affecting Windows Server Update Services Service Pack 1 (WSUS SP1).
New Known Issues:
Issue 6: If you are using a proxy server, the SP1 upgrade may clear the proxy configuration username and password
Issue 7: How to recover from a failed upgrade to restore your WSUS server to a consistent state and then retry the upgrade.
Issue 8: WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated
Issue 9: WSUS SP1 is not updating WSUS servers which are setup using remote SQL deployments
Issue 10: Changing the computer name prior to upgrading to WSUS SP1 can cause the upgrade to fail
Direct Link: http://download.microsoft.com/download/7/d/c/7dce8ed3-8d44-421f-902c-95391577ecb5/ReadMe.htm
Bobbie Harder (MSFT) has posted a list of Top known issues whilst upgrading WSUS to WSUS SP1 on microsoft.public.windows.server.update_services. These issues will be updated in a KB and in the online WSUS SP1 readme.
1. If you are using a proxy server, in some cases the SP1 upgrade may clear the proxy configuration username and password. This may cause synchronization of updates from Microsoft Servers to generate an "invalid parameter" error. To address this issue, reset the proxy configuration username and password and re-synchronize your server.
2. Remote SQL deployments: WSUS SP1 is not updating WSUS servers which are setup using remote SQL deployments.
Solution:
The WSUS with SP1 setup Package must be run on both the front end and back end servers.
· Run the setup package on the front end with no switches and choose to upgrade
· Run the setup package on the back end with no switches and choose to upgrade.
3. Changed Machine Name after RTM install prior to SP1 upgrade can cause the WSUS SP1 upgrade to fail.
Workaround:
Use the following script to remove and re-add the ASPNET and WSUS Administrators groups. Then run the upgrade again.
osql.exe -S %computername%\WSUS -E -Q "USE SUSDB DECLARE @asplogin
varchar(200) SELECT @asplogin=name from sysusers WHERE name like '%ASPNET'
EXEC sp_revokedbaccess @asplogin"
osql.exe -S %computername%\WSUS -E -Q "USE SUSDB DECLARE @wsusadminslogin
varchar(200) SELECT @wsusadminslogin=name from sysusers WHERE name like
'%WSUS Administrators' EXEC sp_revokedbaccess @wsusadminslogin"
osql.exe -S %computername%\WSUS -E -Q "USE SUSDB DECLARE @asplogin
varchar(200) SELECT @asplogin=HOST_NAME()+'\ASPNET' EXEC sp_grantlogin
@asplogin EXEC sp_grantdbaccess @asplogin EXEC sp_addrolemember
webService,@asplogin"
osql.exe -S %computername%\WSUS -E -Q "USE SUSDB DECLARE @wsusadminslogin
varchar(200) SELECT @wsusadminslogin=HOST_NAME()+'\WSUS Administrators' EXEC
sp_grantlogin @wsusadminslogin EXEC sp_grantdbaccess @wsusadminslogin EXEC
sp_addrolemember webService,@wsusadminslogin"
osql.exe -S %computername%\WSUS -E -Q "backup database SUSDB to
disk=N'<ContentDirectory>\SUSDB.Dat' with init"
Note you may have to replace <ContentDirectory> in the last line with the
path to your actual content store.
4.
a. WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated to a local SQL 2000 server.
Cause:
A registry key value must be changed in order for WSUS SP1 setup package to recognize there is no wmsde database to update.
Workaround:
If users have migrated WMSDE to a SQL server (local or remote) they must change the value of the following registry key:
1. HKLM\Software\Microsoft\Update Services\Server\Setup\WmsdeInstalled, from "1" to "0" before attempting to upgrade to WSUS SP1.
According to Bernd Teichert (blog reader), In some cases, you might have to change the InstallType too on local SQL 2000 Server installation;
2. HKLM\Software\Microsoft\Update Services\Server\Setup\InstallType from "0x80" to "0x20".
b. WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated to a remote SQL 2000 server.
Cause:
Two registry key values must be changed in order for WSUS sp1 setup package to recognize there is no wmsde database to update and the update must be initiated on the backend, followed by the front end server.
Workaround:
If users have migrated WMSDE to a SQL server (local or remote) they must change the values of the following registry keys:
1. HKLM\Software\Microsoft\Update Services\Server\Setup\WmsdeInstalled, from "1" to "0" before attempting to upgrade to WSUS SP1.
2. HKLM\Software\Microsoft\Update Services\Server\Setup\InstallType from "0x80" to "0x20".
After updating these registry key values, initiate upgrade on backend and then on front end servers.
5. How to recover from a failed upgrade to restore your WSUS server to a consistent state and then retry the upgrade.
Description:
If the upgrade to WSUS SP1 fails it can leave your WSUS installation in an inconsistent and/or unusable state. In order to retry upgrading to WSUS SP1 you need to get your WSUS installation to a consistent state. To do this you can use the backup database created at the beginning of the upgrade process to restore your WSUS server to a pre-upgrade state.
Workaround:
If the upgrade operation to WSUS SP1 is unsuccessful, you can use the original WSUS backup database that was created at the start of the upgrade process to restore WSUS to a consistent state. In the event of a failed upgrade follow these steps to retry upgrading to WSUS SP1:
To retry upgrading to WSUS SP1;
1. Determine the location of the backup database by reviewing the contents of the WSUSSetup_%timestamp%.log file. This file is located in the following folder - %programfiles%\Update Services\LogFiles.
2. Restore the backup database on the WSUS computer.
· osql.exe -S <DatabaseInstance> -E -Q "USE master ALTER DATABASE
SUSDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE RESTORE DATABASE SUSDB FROM
DISK=N'<PathToDatabaseBackup>' WITH REPLACE ALTER DATABASE SUSDB SET
MULTI_USER"
· Remember to replace <DatabaseInstance> and <PathToDatabaseBackup> with values from your installation.
· For <DatabaseInstance> use the value from the following registry key:
HKLM\Software\Microsoft\Update Services\Server\Setup\SqlServerName
· For <PathToDatabaseBackup> use the value you identified in step 1.
3. Uninstall WSUS, but keep the WSUS database, log files and update files when you are prompted to remove them (i.e. Ensure that all options in "Remove Microsoft Windows Server Update Services" are unchecked).
4. Reinstall WSUS RTM (the original version not WSUS with SP1). Use the existing database when you are prompted to do this. This will return your WSUS system to a consistent state.
5. Install WSUS SP1.
* Note that you cannot use the backed up database from step 1 above directly in clean install of WSUS SP1 since the database schema has changed between WSUS RTM and WSUS SP1.
For any issues related to WSUS SP1 upgrade, you can post your queries directly on the following thread on microsoft.public.windows.server.update_services.
You see the following error in %Windir%\WindowsUpdate.log
SYMPTOMS
2006-06-15 17:02:23 2104 83c Misc =========== Logging initialized (build:
5.8.0.2469, tz: -0400) ===========
2006-06-15 17:02:23 2104 83c Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2006-06-15 17:02:23 2104 83c Misc = Module: C:\WINDOWS\system32\wuaueng.dll
2006-06-15 17:02:23 2104 83c DtaStor FATAL: Failed to initialize datastore,
error = 0xC800021F
2006-06-15 17:02:23 2104 83c Misc =========== Logging initialized (build:
5.8.0.2469, tz: -0400) ===========
CAUSE
It looks like the client datastore failed to initialize.
WORKAROUND
1. Open a CMD prompt on the client.
2. Type "net stop wuauserv" (without quotes) <hit enter>.
3. Type "cd %Windir%\SoftwareDistribution".
4. Type "RD /s /q Datastore" (this will remove the client datastore).
5. Type "net start wuauserv" (without quotes) <hit enter> .
6. Type "wuauclt /detectnow" then check %Windir%\WindowsUpdate.log if it is successful.
OR, just stop the Automatic Updates Service and delete "%Windir%\SoftwareDistribution\DataStore" folder and start Automatic Updates Service and force the update detection (wuauclt /detectnow)
Ten Principles of Microsoft Patch Management
By Christopher Budd, Security Program Manager, Microsoft Corporation
1. Service packs should form the foundation of your patch management strategy.
2. Make Product Support Lifecycle a key element in your strategy.
3. Perform risk assessment using the Severity Rating System as a starting point.
4. Use mitigating factors to determine applicability and priority.
5. Only use workarounds in conjunction with deployment.
6. Issues with Security Updates are documented in the Security Bulletin Master Knowledge Base Article.
7. Test updates before deployment.
8. Contact Microsoft Product Support Services if you encounter problems in testing or deployment. An important thing to remember is that Microsoft provides no-charge support for issues related to security updates. You can get in touch with Microsoft for security bulletin support through the Security Support Site at http://support.microsoft.com/securityitpro
9. Use only methods and information recommended for detection and deployment.
10. The Security Bulletin is always authoritative.
More Posts
Next page »