Month: June 2006

Many a times folks in WSUS newsgroup want to know if – Is there a way to disable the SSL warning in the To-Do list in WSUSAdmin Console? To Do List   Use Secure Sockets Layer (SSL) WSUS has detected that you are not using Secure Sockets Layer (SSL). Microsoft recommends using SSL to secure administration and client to server communications for better security. For more information, see Using Secure Sockets Layer (SSL).   I used to answer that as – “That is not documented anywhere!!. We will have to live with that”. But, thanks to Josh (poster in NG) for … Continue reading Disable the SSL warning in the To Do List

lf the logged in user is part of Local Administrators group, then he can use the custom install option to unselect the updates which will be eventually hidden. These updates will not be offered by the WUA at the next detection/scheduled installation time. Scripting Guru Torgeir Bakken has posted an excellent .vbs script to unhide those hidden updates. According to Torgeir Bakken (MVP) If you are afraid that some users will hide some updates using the custom install option, here is a counter-measure you can use if the computers are in an Active Directory domain. Use a script that unhides all … Continue reading Un-hide hidden updates

Steven Manross has created Windows Server Update Services add-ons in the form of an SQL stored procedure and .vbs / Perl scripts to determine if computers currently show as needing updates. The SQL stored procedure (spSRMCountComputersNeedingUpdates.sql) is used in conjunction with the WSUSReport.vbs or (WSUSReport.pl) scripts to automatically notify an admin via email that there are computers needing Windows Security-related updates. In step 1, let’s add the sql stored procedure on WSUS Database Server and in step 2 we will run the .vbs script scripts to automatically notify WSUS Administrator via email that there are computers needing updates. SAMPLE OUTPUT … Continue reading Windows Server Update Services add-ons — by Steven Manross

WSUS SP1 Readme is updated (on 21st June 2006) with known issues once you apply WSUS SP1. Readme for WSUS Service Pack 1: This document describes known issues affecting Windows Server Update Services Service Pack 1 (WSUS SP1). New Known Issues: Issue 6: If you are using a proxy server, the SP1 upgrade may clear the proxy configuration username and password Issue 7: How to recover from a failed upgrade to restore your WSUS server to a consistent state and then retry the upgrade. Issue 8: WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated Issue … Continue reading WSUS SP1 Readme Updated!!

Bobbie Harder (MSFT) has posted a list of Top known issues whilst upgrading WSUS to WSUS SP1 on microsoft.public.windows.server.update_services. These issues will be updated in a KB and in the online WSUS SP1 readme. 1.  If you are using a proxy server, in some cases the SP1 upgrade may clear the proxy configuration username and password.  This may cause synchronization of updates from Microsoft Servers to generate an “invalid parameter” error. To address this issue, reset the proxy configuration username and password and re-synchronize your server. 2. Remote SQL deployments: WSUS SP1 is not updating WSUS servers which are setup using remote … Continue reading WSUS SP1 Known Issues

You see the following error in %Windir%\WindowsUpdate.log SYMPTOMS 2006-06-15      17:02:23        2104    83c     Misc    ===========  Logging initialized (build: 5.8.0.2469, tz: -0400)  =========== 2006-06-15      17:02:23        2104    83c     Misc      = Process: C:\WINDOWS\system32\wuauclt.exe 2006-06-15      17:02:23        2104    83c     Misc      = Module: C:\WINDOWS\system32\wuaueng.dll 2006-06-15      17:02:23        2104    83c     DtaStor FATAL: Failed to initialize datastore, error = 0xC800021F 2006-06-15      17:02:23        2104    83c     Misc    ===========  Logging initialized (build: 5.8.0.2469, tz: -0400)  =========== CAUSE It looks like the client datastore failed to initialize. WORKAROUND   1. Open a CMD prompt on the client.  2. Type “net stop wuauserv” (without quotes) <hit enter>.  3. Type “cd %Windir%\SoftwareDistribution“.  4. Type “RD /s … Continue reading Error 0xC800021F

Ten Principles of Microsoft Patch Management By Christopher Budd, Security Program Manager, Microsoft Corporation 1. Service packs should form the foundation of your patch management strategy. 2. Make Product Support Lifecycle a key element in your strategy. 3. Perform risk assessment using the Severity Rating System as a starting point. 4. Use mitigating factors to determine applicability and priority. 5. Only use workarounds in conjunction with deployment. 6. Issues with Security Updates are documented in the Security Bulletin Master Knowledge Base Article. 7. Test updates before deployment. 8. Contact Microsoft Product Support Services if you encounter problems in testing or … Continue reading Ten Principles of Microsoft Patch Management

To identify if you have installed WSUS SP1; You can check the version number for the wsusservice.exe file located in %ProgramFiles%\Update Services\service\bin\wsusservice.exe. OR, check the WSUS Build number from WSUSAdmin home page (bottom of the page – Last line) WSUS SP1 Build 2.0.0.2620WSUS RTM Build 2.0.0.2472WSUS RC Build 2.0.0.2340

SYMPTOMS After updating WSUS to WSUS SP1… You might see Red X on WSUS Updates Window in WSUSAdmin console and eventually Synchronization fails. Content file download failed. Reason: The parameter is incorrect. Source File: /msdownload/update/v3-19990518/cabpool/windowsmedia10-kb917734-x86-enu_499f­e88d62843835153a4225712e1b2f19120527.exe Destination File: d:\WSUS\WsusContent\27\499FE88D62843835153A4225712E1B2F19120527 Source: Windows Server Update Category: Synchronization Event ID: 386 Description:- Synchronization failed. Reason: The underlying connection was closed: Unable to connect to the remote server. KNOWN ISSUE This is a known issue. Once you upgrade to WSUS SP1, you might want to re-configure Synchronization Options (proxy settings – proxy password) in WSUSAdmin console as they are lost during the upgrade. Save the settings and perform … Continue reading After updating WSUS to WSUS SP1…

The other day, Dave (poster on http://patchmanagement.org/) wanted to know the best resource for finding up to date information on whether or not there is exploit code available for Microsoft Security Patches? Susan immediately replied to check www.incidents.org. They also have an archive http://www.incidents.org/diary.php?date=2006-06-14. Get the  feed.