Troubleshooting Lab

< Day Day Up >

Troubleshooting Lab

In this lab, you troubleshoot a problem related to an Automatic Updates client that is not installing updates correctly. Read the following scenario and then answer the questions that follow. The questions are intended to reinforce key information presented in this chapter. If you are unable to answer a question, review the lessons and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.

Scenario

After performing an MBSA scan, you notice that one of the computers has not had updates installed, as shown in Figure 6.10. You use the Resultant Set Of Policy console to verify that the computer’s Automatic Updates client is correctly configured. Then you check the System event log on the client computer, but you do not find an event that indicates Automatic Updates is having problems.

click to expand
Figure 6.10: MBSA identifies an unpatched computer

You decide to check the IIS usage log in C:\Windows\System32\LogFiles\W3Svc\ to identify the last time the client computer contacted the SUS server. You search for the client’s IP address, 192.168.1.100, and identify the following lines, which were created at the time of the event log error:

#Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2003-12-01 19:28:22 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(

User

-Agent) sc-status sc-substatus sc-win32-status 2003-12-01 19:28:22 192.168.1.100 HEAD /iuident.cab 0312011928 80 192.168.1.131 Industry+Update+Control 401 3 5 2003-12-01 19:28:22 192.168.1.100 GET /iuident.cab 0312011928 80 192.168.1.131 Industry+Update+Control 401 3 5 2003-12-01 19:28:22 192.168.1.100 GET / wutrack.bin V=1&U=42adc102bd4d664dad2564eb4de950f1&C=au&A=s&I=&D=&P=5.2.ece.2. 12.2.0&L=en- US&S=f&E=80190191&M=ver%3D5.4.3790.0&X=031201192821882 80 192.168.1.131 Industry+Update+Control 401 3 5

Questions

What is the source of the problem?
How would you troubleshoot the problem?

< Day Day Up >

Chapter Summary

The graphical MBSA console is the most efficient way to scan a single computer or multiple computers for the presence of updates. It can be configured to scan a single computer, a range of IP addresses, or all computers contained within a domain.
MBSA stores reports in XML format in the C:\Documents and Settings\ username \SecurityScans folder by default. At any time, you can view these reports by using MBSA.
MBSACLI provides a scriptable, schedulable, command-line interface to MBSA’s scanning functionality. MBSACLI functions in two modes: standard MBSA mode and the backward compatible HFNetChk mode.
Computers should not be connected to the Internet or even to a private network with other hosts , until after the operating system and all updates have been installed. Computers can be built while connected to the network if you create an isolated network segment with a minimal number of trusted computers that have been scanned for worms, viruses, and other malicious software.
You can reduce the time required to install new updates by slipstreaming a service pack into operating system installation files and configuring other updates to be automatically applied.
Microsoft updates support a standard set of command-line parameters to simplify the deployment of updates by using scripts. Use the /quiet (formerly /q) parameter to install an update silently. When chaining updates, use the /norestart (formerly /z) parameter to prevent the computer from automatically restarting.
The Automatic Updates client can be configured by using GPOs linked to Active Directory, to the local GPO, or to the registry.
SUS requires that IIS be installed on the local computer, and that the Web site be configured to use the default port 80.
Service packs include a Windows Installer package that can be used to deploy the service pack by using a GPO. This provides a simple way to install the service pack on a limited number of computers during a pilot deployment.