I can’t remember why I needed this at the moment (I am going through some emails I sent to myself to blog), but there is information about how to fix the 0x80070003 errors when synching with Windows Update Services.
If you get a message “System.IO.FileNotFoundException: File or Assembly name xxxxxx.dll, or one of its dependencies, was not found” where xxxx is a random name then you need to add the Network Service account change permissions on %systemroot%\Temp as per the readme for wsus
After changing my default outlook login setup on a mail server, I realised that the SUS server was complaining that the SelfUpdateTree was not working. Fix in extended entry.
kb article 909444 has how to fix the issues that may arise when you install Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400). Although I’ve not had any of these issues – yet – this will be good reference for me.
Patch Management.org looks like a good resource of keeping up to date with the Windows updates and seeing if other people are adversely affected with the latest windows patches.
I must admit to being pretty cautious about all the patches that came out this week as they seem to affect major parts of the network, however it looks like there are exploits going around for some of the unpatched machines already
There is a great tool from Microsoft to troubleshoot SUS installations from the client. From my experience it tells you fairly quickly where the problem lies.
Download from this location with the Readme. These are linked (at the moment) from the wsus support page which also contains a link to the server version of this tool (which I’ve not tried yet)
A good set of results can be found in the extended entry.
Seeing as though its been a long time since i’ve done much work with Group Policies, it took me a long time to work out why the policy for disabling Windows Updates within IE and the start menu would not work, yet the settings for telling where the client should go to get its updates did work.
Eventually I read a website which tipped me off and is actually obvious when you think about it. I had created an OU and moved computers into it, but I hadn’t added the users to the OU. Therefore only the computer configs were amended but not the users.
Now that I’ve done it correctly, WUS seems to be working pretty well (apart from one machine that thinks it needs to download .net framework 1.0 patches when in actual fact it needs to download 1.1 patches.
Tried to uninstall SUS on one of the servers at work and came up with the error message “could not set file security for c:\config.msi” as part of the install. This is fixed by stopping the installation and then creating config.msi on the root of c:\ and granting everyone full control. Restarting the uninstallation and it works fine.
I installed Windows Update Services on a new server this morning (the old sus server did not have the free disk space or software requirements) and I edited group policy on my laptop to make my machine talk to the new server. However when I then tried to use group policy on the servers I got a “string is too long” when editing the policies. This is a known bug and is fixed by installing an update kb842933 (which needed a reboot)
Not having that much internet access and the time to blog, I’ve quickly gone through my feeds and pulled a couple of things out of them
- A WUS Wiki which sounds like a bad day for Jonathan Ross, but is actually a wiki for the new Windows Update Services.
- Links to video’s of the Tsunami. This hit whilst we were on holiday and I never got to see any moving pictures of the wave itself – saw plenty of horrific news photos of the devastation afterwards though.
- I removed Norton AntiVirus off the home computer as the subscription had run out and I’m not impressed with the number of infections that have gotten past it this year. Instead I’ve tried the free home edition of Avast’s Antivir software which looks ok. It certainly picked up on eicar when I downloaded it – will be interesting to see how it copes with email borne virus’s