 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Security / MS Baseline Analyzer / August 2008Can't correct "Incomplete Updates"
On Windows Server 2008, using MBSA 2.1, I am not getting a scan result that a previous software update installation was not completed." I have rebooted, checked HKLM\SOFTWARE\Microsoft\Updates... for UpdateExeVolatile, checked the other registry entry for PendingFileRenameOperations (neither exists). Why is this scan error being reported, and how do I fix it? Thanks! Any ideas on this one? It sure seems like a bogus report to me. Does MBSA have a history of false reporting on security issues? Is there a better tool to use that reliably reports the state of a system/network? MBSA seems easy enough to use, but some of the results are very suspect and it seems support is pretty light. Just trying to figure out where we go with the use of this product. Thanks. > On Windows Server 2008, using MBSA 2.1, I am not getting a scan result > that a previous software update installation was not completed." I have [quoted text clipped - 5 lines] > > Thanks! FYI we have decided to uninstall and stop using MBSA. Three reasons: (1) from Google searching it seems like few people use it, there is little evidence of questions/answers to support the product available, and (2) lack of support here seems to indicate the same. (3)When we start spending more time chasing false positives than real security issues it's time to acknowledge this is not the product for us. Good luck with the product, maybe one day better support will turn it into a useful product. I'll keep my eyes open for that. Thanks. > Any ideas on this one? It sure seems like a bogus report to me. Does > MBSA have a history of false reporting on security issues? Is there a [quoted text clipped - 13 lines] >> >> Thanks! Dominick - I'm sorry that you've decided to discontinue use of MBSA. Our customer base is increasing each week, so I'm not sure how a web search tool could indicate otherwise. With any MBSA issues, please feel free to contact Product Support Services using one of the links below my signature line. MBSA is a security tool provided free for customers to assess their security state - and is fully supported by the security team at Microsoft. If there is a problem with MBSA incorrectly reporting a pending reboot, we would like the opportunity to investigate it further and determine whether there is a problem...  Signature-- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. > FYI we have decided to uninstall and stop using MBSA. Three reasons: (1) > from Google searching it seems like few people use it, there is little [quoted text clipped - 23 lines] >>> >>> Thanks! We are also seeing this behavior with MBSA version: 2.1.2104.0 polling for updates from an upstream WSUS server with the latest (August-2008) updates. The Windows Update Agent reports no missing updates. In the Control Panel-Automatic Updates applet, no updates are listed as declined. If you run MBSA to just 'Check for security updates', it reports no updates missing. But, if you enable the checkbox to 'Check for Windows administrative vulnerabilities', it reports 'Incomplete Updates ... Check failed (non-critical)': (Copied and Pasted to Clipboard...) Scanned with MBSA version: 2.1.2104.0 Catalog synchronization date: Security update catalog: Windows Server Update Services Issue: SQL Server Security Updates Score: Check passed Result: No security updates are missing. Current Update Compliance | MS06-061 | Installed | MSXML 6.0 RTM Security Update (925673) | Critical | Issue: Windows Security Updates Score: Check passed Result: No security updates are missing. ... Issue: Incomplete Updates Score: Check failed (non-critical) Result: A previous software update installation was not completed. You must restart your computer to finish the installation. If the incomplete installation was a security update, then the computer may be at risk until the computer is restarted. Multiple systems report this behavior. They have no Internet-facing connection, but do have the latest MBSA .CAB files. Incidentally, these are VMWare ESX server virtual machines running WIndows Server 2003 R2 SP2 x86. I do not believe the fact they're VM's is relevant. %WINDIR%\WindowsUpdate.log reports as follows when you run WUAUCLT /DETECTNOW 824 89c AU Triggering AU detection through DetectNow API 824 89c AU Triggering Online detection (non-interactive) 824 680 AU ############# 824 680 AU ## START ## AU: Search for updates 824 680 AU ######### 824 680 AU <<## SUBMITTED ## AU: Search for updates [CallId = {DE70945B-67F1-45AB-B279-29178A2C631C}] 824 f28 Agent ************* 824 f28 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 824 f28 Agent ********* 824 f28 Agent * Online = Yes; Ignore download priority = No 824 f28 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 824 f28 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 824 f28 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 824 f28 Misc Microsoft signed: Yes 824 f28 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 824 f28 Misc Microsoft signed: Yes 824 f28 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 824 f28 Misc Microsoft signed: Yes 824 f28 Setup *********** Setup: Checking whether self-update is required *********** 824 f28 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 824 f28 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 824 f28 Setup * IsUpdateRequired = No 824 f28 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 824 f28 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://135.89.73.4/ClientWebService/client.asmx 824 f28 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 824 f28 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://135.89.73.4/ClientWebService/client.asmx 824 f28 Agent * Found 0 updates and 37 categories in search; evaluated appl. rules of 489 out of 638 deployed entities 824 f28 Agent ********* 824 f28 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 824 f28 Agent ************* 824 f08 AU >>## RESUMED ## AU: Search for updates [CallId = {DE70945B-67F1-45AB-B279-29178A2C631C}] 824 f08 AU # 0 updates detected 824 f08 AU ######### 824 f08 AU ## END ## AU: Search for updates [CallId = {DE70945B-67F1-45AB-B279-29178A2C631C}] 824 f08 AU ############# 824 f08 AU AU setting next detection timeout to 2008-08-29 13:59:42 824 f28 Report REPORT EVENT: {E6D6A9B6-DAEA-472B-8957-89B231B0AE7A} 2008-08-28 20:34:37:832+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates. 824 f28 Report REPORT EVENT: {F0A0F1A1-9D14-4237-B896-C3097E0F7B31} 2008-08-28 20:34:37:832+0100 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status. The same log reports these when you scan with MBSA: 748 4b0 Misc =========== Logging initialized (build: 7.1.6001.65, tz: +0100) =========== 748 4b0 Misc = Process: C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe 748 4b0 Misc = Module: C:\WINDOWS\system32\wuapi.dll 748 4b0 COMAPI ------------- 748 4b0 COMAPI -- START -- COMAPI: Search [ClientId = MBSA] 748 4b0 COMAPI --------- 824 f28 Agent ************* 824 f28 Agent ** START ** Agent: Finding updates [CallerId = MBSA] 824 f28 Agent ********* 824 f28 Agent * Include potentially superseded updates 824 f28 Agent * Online = Yes; Ignore download priority = No 824 f28 Agent * Criteria = "IsInstalled=0 or IsInstalled=1" 824 f28 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 748 4b0 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = MBSA] 824 f28 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 824 f28 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://135.89.73.4/ClientWebService/client.asmx 824 f28 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 824 f28 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://135.89.73.4/ClientWebService/client.asmx 824 f28 Agent * Added update {E8A49607-7F8E-47CB-A487-A7465B733A7D}.102 to search result 824 f28 Agent * Added update {57DE4816-5EBA-4852-8D01-DC9C34B546F8}.102 to search result 824 f28 Agent * Added update {43AA8322-6A3C-4883-943E-29236F43E9D0}.101 to search result 824 f28 Agent * Added update {6B4CA623-1F67-422F-9B7F-7DAB513D7C9F}.101 to search result 824 f28 Agent * Added update {82BA1D24-9D40-4267-9613-B392B98ECE5F}.102 to search result 824 f28 Agent * Added update {1A61D52C-CFA2-417A-BD93-3C7A248FB05D}.104 to search result 824 f28 Agent * Added update {1935D72E-82F7-4B86-90D6-B858B9DEBEEF}.103 to search result 824 f28 Agent * Added update {DE2C8030-41CF-4F64-9DC5-EE96D944E383}.107 to search result 824 f28 Agent * Added update {D5506431-5201-4CBE-A482-D97D6710BA91}.103 to search result 824 f28 Agent * Added update {28941B32-98AD-4E95-A2ED-F2DE56817F9E}.106 to search result 824 f28 Agent * Added update {21455A34-0669-494C-A6FD-4D1C1EDC28D2}.101 to search result 824 f28 Agent * Added update {0E6CF83E-0217-488E-82A9-686B3D80A80A}.101 to search result 824 f28 Agent * Added update {D97DC842-DDE4-44C3-851D-23E4A3BC72A1}.101 to search result 824 f28 Agent * Added update {07609D43-D518-4E77-856E-D1B316D1B8A8}.102 to search result 824 f28 Agent * Added update {25E4704D-AF55-427C-98A3-F724B792DE35}.104 to search result 824 f28 Agent * Added update {3ABBB854-9941-4B7B-8B31-DDE787A6E23C}.104 to search result 824 f28 Agent * Added update {F7FB7D58-712A-403E-B541-5FE8AB34E5ED}.101 to search result 824 f28 Agent * Added update {EE4FE560-4A46-47F3-B455-3283A6DEE5F7}.102 to search result 824 f28 Agent * Added update {B8F88A6A-6F9A-4F2E-A026-BE387E21F522}.100 to search result 824 f28 Agent * Added update {511F4A6E-7093-4158-9A01-FDBA68FFDB2A}.100 to search result 824 f28 Agent * Added update {FE886A79-D52E-4734-B808-1B808AC6848E}.102 to search result 824 f28 Agent * Added update {82AA7A7A-C2C3-47B4-AB32-CB35C0E41FFC}.101 to search result 824 f28 Agent * Added update {4483F57E-7C9D-42E0-9641-49C284E51ADD}.100 to search result 824 f28 Agent * Added update {B0A6A382-7029-4546-85E9-039DBBB800F7}.109 to search result 824 f28 Agent * Added update {DE7E4A92-A2E8-4599-92A4-2E6EE83CB190}.106 to search result 824 f28 Agent * Added update {FE06A193-D24F-4CB5-AEA8-5E70019EA76D}.106 to search result 824 f28 Agent * Added update {8C0EB495-47B8-4728-8E0C-26A87B7A18D9}.103 to search result 824 f28 Agent * Added update {9FA84699-F763-490A-AD88-A9680DE9FF74}.100 to search result 824 f28 Agent * Added update {D3918DA3-ED42-4074-83E0-6BCF89C1A8C6}.102 to search result 824 f28 Agent * Added update {BBE395B4-D56A-4E4E-8967-CB09AE38AF09}.103 to search result 824 f28 Agent * Added update {4C811AB7-3E1C-4D53-A572-61E553D597C9}.100 to search result 824 f28 Agent * Added update {B84407BA-00A3-4FB2-8C8B-A9C17BEAC302}.105 to search result 824 f28 Agent * Added update {0F4830C5-C1B6-48F3-9D35-E7007B1BE82A}.103 to search result 824 f28 Agent * Added update {030199D7-8C9E-4715-AF4A-377A034E4847}.102 to search result 824 f28 Agent * Added update {C9E940DD-70D3-415F-9036-F81468EFBAF4}.102 to search result 824 f28 Agent * Added update {931067DD-3B53-4F2F-B4D7-21165F454CCD}.102 to search result 824 f28 Agent * Added update {33E261E8-16A2-4A4C-A09B-15D072150112}.105 to search result 824 f28 Agent * Added update {7F5706E9-E27C-4A33-B55B-049F44D0B76C}.102 to search result 824 f28 Agent * Added update {0691CBEC-A8AA-48F5-BD7F-54CF1F64E196}.103 to search result 824 f28 Agent * Added update {8D94DCEF-0D41-4F9B-A572-2EC7883B3B97}.103 to search result 824 f28 Agent * Added update {1C82E9F0-FD03-439D-9493-7044252BFC94}.108 to search result 824 f28 Agent * Added update {0FA39BF3-DCC0-4BF2-ACE5-CADD64EED0ED}.105 to search result 824 f28 Agent * Added update {36DAB2F4-990F-4FF2-9C68-E4C9935F4105}.101 to search result 824 f28 Agent * Added update {61C08DF5-C3EF-4C47-BB76-9A04CA4F2F86}.101 to search result 824 f28 Agent * Added update {46A0B6F7-B283-45F8-9CCB-C8E3B4EC332C}.100 to search result 824 f28 Agent * Added update {F02399FB-9130-4097-8202-43DCD4A7C100}.102 to search result 824 f28 Agent * Found 46 updates and 37 categories in search; evaluated appl. rules of 489 out of 638 deployed entities 824 f28 Agent ********* 824 f28 Agent ** END ** Agent: Finding updates [CallerId = MBSA] 824 f28 Agent ************* 824 f28 Report REPORT EVENT: {18C51295-C958-4E05-9EE3-F20414C1D090} 2008-08-28 20:43:22:353+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 MBSA Success Software Synchronization Windows Update Client successfully detected 46 updates. 824 f28 Report REPORT EVENT: {053A8931-7F39-4CDF-86B9-BE2895AB6DF5} 2008-08-28 20:43:22:353+0100 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 MBSA Success Pre-Deployment Check Reporting client status. 748 fd8 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = MBSA] 748 fd8 COMAPI - Updates found = 46 748 fd8 COMAPI --------- 748 fd8 COMAPI -- END -- COMAPI: Search [ClientId = MBSA] 748 fd8 COMAPI ------------- I see a couple of other unanswered forum posts for this same behavior. Hopefully this is enough info to debug it further. PLEASE ADVISE. THANKS MUCH! |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.