none
NIS And Malware Definition Updates Not Working

    Pertanyaan

  • Hello,

    I am unable to update malware and NIS definitions on TMG version 7.0.7734 on Windows 2008 R2 standard x64. Last update status remains "Never". I've tried several suggestions mentioned in previous posts, but without sucess. Here are some facts:

    - Updates are downloaded directly from MS Update Service

    - HTTP and HTTPS traffic is allowed from Internal and LocalHost networks

    - HTTP Proxy Auth is disabled and there is no forward proxy

    - Logging displays no denied traffic from or to localhost when initiating updates, except for some LAN broadcasts

    Here is the section of WindowsUpdate log file describing initiated process. Particulary interesting is the "Updates found=0" line:

    2012-02-29 10:00:02:823 3980 d0c Misc ===========  Logging initialized (build: 7.5.7601.17514, tz: +0100)  ===========
    2012-02-29 10:00:02:823 3980 d0c Misc  = Process: C:\Program Files\Microsoft Forefront Threat Management Gateway\UpdateAgent.exe
    2012-02-29 10:00:02:823 3980 d0c Misc  = Module: C:\Windows\system32\wuapi.dll
    2012-02-29 10:00:02:823 3980 d0c COMAPI -------------
    2012-02-29 10:00:02:823 3980 d0c COMAPI -- START --  COMAPI: Search [ClientId = Forefront TMG]
    2012-02-29 10:00:02:823 3980 d0c COMAPI ---------
    2012-02-29 10:00:02:823 864 d50 Agent *************
    2012-02-29 10:00:02:823 3980 d0c COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Forefront TMG]
    2012-02-29 10:00:02:823 864 d50 Agent ** START **  Agent: Finding updates [CallerId = Forefront TMG]
    2012-02-29 10:00:02:823 864 d50 Agent *********
    2012-02-29 10:00:02:823 864 d50 Agent  * Online = Yes; Ignore download priority = No
    2012-02-29 10:00:02:823 864 d50 Agent  * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '84a54ea9-e574-457a-a750-17164c1d1679' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'ae4483f4-f3ce-4956-ae80-93c18d8886a6' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2012-02-29 10:00:02:838 864 d50 Agent  * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2012-02-29 10:00:02:838 864 d50 Agent  * Search Scope = {Machine}
    2012-02-29 10:00:02:838 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-02-29 10:00:02:838 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:838 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2012-02-29 10:00:02:838 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:854 864 d50 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.windowsupdate.com/v9/microsoftupdate/redir/muauth.cab
    2012-02-29 10:00:02:854 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-02-29 10:00:02:854 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:854 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2012-02-29 10:00:02:854 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:947 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-02-29 10:00:02:947 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:947 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-02-29 10:00:02:947 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:02:963 864 d50 PT +++++++++++  PT: Starting category scan  +++++++++++
    2012-02-29 10:00:02:963 864 d50 PT  + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
    2012-02-29 10:00:03:088 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-02-29 10:00:03:088 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:03:103 864 d50 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
    2012-02-29 10:00:03:103 864 d50 Misc Microsoft signed: Yes
    2012-02-29 10:00:03:103 864 d50 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
    2012-02-29 10:00:03:103 864 d50 PT  + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
    2012-02-29 10:00:03:337 864 d50 Agent  * Found 0 updates and 5 categories in search; evaluated appl. rules of 14 out of 35 deployed entities
    2012-02-29 10:00:03:337 864 d50 Agent *********
    2012-02-29 10:00:03:337 864 d50 Agent **  END  **  Agent: Finding updates [CallerId = Forefront TMG]
    2012-02-29 10:00:03:337 864 d50 Agent *************
    2012-02-29 10:00:03:337 3980 1b8 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = Forefront TMG]
    2012-02-29 10:00:03:337 3980 1b8 COMAPI  - Updates found = 0
    2012-02-29 10:00:03:337 3980 1b8 COMAPI ---------
    2012-02-29 10:00:03:337 3980 1b8 COMAPI --  END  --  COMAPI: Search [ClientId = Forefront TMG]
    2012-02-29 10:00:03:337 3980 1b8 COMAPI -------------
    2012-02-29 10:00:08:345 864 d50 Report REPORT EVENT: {FA49EAB3-5590-4A33-8AEA-DC2F0D5D77AF} 2012-02-29 10:00:03:337+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Forefront TMG Success Software Synchronization Windows Update Client successfully detected 0 updates.
    2012-02-29 10:00:08:345 864 d50 Report CWERReporter finishing event handling. (00000000)

    Any suggestions appreciated.

    29 Februari 2012 9:16

Semua Balasan

  • Update: TMG DOES download and install updates, as I have found that all signatures are up to date. It seems like a bug in TMG as definition status is not displayed correctly in the console.
    29 Februari 2012 9:46
  •  

    Hi,

    Thank you for the post.

    Please open registry with REGEDIT, go into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc, then export the content under the DefinitionUpdates reg key.

    Regards,


    Nick Gu - MSFT

    01 Maret 2012 4:09
    Moderator
  • Here it is:

    Windows Registry Editor Version 5.00


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates]
    "LastExecutionTime"="2012/3/1 10:15:0"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates\{464716F5-0BAB-494a-A51A-30400DDF127F}]
    "CheckTime"="1.3.2012. 10:15:07"
    "UpdateTime"="0:00:00"
    "SuccessTime"="1.3.2012. 10:15:07"
    "UpdateStatus"=dword:0000000b
    "ConsecutiveFailures"=dword:00000000
    "ErrorCode"=dword:00000000
    "PercentCompleted"=dword:00000065


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates\{C15B227A-0C88-421a-9D05-8B71B6525472}]
    "CheckTime"="1.3.2012. 10:15:07"
    "UpdateTime"="0:00:00"
    "SuccessTime"="1.3.2012. 10:15:07"
    "UpdateStatus"=dword:0000000b
    "ConsecutiveFailures"=dword:00000000
    "ErrorCode"=dword:00000000
    "PercentCompleted"=dword:00000065


    01 Maret 2012 10:16
  •  

    Hi,

    Thank you for the update.

    As you can see the update status is set to b which is 11 in decimal. This status means fpcUpdatesStatusNever which is reflected in the UI.

    If all is fine, the status should be 7 (fpcUpdatesStatusUpToDate). A simple fix for your consists in manually changing the above registry values "UpdateStatus"=dword:00000007

    Regards,


    Nick Gu - MSFT

    08 Maret 2012 1:48
    Moderator