IT プロフェッショナルのための技術情報サイト >
フォーラム ホーム
>
WSUS
>
definition updates for forefront client security showing failed status on windows 7 clients
definition updates for forefront client security showing failed status on windows 7 clients
- we have ~9000 clients reporting to our wsus 3 sp2 server, of which only a few (17) are windows 7. what's curious is that 50% of those win7 computers are showing failed status for forefront client security definition updates. in researching this problem i've discovered that none of the win7 computers with failed status even have fcs installed... which begs the question; why are the definition updates even being attempted on this handful of systems?
すべての返信
why are the definition updates even being attempted on this handful of systems?
That would be the question!
Can you please post a log segment from one of those Windows 7 computers showing:
[a] The Forefront Client Security definition update being detected.
[b] The Forefront Client Security definition update being downloaded.
[c] The Forefront Client Security definition update installation attempt.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- 2009-11-17 05:09:28:626 980 d54 Report Uploading 1 events using cached cookie, reporting URL = http://wsus2.domain.local/ReportingWebService/ReportingWebService.asmx
2009-11-17 05:09:28:735 980 d54 Report Reporter successfully uploaded 1 events.
2009-11-17 09:27:40:211 980 1668 AU #############
2009-11-17 09:27:40:258 980 1668 AU ## START ## AU: Search for updates
2009-11-17 09:27:40:273 980 1668 AU #########
2009-11-17 09:27:40:367 980 1668 AU <<## SUBMITTED ## AU: Search for updates [CallId = {E20D0771-83BB-42F5-81A9-C800B7960068}]
2009-11-17 09:27:40:367 980 1508 Agent *************
2009-11-17 09:27:40:367 980 1508 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-17 09:27:40:367 980 1508 Agent *********
2009-11-17 09:27:40:367 980 1508 Agent * Online = Yes; Ignore download priority = No
2009-11-17 09:27:40:367 980 1508 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2009-11-17 09:27:40:367 980 1508 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2009-11-17 09:27:40:367 980 1508 Agent * Search Scope = {Machine}
2009-11-17 09:27:40:866 980 1508 Setup Checking for agent SelfUpdate
2009-11-17 09:27:40:897 980 1508 Setup Client version: Core: 7.4.7600.226 Aux: 7.4.7600.226
2009-11-17 09:27:40:944 980 1508 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2009-11-17 09:27:41:053 980 1508 Misc Microsoft signed: Yes
2009-11-17 09:28:04:250 980 1508 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2009-11-17 09:28:04:266 980 1508 Misc Microsoft signed: Yes
2009-11-17 09:28:04:360 980 1508 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2009-11-17 09:28:04:391 980 1508 Misc Microsoft signed: Yes
2009-11-17 09:28:04:406 980 1508 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2009-11-17 09:28:04:406 980 1508 Misc Microsoft signed: Yes
2009-11-17 09:28:04:656 980 1508 Setup Determining whether a new setup handler needs to be downloaded
2009-11-17 09:28:04:734 980 1508 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:
2009-11-17 09:28:04:765 980 1508 Misc Microsoft signed: Yes
2009-11-17 09:28:04:765 980 1508 Setup SelfUpdate handler update NOT required: Current version: 7.4.7600.226, required version: 7.4.7600.226
2009-11-17 09:28:04:781 980 1508 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-17 09:28:07:480 980 1508 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-17 09:28:07:480 980 1508 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-17 09:28:07:511 980 1508 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-17 09:28:07:511 980 1508 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-17 09:28:07:558 980 1508 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-17 09:28:07:558 980 1508 Setup SelfUpdate check completed. SelfUpdate is NOT required.
2009-11-17 09:28:14:749 980 1508 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-11-17 09:28:14:749 980 1508 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus2.domain.local/ClientWebService/client.asmx
2009-11-17 09:28:15:483 980 1508 PT WARNING: Cached cookie has expired or new PID is available
2009-11-17 09:28:15:483 980 1508 PT Initializing simple targeting cookie, clientId = df91f601-e1ac-4d18-8915-41a9a94529d4, target group = test, DNS name = d1xwpgf1.domain.local
2009-11-17 09:28:15:483 980 1508 PT Server URL = http://wsus2.domain.local/SimpleAuthWebService/SimpleAuth.asmx
2009-11-17 09:28:20:100 980 1508 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2009-11-17 09:28:20:100 980 1508 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus2.domain.local/ClientWebService/client.asmx
2009-11-17 09:28:20:958 980 1508 Agent Update {B750317C-E117-4895-8FDE-9E9535EA2E73}.100 is pruned out due to potential supersedence
2009-11-17 09:28:20:958 980 1508 Agent * Added update {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100 to search result
2009-11-17 09:28:20:958 980 1508 Agent * Found 1 updates and 54 categories in search; evaluated appl. rules of 746 out of 1352 deployed entities
2009-11-17 09:28:20:989 980 1508 Agent *********
2009-11-17 09:28:20:989 980 1508 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-17 09:28:20:989 980 1508 Agent *************
2009-11-17 09:28:21:067 980 1a0 AU >>## RESUMED ## AU: Search for updates [CallId = {E20D0771-83BB-42F5-81A9-C800B7960068}]
2009-11-17 09:28:21:067 980 1a0 AU # 1 updates detected
2009-11-17 09:28:21:067 980 1a0 AU #########
2009-11-17 09:28:21:067 980 1a0 AU ## END ## AU: Search for updates [CallId = {E20D0771-83BB-42F5-81A9-C800B7960068}]
2009-11-17 09:28:21:067 980 1a0 AU #############
2009-11-17 09:28:21:067 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:28:21:067 980 1a0 AU Featured notifications is disabled.
2009-11-17 09:28:21:067 980 1a0 AU AU setting next detection timeout to 2009-11-18 07:56:29
2009-11-17 09:28:21:083 980 1a0 AU Setting AU scheduled install time to 2009-11-18 08:00:00
2009-11-17 09:28:21:083 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:28:21:083 980 1a0 AU Auto-approving update for download, updateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=1
2009-11-17 09:28:21:083 980 1a0 AU Auto-approved 1 update(s) for download (NOT for Ux)
2009-11-17 09:28:21:083 980 1a0 AU #############
2009-11-17 09:28:21:083 980 1a0 AU ## START ## AU: Download updates
2009-11-17 09:28:21:083 980 1a0 AU #########
2009-11-17 09:28:21:083 980 1a0 AU # Approved updates = 1
2009-11-17 09:28:21:145 980 1a0 AU AU initiated download, updateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100, callId = {B019F84E-99B3-4526-BE1D-640026CABF95}
2009-11-17 09:28:21:145 980 1a0 AU Setting AU scheduled install time to 2009-11-18 08:00:00
2009-11-17 09:28:21:145 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:28:21:145 980 1a0 AU AU setting pending client directive to 'Download Progress'
2009-11-17 09:28:21:145 980 1508 DnldMgr *************
2009-11-17 09:28:21:145 980 1508 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-17 09:28:21:145 980 1508 DnldMgr *********
2009-11-17 09:28:21:145 980 1508 DnldMgr * Call ID = {B019F84E-99B3-4526-BE1D-640026CABF95}
2009-11-17 09:28:21:145 980 1508 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-11-17 09:28:21:145 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:28:21:145 980 1a0 AU # Pending download calls = 1
2009-11-17 09:28:21:145 980 1a0 AU <<## SUBMITTED ## AU: Download updates
2009-11-17 09:28:21:145 980 1508 DnldMgr * Updates to download = 1
2009-11-17 09:28:21:161 980 1508 Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:28:21:161 980 1508 Agent * UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100
2009-11-17 09:28:21:161 980 1508 Agent * Bundles 1 updates:
2009-11-17 09:28:21:161 980 1508 Agent * {F059E02A-8C1F-46F7-B103-C694DBA4DC6E}.100
2009-11-17 09:28:21:177 980 1508 DnldMgr *********** DnldMgr: New download job [UpdateId = {F059E02A-8C1F-46F7-B103-C694DBA4DC6E}.100] ***********
2009-11-17 09:28:21:723 980 1508 DnldMgr * BITS job initialized, JobId = {F45A62F9-3EF4-4A56-A065-01F173A22589}
2009-11-17 09:28:21:879 980 1508 DnldMgr * Downloading from http://wsus2.domain.local/Content/AD/4E931B5F0761FE910C684F9876E1FD2CA8071FAD.exe to C:\Windows\SoftwareDistribution\Download\c8275ae1c4e754fc1e9dc976f5efa4a3\4e931b5f0761fe910c684f9876e1fd2ca8071fad (full file).
2009-11-17 09:28:22:159 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:28:22:159 980 1508 Agent *********
2009-11-17 09:28:22:159 980 1508 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-17 09:28:22:159 980 1508 Agent *************
2009-11-17 09:28:22:159 980 1a0 AU AU checked download status and it changed: Downloading is paused
2009-11-17 09:28:22:393 980 1a0 AU AU checked download status and it changed: Downloading is not paused
2009-11-17 09:28:22:393 980 1a0 AU AU setting pending client directive to 'Download Progress'
2009-11-17 09:28:25:966 980 1508 Report REPORT EVENT: {A892A638-F045-44F1-890E-CB7E52E3E252} 2009-11-17 09:28:20:958-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates.
2009-11-17 09:28:25:966 980 1508 Report REPORT EVENT: {690A85F5-D1AB-4F79-8710-3177A211E724} 2009-11-17 09:28:20:989-0500 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
2009-11-17 09:28:25:966 980 1508 Report CWERReporter finishing event handling. (00000000)
2009-11-17 09:28:36:215 980 1668 AU Launched new AU client for directive 'Download Progress', session id = 0x1
2009-11-17 09:33:50:604 980 1508 Report Uploading 2 events using cached cookie, reporting URL = http://wsus2.domain.local/ReportingWebService/ReportingWebService.asmx
2009-11-17 09:33:50:635 980 1508 Report Reporter successfully uploaded 2 events.
2009-11-17 09:34:52:630 980 a90 DnldMgr BITS job {F45A62F9-3EF4-4A56-A065-01F173A22589} completed successfully
2009-11-17 09:34:52:880 980 a90 Misc Validating signature for C:\Windows\SoftwareDistribution\Download\c8275ae1c4e754fc1e9dc976f5efa4a3\4e931b5f0761fe910c684f9876e1fd2ca8071fad:
2009-11-17 09:34:53:082 980 a90 Misc Microsoft signed: Yes
2009-11-17 09:34:53:129 980 a90 DnldMgr Download job bytes total = 48802688, bytes transferred = 48802688
2009-11-17 09:34:53:129 980 a90 DnldMgr *********** DnldMgr: New download job [UpdateId = {F059E02A-8C1F-46F7-B103-C694DBA4DC6E}.100] ***********
2009-11-17 09:34:53:379 980 a90 DnldMgr * All files for update were already downloaded and are valid.
2009-11-17 09:34:53:379 980 1a0 AU >>## RESUMED ## AU: Download update [UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}, succeeded]
2009-11-17 09:34:53:379 980 1a0 AU #########
2009-11-17 09:34:53:379 980 1a0 AU ## END ## AU: Download updates
2009-11-17 09:34:53:379 980 1a0 AU #############
2009-11-17 09:34:53:379 980 1a0 AU Setting AU scheduled install time to 2009-11-18 08:00:00
2009-11-17 09:34:53:379 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:34:53:379 980 1a0 AU Auto-approving update for install, updateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=1
2009-11-17 09:34:53:379 980 1a0 AU Auto-approved 1 update(s) for install (NOT for Ux), installType=2
2009-11-17 09:34:53:379 980 1a0 AU #############
2009-11-17 09:34:53:379 980 1a0 AU ## START ## AU: Install updates
2009-11-17 09:34:53:379 980 1a0 AU #########
2009-11-17 09:34:53:379 980 1a0 AU # Initiating minor updates install
2009-11-17 09:34:53:379 980 1a0 AU # Approved updates = 1
2009-11-17 09:34:53:394 980 1a0 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {B61B2F69-AD72-4B05-909E-EE41A49766EF}]
2009-11-17 09:34:53:394 980 2ac Agent *************
2009-11-17 09:34:53:394 980 2ac Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-17 09:34:53:394 980 2ac Agent *********
2009-11-17 09:34:53:394 980 2ac Agent * Updates to install = 1
2009-11-17 09:34:53:394 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:34:53:426 980 2ac Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:34:53:426 980 2ac Agent * UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100
2009-11-17 09:34:53:426 980 2ac Agent * Bundles 1 updates:
2009-11-17 09:34:53:426 980 2ac Agent * {F059E02A-8C1F-46F7-B103-C694DBA4DC6E}.100
2009-11-17 09:34:53:488 980 1668 AU AU received handle event
2009-11-17 09:34:58:386 980 1508 Report REPORT EVENT: {470C8CEC-EE21-4A66-8457-B6BCB52AD505} 2009-11-17 09:34:53:379-0500 1 162 101 {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB} 100 0 AutomaticUpdates Success Content Download Download succeeded.
2009-11-17 09:34:58:386 980 1508 Report REPORT EVENT: {65913890-4287-4A89-9B05-33F0798D4A69} 2009-11-17 09:34:53:379-0500 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 18, 2009 at 3:00 AM: - Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:34:58:386 980 1508 Report CWERReporter finishing event handling. (00000000)
2009-11-17 09:35:35:546 980 2ac DnldMgr Preparing update for install, updateId = {F059E02A-8C1F-46F7-B103-C694DBA4DC6E}.100.
2009-11-17 09:35:35:951 5788 c30 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-11-17 09:35:35:951 5788 c30 Misc = Process: C:\Windows\system32\wuauclt.exe
2009-11-17 09:35:35:951 5788 c30 Misc = Module: C:\Windows\system32\wuaueng.dll
2009-11-17 09:35:35:951 5788 c30 Handler :::::::::::::
2009-11-17 09:35:35:951 5788 c30 Handler :: START :: Handler: Command Line Install
2009-11-17 09:35:35:951 5788 c30 Handler :::::::::
2009-11-17 09:35:35:951 5788 c30 Handler : Updates to install = 1
2009-11-17 09:36:40:395 5788 c30 Handler : WARNING: Command line install completed. Return code = 0x80070645, Result = Failed, Reboot required = false
2009-11-17 09:36:40:395 980 1a0 AU >>## RESUMED ## AU: Installing update [UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}]
2009-11-17 09:36:40:395 5788 c30 Handler : WARNING: Exit code = 0x8024200B
2009-11-17 09:36:40:395 980 1a0 AU # WARNING: Install failed, error = 0x80070643 / 0x80070645
2009-11-17 09:36:40:395 5788 c30 Handler :::::::::
2009-11-17 09:36:40:395 5788 c30 Handler :: END :: Handler: Command Line Install
2009-11-17 09:36:40:395 5788 c30 Handler :::::::::::::
2009-11-17 09:36:40:442 980 2ac Agent *********
2009-11-17 09:36:40:442 980 1a0 AU Install call completed.
2009-11-17 09:36:40:442 980 2ac Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-17 09:36:40:442 980 1a0 AU # WARNING: Install call completed, reboot required = No, error = 0x00000000
2009-11-17 09:36:40:442 980 2ac Agent *************
2009-11-17 09:36:40:442 980 1a0 AU #########
2009-11-17 09:36:40:442 980 1a0 AU ## END ## AU: Installing updates [CallId = {B61B2F69-AD72-4B05-909E-EE41A49766EF}]
2009-11-17 09:36:40:442 980 1a0 AU #############
2009-11-17 09:36:40:442 980 1a0 AU Install complete for all calls, reboot NOT needed
2009-11-17 09:36:40:442 980 1a0 AU Setting AU scheduled install time to 2009-11-18 08:00:00
2009-11-17 09:36:40:442 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:36:40:442 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:36:40:442 980 1a0 AU Triggering Offline detection (non-interactive)
2009-11-17 09:36:40:442 980 1668 AU #############
2009-11-17 09:36:40:442 980 1668 AU ## START ## AU: Search for updates
2009-11-17 09:36:40:442 980 1668 AU #########
2009-11-17 09:36:40:505 980 1668 AU <<## SUBMITTED ## AU: Search for updates [CallId = {497F793F-1B5E-4210-91F5-085C7D95A39C}]
2009-11-17 09:36:40:505 980 1508 Agent *************
2009-11-17 09:36:40:505 980 1508 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-17 09:36:40:505 980 1508 Agent *********
2009-11-17 09:36:40:505 980 1508 Agent * Online = No; Ignore download priority = No
2009-11-17 09:36:40:505 980 1508 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2009-11-17 09:36:40:505 980 1508 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2009-11-17 09:36:40:505 980 1508 Agent * Search Scope = {Machine}
2009-11-17 09:36:42:033 980 1508 Agent Update {B750317C-E117-4895-8FDE-9E9535EA2E73}.100 is pruned out due to potential supersedence
2009-11-17 09:36:42:033 980 1508 Agent * Added update {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100 to search result
2009-11-17 09:36:42:033 980 1508 Agent * Found 1 updates and 54 categories in search; evaluated appl. rules of 173 out of 1352 deployed entities
2009-11-17 09:36:42:033 980 1508 Agent *********
2009-11-17 09:36:42:033 980 1508 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-17 09:36:42:033 980 1508 Agent *************
2009-11-17 09:36:42:049 980 1a0 AU >>## RESUMED ## AU: Search for updates [CallId = {497F793F-1B5E-4210-91F5-085C7D95A39C}]
2009-11-17 09:36:42:065 980 1a0 AU # 1 updates detected
2009-11-17 09:36:42:065 980 1a0 AU WARNING: AU ignoring update during offline scan:
2009-11-17 09:36:42:065 980 1a0 AU #########
2009-11-17 09:36:42:065 980 1a0 AU ## END ## AU: Search for updates [CallId = {497F793F-1B5E-4210-91F5-085C7D95A39C}]
2009-11-17 09:36:42:065 980 1a0 AU #############
2009-11-17 09:36:42:065 980 1a0 AU Featured notifications is disabled.
2009-11-17 09:36:42:065 980 1a0 AU Setting AU scheduled install time to 2009-11-18 08:00:00
2009-11-17 09:36:42:065 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:36:42:065 980 1a0 AU Successfully wrote event for AU health state:0
2009-11-17 09:36:45:403 980 1508 Report REPORT EVENT: {495A0B88-6045-4546-9280-1F4DB55DEBBA} 2009-11-17 09:36:40:395-0500 1 182 101 {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB} 100 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0).
2009-11-17 09:36:45:871 980 1508 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2009-11-17 09:36:45:871 980 1508 Report WER Report sent: 7.4.7600.226 0x80070643 AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB Install 101 Managed
2009-11-17 09:36:45:871 980 1508 Report CWERReporter finishing event handling. (00000000)
2009-11-17 09:40:22:541 980 1508 Report Uploading 3 events using cached cookie, reporting URL = http://wsus2.domain.local/ReportingWebService/ReportingWebService.asmx
2009-11-17 09:40:22:556 980 1508 Report Reporter successfully uploaded 3 events. 2009-11-17 09:28:20:958 980 1508 Agent * Added update {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100 to search result
2009-11-17 09:28:20:958 980 1508 Agent * Found 1 updates and 54 categories in search; evaluated appl. rules of 746 out of 1352 deployed entities
2009-11-17 09:28:21:145 980 1508 DnldMgr * Updates to download = 1
2009-11-17 09:28:21:161 980 1508 Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:28:21:161 980 1508 Agent * UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}.100
2009-11-17 09:34:52:630 980 a90 DnldMgr BITS job {F45A62F9-3EF4-4A56-A065-01F173A22589} completed successfully
2009-11-17 09:34:53:129 980 a90 DnldMgr Download job bytes total = 48802688, bytes transferred = 48802688
2009-11-17 09:34:53:379 980 a90 DnldMgr * All files for update were already downloaded and are valid.
2009-11-17 09:34:53:379 980 1a0 AU # Initiating minor updates install
2009-11-17 09:34:53:379 980 1a0 AU # Approved updates = 1
2009-11-17 09:34:53:426 980 2ac Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:34:58:386 980 1508 Report REPORT EVENT: {470C8CEC-EE21-4A66-8457-B6BCB52AD505} 2009-11-17 09:34:53:379-0500 1 162 101 {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB} 100 0 AutomaticUpdates Success Content Download Download succeeded.
2009-11-17 09:34:58:386 980 1508 Report REPORT EVENT: {65913890-4287-4A89-9B05-33F0798D4A69} 2009-11-17 09:34:53:379-0500 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Wednesday, November 18, 2009 at 3:00 AM: - Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0)
2009-11-17 09:36:40:395 5788 c30 Handler : WARNING: Command line install completed. Return code = 0x80070645, Result = Failed, Reboot required = false
2009-11-17 09:36:40:395 980 1a0 AU >>## RESUMED ## AU: Installing update [UpdateId = {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB}]
2009-11-17 09:36:40:395 5788 c30 Handler : WARNING: Exit code = 0x8024200B
2009-11-17 09:36:40:395 980 1a0 AU # WARNING: Install failed, error = 0x80070643 / 0x80070645
2009-11-17 09:36:45:403 980 1508 Report REPORT EVENT: {495A0B88-6045-4546-9280-1F4DB55DEBBA} 2009-11-17 09:36:40:395-0500 1 182 101 {AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB} 100 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.69.1038.0).
2009-11-17 09:36:45:871 980 1508 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2009-11-17 09:36:45:871 980 1508 Report WER Report sent: 7.4.7600.226 0x80070643 AD8041F0-35BC-472F-AC7F-DB8EDBB4A2DB Install 101 Managed
2009-11-17 09:36:45:871 980 1508 Report CWERReporter finishing event handling. (00000000)
2009-11-17 09:40:22:541 980 1508 Report Uploading 3 events using cached cookie, reporting URL = http://wsus2.domain.local/ReportingWebService/ReportingWebService.asmx
2009-11-17 09:40:22:556 980 1508 Report Reporter successfully uploaded 3 events.
Fascinating!
Although I'm not sure which I'm more intrigued with -- the fact that a WUAgent appears to have detected and downloaded an FCS Definition Update on a client that ostensibly does not have Forefront Client Security installed . . . (I'm assuming that FCS is actually installed on the non-Win7 clients, and that's why the FCS updates are actually approved in the first place -- which, of course, then begs the question as to why FCS hasn't been deployed on the Win7 clients, but that's an entirely different discussion.) . . .
Or that the logfiles suggest this installation event ostensibly occurred an entire =24 hours= before this version (1.69.1038) was actually released to WSUS . . . (On my server, this FCS definition update, v1.69.1038.0 was synchronized from MU at 11:40am CT on 11/18/09, and was not available at 5:40am CT -- 6 hours earlier -- when v1.69.1007.0 was synchronized.) (My calculations based on your log entries above are that this client is in GMT-5, making this log from 9am Eastern Time in the U.S.)
Or that we're even worrying about this particular update 36 hours later, given that it's now been superseded at least a half dozen times over in the past 36 hours. :-)
[ but I did ask for the logfiles, so that's pretty much why we're still discussing it ]
My best guess: The detection logic in this specific definition update package is defective.
My best recommendation: DECLINE the FCS update for v1.69.1038.0 (and run your Server Cleanup Wizard on a weekly basis to "Decline superceded updates" and "Decline expired updates").
My other recommendation: Create a group for FCS clients *only*. Modify your auto-approval rules so that FCS updates are only approved for the FCS client target group. Make sure the Windows 7 clients (that don't have FCS installed) are not members of the FCS client target group.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- it appears that this is going to be an ongoing problem:
2009-11-20 13:29:10:649 996 145c AU #############
2009-11-20 13:29:10:649 996 145c AU ## START ## AU: Search for updates
2009-11-20 13:29:10:649 996 145c AU #########
2009-11-20 13:29:10:649 996 145c AU <<## SUBMITTED ## AU: Search for updates [CallId = {3EA8FE48-A6EE-47D2-99D6-6C7D2E72BC8D}]
2009-11-20 13:29:10:649 996 17ec Agent *************
2009-11-20 13:29:10:649 996 17ec Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:10:649 996 17ec Agent *********
2009-11-20 13:29:10:649 996 17ec Agent * Online = Yes; Ignore download priority = No
2009-11-20 13:29:10:649 996 17ec Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2009-11-20 13:29:10:649 996 17ec Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2009-11-20 13:29:10:649 996 17ec Agent * Search Scope = {Machine}
2009-11-20 13:29:10:695 996 17ec Setup Checking for agent SelfUpdate
2009-11-20 13:29:10:695 996 17ec Setup Client version: Core: 7.4.7600.226 Aux: 7.4.7600.226
2009-11-20 13:29:10:695 996 17ec Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2009-11-20 13:29:10:711 996 17ec Misc Microsoft signed: Yes
2009-11-20 13:29:33:768 996 17ec Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2009-11-20 13:29:33:783 996 17ec Misc Microsoft signed: Yes
2009-11-20 13:29:33:799 996 17ec Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2009-11-20 13:29:33:799 996 17ec Misc Microsoft signed: Yes
2009-11-20 13:29:33:799 996 17ec Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2009-11-20 13:29:33:815 996 17ec Misc Microsoft signed: Yes
2009-11-20 13:29:33:846 996 17ec Setup Determining whether a new setup handler needs to be downloaded
2009-11-20 13:29:33:846 996 17ec Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:
2009-11-20 13:29:33:846 996 17ec Misc Microsoft signed: Yes
2009-11-20 13:29:33:846 996 17ec Setup SelfUpdate handler update NOT required: Current version: 7.4.7600.226, required version: 7.4.7600.226
2009-11-20 13:29:33:846 996 17ec Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-20 13:29:34:797 996 17ec Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-20 13:29:34:797 996 17ec Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-20 13:29:34:813 996 17ec Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-20 13:29:34:813 996 17ec Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
2009-11-20 13:29:34:844 996 17ec Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
2009-11-20 13:29:34:860 996 17ec Setup SelfUpdate check completed. SelfUpdate is NOT required.
2009-11-20 13:29:36:264 996 17ec PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-11-20 13:29:36:264 996 17ec PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus2.domain.local/ClientWebService/client.asmx
2009-11-20 13:29:36:389 996 17ec PT WARNING: Cached cookie has expired or new PID is available
2009-11-20 13:29:36:389 996 17ec PT Initializing simple targeting cookie, clientId = df91f601-e1ac-4d18-8915-41a9a94529d4, target group = test, DNS name = d1xwpgf1.domain.local
2009-11-20 13:29:36:389 996 17ec PT Server URL = http://wsus2.domain.local/SimpleAuthWebService/SimpleAuth.asmx
2009-11-20 13:29:38:261 996 17ec PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2009-11-20 13:29:38:261 996 17ec PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus2.domain.local/ClientWebService/client.asmx
2009-11-20 13:29:38:697 996 17ec Agent Update {27C500FE-CD2C-476C-A83B-65BD710E7134}.100 is pruned out due to potential supersedence
2009-11-20 13:29:38:697 996 17ec Agent Update {822EAA24-DC4E-49E7-BAF2-F903F825ECB8}.100 is pruned out due to potential supersedence
2009-11-20 13:29:38:697 996 17ec Agent Update {FB7FB441-B8AE-4A1A-9239-E84D3D2EB9A2}.100 is pruned out due to potential supersedence
2009-11-20 13:29:38:697 996 17ec Agent * Added update {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100 to search result
2009-11-20 13:29:38:697 996 17ec Agent * Found 1 updates and 54 categories in search; evaluated appl. rules of 752 out of 1357 deployed entities
2009-11-20 13:29:38:697 996 17ec Agent *********
2009-11-20 13:29:38:697 996 17ec Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:38:697 996 17ec Agent *************
2009-11-20 13:29:38:713 996 cc0 AU >>## RESUMED ## AU: Search for updates [CallId = {3EA8FE48-A6EE-47D2-99D6-6C7D2E72BC8D}]
2009-11-20 13:29:38:713 996 cc0 AU # 1 updates detected
2009-11-20 13:29:38:713 996 cc0 AU #########
2009-11-20 13:29:38:713 996 cc0 AU ## END ## AU: Search for updates [CallId = {3EA8FE48-A6EE-47D2-99D6-6C7D2E72BC8D}]
2009-11-20 13:29:38:713 996 cc0 AU #############
2009-11-20 13:29:38:713 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:713 996 cc0 AU Featured notifications is disabled.
2009-11-20 13:29:38:713 996 cc0 AU AU setting next detection timeout to 2009-11-20 19:19:57
2009-11-20 13:29:38:713 996 cc0 AU Setting AU scheduled install time to 2009-11-21 08:00:00
2009-11-20 13:29:38:713 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:713 996 cc0 AU Auto-approving update for download, updateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=1
2009-11-20 13:29:38:713 996 cc0 AU Auto-approved 1 update(s) for download (NOT for Ux)
2009-11-20 13:29:38:713 996 cc0 AU #############
2009-11-20 13:29:38:713 996 cc0 AU ## START ## AU: Download updates
2009-11-20 13:29:38:713 996 cc0 AU #########
2009-11-20 13:29:38:713 996 cc0 AU # Approved updates = 1
2009-11-20 13:29:38:713 996 cc0 AU AU initiated download, updateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100, callId = {62AD8269-F3FD-41A5-93D9-CE225353EE7C}
2009-11-20 13:29:38:713 996 cc0 AU Setting AU scheduled install time to 2009-11-21 08:00:00
2009-11-20 13:29:38:713 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:713 996 17ec DnldMgr *************
2009-11-20 13:29:38:713 996 cc0 AU AU setting pending client directive to 'Download Progress'
2009-11-20 13:29:38:713 996 17ec DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:38:713 996 17ec DnldMgr *********
2009-11-20 13:29:38:713 996 17ec DnldMgr * Call ID = {62AD8269-F3FD-41A5-93D9-CE225353EE7C}
2009-11-20 13:29:38:713 996 17ec DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-11-20 13:29:38:713 996 17ec DnldMgr * Updates to download = 1
2009-11-20 13:29:38:713 996 17ec Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.71.56.0)
2009-11-20 13:29:38:713 996 17ec Agent * UpdateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100
2009-11-20 13:29:38:713 996 17ec Agent * Bundles 1 updates:
2009-11-20 13:29:38:713 996 17ec Agent * {6D4D6857-6269-4E4B-B951-4AC2A748AC4C}.100
2009-11-20 13:29:38:713 996 17ec DnldMgr *********** DnldMgr: New download job [UpdateId = {6D4D6857-6269-4E4B-B951-4AC2A748AC4C}.100] ***********
2009-11-20 13:29:38:963 996 17ec DnldMgr * All files for update were already downloaded and are valid.
2009-11-20 13:29:38:963 996 17ec Agent *********
2009-11-20 13:29:38:963 996 17ec Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:38:963 996 17ec Agent *************
2009-11-20 13:29:38:963 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:963 996 cc0 AU # Pending download calls = 1
2009-11-20 13:29:38:963 996 cc0 AU <<## SUBMITTED ## AU: Download updates
2009-11-20 13:29:38:963 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:963 996 cc0 AU >>## RESUMED ## AU: Download update [UpdateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}, succeeded]
2009-11-20 13:29:38:963 996 cc0 AU #########
2009-11-20 13:29:38:963 996 cc0 AU ## END ## AU: Download updates
2009-11-20 13:29:38:963 996 cc0 AU #############
2009-11-20 13:29:38:963 996 cc0 AU Setting AU scheduled install time to 2009-11-21 08:00:00
2009-11-20 13:29:38:963 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:963 996 cc0 AU Auto-approving update for install, updateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100, ForUx=0, IsOwnerUx=0, HasDeadline=0, IsMinor=1
2009-11-20 13:29:38:963 996 17ec Report REPORT EVENT: {377CF1DC-E7B3-4B2B-A963-EB2C88E4EA40} 2009-11-20 13:29:38:697-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates.
2009-11-20 13:29:38:963 996 cc0 AU Auto-approved 1 update(s) for install (NOT for Ux), installType=2
2009-11-20 13:29:38:963 996 cc0 AU #############
2009-11-20 13:29:38:963 996 cc0 AU ## START ## AU: Install updates
2009-11-20 13:29:38:963 996 17ec Report REPORT EVENT: {D47C934D-2C55-4374-A7F9-452B74EA469F} 2009-11-20 13:29:38:697-0500 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
2009-11-20 13:29:38:963 996 cc0 AU #########
2009-11-20 13:29:38:963 996 cc0 AU # Initiating minor updates install
2009-11-20 13:29:38:963 996 17ec Report REPORT EVENT: {BD3D446C-4399-4BD3-B2C8-EC71087ABAAC} 2009-11-20 13:29:38:963-0500 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?Saturday, ?November ?21, ?2009 at 3:00 AM: - Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.71.56.0)
2009-11-20 13:29:38:963 996 cc0 AU # Approved updates = 1
2009-11-20 13:29:38:963 996 cc0 AU <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {31F538C2-6A77-4D02-ADB0-B46C9DB6F16F}]
2009-11-20 13:29:38:963 996 374 Agent *************
2009-11-20 13:29:38:963 996 374 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:38:963 996 374 Agent *********
2009-11-20 13:29:38:963 996 374 Agent * Updates to install = 1
2009-11-20 13:29:38:963 996 17ec Report CWERReporter finishing event handling. (00000000)
2009-11-20 13:29:38:963 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:38:963 996 374 Agent * Title = Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.71.56.0)
2009-11-20 13:29:38:963 996 374 Agent * UpdateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100
2009-11-20 13:29:38:963 996 374 Agent * Bundles 1 updates:
2009-11-20 13:29:38:963 996 374 Agent * {6D4D6857-6269-4E4B-B951-4AC2A748AC4C}.100
2009-11-20 13:29:43:970 996 17ec Report CWERReporter finishing event handling. (00000000)
2009-11-20 13:29:46:497 996 374 DnldMgr Preparing update for install, updateId = {6D4D6857-6269-4E4B-B951-4AC2A748AC4C}.100.
2009-11-20 13:29:46:856 2060 17d0 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0500) ===========
2009-11-20 13:29:46:856 2060 17d0 Misc = Process: C:\Windows\system32\wuauclt.exe
2009-11-20 13:29:46:856 2060 17d0 Misc = Module: C:\Windows\system32\wuaueng.dll
2009-11-20 13:29:46:856 2060 17d0 Handler :::::::::::::
2009-11-20 13:29:46:856 2060 17d0 Handler :: START :: Handler: Command Line Install
2009-11-20 13:29:46:856 2060 17d0 Handler :::::::::
2009-11-20 13:29:46:856 2060 17d0 Handler : Updates to install = 1
2009-11-20 13:29:54:968 2060 17d0 Handler : WARNING: Command line install completed. Return code = 0x80070645, Result = Failed, Reboot required = false
2009-11-20 13:29:54:968 996 cc0 AU >>## RESUMED ## AU: Installing update [UpdateId = {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}]
2009-11-20 13:29:54:968 996 cc0 AU # WARNING: Install failed, error = 0x80070643 / 0x80070645
2009-11-20 13:29:54:968 2060 17d0 Handler : WARNING: Exit code = 0x8024200B
2009-11-20 13:29:54:968 2060 17d0 Handler :::::::::
2009-11-20 13:29:54:968 2060 17d0 Handler :: END :: Handler: Command Line Install
2009-11-20 13:29:54:968 2060 17d0 Handler :::::::::::::
2009-11-20 13:29:55:062 996 374 Agent *********
2009-11-20 13:29:55:062 996 cc0 AU Install call completed.
2009-11-20 13:29:55:062 996 374 Agent ** END ** Agent: Installing updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:55:062 996 cc0 AU # WARNING: Install call completed, reboot required = No, error = 0x00000000
2009-11-20 13:29:55:062 996 374 Agent *************
2009-11-20 13:29:55:062 996 cc0 AU #########
2009-11-20 13:29:55:062 996 cc0 AU ## END ## AU: Installing updates [CallId = {31F538C2-6A77-4D02-ADB0-B46C9DB6F16F}]
2009-11-20 13:29:55:062 996 cc0 AU #############
2009-11-20 13:29:55:077 996 cc0 AU Install complete for all calls, reboot NOT needed
2009-11-20 13:29:55:077 996 cc0 AU Setting AU scheduled install time to 2009-11-21 08:00:00
2009-11-20 13:29:55:077 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:55:077 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:55:077 996 cc0 AU Triggering Offline detection (non-interactive)
2009-11-20 13:29:55:077 996 145c AU #############
2009-11-20 13:29:55:077 996 145c AU ## START ## AU: Search for updates
2009-11-20 13:29:55:077 996 145c AU #########
2009-11-20 13:29:55:077 996 145c AU <<## SUBMITTED ## AU: Search for updates [CallId = {C78CB5D7-C7DF-40FF-BF1A-75C27E7B8E60}]
2009-11-20 13:29:55:077 996 17ec Agent *************
2009-11-20 13:29:55:077 996 17ec Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:55:077 996 17ec Agent *********
2009-11-20 13:29:55:077 996 17ec Agent * Online = No; Ignore download priority = No
2009-11-20 13:29:55:077 996 17ec Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2009-11-20 13:29:55:077 996 17ec Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2009-11-20 13:29:55:077 996 17ec Agent * Search Scope = {Machine}
2009-11-20 13:29:56:029 996 17ec Agent Update {27C500FE-CD2C-476C-A83B-65BD710E7134}.100 is pruned out due to potential supersedence
2009-11-20 13:29:56:029 996 17ec Agent Update {822EAA24-DC4E-49E7-BAF2-F903F825ECB8}.100 is pruned out due to potential supersedence
2009-11-20 13:29:56:029 996 17ec Agent Update {FB7FB441-B8AE-4A1A-9239-E84D3D2EB9A2}.100 is pruned out due to potential supersedence
2009-11-20 13:29:56:029 996 17ec Agent * Added update {1B6B6E87-FFFB-40F1-BEFB-6411FD142719}.100 to search result
2009-11-20 13:29:56:029 996 17ec Agent * Found 1 updates and 54 categories in search; evaluated appl. rules of 179 out of 1357 deployed entities
2009-11-20 13:29:56:029 996 17ec Agent *********
2009-11-20 13:29:56:029 996 17ec Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-11-20 13:29:56:029 996 17ec Agent *************
2009-11-20 13:29:56:045 996 cc0 AU >>## RESUMED ## AU: Search for updates [CallId = {C78CB5D7-C7DF-40FF-BF1A-75C27E7B8E60}]
2009-11-20 13:29:56:045 996 cc0 AU # 1 updates detected
2009-11-20 13:29:56:045 996 cc0 AU WARNING: AU ignoring update during offline scan:
2009-11-20 13:29:56:045 996 cc0 AU #########
2009-11-20 13:29:56:045 996 cc0 AU ## END ## AU: Search for updates [CallId = {C78CB5D7-C7DF-40FF-BF1A-75C27E7B8E60}]
2009-11-20 13:29:56:045 996 cc0 AU #############
2009-11-20 13:29:56:045 996 cc0 AU Featured notifications is disabled.
2009-11-20 13:29:56:045 996 cc0 AU Setting AU scheduled install time to 2009-11-21 08:00:00
2009-11-20 13:29:56:045 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:56:045 996 cc0 AU Successfully wrote event for AU health state:0
2009-11-20 13:29:59:976 996 17ec Report REPORT EVENT: {526E06B8-0384-488D-B28A-9899AFC0976B} 2009-11-20 13:29:54:968-0500 1 182 101 {1B6B6E87-FFFB-40F1-BEFB-6411FD142719} 100 80070643 AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Client Security - KB915597 (Definition 1.71.56.0).
2009-11-20 13:30:00:085 996 17ec Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2009-11-20 13:30:00:085 996 17ec Report WER Report sent: 7.4.7600.226 0x80070643 1B6B6E87-FFFB-40F1-BEFB-6411FD142719 Install 101 Managed
2009-11-20 13:30:00:085 996 17ec Report CWERReporter finishing event handling. (00000000)
2009-11-20 13:39:46:146 996 17ec Report Uploading 4 events using cached cookie, reporting URL = http://wsus2.domain.local/ReportingWebService/ReportingWebService.asmx
2009-11-20 13:39:46:161 996 17ec Report Reporter successfully uploaded 4 events. it appears that this is going to be an ongoing problem:
I've referred this thread to the WSUS Product Group, to a PM responsible for content QA, to see if this is a defect in the metadata that's being unnecessarily replicated in subsequent FCS packages.
Also, I have a planned FCS rollout in my own network; I'll see what I can do to expedite portions of that, particularly my own Win7 desktop, and maybe be able to reproduce and/or isolate this issue.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.comI am a member of the antimalware team and we are looking into the issue.
In order to help us understand the cause can you please try running the following script.
Please save it is a .vbs on the computer which has issues.
Open cmd, go to the directory where you have stored the script. Type Cscript <filename>.vbs.
Then type fcsv1.txt. please reply back with the result you receive in the txt.
Option Explicit Public installer, fullmsg, comp, prod, a, fso, pname, ploc, pid,contxt, sid, psorce, pcache Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.CreateTextFile("fcsv1.txt", True) Dim fcsv1 fcsv1 = Array("{0adcbd6a-e1b3-4b8d-aafd-ecd8e41dedab}",_ "{463854ba-54fb-4842-93f9-7a2b4de6d06c}",_ "{8c4a926c-4ed7-4972-91aa-d36d5f29537e}",_ "{9ed3b78f-7fc0-44e3-9de1-4595734b4acf}",_ "{436028CD-6476-4224-9274-8F0320F30FD1}",_ "{D3E31640-DC20-4722-A1CF-604FF6C540B0}",_ "{e8b56b30-a826-11db-8c83-0011430c73a4}",_ "{e8b56b31-a826-11db-8c83-0011430c73a4}",_ "{e8b56b32-a826-11db-8c83-0011430c73a4}",_ "{e8b56b33-a826-11db-8c83-0011430c73a4}",_ "{e8b56b34-a826-11db-8c83-0011430c73a4}",_ "{e8b56b35-a826-11db-8c83-0011430c73a4}",_ "{e8b56b36-a826-11db-8c83-0011430c73a4}",_ "{e8b56b37-a826-11db-8c83-0011430c73a4}",_ "{e8b56b38-a826-11db-8c83-0011430c73a4}",_ "{e8b56b39-a826-11db-8c83-0011430c73a4}",_ "{B8669DB6-AF84-466D-BBEA-02B7CAC70A7A}",_ "{69AE4E7E-BB3A-4FEC-B5E5-BEC61E0E1281}",_ "{ABF14E4A-F48F-454D-BAA4-85F80E6C7F2C}",_ "{67E4DA28-0D51-433E-97E6-3FE0E5FB1194}",_ "{4C630915-0ADB-431B-8D55-FC193EFBBF3E}",_ "{C22E91EC-EE44-48E6-9DC4-A5F974FA03C3}",_ "{50391F9C-82FF-458F-A77B-DEF724E6140D}",_ "{2DF2E496-D3B7-4A6F-A341-6DE48FDFEF0A}",_ "{DDCD95B5-7230-462F-9889-7EBBEE74123C}",_ "{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}",_ "{7183D4C0-7FCB-40E0-823A-C2F30B04677E}",_ "{4D4FC0FF-F197-401F-842E-E118F1D2647E}",_ "{63540B42-D7CB-49CB-BA64-73F6959AC861}") ' Connect to Windows Installer object Set installer = CreateObject("WindowsInstaller.Installer") a.writeline ("Products") 'on error resume next For Each prod In installer.ProductsEx("", "", 7) Dim code For Each code in fcsv1 if code = prod.ProductCode then pid = prod.ProductCode contxt = prod.Context sid = prod.usersid pname = prod.InstallProperty("InstalledProductName") psorce = prod.InstallProperty( "InstallSource") ploc = prod.InstallProperty( "InstallLocation") pcache = prod.InstallProperty("LocalPackage") a.writeline (pid & " " & pname & " installed at <" & ploc & "> from " & psorce & " Context " & contxt & " Cached at " & pcache) end if Next Nextthe results are rather boring... just the word "products":
c:\Temp>cscript fcsv1.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.c:\Temp>dir
Volume in drive C has no label.
Directory of c:\Temp
11/23/2009 07:34 AM <DIR> .
11/23/2009 07:34 AM <DIR> ..
11/23/2009 07:34 AM 10 fcsv1.txt
11/22/2009 10:24 PM 2,448 fcsv1.vbs
2 File(s) 2,458 bytes
2 Dir(s) 26,305,667,072 bytes free
c:\Temp>type fcsv1.txt
Products- Thanks.
Can you please also let us know what all is present along with the values under this particular registry key SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\
C:\> reg query "HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0" /sERROR: The system was unable to find the specified registry key or value.
Hello CSP122,
We have been researching this issue internally at Microsoft in response to your posting. We believe that we have an understanding of what is happening, and it appears to be tied to FCS policy. We would like to ensure that our understanding matches your configuration. Can you answer the following questions:
· Do you have FCS policy deployed to your affected client computers?
· If so, Is it accurate that the computers which are being offered FCS definitions, which do not have the client installed, have received the FCS policy published from the management console?
Rephrased: Did you intended the affected clients to receive FCS policy but not definitions or the client deployment package?· Have you attempted to undeploy/block policy from being applied to the affected clients (with FCS)? If so, does that stop the offering cycle?
· When would you say that the problem started? Last week?
I believe there was a typo in Ruby’s post, can you look for this registry key:
reg query "HKLM\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0" /s
Thank you,
Craig Wiand
Microsoft Forefront Escalation Engineer
Forefront Client Security Support- 回答としてマークEric Zhang - MSFTMSFT, モデレータ2009年11月27日 6:11
- 回答としてマークされていないLawrence GarvinMVP, モデレータ2009年11月27日 19:03
fcs policy is deployed to most of the clients that are reporting this error, however, not all... i'll try to get more concrete info.
on the workstations, we have traditionally been a sav shop, but since 2008, we've been migrating our servers to fcs. the workstations that are running fcs belong to sysadmins on our server team... we also appear to be one of only a couple groups to have been experimenting with win7. earlier in the month we upgraded our wsus 3 to sp2 to accomodate these new win7 & ws08r2 systems. i believe we first began encountering issues with definitions being offered to non-fcs clients on 11/17... we initially attributed the issue to the wsus 3 sp2.
the affected workstations are all laptops, and are currently off-campus for the holiday... i'll have to check their fcs policies on monday.- i still owe you more info on the fcs policy deployment, as well as the registry policy query, but... i checked the wsus console this morning, and none of our win7 clients are reporting errors installing fcs definition updates anymore. weird.
C:\>reg query "HKLM\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0" /sERROR: The system was unable to find the specified registry key or value.
- Is there a resolution to this? We are experiencing similar issues.
- Hi guys,
See, you guys need to move those systems to a separate OU that has no FFC policy or WSUS policy to. The issue is that your computers are pointed to your WSUS using Group policy & since they have no client agent installed on them, the update will fail ofcouse. Or if you are using your default Group policy to point to your update server then its the cause, always create a new policy & apply to the selected computers.
Nura- 回答の候補に設定Nuratech 2010年1月5日 17:03
