This forum is closed. Thank you for your contributions.

Remove From My Forums

Aug 2020 wsusscn2.cab reported as damaged or not valid via MBSAcli.exe

Question
0

Sign in to vote

Hi everyone.

we downloaded the latest (Aug 2020) wsusscn2.cab from the link below.

https://support.microsoft.com/en-sg/help/926464/a-new-version-of-the-windows-update-offline-scan-file-wsusscn2-cab-is

When we tried to use the "mbsacli.exe /catalog wsusscn2.cab /wi /nvc /nd"

it report "The catalog file is damaged or an invalid catalog". This did not happen if we used the July copy of the wsusscn2.cab.

But if we use https://gallery.technet.microsoft.com/scriptcenter/Using-WUA-to-Scan-for-f7e5e0be powershell script, there will be result.

MBSA version used is 2.3 (2.3.2211.0).

Anyone got any solution?

Thanks

Wednesday, August 12, 2020 7:36 AM

All replies

0

Sign in to vote

Hi,

You are not alone we are experiencing the same problem. All fine with July's file but reporting damaged or corrupted with the August version.

Hopefully they will notice if enough of us report it.

Wednesday, August 12, 2020 1:17 PM
0

Sign in to vote

SHA-1 has been removed as of end of July 2020. I think this could be the issue.

https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

https://support.microsoft.com/en-us/help/4569557/windows-update-sha-1-based-endpoints-discontinued

Thursday, August 13, 2020 11:28 AM
0

Sign in to vote

SHA-1 has been removed as of end of July 2020. I think this could be the issue.

https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

https://support.microsoft.com/en-us/help/4569557/windows-update-sha-1-based-endpoints-discontinued

I am not sure that is the problem. Windows 10 has already been accounted for in the SHA-2 signing and it only affects the older operating systems "Windows 7, Windows 7 SP1, Windows Server 2008, Windows Server 2008 SP2, Windows Server 2008 R2, Windows Server 2008 R2 SP1".

I have the same problem on Windows 10 (1903) and Jul 2020/earlier worked just fine. It appears that the Aug WSUSSCN2.cab has an issue that prevents it from working.

Thursday, August 13, 2020 2:47 PM
0

Sign in to vote

Offline scan using VB scripting would do it!

Thursday, August 13, 2020 7:56 PM
0

Sign in to vote

Same issue here. Only difference I can see between August and July is they removed the SHA1 Signature in August. I can scan fine using the powershell script above, but trying to use mbsacli or the MBSA GUI, it says corrupted cab file. I sure hope MBSA isin't dead as that's our main source for checking patch compliance as we have a completely offline system.

Thursday, August 13, 2020 11:39 PM
0

Sign in to vote

same issue here. :(
system-admin.Ben.

Friday, August 14, 2020 4:41 AM
0

Sign in to vote
Our problem is scanning offline using MBSA as well. I assume it is configured to check the cab file using SHA-1. As the cab file doesn't include SHA-1 that would be why we are getting the error.

As MBSA is no longer supported by Microsoft it might be time to look for a new solution.

Using the script works on older systems and using WUA on Windows 10 works to, well for us.
- Proposed as answer by Radek Beran Monday, August 17, 2020 6:33 AM
Friday, August 14, 2020 9:58 AM
0

Sign in to vote

Same issue here. Only difference I can see between August and July is they removed the SHA1 Signature in August. I can scan fine using the powershell script above, but trying to use mbsacli or the MBSA GUI, it says corrupted cab file. I sure hope MBSA isin't dead as that's our main source for checking patch compliance as we have a completely offline system.
I need the screenshot graphic of the MBSA to meet compliance with our customer. I am not sure a screenshot of a blank powershell screen will meet compliance for our offline system.

Friday, August 14, 2020 3:07 PM
0

Sign in to vote

Guess we also need to communicate with customer to accept screenshot from the powershell output. No more html output.

Sunday, August 16, 2020 8:56 AM
0

Sign in to vote

Guess we also need to communicate with customer to accept screenshot from the powershell output. No more html output.
I am already thinking that has to be the case. I would put together a document that explains that MS broke MBSA and explain what the new procedure is, provide the script, before and after screenshot of the output and see what they say.

Sunday, August 16, 2020 5:30 PM
0

Sign in to vote

Hello,

of the Wsusscn2.cab file do you know which was the last functional?

Could someone share it with me? The last one I have is from May

thanks for the help

Friday, September 4, 2020 1:24 AM
0

Sign in to vote

The last wsusscan2.cab file that was functional was in July.

The cab file is issued on Patch Tuesday, so the last one before the August bad one, was July 14.

Monday, September 7, 2020 7:31 PM
0

Sign in to vote

Hi everyone, Seems like Sep mbsa cab file have the same issue. Can someone help confirm? Thanks!
system-admin.Ben.

Thursday, September 10, 2020 3:25 AM
0

Sign in to vote

September wsusscn2 file also reports as damage even though the SHA has been re-added.

Thursday, September 10, 2020 7:05 AM
0

Sign in to vote

Yes, Microsoft stopped signing the cab file with a SHA1 signature in August. This will no longer work with MBSA, you have to use the powershell method above.

Thursday, September 10, 2020 3:26 PM
0

Sign in to vote

The SHA1 signature has not been re-added, and it won't be. This will no longer work with MBSA, you have to use the powershell method above.

Thursday, September 10, 2020 3:26 PM
0

Sign in to vote

Do you have instructions?

Wednesday, September 16, 2020 4:24 PM
0

Sign in to vote

Do you have instructions?

Wednesday, September 16, 2020 4:25 PM