locked
MBSA 2.1.1 (win 7 x64 -> win 2003 server R2 x86) - older version error? RRS feed

  • Question

  • Hi,

    I hope this is the right place for this question.

    I am trying to run a remote scan from a windows 7 x64 client to a Windows 2003 R2 server x86. However I receive the following error

    • Computer has an older version of the client and security database demands a newer version. Current version is and minmum required version is 5.8.0.2678.

    I have looked up this error and it says that the windows update agent is out of date. I have downloaded the latest WUA installer

    windowsupdateagent30-x86.exe

    And I tired to install on the windows 2003 server, it said it didnot need to be upodated, so I forced an install using /wuforce. However this has made no difference.

    I have tried installing MBSA on the target machine (2003 R2). I have run a local MBSA Scan and this works fine.

    I have tried a remote scan from an XP x86 machine to the 2003 R2 server and this has run ok. 

    Firewalls are not running, so donot believe it is this and as the xp remote scan worked I believe everything is in place.

    Can any one suggest anything?

    In addition the scan from the windows 7 x64 machine can happily scan a number of other machines (windows 2000 servers, windows 2008 x86/x64 servers).

    Thanks

    Wednesday, May 26, 2010 1:50 AM

Answers

  • Hi,

     

    Thank you for the post.

     

    Before going any further, please perform the following steps:

    1.Ensure that the account doing the scanning is a local admin on both the local and remote systems
    2.Ensure the following Services are set to Automatic and Started on both local and remote systems.
    - Server service,
    - Remote Registry service
    - Automatic Updates Service
    - File and Print Sharing service for the NIC interface is enabled (checkmarked)

    3. On the Remote machine: Configure Firewall in the Exceptions TAB:
    - Checkmark on: File and Printer Sharing (Ports TCP 139, 445 and UDP 137, 138
    selected)
    - Created Entry: MBSA-135 (TCP 135)
    - Created Entry: MBSA-2112 (TCP 2112) note: this is the static Endpoint port
    you will create for the WUA Dcom in step 4 below...

    4. Configure a static Dcom Endpoint port for the Windows Update Agent (WUA)
    - Open Dcomcnfg
    - Drill down to Component Services\Computers\My Computer\DCOM Config\Windows Update Agent - Remote Access
    - Right-click "Windows Update Agent - Remote Access" and choose Properties
    - Under the "Endpoints" TAB, Click Add
    - Protocol Sequence = Connection-oriented TCP/IP
    - Use static endpoint = 2112 (or whatever port you want as long as you create a
    Firewall rule to allow it)

    5. Install the latest AU agent on both local and remote systems
    Note: You may need to re-install it on the remote system using the /WUFORCE commandline switch

     

    Regards,


    Nick Gu - MSFT
    Friday, May 28, 2010 6:42 AM

All replies

  • Hi,

     

    Thank you for the post.

     

    Before going any further, please perform the following steps:

    1.Ensure that the account doing the scanning is a local admin on both the local and remote systems
    2.Ensure the following Services are set to Automatic and Started on both local and remote systems.
    - Server service,
    - Remote Registry service
    - Automatic Updates Service
    - File and Print Sharing service for the NIC interface is enabled (checkmarked)

    3. On the Remote machine: Configure Firewall in the Exceptions TAB:
    - Checkmark on: File and Printer Sharing (Ports TCP 139, 445 and UDP 137, 138
    selected)
    - Created Entry: MBSA-135 (TCP 135)
    - Created Entry: MBSA-2112 (TCP 2112) note: this is the static Endpoint port
    you will create for the WUA Dcom in step 4 below...

    4. Configure a static Dcom Endpoint port for the Windows Update Agent (WUA)
    - Open Dcomcnfg
    - Drill down to Component Services\Computers\My Computer\DCOM Config\Windows Update Agent - Remote Access
    - Right-click "Windows Update Agent - Remote Access" and choose Properties
    - Under the "Endpoints" TAB, Click Add
    - Protocol Sequence = Connection-oriented TCP/IP
    - Use static endpoint = 2112 (or whatever port you want as long as you create a
    Firewall rule to allow it)

    5. Install the latest AU agent on both local and remote systems
    Note: You may need to re-install it on the remote system using the /WUFORCE commandline switch

     

    Regards,


    Nick Gu - MSFT
    Friday, May 28, 2010 6:42 AM
  • This is in the wrong forum.. is there a forum for MBSA odd's are it would be better to post this there.

    Nice there isn't an MBSA forum :)

    Any chance there is something different router/port wise between this win7<->win2003 box then the win7<->other os's that work?


    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde

    Friday, May 28, 2010 6:46 PM
  • Hi,

     

    Thank you for the post.

     

    Before going any further, please perform the following steps:

    1.Ensure that the account doing the scanning is a local admin on both the local and remote systems
    2.Ensure the following Services are set to Automatic and Started on both local and remote systems.
    - Server service,
    - Remote Registry service
    - Automatic Updates Service
    - File and Print Sharing service for the NIC interface is enabled (checkmarked)

    3. On the Remote machine: Configure Firewall in the Exceptions TAB:
    - Checkmark on: File and Printer Sharing (Ports TCP 139, 445 and UDP 137, 138
    selected)
    - Created Entry: MBSA-135 (TCP 135)
    - Created Entry: MBSA-2112 (TCP 2112) note: this is the static Endpoint port
    you will create for the WUA Dcom in step 4 below...

    4. Configure a static Dcom Endpoint port for the Windows Update Agent (WUA)
    - Open Dcomcnfg
    - Drill down to Component Services\Computers\My Computer\DCOM Config\Windows Update Agent - Remote Access
    - Right-click "Windows Update Agent - Remote Access" and choose Properties
    - Under the "Endpoints" TAB, Click Add
    - Protocol Sequence = Connection-oriented TCP/IP
    - Use static endpoint = 2112 (or whatever port you want as long as you create a
    Firewall rule to allow it)

    5. Install the latest AU agent on both local and remote systems
    Note: You may need to re-install it on the remote system using the /WUFORCE commandline switch

     

    Regards,


    Nick Gu - MSFT

    This the most precise description I've read so far, worked great for me, thank you !!

     

    btw this is the error I recieved:

     

    Scanned with MBSA version: 2.1.2104.0

    Catalog synchronization date: 

     

      Security Updates Scan Results

      Issue:  Security Updates

      Score:  Unable to scan

      Result: An error occurred while scanning for security updates. (0x800706cc)

     

     

    • Edited by David Arborg Monday, August 23, 2010 1:23 PM more info
    Monday, August 23, 2010 12:51 PM