SUS Doesn’t Work Since Friday 15th August

Goto the SUS Home Page
 

Contributed By: Cliff Hobbs [MVP SMS]
This article highlights a problem that was discovered over the past weekend with SUS Clients not being able to contact their SUS Server. The issue has been resolved, but for future reference the problem and the solution are documented here.

I am having trouble getting my clients to connect to my SUS server.  I am running SUS 1/SP1 on a W2K SP3 call "susserver".  The SUS server synchs fine and approvals work fine.  I have multiple XP/SP1 clients and I'm using GPOs to distributed the SUS settings.

Attached below is the log from one of the clients. You can see that the URL to access the SUS catalog contains BOTH my SUS server name and 'v4.windowsupdate.microsoft.com'. Any ideas on why this might be happening?

I've also include the client registry settings and a snippet from the IIS log.

===== Client log ==============================
2003-08-16 22:19:22 02:19:22 Success IUCTL Starting
2003-08-16 22:19:22 02:19:22 Success IUCTL Downloaded iuident.cab from http://susserver to C:\Program Files\WindowsUpdate\V4
2003-08-16 22:19:22 02:19:22 Success IUENGINE Starting
2003-08-16 22:19:23 02:19:23 Success IUENGINE Determining machine configuration
2003-08-16 22:19:23 02:19:23 Error IUENGINE Querying software update catalog from http://susserver/v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp
(Error 0x80190194)
2003-08-16 22:19:23 02:19:23 Success IUENGINE Shutting down
2003-08-16 22:19:23 02:19:23 Success IUCTL Shutting down

===== Client registry ===========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update]
"AUOptions"=dword:00000001
"AUState"=dword:00000002
"DetectionStartTime"="2003.08.16 11:30:48"
"LastWaitTimeout"="2003.08.17 07:19:23"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://susserver"
"WUStatusServer"="http://susserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000e
"UseWUServer"=dword:00000001

===== Snipped from susserver IIS log ===========
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 HEAD /iuident.cab 0308170224 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 GET /iuident.cab 0308170224 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 HEAD /selfupdate/AU/x86/XP/en/wuaucomp.cab 0308170224 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 GET /selfupdate/AU/x86/XP/en/wuaucomp.cab 0308170224 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 HEAD /iuident.cab 0308170224 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 GET /wutrack.bin V=1&U=047c99445bf28347a8cb52cac108b470&C=iu&A=n&I=&D=&P=5.1.a28.2.100.1.0&L=en-US&S=s&E=00000000&M=&X=030817022435975 200 Industry+Update+Control
2003-08-17 02:24:35 192.168.2.22 - 192.168.2.1 80 POST /v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp – 405 Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-08-17 02:24:36 192.168.2.22 - 192.168.2.1 80 GET /wutrack.bin V=1&U=047c99445bf28347a8cb52cac108b470&C=au&A=d&I=&D=&P=5.1.a28.2.100.1.0&L=en-US&S=f&E=80190195&M=&X=030817022436436 200 Industry+Update+Control

Contributed By: Scott Korman
Since the update to the IUIDENT.CAB file yesterday (Friday), to provide protection from the W32.Blaster.Worm virus, it appears that the AutoUpdate client is appending the traditional URL into the request. The first check-in was OK, but subsequent check-in's have the error.

Visiting windowsupdate.microsoft.com, it logs an entry to:
https://a248.e.akamai.net/v4.windowsupdate.microsoft.com/getmanifest.asp

When the AutoUpdate check's into a local SUS Server, the entry is:
http://xavier/v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp (Error 0x80190194)

this directory structure does not exist, so the result is 404 error

I am seeing the same error on:
- WinXP-noSP-WUAU22
- Win2000-SP3

For those with an old copy to compare, you will notice the change in the '[IUServerCache]' section of the file, where requests are now sent through akamai.net servers.

At this time, computers with this version of the IUIDENT.CAB file (15-Aug-2003) will not update correctly from a SUS Server. Once fixed, the clients will obtain a new version and update as expected.

Contributed By: Don Cottam
 I apologize for this problem and will take steps to prevent this from ever happening again.

New SUS cabs have been made available to correct the problem with the malformed URL to the SUS server, which caused the client machines to fail to communicate. Please re-synch your SUS servers to pick up the change.

Please note that this was only a change to the IUIDENT.CAB file, and none of the content (patches) have changed at all.

One proposed solution whilst we worked on updating the AUCATALOG*.CAB files with a new IUIDENT.CAB, was to obtain a copy of an old IUIDENT.CAB from a machine/ backup.

If you decided to do this as a temporary workaround, after putting the older IUIDENT.CAB on your SUS server, you would need to delete the newer one that exists on the client machines in %program files%\WindowsUpdate\V4\ and also the \V4\Temp directory (if it exists). The reason for that is because once a client machine has downloaded an IUIDENT.CAB, it won't re-download an older one (with an older timestamp).

You can't just change the timestamp, either, since the file is digitally signed. The suggested work-around is valid, so long as you’re aware of the above.
 
© FAQShop.com 2003 - 2008

Goto the SUS Home Page

 Email the Author