Problems with wsus offline updates

Discussion:

Nestor Desia

2009-12-23 14:56:57 UTC

Hi all,

On same of my 100 machines, wsus offline doesn't work properly, I'm using wpkg to deploy wsus offline updates, the installer used is from http://wpkg.org/Heise_Offline-Update, the wsus offline scripts are version 6.3, in some of the machines, the log shows "No Updates found", but if I run the wsus offline script from the Workstation, then, the script finds and installs the updates without problems. So the problem is when the scripts runs in the wpkg context. Here is an example of the log,

23/12/2009 9:02:00,60 - Info: Starting WSUS offline update (v. 6.3) on EC161001 (user: )

23/12/2009 9:02:02,76 - Info: Found OS caption 'Microsoft Windows XP Professional'

23/12/2009 9:02:02,79 - Info: Found Microsoft Windows version 5.1.2600 (wxp x86 esn sp3)

23/12/2009 9:02:02,82 - Info: Found Windows Update Agent version 7.4.7600.226

23/12/2009 9:02:02,85 - Info: Found Windows Installer version 4.5.6001.22159

23/12/2009 9:02:02,90 - Info: Found Windows Script Host version 5.8.6001.18702

23/12/2009 9:02:02,93 - Info: Found Internet Explorer version 8.0.6001.18702

23/12/2009 9:02:02,96 - Info: Found Microsoft Data Access Components version 2.81.1132.0

23/12/2009 9:02:03,00 - Info: Found Microsoft DirectX version 4.09.00.0904 (9.0c)

23/12/2009 9:02:03,03 - Info: Found Microsoft .NET Framework 3.5 version 0...

23/12/2009 9:02:03,04 - Info: Found Windows Media Player version 9.0.0.4507

23/12/2009 9:02:03,10 - Info: Found Microsoft Office 2003 Word version 11.0.8313.0 (o2k3 esn sp3)

23/12/2009 9:02:03,51 - Info: Medium supports Microsoft Windows (wxp esn)

23/12/2009 9:02:03,59 - Info: Medium supports Microsoft Office (o2k3 esn)

23/12/2009 9:02:05,39 - Info: Detected state of service 'automatic updates': Running (start mode: Auto)

23/12/2009 9:03:36,25 - Warning: Update KB951847 not found

23/12/2009 9:03:48,42 - Warning: Any missing update was either black listed or not found

23/12/2009 9:03:48,59 - Info: Ending update

Anybody have any idea of how can I solve this issue ?

Many thanks,

Néstor E. Desia

Bill Prentice

2009-12-30 02:48:43 UTC

Permalink

Perhaps it's already been answered, and it's only related to WPKG, but
my Google-fu is weak today. I have 4 machines that are not domain
members and I want to use WPKG to deploy packages to them.

My package share is set both share and NTFS permissions with
Everyone-Read/Execute.

WPKG checks in no problem and gets the list of packages (because I
supplied it with credentials for a domain service account) but when it
tries to run a package it comes back with an error (which varies
depending on what the software is - 1619 in the case of an MSI).
Essentially what is happening is my 2003r2 package-hosting domain-member
server is asking for a user ID and password to access the share even
with Everyone set on it. As near as I can figure WPKG is using the
domain credentials to access the package and profile XMLs but is using
the machine for getting the actual package installer.

Has anyone found a work-around or solution for this scenario? Making
these machines domain members is not an option at this point.

________________________________

Kind regards,

Bill Prentice

Tomasz Chmielewski

2009-12-30 07:55:54 UTC

Permalink

Post by Bill Prentice
WPKG checks in no problem and gets the list of packages (because I
supplied it with credentials for a domain service account) but when it
tries to run a package it comes back with an error (which varies
depending on what the software is – 1619 in the case of an MSI).
Essentially what is happening is my 2003r2 package-hosting domain-member
server is asking for a user ID and password to access the share even
with Everyone set on it.

--
Tomasz Chmielewski
http://wpkg.org
-------------------------------------------------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

Bill Prentice

2009-12-30 16:58:19 UTC

Permalink

That's what I was looking at but it's a little complicated.

Sserver = script server (this is centralized)
lpserver = local package server (not= sserver)
NDM = non-domain machine

I have one script server, located at my main site. I have a package
server located at each site, including remote sites.

The scenario is NDM should talk to sserver to determine the packages to
check/install. For the packages it talks to lpserver. (I REALLY don't
want to be installing things like Acrobat Reader to multiple machines
across a T1 link).

NDM talks to sserver fine. It's when it talks to lpserver that's the
problem. I can't set an execution context user and password that is a
domain user because then it won't execute on NDM. But, I can't get NDM
to the packages on lpserver since "SYSTEM" on NDM is not being seen as
part of the built-in security identifier "EVERYONE" which has read,
list, and read/execute on the package folder on lpserver. (<side rant> -
hey MS, if "everyone" is supposed to be everyone why is it allowing only
domain users ?</rant>)

If on NDM I open a windows explorer window, manually open the package
folder (supplying proper domain credentials), then restart the
wpkgservice service everything goes fine.

If it comes down to it I supposed I could set up some sort of task to
copy the host, package, and profile XML files to a local script server
and repoint my clients to that but that would be a less than elegant
solution and would introduce the potential for failure if that scheduled
task starts failing to run.

________________________________

Kind regards,

Bill Prentice
-----Original Message-----
From: Tomasz Chmielewski [mailto:***@wpkg.org]
Sent: Wednesday, 30 December, 2009 02:56
To: Bill Prentice
Cc: wpkg-***@lists.wpkg.org
Subject: Re: [wpkg-users] Deploy packages to non-domain members not
working

Post by Bill Prentice
WPKG checks in no problem and gets the list of packages (because I
supplied it with credentials for a domain service account) but when it
tries to run a package it comes back with an error (which varies
depending on what the software is - 1619 in the case of an MSI).
Essentially what is happening is my 2003r2 package-hosting

domain-member

Post by Bill Prentice
server is asking for a user ID and password to access the share even
with Everyone set on it.

--
Tomasz Chmielewski
http://wpkg.org
-------------------------------------------------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

Bill Prentice

2009-12-30 17:02:44 UTC

Permalink

On a side note - if I run a really small package (i.e. 1-2MB) from
sserver (which is my package server for my main site) to NDM, it does
process the package and install it. But as I said below I really don't
want to be installing a 20+MB package across a t1 to 30+ machines.

________________________________

Kind regards,

Bill Prentice

-----Original Message-----
From: wpkg-users-***@lists.wpkg.org
[mailto:wpkg-users-***@lists.wpkg.org] On Behalf Of Bill Prentice
Sent: Wednesday, 30 December, 2009 11:58
To: wpkg-***@lists.wpkg.org
Subject: Re: [wpkg-users] Deploy packages to non-domain members not
working

That's what I was looking at but it's a little complicated.

Sserver = script server (this is centralized)
lpserver = local package server (not= sserver)
NDM = non-domain machine

I have one script server, located at my main site. I have a package
server located at each site, including remote sites.

The scenario is NDM should talk to sserver to determine the packages to
check/install. For the packages it talks to lpserver. (I REALLY don't
want to be installing things like Acrobat Reader to multiple machines
across a T1 link).

NDM talks to sserver fine. It's when it talks to lpserver that's the
problem. I can't set an execution context user and password that is a
domain user because then it won't execute on NDM. But, I can't get NDM
to the packages on lpserver since "SYSTEM" on NDM is not being seen as
part of the built-in security identifier "EVERYONE" which has read,
list, and read/execute on the package folder on lpserver. (<side rant> -
hey MS, if "everyone" is supposed to be everyone why is it allowing only
domain users ?</rant>)

If on NDM I open a windows explorer window, manually open the package
folder (supplying proper domain credentials), then restart the
wpkgservice service everything goes fine.

If it comes down to it I supposed I could set up some sort of task to
copy the host, package, and profile XML files to a local script server
and repoint my clients to that but that would be a less than elegant
solution and would introduce the potential for failure if that scheduled
task starts failing to run.

________________________________

Kind regards,

Bill Prentice
-----Original Message-----
From: Tomasz Chmielewski [mailto:***@wpkg.org]
Sent: Wednesday, 30 December, 2009 02:56
To: Bill Prentice
Cc: wpkg-***@lists.wpkg.org
Subject: Re: [wpkg-users] Deploy packages to non-domain members not
working

Post by Bill Prentice
WPKG checks in no problem and gets the list of packages (because I
supplied it with credentials for a domain service account) but when it
tries to run a package it comes back with an error (which varies
depending on what the software is - 1619 in the case of an MSI).
Essentially what is happening is my 2003r2 package-hosting

domain-member

Post by Bill Prentice
server is asking for a user ID and password to access the share even
with Everyone set on it.

Error 1619 with MSI means "package not found", and as you said, is a
consequence of your server asking for username/password.

Problem is not really related to WPKG - as it would happen without WPKG,

too, when accessing any other file.

Either figure out why your server keeps asking for username/password, or

make your clients use username/password (i.e. you can do it with WPKG
Client).
--
Tomasz Chmielewski
http://wpkg.org
------------------------------------------------------------------------
-
wpkg-users mailing list archives >>
http://lists.wpkg.org/pipermail/wpkg-users/
_______________________________________________
wpkg-users mailing list
wpkg-***@lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
-------------------------------------------------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/

Pendl Stefan

2009-12-31 08:52:11 UTC

Permalink

Post by Bill Prentice
On a side note - if I run a really small package (i.e. 1-2MB) from
sserver (which is my package server for my main site) to NDM, it does
process the package and install it. But as I said below I really don't
want to be installing a 20+MB package across a t1 to 30+ machines.

I do have machines, which are not domain members update fine through WPKG, but I use the WPKG-Client to do the connection using a domain user.
I do not have a sub-server either, only one main server at our main site, and the notebooks are only updated, if they are connected to the main network.

Since you are using sub-servers, you may have to install WPKG-Client and use a custom pre-script to check, which server is available and do the connection to the software share manually by this script.

---
Stefan
-------------------------------------------------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/