Software Updates Services no longer working

From: Jason Gersekowski (jag_at_GOLDENCIRCLE.COM.AU)
Date: 08/18/03

Next message: Glenn Turner: "SUS uses windowsupdate.com"

Previous message: ELLISTER Mark K: "IMPORTANT SECURITY ANNOUNCEMENT - for Windows Users re: Blaster Worm"
Next in thread: Russ: "Re: Software Updates Services no longer working"
Maybe reply: Russ: "Re: Software Updates Services no longer working"
Maybe reply: Tom Geairn: "Re: Software Updates Services no longer working"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Mon, 18 Aug 2003 12:09:17 +1000
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello all,

I have just been testing a deployment of Microsoft Software Update
Services over the last few days and have found that it has suddenly
decided to break this morning after doing asynchronize with the
Microsoft Servers. Below are some extracts of the working logs from
Friday and the now defunct logs :

Friday IIS Log :

2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 HEAD /iuident.cab
0308162227 200 Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 GET /iuident.cab
0308162227 200 Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 HEAD
/selfupdate/AU/x86/W2K/en/wuaucomp.cab 0308162227 200
Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 GET
/selfupdate/AU/x86/W2K/en/wuaucomp.cab 0308162227 200
Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 HEAD /iuident.cab
0308162227 200 Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 GET /wutrack.bin
V=1&U=b5427acc134d9c4ab810c72515ddd2f2&C=iu&A=n&I=&D=&P=5.0.893.2.0.3.0&
L=en-US&S=s&E=00000000&M=&X=030816222700742 200 Industry+Update+Control
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-08-16 22:27:00 172.16.150.117 - 172.16.150.117 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-08-16 22:27:01 172.16.150.117 - 172.16.150.117 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-08-16 22:27:01 172.16.150.117 - 172.16.150.117 80 GET /wutrack.bin
V=1&U=b5427acc134d9c4ab810c72515ddd2f2&C=au&A=d&I=&D=&P=5.0.893.2.0.3.0&
L=en-US&S=s&E=00000000&M=items%3D0&X=030816222702180 200
Industry+Update+Control

Monday IIS Log :

2003-08-18 02:02:05 172.16.150.117 - 172.16.150.117 80 HEAD /iuident.cab
0308180202 200 Industry+Update+Control
2003-08-18 02:02:05 172.16.150.117 - 172.16.150.117 80 GET /iuident.cab
0308180202 200 Industry+Update+Control
2003-08-18 02:02:05 172.16.150.117 - 172.16.150.117 80 HEAD
/selfupdate/AU/x86/W2K/en/wuaucomp.cab 0308180202 200
Industry+Update+Control
2003-08-18 02:02:05 172.16.150.117 - 172.16.150.117 80 GET
/selfupdate/AU/x86/W2K/en/wuaucomp.cab 0308180202 200
Industry+Update+Control
2003-08-18 02:02:07 172.16.150.117 - 172.16.150.117 80 HEAD /iuident.cab
0308180202 200 Industry+Update+Control
2003-08-18 02:02:07 172.16.150.117 - 172.16.150.117 80 GET /wutrack.bin
V=1&U=b5427acc134d9c4ab810c72515ddd2f2&C=iu&A=n&I=&D=&P=5.0.893.2.0.3.0&
L=en-US&S=s&E=00000000&M=&X=030818020207182 200 Industry+Update+Control
2003-08-18 02:02:07 172.16.150.117 - 172.16.150.117 80 GET
/<Rejected-By-UrlScan>
~/v4.windowsupdate.microsoft.com/autoupdate/getmanifest.asp 404
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-08-18 02:02:07 172.16.150.117 - 172.16.150.117 80 GET /wutrack.bin
V=1&U=b5427acc134d9c4ab810c72515ddd2f2&C=au&A=d&I=&D=&P=5.0.893.2.0.3.0&
L=en-US&S=f&E=80190194&M=&X=030818020207775 200 Industry+Update+Control

The client logs also show similar messages that reflect "404 File Not
Found" messages.

Anyone else getting similar log messages ?

Cheers,

Jason Gersekowski
Golden Circle Limited

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Next message: Glenn Turner: "SUS uses windowsupdate.com"

Previous message: ELLISTER Mark K: "IMPORTANT SECURITY ANNOUNCEMENT - for Windows Users re: Blaster Worm"
Next in thread: Russ: "Re: Software Updates Services no longer working"
Maybe reply: Russ: "Re: Software Updates Services no longer working"
Maybe reply: Tom Geairn: "Re: Software Updates Services no longer working"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]