Re: Windows Update Issue

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/14/04

  • Next message: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
    Date:         Thu, 14 Oct 2004 17:57:50 -0400

    I had hoped that by now I would have had a concrete answer to what the problem is, but alas, nothing yet for sure. Here's my summary of the answers, then some specifics;

    I had 50+ replies indicating they had the "exact same problem", and several indicating similar problems. I decided to go with just the "exact" ones and leave the similarities alone for now.

    Firstly, installing updates on shutdown is a feature of Windows XP SP2. I can't say if some 3rd party tools can do this, but it is for sure a feature of SP2, turned on by default, and the default option when shutting down an SP2 system unless its been turned off (by Group Policy or a registry key.) So, anyone experiencing this "exact" problem already had XP SP2 installed. I didn't see any replies that contradict this.

    Next, many people said they were being delivered XP SP2...AGAIN! This alone could explain the problems seen. Sean Patterson said that his machine was seemingly dead for 8 hours before it finally shutdown itself and rebooted cleanly. Downloading and installing SP2 could easily take that long. Mark Vinten, however, reported that his machine was still seemingly dead 24 hours after he had attempted to shutdown, meaning this may not be the issue.

    Many people talked about the GDI+ license issue, this appears to be associated with the GDI+ Detection Tool that MS released via WU/AU last month. The license question appears behind another dialog, so you don't see it. I seriously doubt this is the issue being seen with the Shutdown, but many are firmly convinced that is where the problem lies.

    If it is, then Microsoft has seriously screwed up and, as a result, many people have turned off Automatic Updates as a result.

    Almost everyone gave similar recovery methods. They simply powered off the computer and rebooted. Almost all saw no ill side-effects, but two people indicated that after the reboot they had no Windows Shell show up. Those two did a CTRL-ALT-DEL and got Task Manager up, and then recovered (one by running Setup from the XP CD, the other by invoking a CMD prompt and making changes.) As for everyone else, after they were back up they went to the WU site and manually installed the updates correctly and all was well.

    Interestingly, nobody reported the contents of their %Windows%\WindowsUpdate.log file. Maybe its because its too hard to figure out what it says...or just too hard to find out about it in the first place.

    I haven't performed an Install Updates on Shutdown myself, my AU clients are scheduled to install and they did. I think one of my machines was typical, it downloaded;

    Microsoft GDI+ Detection Tool (KB873374)
    Critical Update for Office XP on Windows XP Service Pack 2 (KB885884)
    Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 (KB834707)

    Seems to match with what others saw, and seems to add support to the theory that the GDI+ Detection Tool license agreement is the culprit.

    One thought I had, when AU is enabled and you receive a download that requires the user to accept an End User License Agreement (EULA), the AU Help FAQ states;

    "Will I need to accept an End User License Agreement (EULA)?

    Sometimes. Some updates require you to accept a EULA before the updates can be installed. These updates can not be automatically installed so an alert and the Windows Update icon will appear in the notification area to let you know that updates are ready to be installed. Click the icon to view and accept the EULA for these updates and then install them."

    Now, presumably there may be a switch or something that AU detects differently about machines which have specified a scheduled installation day/time, versus those that haven't. It could be that you aren't prompted when you have it scheduled to install?? So, for those that are doing the Install Updates on Shutdown method, it could be that the notification was in the system tray indicating you had to accept a EULA prior to shutting down. Since you didn't, it fails as described. This would be incredibly stupid, but could be an explanation.

    Keep your eyes open for that notification.

    Meanwhile, if someone from Microsoft happens to read NTBugtraq, and can get someone there to tell us what they're saying to your other customers, I'm sure there's somewhere near 30,000 people here who'd love to hear it!

    Russ - Senior Scientist/NTBugtraq Editor
    TruSecure Corporation

    NTBugtraq Editor's Note:
    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.

  • Next message: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"