LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

April 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS April 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Windows Update Services Requirement
From:	"Atif Azim (atif)" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Sun, 5 Apr 2009 11:29:37 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (80 lines)

Mike D,

Mike S is correct in that this typically happens when the update service
on that machine is broken, however to ascertain this you should take a
look at the agent logs.

When you do have access to the clients, can you look at the agent logs
and see if there is any information there. In order to set the loglevel
to debug, please refer to the following link:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/
45rn.html#wp607061

Please send the agent log to myself and I can have one of our technical
folks take a look and get back to you. Alternatively you can also
forward the logs to TAC and they will follow up with you. 

Regards,
Atif

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Stanclift, Michael
Sent: Saturday, April 04, 2009 11:22 PM
To: [log in to unmask]
Subject: Re: Windows Update Services Requirement

We run our checks like this as well, when students get those errors it
usually is because the update service on their machine is either broken
or somehow disabled. 

Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu
(816) 501-4231
________________________________________
From: Cisco Clean Access Users and Administrators
[[log in to unmask]] On Behalf Of Mike Diggins
[[log in to unmask]]
Sent: Saturday, April 04, 2009 1:27 PM
To: [log in to unmask]
Subject: Windows Update Services Requirement

I'm testing the Windows Update Service in place of the Cisco checks for
Windows patches. I created a new requirement for this (using the
Microsoft update servers, and the Updates to be installed set to
Critical.

        Enforce Type: Mandatory
        Priority: 3
        Remediation Type: Manual, Interval 0, Retry Count 0
        Windows Updates Validation by Severity
        Windows Updates to be Installed: Critical
        (Not checked) Upgrade to Latest OS Service Pack
        Windows Update Installation Sources: Microsoft Servers
        Installation Wizard Interface: Show UI
        Requirement Name: Windows Update Services
        Description:Critical Windows Updates are missing from your
                    computer. Click on the Update button to launch
Windows
                    Update.

        Operating System: Windows XP (ALL), Windows Vista (All)

Most users appear to be passing the check successfully. However, several
are not, and when I look at their report, it shows the following:

   3. Windows Update Services (Mandatory)
           * Passed Checks:
           * Failed Checks:
           * Not executed Checks:
           * Description:

Nothing under the failed checks, yet they're failing the check!? Some
other failed reports do show the missing patches. I don't have access to
the clients today, so I'm wondering what this failure status means?

-Mike

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU