Mike D,
Mike S is correct in that this typically happens when the update service
on that machine is broken, however to ascertain this you should take a
look at the agent logs.
When you do have access to the clients, can you look at the agent logs
and see if there is any information there. In order to set the loglevel
to debug, please refer to the following link:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/
45rn.html#wp607061
Please send the agent log to myself and I can have one of our technical
folks take a look and get back to you. Alternatively you can also
forward the logs to TAC and they will follow up with you.
Regards,
Atif
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Stanclift, Michael
Sent: Saturday, April 04, 2009 11:22 PM
To: [log in to unmask]
Subject: Re: Windows Update Services Requirement
We run our checks like this as well, when students get those errors it
usually is because the update service on their machine is either broken
or somehow disabled.
Michael Stanclift
Network Analyst
Rockhurst University
http://help.rockhurst.edu
(816) 501-4231
________________________________________
From: Cisco Clean Access Users and Administrators
[[log in to unmask]] On Behalf Of Mike Diggins
[[log in to unmask]]
Sent: Saturday, April 04, 2009 1:27 PM
To: [log in to unmask]
Subject: Windows Update Services Requirement
I'm testing the Windows Update Service in place of the Cisco checks for
Windows patches. I created a new requirement for this (using the
Microsoft update servers, and the Updates to be installed set to
Critical.
Enforce Type: Mandatory
Priority: 3
Remediation Type: Manual, Interval 0, Retry Count 0
Windows Updates Validation by Severity
Windows Updates to be Installed: Critical
(Not checked) Upgrade to Latest OS Service Pack
Windows Update Installation Sources: Microsoft Servers
Installation Wizard Interface: Show UI
Requirement Name: Windows Update Services
Description:Critical Windows Updates are missing from your
computer. Click on the Update button to launch
Windows
Update.
Operating System: Windows XP (ALL), Windows Vista (All)
Most users appear to be passing the check successfully. However, several
are not, and when I look at their report, it shows the following:
3. Windows Update Services (Mandatory)
* Passed Checks:
* Failed Checks:
* Not executed Checks:
* Description:
Nothing under the failed checks, yet they're failing the check!? Some
other failed reports do show the missing patches. I don't have access to
the clients today, so I'm wondering what this failure status means?
-Mike
|