Re: KB917537 Failing

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx> wrote in message news:%232OP38FqGHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
(snip)
Not sure what the trigger element is here... the prior person booted up and stopped some running services to fix this but not sure what is blocking this issue..shut off third party programs and do a
> Call 1-866-pcsafety....
Again.. still in investigation and not sure what is the third party program is blocking it.

All it took to make it work was shutting down IIS. We run the cleanest possible install, with just SBS 2003 Standard fully patched, TrendMicro suite 2, and the Belkin UPS monitor. No other 3rd party stuff, if you don't count the printer drivers, Webex client and from my laptop that the stupid Remote Desktop insists on installing on the server when I'm remote controlling it. But I don't see how those would mesh with IIS.

Hmm... So, in short, this is what happened:
- Using the setting "Download but don't install automatically"
- Logged in to server admin console via Remote Desktop. As expected, yellow shield in system tray.
- No other app running, except the Belkin "Bulldog Plus" UPS monitor
- Clicked yellow shield and chose Custom install. Reviewed list, clicked install.
- Looked again after a while. Said all installs had failed, restart required.
- Tried to manually fire up IE, Windows Update. Got message that restart was required before anything else could be done.
- Restarted the server.
- 15 minutes later logged in to server admin again.
- Shut down IIS
- Used IE to go to Windows Update. Used manual setting. Verified install list. Added an older optional one (HTTP authentication for IE7) to see what would happen, since presumably that one would install first.
- Watched the download happen all over again (ahem...) and then watched the install proceed smoothly. First the old optional patch, then KB 917537, then the other 3 critical patches.
- When asked to Restart, clicked restart.
- 15 minutes later logged in again and all was copacetic.

Note that I did not turn off any 3rd party software. Only IIS. The only "3rd party" software on top of IIS is the SBS stuff out of the box. No one using SharePoint or logged in. Hmmm. Here is a possibility: Outlook RPC. One think I have not been able to verify for sure whether a remote machine (not on domain, but connecting to the Exchange server on the SBS through 3rd party LAN to LAN VPN) had Outlook 2003 running or not. If so, that might have created some activity in IIS through the "RPC over HTTP" with the synchronization heartbeat.

C_O


"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx> wrote in message news:%232OP38FqGHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
Actually yes I did... in the blog.. ...and in this newsgroup if you'd look back.

Hang loose still in investigation. This patch worked just fine on all my servers but it's obviously having issues with some servers.

Not sure what the trigger element is here... the prior person booted up and stopped some running services to fix this but not sure what is blocking this issue..shut off third party programs and do a

Call 1-866-pcsafety....

Again.. still in investigation and not sure what is the third party program is blocking it.

http://msmvps.com/blogs/bradley/archive/2006/07/13/104611.aspx

There "is" an issue.. but not sure at this time what the trigger is.



-------- Original Message --------
Subject: Just a FYI ... possible installer issue with the IIS patch
Date: Thu, 13 Jul 2006 05:58:49 -0700
From: Susan Bradley <sbradcpa@xxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs



http://msmvps.com/blogs/bradley/archive/2006/07/13/104611.aspx



Dave Nickason [SBS MVP] wrote:

Surely this is not a common or widespread issue if we're just hearing about it from one person, four days after the patch released. I just installed it without issue on my SBS and two member servers. Of greater relevance is the fact that Susan Bradley monitors for issues with Microsoft patches in any forum where such an issue would be presented, and she has not mentioned a word about this one. Not to say that MS has not had widespread issues caused by patches, but in this case I would be very surprised to find that this patch was causing more than a few isolated problems. I wonder if Keven's servers are all running a 3rd party app or something else that caused all three to exhibit the same failure.

The consensus among the MVPs is that SBS'ers should reboot after patch installations, whether the specific patches require a reboot or not. SBS, with multiple server apps running on the same box, and with dependencies and interactions not found on a plain-vanilla WS03 box, seems to benefit from a reboot in cases where it would otherwise not be necessary.

I'm perfectly happy to have the 'nix people laughing at me. I just hope that when they laugh at me for a 15 minute reboot once a month, there's a chuckle in there for RWW, and another one for all the SBS'ers who get a mature server OS, an enterprise-class messaging system, and automated network-wide patching for six hundred bucks.




"CO-DBA-SC-EL" <dx6490@xxxxxxxxx> wrote in message news:O7PHMbEqGHA.4032@xxxxxxxxxxxxxxxxxxxxxxx

Another improperly tested patch. Shame on Microsoft for not even having an updated bulletin on this flaw after 3 days. It's not like they have not heard about it. After Googling the topic it looks like the solution is to stop IIS before starting the installation. A number of people seem to have had success with it. In the command window type

tasklist /fi "modules eq asp.dll"

I just dit it on my SBS2003 standard, manually went back to the Windows Update site, and did the install. I got the "success" notice. If you don't want to take the chance, wait until the patch is patched.

My other gripe is why these updates require restarting the server (even if they fail completely!). Which also means rechecking everything to verify that it started OK, etc. It's pretty pathetic to have to restart the server a couple of times every month at update time while the 'nix people are laughing at us. The "hot patching" alternative that requires writing down the patch numbers and typing in an arcane command line is, shall we say, amateurish. To add insult to injury, if you hit the "Restart" button in the patch success dialog box rather than clicking "Later" and doing the restart manually, it fails to make the appropriate entry in the system log to document the reason for shutdown. So much for integration.

C_O

"Keven" <Keven@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9842C017-1240-40FE-B155-E0E1B7613DC6@xxxxxxxxxxxxxxxx

Multiple SBS03 Premium installs that I manage have all been doing their
overnight updates and failing KB917537 for the last three nights in a row.
I'm shocked that there isn't a litter of information about this already in
here as I had assumed this would be a common problem.. anyone have any info
for me beyond the one reply that someone did a baseline security analysis and
it seemed to work? I'm hoping there is a logical answer as to what is going
on here to fix this as I have multiple servers that I need to apply solution
for.





.