+ Post New Thread
Results 1 to 9 of 9
Windows Thread, MS hotfixes failing to install in Technical; Hello all, We have a CC3 network and we're fiding that when we're building stations the MS hotfixes that have ...
  1. #1

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36

    MS hotfixes failing to install

    Hello all,

    We have a CC3 network and we're fiding that when we're building stations the MS hotfixes that have been allocated do not install on some stations. Some stations would install these fine other won't and the below error is located in the appropriate log file for the appropriate hotfix in c:\windows

    Its happening on some stations and not others even when they are the same model, spec, connect to same stations and same server! and has the same packages allocated to it.

    What we have found is that if we take the isa firewall client off then it works but this shouldn't be the case as it used to work before. The strange things is that the ini file will show it as installed when it hasn't so its not possible to rely on the ini file status. Putting them to install pending does not help either.

    Just wondering if others have had issues like this.

    Thanks.


    [KB956744.log]
    0.547: ================================================== ==============================
    0.547: 2010/02/04 17:49:00.562 (local)
    0.547: c:\d17280f898306e1d1f65\update\update.exe (version 6.3.13.0)
    0.547: Failed To Enable SE_BACKUP_PRIVILEGE
    0.547: Setup encountered an error: You do not have permission to update Windows XP.
    Please contact your system administrator.
    0.563: You do not have permission to update Windows XP.
    Please contact your system administrator.
    0.563: Update.exe extended error code = 0xf004
    0.563: Update.exe return code was masked to 0x643 for MSI custom action compliance.

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    It looks like a permissions issue clearly. In my experience re-imaging an RM machine 9 times out of 10 resolves most problems or quirks with CC3 machines.

  3. #3

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by Michael View Post
    It looks like a permissions issue clearly. In my experience re-imaging an RM machine 9 times out of 10 resolves most problems or quirks with CC3 machines.
    Hi Michael,

    I've built it many times and its doing the same, we have a few test laptops here and i'm building this many times and it gets stuck and you will get a blue back ground and after 30 mins or so it will return to the native xp login screen and will not continue. If you restart the station then it continues to build but any hotfixes don't go on. The application are fine i.e. the msi, office 2003 etc.

    Its really strange, i gto a call open with RM at the moment and last thing we did was to move the firewall client package to the tools section. Upon further research it seems to me that something is mucking up catroot2 by the looks of it so if i stop the cryptographic service on the station and rename the catroot2 folder and start the cryptographics service the hotfixes are going on by the looks of it.

    I know its a process or elimination but its been so illogical that its really is difficult to trace this to anything.

    Ash.

  4. #4

    Join Date
    Jan 2008
    Posts
    147
    Thank Post
    12
    Thanked 27 Times in 25 Posts
    Rep Power
    20
    We have now stopped using RM to download the hotfixes, they normally take so long to release them. For all of our workstations we have set up a WSUS server to pick up the updates.
    Much easier to manage. Installs silently on workstations and then waits for a reboot to finish configuring. We have noticed an improvement in workstation speed as well.

    Very easy to set up. But very unsupported from RM.

    Chris

  5. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Its happening on some stations and not others
    Just to get it out of the way: Is the time (sufficiently) correct on those stations? If it's too far out then GPOs won't be applying.

    Otherwise catroot2 damage can break some MS patches *but* CC3 "system" packages get installed before "application" packages. You normally throw d-i-y capture MSIs (that certainly have been known to capture bits of and trash catroot2) in with the application packages i.e. they wouldn't get a chance to get in before and break the installation of something like KB956744.

    Do you have any d-i-y "system" packages?

    its not possible to rely on the ini file status
    EXEFile package statuses have never been that reliable, that part isn't just you.

    Much easier to manage.
    I've seen some crap CC3 criticisms in my time, but for once, this one is *spot on*. RM really should have sorted out WSUS for CC3 ages ago (won't happen now of course). It can break in several ways, but their allocation stuff really falls apart when you've got a long sequence of dependencies e.g. Office 2003 SP2, SP3 for Office 2003, 2007 Compatibility, SP2 for 2007 Compatibility, Hotfixes for SP2 for 2007 Compatibility.

    WSUS of course just takes care of all this dependency stuff and you simply can't beat having workstations them tell you what patches they need as opposed to RM guessing what patches you might need for your system, and usually being 50-100 or patches short.

    Although RM have used WSUS in CC4, it's fundamentally just a different method to deliver the same RM master list of patches i.e. they still don't appear to have embraced the "what workstations need" concept (or the improved security that delivers).

  6. #6

    Join Date
    Jan 2008
    Posts
    147
    Thank Post
    12
    Thanked 27 Times in 25 Posts
    Rep Power
    20
    Quote Originally Posted by PiqueABoo View Post
    I've seen some crap CC3 criticisms in my time, but for once, this one is *spot on*. RM really should have sorted out WSUS for CC3 ages ago (won't happen now of course). It can break in several ways, but their allocation stuff really falls apart when you've got a long sequence of dependencies e.g. Office 2003 SP2, SP3 for Office 2003, 2007 Compatibility, SP2 for 2007 Compatibility, Hotfixes for SP2 for 2007 Compatibility.

    WSUS of course just takes care of all this dependency stuff and you simply can't beat having workstations them tell you what patches they need as opposed to RM guessing what patches you might need for your system, and usually being 50-100 or patches short.

    Although RM have used WSUS in CC4, it's fundamentally just a different method to deliver the same RM master list of patches i.e. they still don't appear to have embraced the "what workstations need" concept (or the improved security that delivers).
    I'm mentioned a few times that WSUS works very well to various people at RM. It always seems to fall on deaf ears. OK do we still have the usual rebuilds to do from workstations being put into reboot loops by students failing to wait for it to log off, or by playing the game of who can turn it off at the mains without being noticed. But adding WSUS to a CC3 system has had no impact at all. Infact I'd even say it's improved it. The reporting side is quicker to see what has what updates installed, what workstations have failed on. It also means we can rollout updates from Microsoft the moment they are released. We test in one ICT room and if no problems are reported from that testing we roll out to all ICT rooms and then staff laptops. I would even say it has improved stability by being on top of updates. Some of the Windows Media codecs have improved web use on websites that use it, even the change from Silverlight 1 to version 2 was as seemless as authorising the update.

    We also don't get staff moaning about having to wait for laptops to install updates on boot up, then waiting for it to reboot a few more times whilst it installs all of the updates at once that RM release. It's a complete silent operation. They automatically install at 12:30 (lunch time) and don't bug you for a reboot or force a reboot.

    You mention about the Office 2007 compatibility pack, this has now been updated so many times that the inital install is by MSI direct from Microsoft, (installed long before RM released it) and is then updated from the WSUS server. The only updates that we have had problems with is the dotNet frame work. They seem to release quite a few udpates for it. It will fail to install on 3 or so PC's out of 400.

  7. #7

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,114
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180
    I think the issue is that RM want to be sure that updates aren't going to break their components (and networks) and by approving them beforehand, they can be pretty sure of this.

  8. #8

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by PiqueABoo View Post
    Just to get it out of the way: Is the time (sufficiently) correct on those stations? If it's too far out then GPOs won't be applying.

    Otherwise catroot2 damage can break some MS patches *but* CC3 "system" packages get installed before "application" packages. You normally throw d-i-y capture MSIs (that certainly have been known to capture bits of and trash catroot2) in with the application packages i.e. they wouldn't get a chance to get in before and break the installation of something like KB956744.

    Do you have any d-i-y "system" packages?



    EXEFile package statuses have never been that reliable, that part isn't just you.



    I've seen some crap CC3 criticisms in my time, but for once, this one is *spot on*. RM really should have sorted out WSUS for CC3 ages ago (won't happen now of course). It can break in several ways, but their allocation stuff really falls apart when you've got a long sequence of dependencies e.g. Office 2003 SP2, SP3 for Office 2003, 2007 Compatibility, SP2 for 2007 Compatibility, Hotfixes for SP2 for 2007 Compatibility.

    WSUS of course just takes care of all this dependency stuff and you simply can't beat having workstations them tell you what patches they need as opposed to RM guessing what patches you might need for your system, and usually being 50-100 or patches short.

    Although RM have used WSUS in CC4, it's fundamentally just a different method to deliver the same RM master list of patches i.e. they still don't appear to have embraced the "what workstations need" concept (or the improved security that delivers).
    Hi,

    Its strange because when they fail, it hasn't even completed putting the system (tools) packages on. The app agent would run as part of the build and would try to install the fix and then you get the blue screen in the background and app agent diaappears. The blue screen would stay there for around 30 min or so and wil return to the xp native login screen. very strange, on some station i have manually renamed the catroo2 folder and restarted and the fixes were apply correctly but it dosen't work on all stations that fail to install the fixes. This is really been a long call with rm now (since summer last year) and is really getting fustrating.

    Ash.

  9. #9

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I think the issue is that RM want to be sure that updates aren't going to break their components (and networks) and by approving them beforehand, they can be pretty sure of this.
    But how many RM CC3 station components rely on anything MS are patching these days (and would we notice if they were broken)?

    I would even say it has improved stability by being on top of updates.
    It would. RM tend to be behind the curve when it comes to some updates. The RM packaged CP SP1 was released after MS had released CP2 SP2. CC4 has WSUS, but SP2 (claims to be largely about stability fixing) hasn't been blessed yet...
    Last edited by PiqueABoo; 9th February 2010 at 08:25 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Best way to deploy Hotfixes
    By Little-Miss in forum Learning Network Manager
    Replies: 59
    Last Post: 15th October 2009, 11:45 AM
  2. CC3 Hotfixes
    By kerrymoralee9280 in forum Network and Classroom Management
    Replies: 1
    Last Post: 9th May 2008, 10:59 AM
  3. Replies: 3
    Last Post: 24th September 2007, 07:45 AM
  4. Easier access to non-public hotfixes
    By PiqueABoo in forum Windows
    Replies: 1
    Last Post: 5th August 2007, 12:32 PM
  5. Repackaged hotfixes for W2k3 SP2
    By Geoff in forum Windows
    Replies: 4
    Last Post: 21st March 2007, 10:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •