Hi Mike, Are you using the agent stub? You will need the agent stub for the WSUS to work
-Prem -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Mike Diggins Sent: Monday, April 06, 2009 9:32 AM To: [email protected] Subject: Re: Windows Update Services Requirement I discovered the source of at least some of the failed logins. You can't run WUA if you're not an Administrator of that machine, and we have several (that I know about), that do just that. Considering that Best Practise is not to run as an Administrator, is there any work around to this, short of exempting it from the checks? -Mike On Sun, 5 Apr 2009, Atif Azim (atif) wrote: > Mike D, > > Mike S is correct in that this typically happens when the update service > on that machine is broken, however to ascertain this you should take a > look at the agent logs. > > When you do have access to the clients, can you look at the agent logs > and see if there is any information there. In order to set the loglevel > to debug, please refer to the following link: > http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/ > 45rn.html#wp607061 > > Please send the agent log to myself and I can have one of our technical > folks take a look and get back to you. Alternatively you can also > forward the logs to TAC and they will follow up with you. > > Regards, > Atif > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[email protected]] On Behalf Of Stanclift, Michael > Sent: Saturday, April 04, 2009 11:22 PM > To: [email protected] > Subject: Re: Windows Update Services Requirement > > We run our checks like this as well, when students get those errors it > usually is because the update service on their machine is either broken > or somehow disabled. > > Michael Stanclift > Network Analyst > Rockhurst University > > http://help.rockhurst.edu > (816) 501-4231 > ________________________________________ > From: Cisco Clean Access Users and Administrators > [[email protected]] On Behalf Of Mike Diggins > [[email protected]] > Sent: Saturday, April 04, 2009 1:27 PM > To: [email protected] > Subject: Windows Update Services Requirement > > I'm testing the Windows Update Service in place of the Cisco checks for > Windows patches. I created a new requirement for this (using the > Microsoft update servers, and the Updates to be installed set to > Critical. > > Enforce Type: Mandatory > Priority: 3 > Remediation Type: Manual, Interval 0, Retry Count 0 > Windows Updates Validation by Severity > Windows Updates to be Installed: Critical > (Not checked) Upgrade to Latest OS Service Pack > Windows Update Installation Sources: Microsoft Servers > Installation Wizard Interface: Show UI > Requirement Name: Windows Update Services > Description:Critical Windows Updates are missing from your > computer. Click on the Update button to launch > Windows > Update. > > Operating System: Windows XP (ALL), Windows Vista (All) > > Most users appear to be passing the check successfully. However, several > are not, and when I look at their report, it shows the following: > > 3. Windows Update Services (Mandatory) > * Passed Checks: > * Failed Checks: > * Not executed Checks: > * Description: > > Nothing under the failed checks, yet they're failing the check!? Some > other failed reports do show the missing patches. I don't have access to > the clients today, so I'm wondering what this failure status means? > > -Mike > _________________________________________ Mike Diggins Voice: 905.525.9140 Ext. 27471 Network Analyst, Enterprise Networks FAX: 905.522.0511 University Technology Services E-Mail: [email protected] McMaster University, Hamilton, Ontario
