Windows admins report WSUS trouble

On the eve of Microsoft's monthly security update, some Windows administrators are reporting problems with the all-important WSUS patch deployment program.

Just when Windows administrators thought they could rejoice over a lighter-than-usual Microsoft security update, reports began circulating about a problem with their primary patch deployment tool.

By early Tuesday morning, Microsoft had confirmed the issue and promised that it had been fixed.

According to a string of postings on the Windows Server Update Services (WSUS) online forum, some users are getting back an error message when trying to operate WSUS, which most IT shops rely on to push out Microsoft's monthly security fixes. The next security update is Tuesday, when Microsoft plans to address multiple unspecified vulnerabilities remote and local attackers could exploit to compromise targeted Windows machines, specifically all supported versions of Windows 2000, Windows XP and Windows Server 2003.

"WSUS was working without any problems before the weekend [and] nothing has changed on the server. However, when I try and launch the MMC I get an unexpected error," a user identifying him or herself as Drobb wrote to the forum.

Another user identified as Jacobgomez wrote that he ran into the same problem. He wrote that he installed Windows 2003 Service Pack 2 on a server Saturday and was able to get into the Administration Console for WSUS after that with no difficulty. He was also able to log in Sunday and check the status. But when he came into work Monday morning, he started getting unexpected errors. "I don't know what to do," he wrote.

The error suggests some sort of problem in the new product metadata. One report suggested it might be U.S. only, but some forum postings elsewhere suggest that it might be hitting the U.K., too.
Jim Clausing
HandlerSANS Internet Storm Center

The Bethesda, Md.-based SANS Internet Storm Center (ISC) has also received reports of WSUS problems. Handler Jim Clausing wrote on the ISC Web site that several people have reported SQL errors from WSUS after synchronizing.

"The error suggests some sort of problem in the new product metadata," he wrote. "One report suggested it might be U.S. only, but some forum postings elsewhere suggest that it might be hitting the U.K., too, so I wouldn't count on it being limited geographically."

Clausing included details of a possible workaround the center had received but warned administrators to use it at their own risk and realize that another sync will probably overwrite the change.

In a late-day update Monday, he said he had received reports that Microsoft had withdrawn or expired the update that caused the problem, and that syncs should work again.

"Hopefully this will be the final update," he wrote.

A blog posting from Microsoft's WSUS product team early Tuesday confirmed the problem and the fix.

"We have confirmed the cause of this issue and fixed it on our servers, which will automatically fix the issue for most customers on their next synchronization cycle," the WSUS product team said.

The problem was that on Sunday evening, Microsoft renamed a product category entry for Forefront to clarify the scope of updates that will be included in the future. Unfortunately, the company said, the category name that was used included the word Nitrogen in double quotes (appearing as "Nitrogen"). A double quote is a restricted character within WSUS, which created an error condition on the administration console.

This isn't the first time WSUS users have run into trouble. After Microsoft's May 2007 security updates, several users reported WSUS malfunctions.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close