G
Guest
We have Windows Defender in Vista configured from GPO. We also have a WSUS
3.0 server that downloads the WD definitions. However, WD does not seem to
be updating. The yellow exclamation mark will not go away even after a manual
update.
In the status section of WD, it says the definition version is from
4/18/2007. Here is what it says in the log. There is a 0x8024400D error.
The WSUS server is on Windows Server 2003 SP2. I read through this article
and we have the updated files: http://support.microsoft.com/?id=898708
windowsupdate.log:
2007-07-07 09:40:24:694 7384 1620 Misc
=========== Logging initialized (build: 7.0.6000.374, tz: -0400) ===========
2007-07-07 09:40:24:694 7384 1620 Misc =
Process: C:\Windows\system32\DllHost.exe
2007-07-07 09:40:24:694 7384 1620 Misc =
Module: C:\Windows\system32\wuapi.dll
2007-07-07 09:40:24:694 7384 1620 COMAPI
-------------
2007-07-07 09:40:24:694 7384 1620 COMAPI
-- START -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:24:694 7384 1620 COMAPI
---------
2007-07-07 09:40:24:694 7384 1620 COMAPI
<<-- SUBMITTED -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:24:694 1124 1340 Agent
*************
2007-07-07 09:40:24:694 1124 1340 Agent **
START ** Agent: Finding updates [CallerId = Windows Defender]
2007-07-07 09:40:24:694 1124 1340 Agent
*********
2007-07-07 09:40:24:694 1124 1340 Agent *
Online = Yes; Ignore download priority = No
2007-07-07 09:40:24:694 1124 1340 Agent *
Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0
and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-07-07 09:40:24:694 1124 1340 Agent *
ServiceID = {00000000-0000-0000-0000-000000000000}
2007-07-07 09:40:28:132 1124 1340 PT
+++++++++++ PT: Synchronizing server updates +++++++++++
2007-07-07 09:40:28:132 1124 1340 PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsus.kkl.com/ClientWebService/client.asmx
2007-07-07 09:40:52:274 1124 1340 PT
+++++++++++ PT: Synchronizing extended update info +++++++++++
2007-07-07 09:40:52:274 1124 1340 PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsus.kkl.com/ClientWebService/client.asmx
2007-07-07 09:40:54:540 1124 5a4 AU
Triggering Offline detection (non-interactive)
2007-07-07 09:40:54:540 1124 5a4 AU
#############
2007-07-07 09:40:54:540 1124 5a4 AU ##
START ## AU: Search for updates
2007-07-07 09:40:54:540 1124 5a4 AU
#########
2007-07-07 09:40:54:540 1124 5a4 AU
<<## SUBMITTED ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:40:56:368 1124 1340 Agent *
Found 0 updates and 39 categories in search; evaluated appl. rules of 466 out
of 608 deployed entities
2007-07-07 09:40:56:400 1124 1340 Agent
*********
2007-07-07 09:40:56:400 1124 1340 Agent **
END ** Agent: Finding updates [CallerId = Windows Defender]
2007-07-07 09:40:56:400 1124 1340 Agent
*************
2007-07-07 09:40:56:400 1124 1340 Agent
*************
2007-07-07 09:40:56:400 1124 1340 Agent **
START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-07-07 09:40:56:400 1124 1340 Agent
*********
2007-07-07 09:40:56:400 1124 1340 Agent *
Online = No; Ignore download priority = No
2007-07-07 09:40:56:400 1124 1340 Agent *
Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1
and DeploymentAction='Uninstallation' or IsInstalled=1 and
DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and
DeploymentAction='Uninstallation' and RebootRequired=1"
2007-07-07 09:40:56:400 1124 1340 Agent *
ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2007-07-07 09:40:56:431 7384 1cdc COMAPI
2007-07-07 09:40:56:431 7384 1cdc COMAPI
- Updates found = 0
2007-07-07 09:40:56:431 7384 1cdc COMAPI
---------
2007-07-07 09:40:56:431 7384 1cdc COMAPI
-- END -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:56:431 7384 1cdc COMAPI
-------------
2007-07-07 09:41:06:463 1124 1340 Agent *
Added update {CF882B83-19B0-49C0-8101-052527B795FF}.100 to search result
2007-07-07 09:41:06:478 1124 1340 Agent *
Added update {991CF376-5E52-488D-8A7F-3A7CB2A40D06}.103 to search result
2007-07-07 09:41:06:478 1124 1340 Agent *
Found 2 updates and 39 categories in search; evaluated appl. rules of 466 out
of 608 deployed entities
2007-07-07 09:41:06:510 1124 1340 Agent
*********
2007-07-07 09:41:06:510 1124 1340 Agent **
END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-07-07 09:41:06:510 1124 1340 Agent
*************
2007-07-07 09:41:06:510 1124 1340 Report REPORT
EVENT: {A467CD1C-67E3-48B0-8451-4526C2B64C3E} 2007-07-07
09:40:56:400-0400 1 147 101
{00000000-0000-0000-0000-000000000000} 0 0
Windows Defender Success Software Synchronization
Windows Update Client successfully detected 0 updates.
2007-07-07 09:41:06:510 1124 1340 Report REPORT
EVENT: {D23DA5BA-4EF1-4548-9B60-1B291536DD4E} 2007-07-07
09:40:56:400-0400 1 156 101
{00000000-0000-0000-0000-000000000000} 0 0
Windows Defender Success Pre-Deployment Check
Reporting client status.
2007-07-07 09:41:06:510 1124 1d88 AU >>##
RESUMED ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:41:06:510 1124 1d88 AU #
2 updates detected
2007-07-07 09:41:06:510 1124 1d88 AU
#########
2007-07-07 09:41:06:510 1124 1d88 AU ##
END ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:41:06:510 1124 1d88 AU
#############
2007-07-07 09:54:36:157 1124 1340 Report
Uploading 2 events using cached cookie, reporting URL =
http://wsus.kkl.com/ReportingWebService/ReportingWebService.asmx
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ReportEventBatch failure, error = 0x8024400D, soap client error = 7,
soap error code = 300, HTTP status code = 200
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: SOAP Fault: 0x00012c
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: faultstring:Fault occurred
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ErrorCode:ConfigChanged(2)
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: Message
null)
2007-07-07 09:54:36:251 1124 1340 PT
WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/ReportEventBatch"
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ID:23b194b0-ab65-4919-9631-29a2beb0ca2a
2007-07-07 09:54:36:251 1124 1340 Report
WARNING: Reporter failed to upload events with hr = 8024400d.
2007-07-07 10:09:53:218 1124 1a00 PT
WARNING: Cached cookie has expired or new PID is available
2007-07-07 10:09:53:218 1124 1a00 PT
Initializing simple targeting cookie, clientId =
90025b42-eacb-4258-a5fb-ba27b15062ba, target group = Workstations, DNS name =
ny-l-2bn1xb1.kkl.com
2007-07-07 10:09:53:218 1124 1a00 PT
Server URL = http://wsus.kkl.com/SimpleAuthWebService/SimpleAuth.asmx
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap
error code = 300, HTTP status code = 200
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: SOAP Fault: 0x00012c
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: faultstring:Fault occurred
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: ErrorCode:ConfigChanged(2)
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: Messagenull)
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: ID:069ebb57-a53d-4b82-a1f1-007192327a5f
2007-07-07 10:10:07:077 1124 1a00 PT
WARNING: Cached cookie has expired or new PID is available
2007-07-07 10:10:07:077 1124 1a00 PT
Initializing simple targeting cookie, clientId =
90025b42-eacb-4258-a5fb-ba27b15062ba, target group = Workstations, DNS name =
ny-l-2bn1xb1.kkl.com
2007-07-07 10:10:07:077 1124 1a00 PT
Server URL = http://wsus.kkl.com/SimpleAuthWebService/SimpleAuth.asmx
2007-07-07 10:10:07:468 1124 1a00 Report
Uploading 2 events using cached cookie, reporting URL =
http://wsus.kkl.com/ReportingWebService/ReportingWebService.asmx
2007-07-07 10:10:07:546 1124 1a00 Report
Reporter successfully uploaded 2 events.
3.0 server that downloads the WD definitions. However, WD does not seem to
be updating. The yellow exclamation mark will not go away even after a manual
update.
In the status section of WD, it says the definition version is from
4/18/2007. Here is what it says in the log. There is a 0x8024400D error.
The WSUS server is on Windows Server 2003 SP2. I read through this article
and we have the updated files: http://support.microsoft.com/?id=898708
windowsupdate.log:
2007-07-07 09:40:24:694 7384 1620 Misc
=========== Logging initialized (build: 7.0.6000.374, tz: -0400) ===========
2007-07-07 09:40:24:694 7384 1620 Misc =
Process: C:\Windows\system32\DllHost.exe
2007-07-07 09:40:24:694 7384 1620 Misc =
Module: C:\Windows\system32\wuapi.dll
2007-07-07 09:40:24:694 7384 1620 COMAPI
-------------
2007-07-07 09:40:24:694 7384 1620 COMAPI
-- START -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:24:694 7384 1620 COMAPI
---------
2007-07-07 09:40:24:694 7384 1620 COMAPI
<<-- SUBMITTED -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:24:694 1124 1340 Agent
*************
2007-07-07 09:40:24:694 1124 1340 Agent **
START ** Agent: Finding updates [CallerId = Windows Defender]
2007-07-07 09:40:24:694 1124 1340 Agent
*********
2007-07-07 09:40:24:694 1124 1340 Agent *
Online = Yes; Ignore download priority = No
2007-07-07 09:40:24:694 1124 1340 Agent *
Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains
'0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0
and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"
2007-07-07 09:40:24:694 1124 1340 Agent *
ServiceID = {00000000-0000-0000-0000-000000000000}
2007-07-07 09:40:28:132 1124 1340 PT
+++++++++++ PT: Synchronizing server updates +++++++++++
2007-07-07 09:40:28:132 1124 1340 PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsus.kkl.com/ClientWebService/client.asmx
2007-07-07 09:40:52:274 1124 1340 PT
+++++++++++ PT: Synchronizing extended update info +++++++++++
2007-07-07 09:40:52:274 1124 1340 PT
+ ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsus.kkl.com/ClientWebService/client.asmx
2007-07-07 09:40:54:540 1124 5a4 AU
Triggering Offline detection (non-interactive)
2007-07-07 09:40:54:540 1124 5a4 AU
#############
2007-07-07 09:40:54:540 1124 5a4 AU ##
START ## AU: Search for updates
2007-07-07 09:40:54:540 1124 5a4 AU
#########
2007-07-07 09:40:54:540 1124 5a4 AU
<<## SUBMITTED ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:40:56:368 1124 1340 Agent *
Found 0 updates and 39 categories in search; evaluated appl. rules of 466 out
of 608 deployed entities
2007-07-07 09:40:56:400 1124 1340 Agent
*********
2007-07-07 09:40:56:400 1124 1340 Agent **
END ** Agent: Finding updates [CallerId = Windows Defender]
2007-07-07 09:40:56:400 1124 1340 Agent
*************
2007-07-07 09:40:56:400 1124 1340 Agent
*************
2007-07-07 09:40:56:400 1124 1340 Agent **
START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-07-07 09:40:56:400 1124 1340 Agent
*********
2007-07-07 09:40:56:400 1124 1340 Agent *
Online = No; Ignore download priority = No
2007-07-07 09:40:56:400 1124 1340 Agent *
Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1
and DeploymentAction='Uninstallation' or IsInstalled=1 and
DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and
DeploymentAction='Uninstallation' and RebootRequired=1"
2007-07-07 09:40:56:400 1124 1340 Agent *
ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2007-07-07 09:40:56:431 7384 1cdc COMAPI
2007-07-07 09:40:56:431 7384 1cdc COMAPI
- Updates found = 0
2007-07-07 09:40:56:431 7384 1cdc COMAPI
---------
2007-07-07 09:40:56:431 7384 1cdc COMAPI
-- END -- COMAPI: Search [ClientId = Windows Defender]
2007-07-07 09:40:56:431 7384 1cdc COMAPI
-------------
2007-07-07 09:41:06:463 1124 1340 Agent *
Added update {CF882B83-19B0-49C0-8101-052527B795FF}.100 to search result
2007-07-07 09:41:06:478 1124 1340 Agent *
Added update {991CF376-5E52-488D-8A7F-3A7CB2A40D06}.103 to search result
2007-07-07 09:41:06:478 1124 1340 Agent *
Found 2 updates and 39 categories in search; evaluated appl. rules of 466 out
of 608 deployed entities
2007-07-07 09:41:06:510 1124 1340 Agent
*********
2007-07-07 09:41:06:510 1124 1340 Agent **
END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-07-07 09:41:06:510 1124 1340 Agent
*************
2007-07-07 09:41:06:510 1124 1340 Report REPORT
EVENT: {A467CD1C-67E3-48B0-8451-4526C2B64C3E} 2007-07-07
09:40:56:400-0400 1 147 101
{00000000-0000-0000-0000-000000000000} 0 0
Windows Defender Success Software Synchronization
Windows Update Client successfully detected 0 updates.
2007-07-07 09:41:06:510 1124 1340 Report REPORT
EVENT: {D23DA5BA-4EF1-4548-9B60-1B291536DD4E} 2007-07-07
09:40:56:400-0400 1 156 101
{00000000-0000-0000-0000-000000000000} 0 0
Windows Defender Success Pre-Deployment Check
Reporting client status.
2007-07-07 09:41:06:510 1124 1d88 AU >>##
RESUMED ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:41:06:510 1124 1d88 AU #
2 updates detected
2007-07-07 09:41:06:510 1124 1d88 AU
#########
2007-07-07 09:41:06:510 1124 1d88 AU ##
END ## AU: Search for updates [CallId =
{35F4BBBB-CBC4-4FF5-83A5-11795684DF57}]
2007-07-07 09:41:06:510 1124 1d88 AU
#############
2007-07-07 09:54:36:157 1124 1340 Report
Uploading 2 events using cached cookie, reporting URL =
http://wsus.kkl.com/ReportingWebService/ReportingWebService.asmx
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ReportEventBatch failure, error = 0x8024400D, soap client error = 7,
soap error code = 300, HTTP status code = 200
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: SOAP Fault: 0x00012c
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: faultstring:Fault occurred
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ErrorCode:ConfigChanged(2)
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: Message
null)2007-07-07 09:54:36:251 1124 1340 PT
WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/ReportEventBatch"
2007-07-07 09:54:36:251 1124 1340 PT
WARNING: ID:23b194b0-ab65-4919-9631-29a2beb0ca2a
2007-07-07 09:54:36:251 1124 1340 Report
WARNING: Reporter failed to upload events with hr = 8024400d.
2007-07-07 10:09:53:218 1124 1a00 PT
WARNING: Cached cookie has expired or new PID is available
2007-07-07 10:09:53:218 1124 1a00 PT
Initializing simple targeting cookie, clientId =
90025b42-eacb-4258-a5fb-ba27b15062ba, target group = Workstations, DNS name =
ny-l-2bn1xb1.kkl.com
2007-07-07 10:09:53:218 1124 1a00 PT
Server URL = http://wsus.kkl.com/SimpleAuthWebService/SimpleAuth.asmx
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap
error code = 300, HTTP status code = 200
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: SOAP Fault: 0x00012c
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: faultstring:Fault occurred
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: ErrorCode:ConfigChanged(2)
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: Message
null)2007-07-07 10:10:07:015 1124 1a00 PT
WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2007-07-07 10:10:07:015 1124 1a00 PT
WARNING: ID:069ebb57-a53d-4b82-a1f1-007192327a5f
2007-07-07 10:10:07:077 1124 1a00 PT
WARNING: Cached cookie has expired or new PID is available
2007-07-07 10:10:07:077 1124 1a00 PT
Initializing simple targeting cookie, clientId =
90025b42-eacb-4258-a5fb-ba27b15062ba, target group = Workstations, DNS name =
ny-l-2bn1xb1.kkl.com
2007-07-07 10:10:07:077 1124 1a00 PT
Server URL = http://wsus.kkl.com/SimpleAuthWebService/SimpleAuth.asmx
2007-07-07 10:10:07:468 1124 1a00 Report
Uploading 2 events using cached cookie, reporting URL =
http://wsus.kkl.com/ReportingWebService/ReportingWebService.asmx
2007-07-07 10:10:07:546 1124 1a00 Report
Reporter successfully uploaded 2 events.