Configuration (WSUS server in DMZ) (LAN is private with no internet access)All Servers are 2003 and workstations are XP (at current service pack level)I run MBSA after each patch cycle from my workstations - (never any issues)This month I am receiving the following error "WUREDIST.CAB is damaged or an invalid Catalog"I have replaced files in the cache folder - still no joy!.. Security update catalog (wsusscn2.cab), available from the MicrosoftWeb siteb.. Windows Update Redistribution Catalog (wuredist.cab) located athttp://update.microsoft.com/redist/wuredist.cabc.. Authorization catalog (muauth.cab) for Windows Update site access,available from the Microsoft Web site or by examining the contents of thewuredist.cab file located at http://update.microsoft.com/redist/wuredist.cabd.. Windows Update Agent standalone installers (if not already installed):a.. For x86-based computers (WindowsUpdateAgent30-x86.exe) orb.. For x64-based computers (WindowsUpdateAgent30-x64.exe) orc.. For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latestversions are available by examining the contents of the wuredist.cab filelocated at http://update.microsoft.com/redist/wuredist.cabAfter downloading the files from the Microsoft Web site, copy all fileslisted above to the following folder on the computer performing the securityupdate scan:C:\Documents and Settings\<username>\Local Settings\ApplicationData\Microsoft\MBSA\2.1\CacheAnyone have any ideas?Thanks,Barb

I am having exactly the same issue...also when running MBSA...and I too would like an answer....mmmmmm....never mind....I should have read more carefully, the entire comment...I will also try the proposed solutions...and Thank You.

Q: MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment? You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan. Four types of files are required: Security update catalog (wsusscn2.cab), available from the Microsoft Web site Windows Update Redistribution Catalog (wuredist.cab) located at http://update.microsoft.com/redist/wuredist.cab Authorization catalog (muauth.cab) for Windows Update site access, available from the Microsoft Web site or by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or For x64-based computers (WindowsUpdateAgent30-x64.exe) or For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan: C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated. When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers. Q: How can I scan a computer that is protected by a firewall? Step 1: Review system requirements MBSA cannot scan a remote computer protected by a firewall unless the firewall is configured to open the ports that MBSA uses to communicate with the computer. The Windows Update Agent implements a remote scanning interface based on DCOM. The account being used to scan must possess local administrator rights. The computer must also be configured to meet the following conditions: The Server service, Remote Registry service, and File and Print Sharing service must be running on the remote computer. The required ports must be open on the firewall. The Windows Update Agent must be installed and the Automatic Updates service must not be disabled. Remote computer scans are performed using TCP port 135, a dynamic or static DCOM port, and ports 139 and 445. Where a firewall or filtering router separates two networks, TCP ports 135, 139, and 445, and UDP ports 137 and 138 must be open in order for MBSA to connect and authenticate to the remote computer being scanned. You must allow these ports to be open on the remote firewall if a personal firewall is being used. Note: The use of DCOM for remote scanning through Windows Firewall on all versions of Windows XP may require a post-SP2 hotfix as described in Microsoft Knowledge Base article 895200. Customers may now obtain this fix by installing the COM+ update (Microsoft Knowledge Base article 902400) using these procedures: Download the update from http://www.microsoft.com/downloads/details.aspx?FamilyId=20F79CE7-D4DB-42D7-8E57-58656A3FB2F7 on the Microsoft Download Center. Copy the update to the computer you are updating and open a command prompt on that computer. Run the update using the command-line options described in Microsoft Knowledge Base article 824994 (specifically, the /B:SP2QFE command-line option). Doing this will install all of the Windows XP COM+ Hotfix Rollup Package 9 fixes, in addition to the fixes released in the security bulletin MS05-051. http://technet.microsoft.com/en-us/security/cc184922.aspx#E1MAC

Q: MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment? Q: How can I scan a computer that is protected by a firewall? Step 1: Review system requirements MBSA cannot scan a remote computer protected by a firewall unless the firewall is configured to open the ports that MBSA uses to communicate with the computer. The Windows Update Agent implements a remote scanning interface based on DCOM. The account being used to scan must possess local administrator rights. The computer must also be configured to meet the following conditions: The Server service, Remote Registry service, and File and Print Sharing service must be running on the remote computer. The required ports must be open on the firewall. The Windows Update Agent must be installed and the Automatic Updates service must not be disabled. Remote computer scans are performed using TCP port 135, a dynamic or static DCOM port, and ports 139 and 445. Where a firewall or filtering router separates two networks, TCP ports 135, 139, and 445, and UDP ports 137 and 138 must be open in order for MBSA to connect and authenticate to the remote computer being scanned. You must allow these ports to be open on the remote firewall if a personal firewall is being used. Note: The use of DCOM for remote scanning through Windows Firewall on all versions of Windows XP may require a post-SP2 hotfix as described in Microsoft Knowledge Base article 895200. Customers may now obtain this fix by installing the COM+ update (Microsoft Knowledge Base article 902400) using these procedures: Download the update from http://www.microsoft.com/downloads/details.aspx?FamilyId=20F79CE7-D4DB-42D7-8E57-58656A3FB2F7 on the Microsoft Download Center. Copy the update to the computer you are updating and open a command prompt on that computer. Run the update using the command-line options described in Microsoft Knowledge Base article 824994 (specifically, the /B:SP2QFE command-line option). Doing this will install all of the Windows XP COM+ Hotfix Rollup Package 9 fixes, in addition to the fixes released in the security bulletin MS05-051. http://technet.microsoft.com/en-us/security/cc184922.aspx#E1MAC You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan. Four types of files are required: Security update catalog (wsusscn2.cab), available from the Microsoft Web site Windows Update Redistribution Catalog (wuredist.cab) located at http://update.microsoft.com/redist/wuredist.cab Authorization catalog (muauth.cab) for Windows Update site access, available from the Microsoft Web site or by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or For x64-based computers (WindowsUpdateAgent30-x64.exe) or For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan: C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated. When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.