I'm trying to use MBSA 2.1 to scan my server to see which patches I need to allpy. But all the servers come back with "The catalog file is damaged or an invalid catalog." on both online and offline scan. The MBSA did work before. I downloaded the latest wsuscn2.cab and wuredist.cab for the offline scan. I also installed windows update agent 3.0 on some of the servers, but they still gave me the same error.I'm running out of iedas. Anyone know how to fix that and why it happens? thanks.

Neo; Q: Why am I seeing error "Failed to download security update databases" followed by "The catalog file is damaged or an invalid catalog"? When downloading the Microsoft Update offline catalog (wsusscn2.cab) before each attempt to scan, downloaded files are checked for a valid Microsoft digital signature before being used. When the file is missing, or the digital signature cannot be verified, these errors may occur. To avoid this error message, it is recommended that the update (see Microsoft Knowledge Base article 835732) be installed on all Windows 2000 computers running MBSA to perform scanning. This error may also appear if you use a proxy server such as Microsoft ISA Server if it does not include a policy that permits anonymous access to the Microsoft Update site. A resolution for this is described in Microsoft Knowledge Base article 885819. Another cause for this issue may be that Internet Explorer is set to offline mode (Work Offline). MBSA requires either IE to be in online mode and be able to successfully pass through any proxy servers to obtain the wsusscn2.cab file, or you may need to use the steps to obtain the necessary catalog and authentication files as detailed elsewhere in this FAQ for using the wsusscn2.cab file in offline or secure modes when Internet connectivity isnt available. Also be sure to confirm both the scanning and target machines have the latest versions of the WUA client, which can also be obtained at the following locations: For x86-based computers (WindowsUpdateAgent30-x86.exe) or For x64-based computers (WindowsUpdateAgent30-x64.exe) or For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab Check the following steps mentioned in MBSA 2.1 Frequently Asked QuestionsHope it HelpsThiago Pereira | http://thiagoinfrat.spaces.live.com | http://www.winsec.org

Neo; Q: Why am I seeing error "Failed to download security update databases" followed by "The catalog file is damaged or an invalid catalog"? When downloading the Microsoft Update offline catalog (wsusscn2.cab) before each attempt to scan, downloaded files are checked for a valid Microsoft digital signature before being used. When the file is missing, or the digital signature cannot be verified, these errors may occur. To avoid this error message, it is recommended that the update (see Microsoft Knowledge Base article 835732) be installed on all Windows 2000 computers running MBSA to perform scanning. This error may also appear if you use a proxy server such as Microsoft ISA Server if it does not include a policy that permits anonymous access to the Microsoft Update site. A resolution for this is described in Microsoft Knowledge Base article 885819. Another cause for this issue may be that Internet Explorer is set to offline mode (Work Offline). MBSA requires either IE to be in online mode and be able to successfully pass through any proxy servers to obtain the wsusscn2.cab file, or you may need to use the steps to obtain the necessary catalog and authentication files as detailed elsewhere in this FAQ for using the wsusscn2.cab file in offline or secure modes when Internet connectivity isnt available. Also be sure to confirm both the scanning and target machines have the latest versions of the WUA client, which can also be obtained at the following locations: For x86-based computers (WindowsUpdateAgent30-x86.exe) or For x64-based computers (WindowsUpdateAgent30-x64.exe) or For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab Check the following steps mentioned in MBSA 2.1 Frequently Asked QuestionsHope it Helps Thiago Pereira | http://thiagoinfrat.spaces.live.com | http://www.winsec.org I did download the latest wsusscn2.cab and wuredist.cab My server is 2003 SP2 which is newer than the Microsoft Knowledge Base article 835732. So the Microsoft Knowledge Base article 835732doesn't apply. I don't use ISA or Proxy. the IE is NOT in offline mode I did installed WindowsUpdateAgent30-x86.exe

I had the same problem too with MBSA 2.1.1. The documentation is of no help whatsoever, specifying you may have to copy the 4 files to the 2.1\Cache folder when in fact it should be 2.1.1.Anyway, the problem in my case was that the account I was using had been renamed from the original administrator account, and it didnt have the default Local Configuration etc route.I created a new local admin account on the computer and ran MBSA, marking the same error. However, it had now created me the correct folder structure, to where I copied the 4 crucial files (the 2 of them you find in the famous xml file.) When I did that it still marked an error but proceeded to start the scanning.

I encountered the similar problem, I run the MBSA by account other than the one installed the MBSA. it doesn't work. I fixed it in the same way as Johnny did and it works; however, it prompts "Failed to download security update databases" and continues to analyze the computer....... (without the latest information... I think).

Thanks for your help. This is the most helpful answer so far. Those "copy and paste" answers just offer no help at all. Hopefully it will work for me too.

WHen looking at the documentation there are 3 CAB files you need to download Here are more details behind the MBSA process. In particular this section http://msdn.microsoft.com/en-us/library/ff647642.aspx Updates for MBSA. If both the computer you will be scanning and the computer with MBSA installed have Internet access, the latest security catalog (.cab file), authentication files, and WUA installer files will be automatically downloaded, if needed. If either the target computer or the computer with MBSA installed does not have Internet access, download the following files and place them in the C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\ directory on the computer that is performing the scan: Offline catalog (Wsusscn2.cab). This is the offline catalog file. Download it from http://go.microsoft.com/fwlink/?LinkId=76054. Authentication file (Muauth.cab). This authentication file allows the remote WUA client to respond to MBSA. Download it from http://go.microsoft.com/fwlink/?LinkId=90994. WUA standalone installer. If needed, the WUA client on the target computer will be updated to the latest version. To make these files available for offline use, download the appropriate (or both) standalone installers from the following locations: http://go.microsoft.com/fwlink/?LinkId=90992 (for x86 installer) http://go.microsoft.com/fwlink/?LinkId=90993 (for x64 installer) So the trick is to download 3 files and set MBSA to not try to download. The 3 files are the wsusscn2.cab, mauth.cab, and wuredist.cab. The Installers are optional if you are already at the latest version[EDIT: wuredist.cab file is located at http://update.microsoft.com/redist/wuredist.cab ]