TMG NIS definition files download but update fails during installation (Network Steve Forum)

TMG NIS definition files download but update fails during installation

Hi Folks,

Runnning Forefront TMG build 7.0.9193.500

When attempting to update the NIS definition files, the files download but fail to install and the following message is logged in the TMG alert section:

"Definition Updating Failed

Description: An error occurred during an attempt to check for, download, or install definition updates on the server ServerName.
The failure is due to error: 0x80240022"

When looking in the windowsupdate.log file, it appears that there is a permissions problem encountered during the update process (WARNING: ExtractUpdateFiles failed with 0x80070005)

Here are the full contents of the C:\Windows\windowsupdate.log file logged during the update process:

=========== Logging initialized (build: 7.5.7601.17514, tz: -0700) ===========
= Process: C:\Program Files\Microsoft Forefront Threat Management Gateway\UpdateAgent.exe
= Module: C:\Windows\system32\wuapi.dll
-------------
-- START -- COMAPI: Search [ClientId = Forefront TMG]
---------
<<-- SUBMITTED -- COMAPI: Search [ClientId = Forefront TMG]
*************
START Agent: Finding updates [CallerId = Forefront TMG]
*********
* Online = Yes; Ignore download priority = No
* Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'ae4483f4-f3ce-4956-ae80-93c18d8886a6' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
* ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
* Search Scope = {Machine}
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
Microsoft signed: Yes
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
Microsoft signed: Yes
Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://download.windowsupdate.com/v9/microsoftupdate/redir/muauth.cab
Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
Microsoft signed: Yes
Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
Microsoft signed: Yes
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
Microsoft signed: Yes
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
Microsoft signed: Yes
+++++++++++ PT: Starting category scan +++++++++++
+ ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
Microsoft signed: Yes
Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
Microsoft signed: Yes
+++++++++++ PT: Synchronizing server updates +++++++++++
+ ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
* Added update {A1395633-49F7-4A6C-AEE9-7166E952BCFD}.100 to search result
Update {E27A995F-A0EC-4A58-8FCA-B8E190D68D27}.100 is pruned out due to potential supersedence
* Added update {72ABF509-5624-4520-A70D-BD25033E2423}.100 to search result
* Found 2 updates and 4 categories in search; evaluated appl. rules of 28 out of 35 deployed entities
*********
END Agent: Finding updates [CallerId = Forefront TMG]
*************
>>-- RESUMED -- COMAPI: Search [ClientId = Forefront TMG]
- Updates found = 2
---------
-- END -- COMAPI: Search [ClientId = Forefront TMG]
-------------
-------------
-- START -- COMAPI: Download [ClientId = Forefront TMG]
---------
- Forced: No; Download priority: 3
- Updates in request: 2
- ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
<<-- SUBMITTED -- COMAPI: Download [ClientId = Forefront TMG]
*************
START DnldMgr: Downloading updates [CallerId = Forefront TMG]
*********
* Call ID = {4328BC7B-E197-42E3-BFF2-96BCCAA86280}
* Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
* Updates to download = 2
* Title = Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 4.32)
* UpdateId = {A1395633-49F7-4A6C-AEE9-7166E952BCFD}.100
* Bundles 1 updates:
* {8614B1DC-943B-425B-B995-9F0FCD2E961D}.100
* Title = Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 11.39.0.0)
* UpdateId = {72ABF509-5624-4520-A70D-BD25033E2423}.100
* Bundles 1 updates:
* {8A1DD8C3-CF18-45BE-9F0D-68DBD4A53409}.100
********* DnldMgr: New download job [UpdateId = {8614B1DC-943B-425B-B995-9F0FCD2E961D}.100] *********
* All files for update were already downloaded and are valid.
********* DnldMgr: New download job [UpdateId = {8A1DD8C3-CF18-45BE-9F0D-68DBD4A53409}.100] *********
* All files for update were already downloaded and are valid.
*********
END Agent: Downloading updates [CallerId = Forefront TMG]
*************
>>-- RESUMED -- COMAPI: Download [ClientId = Forefront TMG]
- Download call complete (succeeded = 2, succeeded with errors = 0, failed = 0, unaccounted = 0)
---------
-- END -- COMAPI: Download [ClientId = Forefront TMG]
-------------
-------------
-- START -- COMAPI: Install [ClientId = Forefront TMG]
---------
- Allow source prompts: Yes; Forced: No; Force quiet: No
- Updates in request: 2
- ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
- Updates to install = 2
<<-- SUBMITTED -- COMAPI: Install [ClientId = Forefront TMG]
*************
START Agent: Installing updates [CallerId = Forefront TMG]
*********
* Updates to install = 2
* Title = Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 4.32)
* UpdateId = {A1395633-49F7-4A6C-AEE9-7166E952BCFD}.100
* Bundles 1 updates:
* {8614B1DC-943B-425B-B995-9F0FCD2E961D}.100
* Title = Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 11.39.0.0)
* UpdateId = {72ABF509-5624-4520-A70D-BD25033E2423}.100
* Bundles 1 updates:
* {8A1DD8C3-CF18-45BE-9F0D-68DBD4A53409}.100
WARNING: failed to calculate prior restore point time with error 0x80070002; setting restore point
WARNING: LoadLibrary failed for srclient.dll with hr:8007007e
Preparing update for install, updateId = {8614B1DC-943B-425B-B995-9F0FCD2E961D}.100.
=========== Logging initialized (build: 7.5.7601.17514, tz: -0700) ===========
= Process: C:\Windows\system32\wuauclt.exe
= Module: C:\Windows\system32\wuaueng.dll
:::::::::::::
:: START :: Handler: Command Line Install
:::::::::
: Updates to install = 1
: WARNING: Command line install completed. Return code = 0x8007000d, Result = Failed, Reboot required = false
: WARNING: Exit code = 0x8024200B
:::::::::
:: END :: Handler: Command Line Install
:::::::::::::
Preparing update for install, updateId = {8A1DD8C3-CF18-45BE-9F0D-68DBD4A53409}.100.
FATAL: Failed to copy file from C:\Windows\SoftwareDistribution\Download\57418eecd53e3e067a25056fe4892d0420c6ac8a to C:\Windows\SoftwareDistribution\Download\Install\mpips-fe.exe (hr = 80070005) after 10 retries
WARNING: ExtractUpdateFiles failed with 0x80070005.
FATAL: Failed to delete file \\?\C:\Windows\SoftwareDistribution\Download\Install\mpips-fe.exe (hr = 80070005) after 0 retries
REPORT EVENT: {F363E0CC-B0F5-4B28-8C27-631AC7CAD332}	2012-03-15 11:32:37:899-0700	1
REPORT EVENT: {336A98E0-0970-4297-B746-1A8A4B45F3CF}	2012-03-15 11:32:40:099-0700	1
*********
END Agent: Installing updates [CallerId = Forefront TMG]
*************
Triggering Offline detection (non-interactive)
#############
## START ## AU: Search for updates
#########
<<## SUBMITTED ## AU: Search for updates [CallId = {9BB9AE78-F80D-4236-AD77-8E261ABB97E0}]
CWERReporter::HandleEvents - WER report upload completed with status 0x8
WER Report sent: 7.5.7601.17514 0x80070643 A1395633-49F7-4A6C-AEE9-7166E952BCFD Install 101 Unmanaged
CWERReporter finishing event handling. (00000000)
*************
START Agent: Finding updates [CallerId = AutomaticUpdates]
*********
* Online = No; Ignore download priority = No
* Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
* ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
* Search Scope = {Machine}
>>-- RESUMED -- COMAPI: Install [ClientId = Forefront TMG]
- Install call complete (succeeded = 0, succeeded with errors = 0, failed = 2, unaccounted = 0)
- Reboot required = No
- WARNING: Exit code = 0x00000000; Call error code = 0x80240022
---------
-- END -- COMAPI: Install [ClientId = Forefront TMG]
-------------
* Found 0 updates and 68 categories in search; evaluated appl. rules of 1058 out of 2009 deployed entities
*********
END Agent: Finding updates [CallerId = AutomaticUpdates]
*************
>>## RESUMED ## AU: Search for updates [CallId = {9BB9AE78-F80D-4236-AD77-8E261ABB97E0}]
# 0 updates detected
#########
## END ## AU: Search for updates [CallId = {9BB9AE78-F80D-4236-AD77-8E261ABB97E0}]
#############
No featured updates notifications to show
Successfully wrote event for AU health state:0
Successfully wrote event for AU health state:0
REPORT EVENT: {03FCFF25-6464-4C3E-A939-3E46A39BED6A}	2012-03-15 11:32:45:262-0700	1
CWERReporter::HandleEvents - WER report upload completed with status 0x8
WER Report sent: 7.5.7601.17514 0x80070005 72ABF509-5624-4520-A70D-BD25033E2423 Install 101 Unmanaged
CWERReporter finishing event handling. (00000000)

Since it seemed to help some folks that were having trouble downloading the NIS updates, I have also tried downloading the updates with (winhttp) Proxy authentication on and off.

I have also tried recreating the C:\Windows\SoftwareDistribution folder (Stop wuauserv; Rename folder; Start wuauserv; Folder recreated)

Still no luck. Any help or direction you can provide is much appreciated.

Cheers,

John

March 15th, 2012 9:54pm

Hi,

Thank you for the post.

I did some research regarding error 0x80070005, you may perform the following steps and see if it helps:

Step 1: Verify DCOM security

1. Click Start, click Run, type Dcomcnfg, and then click OK.

2. Expand Component Services, and then expand Computers.

3. Right-click My Computer, and then click Properties.

4. Click the COM Security tab.

5. Under Access Permissions, click Edit Default.

6. Verify that the following accounts are listed:

7. If any one of these accounts is missing in the Access Permission box, follow these steps:

a. Click Add, click Advanced, and then click Locations.

b. In the Locations box, click the Local_Computer_Name, and then click OK.

c. Click Find Now.

d. Press CTRL, click the required account names, and then click OK two times.

e. In the Group or User names box, click an account that you added, click Local Access in the Permissions for Account_Name box, and then click to select the check box in the Allow column.

f. Repeat step 7e for all the accounts that you just added, and then click OK.

Step 2: Verify DCOM default properties

1. Click the Default Properties tab.

2. Verify that the following configuration:

The Enable Distributed COM on this computer check box is selected.

In the Default Authentication level box, Connect is selected.

In the Default Impersonation level box, Identify is selected.

3. Make any required changes, and then click OK.

4. Restart the computer.

http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/29d7f9d1-56cd-42f3-bd44-7de8448ef70e

http://social.technet.microsoft.com/Forums/en-US/itprovistasetup/thread/95edbee4-a75c-48ad-91d1-5316a96f9567

Regards,

Free Windows Admin Tool Kit Click here and download it now

March 16th, 2012 5:24am

Hi Nick,

Thanks for your reply. I have a question about Step 1: item #6 as it says "Verify that the following accounts are listed:" but it doesn't tell me which accounts are needed.

The current settings are:

SELF - Allow Local Access; Allow Remote Access

SYSTEM - Allow Local Access; Remote Access Allow and Deny unchecked

Administrators (Local_Computer_Name\Administrators) - Allow Local Access; Allow Remote Access

As far as I know, these settings have not been modified, so they should be default. Are these the correct settings?

Thanks,

John

March 16th, 2012 8:28pm

Hi,

Thank you for the update.

Are these the correct settings? yes, permission setting is correct. Is there any other alert in the dashboard? Please configure to use " Use Microsoft Update Service, directly" in the update center settings and see if it works.

Regards,

Free Windows Admin Tool Kit Click here and download it now

March 22nd, 2012 5:31am

Hi Nick,

Thanks for your message. Apologies for the delay in my reply, I was away from the office last week.

The server was set to "Use Microsoft Update Service, directly.." and a scheduled reboot was performed last night, but the NIS update still fails to install.

There are 2 related alerts in the dashboard:

Definition Updating Failed

Description: An error occurred during an attempt to check for, download, or install definition updates on the server ServerName.
The failure is due to error: 0x80240022

and

Update Center - Updates Not Installed

Description: One or more protection mechanisms did not install updates during the last 45 days. Protection mechanisms that did not install updates: Network Inspection System.
When a protection mechanism is configured to check for updates and not to install them automatically, available updates must be installed manually from the Update Center node.

(The NIS Definition Updates option is set to "Check for and install definitions (recommended)")

The following errors are logged in the System Event Log on the server:

Event 20, WindowsUpdateClient

Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 4.32).

and

Event20, WindowsUpdateClient

Installation Failure: Windows failed to install the following update with error 0x80070005: Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 11.48.0.0).

So it appears that the same problem remains. Any other thoughts?

Thanks,

John

March 27th, 2012 8:02pm

I called Tech support on this one, Took several days and we did several thigns finally got he definitions to install, SO I thought I was good, now I am back in the same boat and am going to have to re-open the ticket. I think there actually may be an issue with the definitions themselves not allowing future updates....or so it seems to be acting that way

Good luck

Free Windows Admin Tool Kit Click here and download it now

October 15th, 2012 8:30pm

Hi Lester,

Thanks for the information, sorry to hear you're having the same problems. Unfortunately, we still have not been able to get the definitions to update. We wanted to take advantage of the feature but have other devices performing IPS, so this issue has been pushed to the back burner for now. Hopefully I can get back to this some time soon.

Good luck, I hope you can get it sorted out and would love to hear the solution if you do.

Cheers,

John

October 16th, 2012 8:54pm

Hi Lester,

Thanks for the information, sorry to hear you're having the same problems. Unfortunately, we still have not been able to get the definitions to update. We wanted to take advantage of the feature but have other devices performing IPS, so this issue has been pushed to the back burner for now. Hopefully I can get back to this some time soon.

Good luck, I hope you can get it sorted out and would love to hear the solution if you do.

Cheers,

John

Hi, John.

We have the same problem.

What solution you have found?

Free Windows Admin Tool Kit Click here and download it now

July 4th, 2013 8:55am

This topic is archived. No further replies will be accepted.