Damaged or Invalid Catalog
Lyall Kingman
or invalid catalog".
Any solutions would be appreciated.
Lyall Kingman
Doug Neal [MSFT]
If you have unrestricted access to the internet, you should not be getting
this error since all necessary files are automatically downloaded from the
itnernet when MBSA is run. If you're still running the original release of
MBSA (version 2.1.2102.0) - which you can check using the MBSA GUI and
choosing "About Microsoft Baseline Security Analyzer"), you should upgrade
to the final version (2.1.2104.0) that was released to resolve this exact
issue.
Also - with the release of MBSA 2.1, there is an additional file
(wuredist.cab) that is required beyond the previously-documented files
needed for a successful offline scan (where you do not have direct access to
the internet for MBSA). All needed files are documetned in the MBSA FAQ
under the section titled, "MBSA uses files that it downloads from the
Internet, but the computer I want to use to scan my network doesn't have
Internet access. How can I use MBSA in an offline and secure environment?"
which I have included below:
Q: MBSA uses files that it downloads from the Internet, but the computer I
want to use to scan my network doesn't have Internet access. How can I use
MBSA in an offline and secure environment?
You can either perform the scan using the mbsacli command-line utility with
the /nd (do not download) parameter, or you can perform the scan using the
GUI. Before scanning you must copy the necessary files to the computer
performing the scan. Four types of files are required:
a.. Security update catalog (wsusscn2.cab), available from the Microsoft
Web site
b.. Windows Update Redistribution Catalog (wuredist.cab) located at
http://update.microsoft.com/redist/wuredist.cab
c.. Authorization catalog (muauth.cab) for Windows Update site access,
available from the Microsoft Web site or by examining the contents of the
wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab
d.. Windows Update Agent standalone installers (if not already installed):
a.. For x86-based computers (WindowsUpdateAgent30-x86.exe) or
b.. For x64-based computers (WindowsUpdateAgent30-x64.exe) or
c.. For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest
versions are available by examining the contents of the wuredist.cab file
located at http://update.microsoft.com/redist/wuredist.cab
After downloading the files from the Microsoft Web site, copy all files
listed above to the following folder on the computer performing the security
update scan:
C:\Documents and Settings\<username>\Local Settings\Application
Data\Microsoft\MBSA\2.1\Cache
Important: To ensure that MBSA has access to the most current versions of
these files, you should download them on a weekly basis or after any release
of security bulletins from Microsoft. This is especially important in the
case of the security update catalog (Wsusscn2.cab) because Microsoft
releases an updated version of this file whenever new security bulletins are
released or updated.
When you run MBSA to perform security update checks on remote computers,
MBSA deploys the Windows Update Agent to the remote computer. Although an
ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is
available for Itanium-based computers, MBSA does not automatically deploy
this version. It must be installed and configureed on Itanium-based
computers before performing a security scan on those computers.
I hope that helps...
--
--
Doug Neal [MSFT]
du...@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
"Lyall Kingman" <ki...@sunsite.dk> wrote in message
news:u9EkWVI2...@TK2MSFTNGP04.phx.gbl...
SMS-Curious guy
mbsacli /target (myservername goes here) /nd /o results.xml /catalog
wsusscn2.cab
All of the four files have been previously placed in the cache directory
mentioned previously.
I've also downloaded the Visio 2003 Connector for MBSA which as listed on
the MS Site works with MBSA 2.1 as well (latest version)
I run the command line above to generate the XML file which has 0 bytes ? I
am not sure why there were no error messages listed. I have administrator
rights on the machines I am scanning.
I receive this message in the XML file report:
XML document must have a top level element. Error processing resource
'file:///C:/Program Files/Microsoft Baseline Security...
Even after I select allow access from the active x option.
Also with the four files copied to the cache directory it still will not run
in the GUI if a profile or policy blocks internet access due to internal
policies.
I am not completely happy with version 2.1 it is not as easy to use and I
still haven't been able to complete 1 successful scan. Also the older version
would download the cab file, run the scan and then open the GUI to show the
results. This version does not do that - What is the benefit to taking two
steps as opposed to one?
1. Generate XML, then...
2. Import XML to see report?
This is now a two step process...?
And finally- now we need an agent on both the scanner and the machine we are
scanning?
Can you please help? This is not a good solution.
I may need to defer back to the older MBSA version.