Cannot contact Windows Update Agent on target computer...
Paolo Vecchi
doesn't scan wua on my workstations (xp sp2 perfectly updated with the
firewall enabled).
Can You help me?
Thanks in advance
Paolo
Kurt Sarens [MSFT]
Are you remotely scanning your system from another PC?
Can you provide the complete error message you receive when you attempt to
scan your system?
Please make sure that the WUA service is not dissabled on your systems.
Thanks,
Kurt Sarens [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Paolo Vecchi" <Paolo...@discussions.microsoft.com> wrote in message
news:D79C724C-A07A-47DA...@microsoft.com...
Paolo Vecchi
The error message is: Cannot contact Windows Update Agent on target
computer, possibly due to firewall settings.
If I disable firewall all is good, but ;-)
I've opened all recomended TCP/UDP ports, all required services are running,
endpoints is added to registry, I'm using administrator rights, WUA is
enabled in all workstations using GPO and PCs are regulary updated.
If I scan another system (not xp sp2) all is good.
Thanks
Kurt Sarens [MSFT]
Thanks for this info.
I think that your Firewall is blocking the DCOM port for WUA.
Did you follow the complete procedure:
DCOM allocates a dynamic port by default, but a firewall blocks access to
these ports unless explicitly opened by using the following procedure:
1.
Open port 135 and a custom port in your firewall (some firewalls may
allow port 135 by default). The port you select should be checked to ensure
it is appropriate, or not associated with other applications.
2.
Configure Windows Update Agent to use this static custom port by
setting a registry key as follows: HKEY_LOCAL_MACHINE\Software\Classes
\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}\Endpoints REG_MULTI_SZ
“ncacn_ip_tcp,0,n” (where n is the port number you have decided to use.) You
may also configure the endpoint using the Component Services application in
Control Panel. The Windows Update Agent - Remote Access endpoint is located
under the path Component Services\Computers\My Computer\DCOM Config.
Right-click and select Properties, then use the Endpoints tab on the
Properties page to configure the static port.
Thanks,
Kurt Sarens [MSFT]
Security Resources online: http://support.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no
rights.
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
"Paolo Vecchi" <Paolo...@discussions.microsoft.com> wrote in message
news:B2D49D49-86C3-4EC2...@microsoft.com...
Paolo Vecchi
I've setted the endpoint to port 3125 TCP and I've opened this port on the
firewall.
I've restarted and... Cannot contact Windows Update Agent :-(
As second try, I've cancelled the endpoint and I've setted the endpoint for
windows update agent - remote access... and restarted
All wrong !!!
Thanks
Paolo
Kurt Sarens [MSFT]
Your firewall is still blocking something, that's for sure.
Did you follow the steps as lined out in the FAQ:
http://www.microsoft.com/technet/security/tools/mbsa2/qa.mspx
see question: How can I scan a computer that is protected by a firewall?
It is rather important that you follow these exactly and not to skip a step.
If you did follow as lined out, we need to get some more information to
troubleshoot this.
Can you get a network trace from the scanning system, when attempting to
scan the remote system?
Also review the Firewall log on the scanned system to check what is getting
dropped.
Combining the 2 will pin-point the problem.
Thanks,
Kurt
"Paolo Vecchi" <Paolo...@discussions.microsoft.com> wrote in message
news:2A9AF9C6-D601-40C8...@microsoft.com...