Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[SUS] Why 404 and 200 ? How do I know if everything is OK??

86 views
Skip to first unread message

kennyk

unread,
Oct 22, 2003, 1:36:13 AM10/22/03
to
Below is a part of log file in W3SVC1 folder. Most of my log files
look like this..
I belive the machine 192.168.10.51 was successful in updating from the
server.
But what about all the others in the bottom who are receiving 404?
Why are they getting 404?
And how can I find out what causes them to get that?

Please help if anybody could explain it and tell me how to solve this
problem.

Thanks

------------------------------------------------------------------------------------
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 HEAD /iuident.cab
0310210545 200 Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 GET /iuident.cab
0310210545 200 Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 HEAD
/selfupdate/AU/x86/XP/en/wuaucomp.cab 0310210545 200
Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 GET
/selfupdate/AU/x86/XP/en/wuaucomp.cab 0310210545 200
Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 HEAD /iuident.cab
0310210545 200 Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 GET /wutrack.bin
V=1&U=876d5b7b2c2fd2429965a88cc2a0ebc3&C=iu&A=n&I=&D=&P=5.1.a28.2.100.1.0&L=en-US&S=s&E=00000000&M=&X=031021054544535
200 Industry+Update+Control
2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
/autoupdate/getmanifest.asp - 200
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-10-21 05:45:47 192.168.10.51 - 192.168.1.2 80 GET /wutrack.bin
V=1&U=876d5b7b2c2fd2429965a88cc2a0ebc3&C=au&A=d&I=&D=&P=5.1.a28.2.100.1.0&L=en-US&S=s&E=00000000&M=items%3D8&X=031021054546165
200 Industry+Update+Control
2003-10-21 05:45:47 192.168.10.51 - 192.168.1.2 80 POST
/autoupdatedrivers/getmanifest.asp |-|0|404_Object_Not_Found 404
Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
2003-10-21 05:45:56 192.168.1.248 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:48:38 192.168.1.216 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:51:36 192.168.1.242 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:51:44 192.168.1.230 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:51:53 192.168.1.184 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:52:25 192.168.1.233 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-21 05:53:21 192.168.1.206 - 192.168.1.2 80 GET
/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
------------------------------------------------------------------------------------

neo [mvp outlook]

unread,
Oct 22, 2003, 7:40:37 AM10/22/03
to
Comments will be inline to your post...
--
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.

"kennyk" <khay...@gcrejapan.co.jp> wrote in message
news:225f36f9.03102...@posting.google.com...

You have at least one machine that was able to pull 3 files (most likely
updating the windows update components) and reintitialize succesfully.

> 200 Industry+Update+Control
> 2003-10-21 05:45:45 192.168.10.51 - 192.168.1.2 80 POST
> /autoupdate/getmanifest.asp - 200
> Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
> 2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
> /autoupdate/getmanifest.asp - 200
> Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
> 2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
> /autoupdate/getmanifest.asp - 200
> Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
> 2003-10-21 05:45:46 192.168.10.51 - 192.168.1.2 80 POST
> /autoupdate/getmanifest.asp - 200
> Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
> 2003-10-21 05:45:47 192.168.10.51 - 192.168.1.2 80 GET /wutrack.bin
>
V=1&U=876d5b7b2c2fd2429965a88cc2a0ebc3&C=au&A=d&I=&D=&P=5.1.a28.2.100.1.0&L=
en-US&S=s&E=00000000&M=items%3D8&X=031021054546165
> 200 Industry+Update+Control
> 2003-10-21 05:45:47 192.168.10.51 - 192.168.1.2 80 POST
> /autoupdatedrivers/getmanifest.asp |-|0|404_Object_Not_Found 404

Internal SUS servers do not offer hardware driver updates. Therefore it is
safe to ignore this 404.


> Mozilla/4.0+(compatible;+Win32;+WinHttp.WinHttpRequest.5)
> 2003-10-21 05:45:56 192.168.1.248 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:48:38 192.168.1.216 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:51:36 192.168.1.242 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:51:44 192.168.1.230 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:51:53 192.168.1.184 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:52:25 192.168.1.233 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600
> 2003-10-21 05:53:21 192.168.1.206 - 192.168.1.2 80 GET
> /<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

SUS installs the IISLockdown tools. This 404 indicates that verbs
pertaining to WebDAV have been disabled. (quite normal and safe to ignore
since the clients do not use WebDAV to pull the files.) What I don't see in
the IIS log files is machines pulling files. Therefore I would pull the
Windows Update.log file from one of the machines above (e.g. 192.168.1.206)
and see what the client workstation is logging.


kennyk

unread,
Oct 22, 2003, 10:24:09 PM10/22/03
to
> SUS installs the IISLockdown tools. This 404 indicates that verbs
> pertaining to WebDAV have been disabled. (quite normal and safe to ignore
> since the clients do not use WebDAV to pull the files.) What I don't see in
> the IIS log files is machines pulling files. Therefore I would pull the
> Windows Update.log file from one of the machines above (e.g. 192.168.1.206)
> and see what the client workstation is logging.

Thanks for your response, NEO.

I have pulled all lines pertaining to this one client (192.168.1.212)
which was getting the webDAV 404 error as below from log file on 10/22
in W3SVC1 folder.


All lines related to 1921.168.1.212 found in the IIS Log file for
10/22
---------------------------------------------------------------------

2003-10-22 00:12:09 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 00:48:41 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 01:18:21 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 02:10:04 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 05:26:34 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 05:26:34 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 06:53:27 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 08:14:02 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 09:24:17 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 09:24:17 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 23:44:52 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

2003-10-22 23:45:08 192.168.1.212 - 192.168.1.2 80 GET


/<Rejected-By-UrlScan> ~/ 404 Microsoft-WebDAV-MiniRedir/5.1.2600

---------------------------------------------------------------------

And below is what 192.168.1.212 had in her windows update log in her
Windows directory.
---------------------------------------------------------------------
2003-10-22 08:51:23 23:51:23 Success IUCTL Starting
2003-10-22 08:51:23 23:51:23 Success IUCTL Downloaded
iuident.cab from http://capital_server to C:\Program
Files\WindowsUpdate\V4
2003-10-22 08:51:23 23:51:23 Success IUENGINE Starting
2003-10-22 08:51:23 23:51:23 Success IUENGINE Determining
machine configuration
2003-10-22 08:51:24 23:51:24 Success IUENGINE Querying
software update catalog from
http://capital_server/autoupdate/getmanifest.asp
2003-10-22 08:51:24 23:51:24 Success IUENGINE Determining
machine configuration
2003-10-22 08:51:24 23:51:24 Success IUENGINE Querying
software update catalog from
http://capital_server/autoupdate/getmanifest.asp
2003-10-22 08:51:24 23:51:24 Success IUENGINE Determining
machine configuration
2003-10-22 08:51:24 23:51:24 Success IUENGINE Querying
software update catalog from
http://capital_server/autoupdate/getmanifest.asp
2003-10-22 08:51:25 23:51:25 Success IUENGINE Determining
machine configuration
2003-10-22 08:51:25 23:51:25 Success IUENGINE Querying
software update catalog from
http://capital_server/autoupdate/getmanifest.asp
2003-10-22 08:51:26 23:51:26 Success IUENGINE Determining
machine configuration
2003-10-22 08:51:26 23:51:26 Error IUENGINE Querying
software update catalog from
http://capital_server/autoupdatedrivers/getmanifest.asp (Error
0x80190194)
2003-10-22 08:51:26 23:51:26 Success IUENGINE Shutting down
2003-10-22 08:51:26 23:51:26 Success IUCTL Shutting down
---------------------------------------------------------------------

The 2 files' time is not the same, I believe one is recording log in
GMT, and other in the Japan's local time (GMT +9). Confusing.. but
even when you look at the minutes, there is no match between the 2
files.

When I look at the entire windows update log in 192.168.1.212, seems
like the update was never done from SUS server before. I have
installed SUS only about 3 weeks ago.

However, in the system log of 192.168.1.212, I see an Automatic Update
is scheduled to be installed on 10/27, which is next Monday. I guess I
should wait
till Monday, then see the Windows Update log in the client.

Any advice will be appreciated.

Thanks,

KennyK

neo [mvp outlook]

unread,
Oct 23, 2003, 7:57:06 AM10/23/03
to
No errors in the log is a good thing and it is good to read that you noticed
that a scheduled install is set to happen on 10/27. As for the Windows
Update.Log file posting 2 times, it is quite normal. First is the users
local time and the second is GMT. Therefore you will find a matching entry
for this machine in the 10/21 IIS log with a time stamp of 23:51.

Could you do me a favor and post the registry values for these sections. (If
you don't feel comfortable posting them here, you can send them to me and I
promise to look for it in this e-mail account.)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


"kennyk" <khay...@gcrejapan.co.jp> wrote in message
news:225f36f9.03102...@posting.google.com...

> > SUS installs the IISLockdown tools. This 404 indicates that verbs
> > pertaining to WebDAV have been disabled. (quite normal and safe to
ignore

<SNIP>

kennyk

unread,
Oct 24, 2003, 2:46:31 AM10/24/03
to
Thank you NEO, here are the regisry keys from one of the clients whose
Event Log tells there will be an update on 10/27.


> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]
"PingID"=hex:eb,eb,3e,0c,24,39,d5,49,88,80,d8,e1,5b,41,29,28
"AccountDomainSid"=hex:01,04,00,00,00,00,00,05,15,00,00,00,29,9c,bc,51,4f,75,\
23,2d,2a,d0,54,00,f8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update]
"AUOptions"=dword:00000003
"AUState"=dword:00000005
"ScheduledInstallDate"="2003.10.27 10:00:00"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\IUControl]
"SelfUpdateStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OemInfo]
"Mask"=dword:00000013
"OemInfoVersion"=dword:00000002
"AcpiOem"="COMPAQ"
"AcpiProduct"="DSDT"
"IniOem"="Compaq Computer Corporation"
"WbemOem"="Compaq"
"WbemProduct"="Evo D510 SFF"
"OemSupportURL"="http://www.compaq.com"


> HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://capital_server"
"WUStatusServer"="http://capital_server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000002
"ScheduledInstallTime"=dword:0000000a
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000004

> HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000002
"ScheduledInstallTime"=dword:0000000a
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000004

I am not sure how many of the clients have this same setting. I know
it depends on the OS and SP version. But I can't go to each machine
and check it. I have used MSBA to find out which updates were not doen
on the clients, but that tool dumps too much info, not sure how to
utilize it in an efficient way. Do you have any suggestion on how to
use it? Or is there any other tools you could recommend?

Thanks,

KennyK

neo [mvp outlook]

unread,
Oct 24, 2003, 7:36:50 AM10/24/03
to
Looking at:

> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
> "NoAutoRebootWithLoggedOnUsers"=dword:00000001
> "NoAutoUpdate"=dword:00000000
> "AUOptions"=dword:00000004
> "ScheduledInstallDay"=dword:00000002
> "ScheduledInstallTime"=dword:0000000a
> "UseWUServer"=dword:00000001
> "RescheduleWaitTime"=dword:00000004

Tells me that the site (or OU) has decided to go with a scheduled install to
happen on Monday's at 10am. If the machine is off at the time of the
scheduled install and turned on at a later time, the software will try to
install the patches after 4 minutes.

If you want to force the same settings on all machines and you have an
Active Directory domain, use a GPO. This way all Windows 2000/XP/2003
machines will have the same settings.

I haven't found the perfect tool yet to do remediation on patch deployment.
I'm crossing between looking for errors only in the IIS logs + using
hfnetchk to sample internal subnets to see how well the process is going.

--
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.

"kennyk" <khay...@gcrejapan.co.jp> wrote in message
news:225f36f9.03102...@posting.google.com...

0 new messages