How to troubleshoot catalog file downloads for Microsoft Baseline Security Analyzer 1.2 (842432)


The information in this article applies to:

  • Microsoft Systems Management Server 2.0
  • Microsoft Systems Management Server 2003
  • Microsoft Baseline Security Analyzer 1.2

INTRODUCTION

The Microsoft Baseline Security Analyzer (MBSA) 1.2 is the scan engine for the Microsoft Systems Management Server (SMS) 2003 Software Update Scanning Tools and the SMS 2.0 Software Update Services Feature Pack. However, you can also use the MBSA as a stand-alone tool.

The MBSA uses an XML-based catalog file, mssecure.xml, to determine the security updates that are available. The catalog file is compressed and is stored in the mssecure.cab file.

Microsoft updates and posts the catalog file to the Microsoft Download Center after a new security bulletin is released. In some circumstances, the updated catalog file may not be downloaded by SMS or by the MBSA.

MORE INFORMATION

You can use the following information to help you determine if the catalog was updated. You can also use the following information to help troubleshoot if the latest version was not downloaded. You can determine if Microsoft has released an updated catalog file by visiting the following Microsoft Web sites.

To download the English version of the .cab file, visit the following Web site:

SMS 2003 and SMS 2.0http://go.microsoft.com/fwlink/?LinkId=23130

To download the Japanese version of the .cab file, visit the following Web site:

SMS 2003http://go.microsoft.com/fwlink/?LinkId=26834
SMS 2.0http://go.microsoft.com/fwlink/?LinkId=18120

To download the German version of the .cab file, visit the following Web site:

SMS 2003http://go.microsoft.com/fwlink/?LinkId=26836
SMS 2.0http://go.microsoft.com/fwlink/?LinkId=18121

To download the French version of the .cab file, visit the following Web site:

SMS 2003http://go.microsoft.com/fwlink/?LinkId=26835
SMS 2.0http://go.microsoft.com/fwlink/?LinkId=18122


After you download the .cab file, double-click the .cab file, double-click the .xml file, and then specify a location to extract the mssecure.xml file. Double-click the mssecure.xml file to view the version information. The catalog version information is located at the top of the mssecure.xml file. An example of the catalog version information is:

<BulletinDatastore DataVersion="1.0.1.518" LastDataUpdate="05/11/2004"

If the file is current, but an older version of the catalog is still used by SMS, a cached older version of the file may have been copied from a corporate or Internet Service Provider (ISP) proxy server. We do not recommend that you cache the catalog file. However, individual proxy servers may be configured to cache the catalog file.

To determine if SMS is using a cached catalog file, use Microsoft Network Monitor or another network capture tool to view the download process. Start the trace immediately before you download the file. Stop the network trace immediately after the MSSecure.cab file is saved to the computer. You can filter the trace to show only HTTP traffic. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

148942 How to capture network traffic with Network Monitor

You can confirm that the catalog file is cached by viewing the frames that contain the HTTP responses to the client. A sample trace may appear similar to the following example.

Note This example has been edited for brevity and contains only the relevant information from the response packet.

    HTTP: Response to Client; HTTP/1.1; Status Code = 302 - Found
    HTTP: Protocol Version =HTTP/1.1
    HTTP: Status Code = Found
    HTTP: Reason =Found
    HTTP: Connection =Keep-Alive
    HTTP: Proxy-connection =Keep-Alive
    HTTP: Content-Length =216
    HTTP: Location =http://download.microsoft.com/download/0/d/b/0db2e5d7-0ba9-4856-b51f
...
00110:  0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 74 70 3A   .Location: http:
00120:  2F 2F 64 6F 77 6E 6C 6F 61 64 2E 6D 69 63 72 6F   //download.micro
00130:  73 6F 66 74 2E 63 6F 6D 2F 64 6F 77 6E 6C 6F 61   soft.com/downloa
00140:  64 2F 30 2F 64 2F 62 2F 30 64 62 32 65 35 64 37   d/0/d/b/0db2e5d7
00150:  2D 30 62 61 39 2D 34 38 35 36 2D 62 35 31 66 2D   -0ba9-4856-b51f-
00160:  64 62 37 63 30 62 38 33 38 63 36 38 2F 4D 53 53   db7c0b838c68/MSS
00170:  65 63 75 72 65 5F 31 30 33 33 2E 43 41 42 0D 0A   ecure_1033.CAB..
00180:  43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65   Content-Type: te
00190:  78 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74   xt/html; charset
001A0:  3D 75 74 66 2D 38 0D 0A 53 65 72 76 65 72 3A 20   =utf-8.....

The key indicator that this file is being cached is the "HTTP: Proxy-connection" entry. This entry points to a proxy server. The data near the bottom of the frame shows the full path of the .cab file, including its file name.

Note The URL may be different depending on the version and release date of the .cab file.

If, by viewing the network trace, you verify that the .cab file is being cached, contact your network administrator or your ISP and request that the MSSecure.cab file not be cached.

If you have another computer that is available on another network, you can try to download the .cab file from the second computer. Then, you can manually copy the .cab file to the first computer. By default, the stand-alone version of MBSA stores the catalog file in the \Program Files\Microsoft Baseline Security Analyzer folder.

The SMS 2003 Synchronization component (Syncxml.exe) downloads the latest version of MBSA and downloads the Security Update Bulletin Catalog (mssecure.xml), which contains a list of the latest hotfixes.Then the Syncxml.exe component copies the latest hotfix list on the SMS distribution points. You can use the contents of the %SystemRoot%\System32\Ccm\Logs\Securitysyncxml.log file to troubleshoot this component.

The Security Hotfix Checker scan tool (S_scan.exe) is part of the Security Update Inventory Tool in the SMS 2.0 Software Update Services Feature Pack. You can run the S_scan.exe tool on client computers to download the mssecure.xml file and scan the computer using the Hardware Inventory Agent. You can use the contents of the %SystemRoot%\System32\Ccm\Logs\Securitypatch.log file to troubleshoot this component. This log file will have a list of applicable hotfixes for a particular computer.

REFERENCES

For more information about the Microsoft Baseline Security Analyzer, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

For more information about SMS 2003 Software Update Scanning Tools, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/downloads/2003/featurepacks/suspack/default.asp

For more information about the SMS 2.0 Software Update Services Feature Pack, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/downloads/20/featurepacks/suspack/

For additional information about how to use Network Monitor to capture network traffic, click the following article number to view the article in the Microsoft Knowledge Base:

812953 How to use Network Monitor to capture network traffic

For additional information about how to filter cache entries in Microsoft Internet Security and Acceleration (ISA) Server, click the following article number to view the article in the Microsoft Knowledge Base:

310100 How to filter cache entries in ISA Server 2000

For more information about Hypertext Transfer Protocol (HTTP) 1.1, visit the following Internet Engineering Task Force Web site:

http://www.ietf.org/rfc/rfc2616.txt?number=2616

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For more information about SMS Feature Packs, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/evaluation/overview/featurepacks/default.asp

For more information about frequently asked questions about the SMS Software Update Services Feature Pack, visit the following Microsoft Web site:

http://www.microsoft.com/smserver/support/susfaq.asp

For more information about Software Update Services deployment, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx

For additional information about how to install multiple Windows updates or hotfixes with only one reboot, click the following article number to view the article in the Microsoft Knowledge Base:

296861 How to install multiple Windows updates or hotfixes with only one reboot

For more information about the SMS Feature Pack Sync Tool Teardown A to Z, visit the following Web site:

http://myitforum.techtarget.com/articles/1/view.asp?id=5281

For more information about SMS Feature Pack Scan Tool - Unleashed, visit the following Web site:

http://myitforum.techtarget.com/articles/20/view.asp?id=5438

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Modification Type:MajorLast Reviewed:2/1/2005
Keywords:kbsmsUtil kbnetwork kbtshoot kbinterop kbSoftwareDist kbMiscTools kbinfo KB842432 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.