How to manually update the Security Update Bulletin Catalog file for Systems Management Server 2.0 (889430)


The information in this article applies to:

  • Microsoft Systems Management Server 2.0

INTRODUCTION

This article describes how to manually update the Security Update Bulletin Catalog file (MSSecure.xml). You may have to do this when the Security Update Inventory Tool in Microsoft Systems Management Server 2.0 cannot update the file because of a firewall policy.

MORE INFORMATION

The Security Update Bulletin Catalog file is the security updates database that the Microsoft Baseline Security Analyzer (MBSA) and the Security Update Inventory Tool use to determine the following:
  • The security updates that are installed on your computer.
  • The security updates that have not yet been installed.
By default, the Security Update Inventory Tool automatically and regularly downloads the latest version of this database. The Security Update Inventory Tool uses SMS distribution points to distribute the database to the computers in your enterprise.

However, a firewall may prevent the Security Update Inventory Tool from automatically updating the Security Update Bulletin Catalog file. In this case, you can use the Syncxml.exe tool to manually download the file. To do this, follow these steps:
  1. Use an account that has administrative credentials to log on to the computer where the Security Update Inventory Tool is installed.
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, type the following:

    syncxml.exe /s /target path /site ServerName /code SiteCode /package PackageName



    For example, type syncxml.exe /s /site SMSSUN /code S02 /target \\SMSServer\C$\Program Files\SecurityPatch /package S020000D

    The Syncxml.log file is written to the Temp folder of the user context that is running the task. If you log on as Administrator and manually run the Syncxml.exe tool, the Syncxm.logl file is written to the Documents and Settings\Administrator\Local Settings\Temp folder on the computer where the Security Update Inventory Tool is installed.
  4. If you do not have Internet access from the computer that is running the Security Update Inventory Tool, you can manually download the Security Update Bulletin Catalog file. To download this file, visit the following Microsoft Web site:

    http://go.microsoft.com/fwlink/?LinkID=18922

The firewall or the proxy server may not let the SMSCliToknAcct& account access the Internet. In this scenario, examine the SecuritySyncXML.log that is contained in the Documents and Settings\Administrator\Local Settings\Temp folder for any errors. For example, the SecuritySyncXML.log may report the following error:
Initialized log file - SyncXML started at 3/20/2003 2:01:33 PM
Command line specified package to update on DPs as R0100006
Command line specified folder to update as \\USCSCMGB3\D$\Program Files\SecurityPatch2.
Command line specified site code: R01.
Command line specified site server: USCSCMGB3.
Specified folder is local, changing it to: D:\PROGRAM FILES\SECURITYPATCH2 Download failed - http://go.microsoft.com/fwlink/?LinkId=9160
Sync tool failed to download "http://go.microsoft.com/fwlink/?LinkId=9160". Error code: 5
In this example, the SMSCliToknAcct& account does not have access through the proxy server or through the firewall. Use one of the following methods to enable access for the SMSCliToknAcct& account:
  • On the proxy server or on the firewall, grant the required permissions to this specific account.
  • Some proxy servers or firewalls may grant permissions to an IP address to pass through unauthenticated. To resolve this problem, you can add the IP address of the host server that is running the Security Update Inventory Tool to the list of IP addresses that can pass through without authentication.
Modification Type:MinorLast Reviewed:6/13/2005
Keywords:kbhowto KB889430 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.