January 2007 - Posts
We are doing the ITMU V3 upgrade for the entire company and it is suppose an easy upgrade (Microsoft is getting better!). We did it in the LAB and one down level Primary Site, the upgrade went without issues. But when we tried to do the same for our Global Central Site, the upgrade failed during catalog sync process with the following errors:
An Error was encountered while updating the Database.(Error code: 0x0000000B)
Here is what we see in WSUSSyncXML.log
UpdateWUSCatalog(09:38:15): error 0x80041001, Generic failure, SQL command failed: , returned from SMS_UpdatePrograms::PutInstance(UpdateID=6135)
Also some errors in smsprov.log mention that can't find the package to upgrade (I didn't save the exact error).
We called Microsoft PSS support and worked with their tech and tried to upgrade MSXML 3.0 SP5 and also tried to recompile smsprov.mof file without success. Finally after checking MS error database he found out the problem is because we renamed our ITMU packages. Since this is a global central site, our SMS engineer added "Global" to every ITMU package!
After we removed "Global" from each ITMU package, the upgrade went like a charm!
Here is a query to get machine name from serial number:
select SMS_R_System.NetbiosName, SMS_G_System_PC_BIOS.SerialNumber from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.SerialNumber like ##PRM:SMS_G_System_PC_BIOS.SerialNumber##
One of the pre-requirement to deploy ITMU is that the automatic update service should be set to automatic and should be in started state.
Here is a VB script to check the automatic update service status and change it to automatic and start the service if applicable.
Option Explicit
On Error Resume Next
Dim objDictionary
Dim objFSO
Dim objTextFile
Dim strNextLine
Dim strComputer
Dim result
Dim objItem
Dim TxtFile
Dim i
Dim Dping
Dim Pinged
Dim pingresult
Dim arrPingResult
Dim u
Dim objWMIService
Dim colStoppedServices
Dim objService
Const ForReading = 1
TxtFile = "C:\Myworkplace\Clientlist.txt" 'fetch clients list from a txt file to a dictionary
Set objDictionary = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
(TxtFile, ForReading)
i = 0
Do Until objTextFile.AtEndofStream
strNextLine = objTextFile.Readline
objDictionary.Add i, strNextLine
i = i + 1
Loop
For Each objItem in objDictionary
strComputer = objDictionary.Item(objItem)
Set Dping = Wscript.Createobject("Dynu.Ping")
Pinged = False
pingresult = DPing.ping(strComputer, 1, 1, 2000) 'ping clients
arrPingResult = Split(PingResult,vbCRLF)
For u = 0 To UBound(arrPingResult)
If InStr(1,arrPingResult(u),"bytes=1",1) > 0 Then
Pinged = True
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2")
Set colStoppedServices = objWMIService.ExecQuery _
("Select * From Win32_Service Where name = 'Wuauserv'and startMode = 'Disabled'")
For Each objService in colStoppedServices
Wscript.Echo strComputer
Wscript.Echo objService.DisplayName & " = " & objService.StartMode
Wscript.Echo objService.DisplayName & " = " & objService.State
errReturnCode = objService.Change( , , , , "Automatic")
objService.StartService()
Next
End If
Next
If Pinged = False Then
WScript.Echo("Unable to ping " & strComputer)
End if
Next
Here is a SMS query to create a collection including all the window server 2003 and window 2000 SP4 servers but exclude domain controllers and SMS primary servers. It also excludes servers in certain subnet. It excludes 64 bit servers as well.
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_NETWORK_ADAPTER_CONFIGURATION on SMS_G_System_NETWORK_ADAPTER_CONFIGURATION.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%Server 5.0%" and SMS_G_System_OPERATING_SYSTEM.CSDVersion >= "Service Pack 4" and SMS_R_System.IPSubnets != "10.1.1.0" and SMS_G_System_COMPUTER_SYSTEM.DomainRole < 4 and SMS_R_System.ResourceDomainORWorkgroup = "ADDOMAIN" and SMS_R_System.ResourceId not in (select SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID from SMS_G_System_ADD_REMOVE_PROGRAMS where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Microsoft Systems Management Server 2003 Primary Site") or SMS_R_System.OperatingSystemNameandVersion like "%Server 5.2%" and SMS_R_System.IPSubnets != "10.1.1.0" and SMS_G_System_COMPUTER_SYSTEM.SystemType != "x64-based PC" and SMS_G_System_COMPUTER_SYSTEM.DomainRole < 4 and SMS_R_System.ResourceDomainORWorkgroup = "ADDOMAIN" and SMS_R_System.ResourceId not in (select SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID from SMS_G_System_ADD_REMOVE_PROGRAMS where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Microsoft Systems Management Server 2003 Primary Site")
If you want to move a few clients to a different server, then copy the Grc.dat file from the new parent servers to all the clients that you want to be managed by the new parent server. This can be done through many distribution methods, ie. logon scripts or SMS.
Where to find the Grc.dat file on the parent server
The default location is C:\Program Files\SAV
Where to put the Grc.dat file on the client
- Windows NT: The default folder location is C:\WINNT\Profiles\All Users\Application Data\Symantec\Symantec Antivirus Corporate Edition\7.5\.
- Windows 2000/2003/XP: The default folder location is C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\.
Notes: If you want to move the clients to a different parent server and also add them to a specific client group, use the Grc.dat file from the directory C:\Program Files\SAV\Groups\<groupname>, where <groupname> represents the name of the client group.
If you need to add a user or group to local administrators group or any local group for that matter. The command is as follows:
net localgroup Administrators "Domain\xxx_group" /add
Then you can use SMS to push this to the clients.
It also could be used to remove a group from a local group.
Here is a VB script to check the Symantec Antivirus Client version and the virus definition date against a list of machines. What it does is to read registry remotely through WMI to get Symantec Antivirus version and their parent server for the clients. It also connect to c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat on the clients and to read the CurDefs information from the file.
On Error Resume Next
Const ForReading = 1
Const HKEY_LOCAL_MACHINE = &H80000002
x = 2
'Create an Excel Work Sheet
Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add
objExcel.Cells(1, 1).Value = "Machine Name"
objExcel.Cells(1, 2).Value = "Parent Server"
objExcel.Cells(1, 3).Value = "SAV Version"
objExcel.Cells(1, 4).Value = "Virus Definition"
objExcel.Cells(1, 5).Value = "Rev Number"
objExcel.Cells(1, 6).Value = "Status"
objExcel.Cells(1, 7).Value = "Report Time Stamp"
objExcel.Range("A1:G1").Select
objExcel.Selection.Interior.ColorIndex = 19
objExcel.Selection.Font.ColorIndex = 11
objExcel.Selection.Font.Bold = True
objExcel.Cells.EntireColumn.AutoFit
'Read machine names from a txt file
Set Fso = CreateObject("Scripting.FileSystemObject")
Set InputFile = fso.OpenTextFile("MachineList.Txt")
Do While Not (InputFile.atEndOfStream)
strComputer = InputFile.ReadLine
intRow = x
objExcel.Cells(intRow, 1).Value = strComputer
GetRegInfo
GetDefInfo
objExcel.Cells(intRow, 7).Value = Now()
set strValue = Nothing
set dwValue = Nothing
set strSavVersion = Nothing
set objFSO = Nothing
Set objFile = Nothing
Set dtDefDate = Nothing
Set strRevNumber= Nothing
x = x + 1
Loop
Wscript.Echo "Done"
'*********************************************************************************************************
'Get information from Registry
Sub GetRegInfo
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"
strParent = "Parent"
strProversion = "ProductVersion"
oReg.GetStringValue _
HKEY_LOCAL_MACHINE,strKeyPath,strParent,strValue
objExcel.Cells(intRow, 2).Value = strValue
oReg.GetDWORDValue _
HKEY_LOCAL_MACHINE,strKeyPath,strProversion,dwValue
Select Case dwValue
Case 328336375
strSavVersion ="10.1.5.5010"
Case 23528424
strSavVersion = "10.0.0.359"
Case 65537001
strSavVersion = "10.0.1.1000"
Case 65995753
strSavVersion = "10.0.1.1007"
Case 66061289
strSavVersion = "10.0.1.1008"
Case 131073002
strSavVersion = "10.0.2.2000"
Case 131138538
strSavVersion = "10.0.2.2001"
Case 131728362
strSavVersion = "10.0.2.2010"
Case 132383722
strSavVersion = "10.0.2.2020"
Case 132449258
strSavVersion = "10.0.2.2021"
Case 25822194
stSavVersion = "10.1.0.394"
Case 25953266
strSavVersion = "10.1.0.396"
Case 26215410
strSavVersion = "10.1.0.400"
Case 26280946
strSavVersion = "10.1.0.401"
Case 65536905
strSavVersion = "9.0.5.1000"
Case 72090503
strSavVersion = "9.0.3.1100"
Case 65536903
strSavVersion = "9.0.3.1000"
Case 65536902
strSavVersion = "9.0.2.1000"
Case 65536901
strSavVersion = "9.0.1.1000"
Case 22152068
StrSavversion = "9.0.0.338"
Case 21562155
strSavVersion = "8.1.1.329"
Case 21168939
strSavVersion = "8.1.1.323"
Case 20906795
strSavVersion = "8.1.1.319"
Case 20579115
strSavVersion = "8.1.1.314"
Case 54068001
strSavVersion = "8.1.0.825"
Case 29950753
strSavVersion = "8.0.1.457"
Case 614597408
strSavVersion = "8.0.0.9378"
Case 614335264
strSavVersion = "8.0.0.9374"
Case 29229856
strSavVersion = "8.0.0.446"
Case 28640032
strSavVersion = "8.0.0.437"
Case 28443424
strSavVersion = "8.0.0.434"
Case 28115744
strSavVersion = "8.0.0.429"
Case 27853600
strSavVersion = "8.0.0.425"
Case 85197700
strSavVersion = "7.60.926"
Case 61997817
strSavVersion = "7.6.1.946"
Case 61473529
strSavVersion = "7.6.1.938"
Case 60949241
strSavVersion = "7.6.1.930"
Case 60687096
strSavVersion = "7.6.1.926"
Case 55509743
strSavVersion = "7.5.1.847"
Case 48366268
strSavVersion = "7.0.0"
End Select
objExcel.Cells(intRow, 3).Value = strSavVersion
End Sub
'*******************************************************************************************************************
'Get Virus definition from definfo.dat.
Sub GetDefInfo
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\" & strComputer & _
"\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat")
If objFSO.FileExists(objFile) Then
Set objDatFile = objFSO.OpenTextFile(objFile, 1)
Do Until objDatFile.AtEndOfStream
strLine = objDatFile.Readline
intCurDefs = InStr(strLine , "CurDefs")
If intCurDefs > 0 Then
strCurDefs = strLine
strDateDefs = Mid(strCurDefs, 9, 8)
dtYear = Left(strDateDefs, 4)
dtMonth = Mid(strDateDefs, 5, 2)
dtDay = Right(strDateDefs, 2)
DateVirDefs = dtMonth & "/" & dtDay & "/" & dtYear
dtDefDate = CDate(DatevirDefs)
objExcel.Cells(intRow, 4).Value = dtDefDate
If (date - dtDefDate) = 1 Then
objExcel.Cells(intRow, 6).Value = "OK"
Else
objExcel.Cells(intRow, 6).Value = "Need Attention!"
End If
strRevNumber = Right(strCurDefs, 3)
objExcel.Cells(intRow, 5).Value = strRevNumber
End If
Loop
objDatFile.Close
Else
objExcel.Cells(intRow, 4).Value = "The file definfo.dat does not exist"
End If
End Sub
It’s a rather stressful weekend that our SMS operation team has to try to deploy an application to a group of users to meet the Monday deadline in the last minute notice.
We determined that we have to use AD Security Group Distribution as there are no other ways to identify the machine names for the users. We do this on the fly and as this option was never in production. There was a few tests in small scale and they did worked months ago. But this time it just doesn’t work. We created collection based on AD security group and advertise the package to it but nothing happens. So something must changed between the last test and now?
Trying to look up on the Internet and it seems there are not a lot of documentation regarding AD security group distribution. Finally we discovered that the AD security group discovery was disabled on the primary site even though it is enabled in the central site. Once we enabled the AD security group discovery on one of the primary site, the users in that AD group in that site started to get advertisement the next day.
Lesson learned: In order to use AD security group distribution, the AD security group discovery need to be enabled at the primary site where the users and machines reporting their inventory data. Enable the discovery in central site is not enough!
Here is a powershell script to check free spaces for the drives against a list of servers and write the results to excel.
$erroractionpreference = "SilentlyContinue"
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Drive"
$c.Cells.Item(1,3) = "Total size (MB)"
$c.Cells.Item(1,4) = "Free Space (MB)"
$c.Cells.Item(1,5) = "Free Space (%)"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$d.EntireColumn.AutoFit($True)
$intRow = 2
$colComputers = get-content C:\Myworkplace\Clientlist.txt
foreach ($strComputer in $colComputers)
{
$colDisks = get-wmiobject Win32_LogicalDisk -computername $strComputer -Filter "DriveType = 3"
foreach ($objdisk in $colDisks)
{
$c.Cells.Item($intRow, 1) = $strComputer.ToUpper()
$c.Cells.Item($intRow, 2) = $objDisk.DeviceID
$c.Cells.Item($intRow, 3) = "{0:N0}" -f ($objDisk.Size/1MB)
$c.Cells.Item($intRow, 4) = "{0:N0}" -f ($objDisk.FreeSpace/1MB)
$c.Cells.Item($intRow, 5) = "{0:P0}" -f ([double]$objDisk.FreeSpace/[double]$objDisk.Size)
$intRow = $intRow + 1
}
}
Here is a powershell script to check against a list of servers and get their last reboot time and report in excel.
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "IP Address"
$c.Cells.Item(1,3) = "MAC Address"
$c.Cells.Item(1,4) = "Last Boot Time"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$d.EntireColumn.AutoFit()
$m = 2
$x = get-content C:\Myworkplace\Clientlist.txt
foreach ($i in $x)
{$y = get-wmiobject Win32_NetworkAdapterConfiguration -computername $i -Filter "IPenabled = 'True'"
foreach ($j in $y)
{$c.Cells.Item($m, 1) = $j.DNSHostName
$c.Cells.Item($m, 2) = $j.IPAddress
$c.Cells.Item($m, 3) = $j.MACAddress}
$date = new-object -com WbemScripting.SWbemDateTime
$z = get-wmiobject Win32_OperatingSystem -computername $i
foreach ($k in $z)
{$date.value = $k.lastBootupTime
If ($k.Version -eq "5.2.3790" )
{$c.Cells.Item($m, 4) = $Date.GetVarDate($True)}
Else
{$c.Cells.Item($m, 4) = $Date.GetVarDate($False)}
}
$m = $m + 1
}
Last Friday night, while I was getting ready for the three days weekend and enjoying the movie -Boat Trip. I remembered that I need to reboot a Window 2003 Server to apply the November patches. I didn’t give it much thought and believed this is going to be an easy 10 minutes work. So I connected through VPN, rebooted the server and back to my movie. After 15 minutes passed, I still couldn’t ping the server. I started to slap my head and concerned that my whole weekend is going to be ruined. I managed to gain access to the server through ILO and of course the BSOD was winking at me!
Here are the Stop error messages:
A problem has been detected and Windows has been shut down to prevent damage to your computer...
KERNEL_APC_PENDING_DURING_EXIT
*** STOP: 0x00000020 (0x0x00000000, 0x0x0000fffa, 0x0x00000000, 0x0x00000001)
This is the last thing you need on a New Year weekend! From operation procedure standpoint, I don’t have to fix this myself, as I don’t deal with this on a normal daily basis. But I don’t want to disturb my colleagues on a New Year’s Eve weekend. After all, I was the person who triggered this. So I have no choice to pause my movie and start digging. After goggling for a while, I found the following links:
http://support.microsoft.com/kb/905539
http://service1.symantec.com/SUPPORT/pca.nsf/8d67bc594d5802c288256d2e006abd37/ed81a9e1b83b02f388256fbe0083c1ac?OpenDocument&src=bar_sch_nam
I now remembered and realized that this is caused by PC Anywhere 11.5 installed on the server which has Symantec Antivirus 9 installed. The symevent driver installed by PC Anywhere doesn’t compatible with the driver for Symantec Antivirus 9x/8x. I managed to start the server in safe mode with networking which it’s not as easy as it sounds, you have to keep press F8 to get to the Advanced Option Menu and this is sometimes tricky especially that I was on the ILO connection and my mind was still in the movie. Once I log on , I download and updated the symevent driver from the above link and rebooted the machine. The server was finally back on line after about 2 hours.
Lesson learned – Don’t ever try to reboot a server on a Friday night before holiday unless you absolutely have to do so! You just don’t know what’s waiting for you!