SCCM and Windows Update Client Configuration

Similar Messages

• Windows Update Client failed to detect with error 0xc8000247 after using Lenovo System Update 5

  My Windows 7, SP1 was running fine, until I installed few updates on 10/15 using Lenovo System Update 5 then Windows Update stopped working, shows as RED:
  {CE3119AD-35EF-41CF-9C21-C7698FEB8393}    2013-10-14 21:53:00:256-0700    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Software Synchronization    Windows Update Client successfully detected 4 updates.
  {EB17A01A-EB6E-49FF-9EA2-AA0DD063B4B1}    2013-10-15 04:15:54:069-0700    1    162    101    {C61A0D00-3E51-48AC-B0AF-1D3E02B9E5D3}    201    0    AutomaticUpdates    Success    Content Download    Download succeeded.
  {77DAE88F-2795-4258-8BBF-8D27E53662CF}    2013-10-15 12:10:38:196-0700    1    193    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Restart Required: To complete the installation of the following updates, the computer must be restarted. Until this computer has been restarted, Windows cannot search for or download new updates:  - Security Update for Windows 7 for x64-based Systems (KB2862330)
  {1398F777-3AEF-4D1D-BE4C-407EC4AEAD4C}    2013-10-15 12:15:25:676-0700    1    183    101    {C61A0D00-3E51-48AC-B0AF-1D3E02B9E5D3}    201    0    AutomaticUpdates    Success    Content Install    Installation Successful: Windows successfully installed the following update: Security Update for Windows 7 for x64-based Systems (KB2862330)
  {A220898A-E5FE-4FE7-8413-2B0C7B4013D0}    2013-10-15 12:15:25:766-0700    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
  {A5400FF2-33ED-4A47-8409-13E5DFE16A6D}    2013-10-15 19:29:31:486-0700    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    ChkWuDrv    Success    Software Synchronization    Windows Update Client successfully detected 0 updates.
  {43C533EE-775D-445E-A652-06648B72DE65}    2013-10-15 19:29:49:702-0700    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    ChkWuDrv    Success    Software Synchronization    Windows Update Client successfully detected 0 updates.
  {D6AAAFFB-7F18-4A7E-B39D-1BA09CDC5E6D}    2013-10-15 19:30:05:744-0700    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Software Synchronization    Windows Update Client successfully detected 3 updates.
  {4E73B1C1-5BA2-415D-AB34-92F7AB3DB418}    2013-10-15 19:30:08:753-0700    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    ChkWuDrv    Success    Software Synchronization    Windows Update Client successfully detected 0 updates.
  {51248882-41AC-4E59-B813-87AD326310AD}    2013-10-15 20:00:05:044-0700    1    183    101    {DBD3B4E9-0357-47DA-8317-D0CF2163BFE6}    501    0    wusa    Success    Content Install    Installation Successful: Windows successfully installed the following update: Hotfix for Windows (KB2661796)
  {FB2B8E5E-442C-4E76-B23D-6A41B4324C9D}    2013-10-16 00:11:39:832-0700    1    148    101    {00000000-0000-0000-0000-000000000000}    0    c8000247    AutomaticUpdates    Failure    Software Synchronization    Windows Update Client failed to detect with error 0xc8000247.
  Lenovo Thinkpad W500, Intel (R), Windows 7, SP1, latest updates as of Oct 15
  (1) Checked Setting,  set to automatic update whenever, even changed to never update, rebooted the OS and changed back to automatic update and rebooted the OS.
  (2) Stopped Windows Update Services, renamed SoftwareDistribution folder and started the window update services and rebooted.
  (3) Ran MS FIXIT
  (4) Ran System File checker Scan (sfc /scannow)
  (5) Ran CHKDSK /F
  (6) Installed "Intel Rapid Storage Technology" drivers from Lenovo site
  (7) Ran Update for Windows 7 for x64-based Systems (KB971033)
  None of the above possible recommended solutions were able to fix the issue yet and now I am getting a message your Window is Not Genuine!
  Any help or guidance is appreciated.
  Solved!
  Go to Solution.

  The Lenovo System Update installed the "Intel Matrix Storage Manager driver 8.9.2.1002" right before the Windows Upgrade got broken. So in the Device Manager under IDE ATA/ATAPI Controllers, I choose Intel ICH9M-E/M SATA AHCI Controller, on the Driver Tab, I choose the option "Roll Back Driver" and after rolling back the driver and restarting the OS, now Windows Update is working like a Champ!
  The End!

• Windows Firewall and Windows Update (Win 8.1)

  Since Windows Vista I have always been using the Windows Firewall with "blocked outgoing traffic". As this is not the default setting, some basic windows services seem not to be included as firewall rules on the outgoing side.
  My Problem is with the Windows Update:
  On Windows Vista and 7 it was sufficient to create a rule for "wuauserv".
  On Windows 8.1 however this seems not to be enough. The UI gives me error code 80240438 and the WindowsUpdate.log shows the following lines:
  2014-06-14    20:11:08:150     952    538    IdleTmr    WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 2044; does use network; is at background
  priority
  2014-06-14    20:11:08:151     952    538    WS    WARNING: Nws Failure: errorCode=0x803d0010
  2014-06-14    20:11:08:151     952    538    WS    WARNING: Original error code: 0x80072efd
  2014-06-14    20:11:08:151     952    538    WS    WARNING: Fehler bei der Kommunikation mit dem Endpunkt bei "https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx".
  2014-06-14    20:11:08:151     952    538    WS    WARNING: Fehler beim Senden der HTTP-Anforderung.
  2014-06-14    20:11:08:151     952    538    WS    WARNING: Der Remoteendpunkt konnte nicht erreicht werden.
  (.... and a lot of similar WARNING lines)
  2014-06-14    20:11:12:921     952    538    IdleTmr    WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 2044) stopped; does use network; is at background
  priority
  If I create a rule for the whole svchost.exe, the update works fine. Giving all services internet access is however not an option for me. Could you please tell me through which service(s) except wuauserv Windows Update performs its network activities?

  Windows 8 upgraded to 8.1 on a Gateway SX2370.  Purchased Sep. 2013. 
  As of Dec. 28, 2014 I have not gotten ANY windows defender updates and windows update has not been working at all. When I go to my start screen and type "update" Windows update still shows in the list, only now when I click on it, it brings
  up a blank window and can only be closed by right clicking the tab on the taskbar. I cannot max or minimize the window either.
  Up until Dec. 28th it was working perfectly, notifying me when updates were available, almost everyday for windows defender.
  I have tried everything I could find to fix this, even a complete restore, with recovery media made for Win 8.1 and Win 8. Still no windows updates, of anything. To top it off as of Jan. 22, 2015 the Diagnostic Policy Service has stopped and I am denied
  access when I try restarting it.
  Windows XP was great until MS stopped support. Vista sucked, near as bad as Millenium or 2000. I never tried windows 7 instead going for windows 8, being the most recent version when I could afford a new PC. Adapting to win 8-8.1 was no easy task.
  I'm not a tech guru, but I've owned & used windows from Dos 6.0, '95, '98, '98SE, Millenium, XP, XP home & Pro (sp1-2 & 3) and still have the installation/restore CDs for all of them. Even taught myself how to write the recovery
  console directly from the hard drive of XP, OEM or full MS versions without using the CDs & now I'm using Windows 8 - 8.1. Getting rid of the recovery console was a BIG mistake in my opinion.
  At one time I had a multi-boot system of win.95, 98, 98SE, Mill., XP home sp2 and XP Pro sp3 on a 1.5 TB self built system. Microsoft told me it was impossible, until I allowed two tech support reps remote access for 5 min.. Which also lead to me being
  blocked from most MS websites &?suggestions windows forums for 3 years.
  But so far, this failure of windows updates and the Diagnostic policy Service in Windows 8.1 has got me stumped. Can ANYONE give me a quick simple way to correct this? Please?
  Thanks for reading this and any help or suggestions anyone has to offer. GOD bless you all and my thanks to every military person, their families and veterans for my freedom. 

• Downloaded latest Itunes and Windows Update and everything fell apart

  Okay, I dl'd the latest Itunes and Windows Update today and turned off my computer. When I came back and turned it on, it became really slow and the style for all the "windows headings" turned "gray classic theme." I tried running Itunes and a box comes up saying that I "Do not have access to change the Catalyst Control," my ATI driver I think (x1300). Then it says that I can't run Itunes because the audio is configured wrong. I go to my Audio settings in the "control panel" and everything is grayed out except the hardware choices. I clicked on their properties (SigmaTel Audio), but nothing would come up for 45 minutes. I am barely running in VGA mode and cannot access the internet connections in IE, thus barring me from Microsoft's updates. Sorry if it's hard to understand, but I'm ****** because I can't listen to all the new stuff I bought on Itunes yesterday Does anyone have any clues or ideas?

  Take a look at this link, http://support.apple.com/kb/TS1369

• Scheduler and windows update unavailable / unresponsive,

  Issue:
  Windows Update & Task Scheduler stop working, RDP then fails and a day later the system eventually becomes completely unresponsive and require a reboots to resolve, servers are needing to be rebooted every week on average.
  Environment:
  Server 2012: all receive same windows updates and have the same running services and applications installed,
  all mirror images of DB01
  DB01*Displaying Symptoms mentioned below
  DB02*fine
  DB03*fine
  Non Microsoft Services running:
  EMC Backup Agent
  AVG Antivirus
  Enterprise Recon Node - Ground labs
  GFI LanGuard 11
  BMC Server Automation Agent
  WMware Tools Service
  Link to Warnings Link to Errors
  Symptoms:
  Windows Update is not working
  (stuck in stopping state, accessing via control panel is unresponsive)
  Task Scheduler not working
  it shows a stop sign / busy sign (Service is running, cannot see or create scheduled tasks)
  RDP eventually stops working.
  Above 3 services are started by the same instance (PID) of svchost.exe , killing the svchost.exe instance that started scheduler and windows update services also kills RDP and is not a solution.
  Event Logs:
  Warnings - https://drive.google.com/file/d/0B4FtPRuE-MzqdFExQi1EdFpQdEk/edit?usp=sharing
  Errors - https://drive.google.com/file/d/0B4FtPRuE-MzqMGZzckRwMnFNWGc/edit?usp=sharing

  Hi Fraser,
  Thank you for your update and patience.
  After going through the logs you provided, please check my findings below.
  ===============================================
  Log Name:      Microsoft-Windows-DeviceSetupManager/Admin
  Source:        Microsoft-Windows-DeviceSetupManager
  Date:          9/3/2014 6:55:47 AM
  Event ID:      201
  Level:         Warning
  User:          SYSTEM
  Description:
  A connection to the Windows Metadata and Internet Services (WMIS) could not be established.
  Log Name:      Microsoft-Windows-DeviceSetupManager/Admin
  Source:        Microsoft-Windows-DeviceSetupManager
  Date:          8/31/2014 11:37:33 PM
  Event ID:      200
  Level:         Warning
  User:          SYSTEM
  Description:
  A connection to the Windows Update service could not be established.
  Log Name:      Microsoft-Windows-DeviceSetupManager/Admin
  Source:        Microsoft-Windows-DeviceSetupManager
  Date:          15/08/2013 1:51:01 p.m.
  Event ID:      202
  Level:         Warning  
  User:          SYSTEM
  Description:
  The Network List Manager reports no connectivity to the internet.
  Log Name:      System
  Source:        DistributedCOM
  Date:          9/3/2014 3:10:41 AM
  Event ID:      10029
  Level:         Error  
  User:          SYSTEM
  Description:
  The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
  Log Name:      Microsoft-Windows-DeviceSetupManager/Admin
  Source:        DeviceSetupManager
  Date:          9/1/2014 7:26:06 AM
  Event ID:      121
  Level:         Error  
  User:          SYSTEM
  Description:
  Driver install failed, result=0x80072EE2 for devnode 'TERMINPUT_BUS\UMB\2&2C22BCC9&0&SESSION1MOUSE0'
  ===========
  As per my research, those events which related to Device Setup Manager generated because Device Setup Manager just goes out and pings windows update
  every night to see if any devices that are installed and set up to use Windows Update to update the corresponding drivers.
  Currently, I suggest we make sure the drivers on your server are all up to date via Device Manager. Meanwhile, please try setting up the Windows Update settings from
  installing update automatically to manually installing updates. Then restart the server to monitor the issue.
  After all the above, if the issue persists, could you please help collect the following information?
  =====================================
  1. Run the following command and upload the system information.
  msinfo32 /nfo      C:\SYSSUM.NFO /categories +systemsummary
  2. Does the issue still occur in Clean Boot mode?
  If you have any questions or additional information, feel free to let me know.
  Thanks for your time.
  Best regards,
  Sophia Sun
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• SCCM Windows Updates - Client stuck on Downloading but never finishes

  I am running SCCM 2007 with 200 clients.  I have been sucessfully performing windows updates through SCCM without an issue for about 6 months.  Recently I approved updates released in March and most of the updates installed ok, but there are two, KB938464 and KB958690, which sit on status Downloading for hours until the desktop is switched off at night.  The times reach 14 hours on some machines.
  I have tried to cancel the updates by removing them from the Advertisements and from the Deployment packages but they still try to run everyday on 167 of 200 desktops.  If I manually go to Windows Update and install the updates the issue goes away, however, you can imagine my unwillingness to do this across 167 stations if I can avoid it. 
  How can I do one or both of the following:
  A) Cancel the updates so they no longer want to run on the clients
  B) Fix the issue so the updates download properly.
  The process that I use to approve and deploy updates:
  Under Site Database -> Computer Management -> Software Updates
  I select the updates I want to deploy and add them to a new update list.  I place a check into the box to download the files associated to the updates.
  Once the update list is built I select to deploy the updates, give it a name that represents the update period
  I select a template that deploys but suppresses restart in the updates.
  I select a deployment package, the same one I used for all my past updates
  Download from the Internet
  English
  Schedule
  Finish.
  This has worked sucessfully for months.
  Thank you for any help that can be offered. 

  I think you can use powershell command to modify the cache size
  Here is the link: http://thephuck.com/scripts/use-powershell-to-change-sccm-cache-directory-cache-size/
  $ColQuery = "select * from sms_cm_res_coll_SMS0005E"
  $CollectionMembers = gwmi -computername SCCM_Server -namespace root\sms\site_SMS -Query $ColQuery |sort Name
  foreach($comp in $collectionmembers){
  $server = $comp.name
  write-host -fore green `n`t "working on " $server
  $ccmcfg = gwmi -computer $server -Namespace root\ccm\SoftMgmtAgent -Class CacheConfig
  $ccmcfg.Location = "d:\path\to\cache"
  $ccmcfg.Size = "2048"
  $ccmcfg.Put()
  #stop service, sleep for 10s, start the service
  Get-Service -computer $server ccmexec | Stop-Service
  Start-Sleep 10
  Get-Service -computer $server ccmexec | Start-Service
  write-host -fore green `n`t "finished" $server

• Server 2012R2 -- RDS Farm with XP and Windows Vista Clients

  Hi There,
  My team has been having some fun in getting our Server 2012R2 farm operational, annoyingly MS documentation is severely lacking on how to correctly configure a 2012R2 Farm correctly.
  We have an RDG1-TCC server, which is the RDGateway, RDConnection Broker and RDWeb Server. We have two session host servers RDS1-TCC and RDS2-TCC.
  It took us some time and much online research to figure out exactly how we needed to configure the RDS server as a lot of information online for 2012R2 was apparently incorrect(was based on 2008R2 practices). We started off with using a DNS Round Robin for
  the RDS Session hosts servers and after a number of certificate issues, we later found this was incorrect. We're now using RDWeb exclusively, which appears to be the correct way to have the Connection Broker working?
  We've ran into a number of issues with certificates too, we have an external certificate for remote.domain.com. Installing this on all 4 options in the certificate manager has made internally work correctly via RDWeb, however externally we are getting a
  certificate mismatch as it's trying to connected to RDG1-TCC with a certificate for remote.domain.com. I'm pretty sure I can resolve this with a replacement remote.domain.com certificate that includes a SAN for *.domain.internal. Testing with a self signed
  certificate seemed to resolve this issue.
  Now providing i've configured everything the correct way, we have an issue where RDWEb RDP files do not work internally or externally for XP, Vista or Windows 7 (With RDP7.1). Windows 8/8.1 and Windows 7 with RDP 8/8.1 updates work perfectly fine. Unfortunately
  this new client has a few XP machines that they are not willing to update just yet.
  Is there a known fix/workaround to get these older clients working correctly?
  Sorry for the extremely long post, but I'm sick of banging my head against the wall trying to get something that we assumed would have been fairly simple to get up and running.
  Cheers,
  Ben

  Thanks for the assistance so fat, now I have all clients connecting, I need to tackle the certificate issues.
  The UC SAN certificate is going to cost much more than the current certificate, currently that idea is on the back burner as the client does not wish to pay a few hundred extra.
  To quickly sum things up:
  AD DNS(internal DNS) override in place for remote.domain.com.au pointing it to the internal IP of the gateway/connection broker/RDWeb server.
  Connecting Internally its working perfectly fine under all circumstances (I'm guessing this is because of Kerberos Auth)
  When users connect externally via RDWeb they get a certificate missmatch as the cert is for remote.domain.com.au and the server is RDG1-TCC.domain.com.net
  When users connect externally via MSTSC using the Gateway option, they get a certificate missmatch as per the above, however they also receive a second "certificate is not trusted" error for whatever RDS server they hit.
  I have tried the below previously and they broke other things:
  "Change published FQDN for Server 2012 or 2012 R2 RDS Deployment."
  This resolved the external certificate issue. However then internal connections stopped working. When connecting via RDWeb, you would get asked for credentials instantly and no matter what you entered, it just asked for credentials again.
  There did not seem to be ANY event logs for this connection.
  "Changing RDP-Tcp listener on RDSH to use external certificate."
  I can't recall the exact error we had when we did this, but I know we had to roll back the change. I have a feeling we then started getting certificate missmatch errors on the Session Hosts.
  I'm half thinking that when the farm is free(Currently being used for application UAT), I'm going to try and reconfigure the RDP-Tcp listener on the RDSH servers again and see if that resolves one or more of our issues.
  Do you have any suggestions on how I can use the correct published FQDN name without breaking internal access? Or any other ideas on getting this entire thing working both internally and externally?
  Also, Dharmesh, I've tried clearing out the certificate cache as suggested, but to no avail.

• Same issue Network Discovery not working and Windows Update not working

  I've read the threads. 
  This is a Vista Ultimate upgrade. My OOOOH My I have clocked 8 hours
  Everything was working before. I tried all of the recommended  services turning on restarting.
  Also, ran into the problem of my memory being eaten. Suspected cause hibernate mode, which I had to disable. Scott Hasselman blog recommended the fix which is a cheap work around that limits machines functionality!!
  I'm and IT Engineer specializing in MS product lines since Windows 1.0. MFC foundation classes etc.. What is the real problem ?
  I don't have the NetBIOS over tcp/ip in my services?
  I figure that the cost of my time and other individuals pays for the OS four times over. Give me a Microsoft developer subscription or something to make me happy. This is my development machine and I'm loosing time and money.
  FYI, Just upgraded my second machine to Windows 8.1 OMG !!2 Hours to upgrade after the download. I loose my configuration settings. I required to have a Windows Live whatever account!!! This is not the way to compete and keep customers.
  Windows XP has been by far the best deployment experience. I need a Knowledge base that gives solutions , not a troubleshooting scenario that does or does not work!!
  Please , don't tell me to go and by a OEM Surface I cannot recommend this to my clients. 
  Thank You

  Hi,
  If it worked previously, a quick solution is to run System Restore and get back to the previous status when the issue didn’t occur.
  What is System Restore?
  http://windows.microsoft.com/en-us/windows7/What-is-System-Restore
  When you turn on network discovery, do you get any error prompt?
  Please check if you have any error message about network discovery in event viewer.
  Open Event Viewer
  http://windows.microsoft.com/en-US/windows7/Open-Event-Viewer
  What information appears in event logs (Event Viewer)?
  http://windows.microsoft.com/en-US/windows7/What-information-appears-in-event-logs-Event-Viewer
  Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the Error logs to a public folder and share the URLs with us.
  Also, please temporarily turn off your firewall and all the security programs for a test.
  As far as I know, Network discovery requires that the DNS Client, DNS Client, Network Connections, Network Location Awareness,  Remote Procedure Call (RPC), Function Discovery
  Resource Publication, TCP/IP Netbios helper, SSDP Discovery, and UPnP Device Host services are started and set to automatic.
  You should check again if you have started all these services.
  Regarding the update issue, I suggest you try the following suggestions.
  1. Temporarily disable firewall and antivirus program to test the issue.
  2. Open the Windows Update troubleshooter
  http://windows.microsoft.com/en-US/windows7/Open-the-Windows-Update-troubleshooter
  3. Reset Windows Update components
  http://support.microsoft.com/kb/971058
  You may follow the steps from the link below to fix the issue.
  Windows Update Not Working.
  http://support.microsoft.com/kb/555989
  You may also see the common Windows Updates troubleshooting guide.
  Fix Microsoft Windows Update Issues
  http://support.microsoft.com/kb/906602
  Hope it helps.
  Regards,
  Blair Deng
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 2008 Server and Windows 8 clients

  Hey Guys,
  I have had this problem for sometime now and really need a solution. I have Windows 2008 Enterprise Server running about 200+ terminal services clients. All Windows XP clients are fine, Windows 7 clients have issues when they get an updated version of
  remote desktop client(to solve the issue we simply rollback the update), Windows 8 clients cannot connect and use out remote app. The issue stems from the newer version of remote desktop client (on windows 7 and embedded in windows 8) cannot connect to our
  terminal server and generates an error and immediately disconnects. The error says "
  Your computer can't connect to the remote computer because an error occurred on the remote computer that you want
  to connect to
  So my questions are, how can i update my Windows 2008 Terminal server version to support these clients, or do u have migrate to Windows 2012? Or is there a solution to my current problem which will allow my client to connect and use the remoteapps?

  Hi,
  Thank you for posting in Windows Server Forum.
  Please follow the below steps and verify result.
  LAN manager authentication level settings (Local security policy->Local Policies->Security Options->Network Security: LAN Manager Authentication level). 
  Try to change it to "Send NTLMv2 response only" 
  Snap:
  If still face the issue please install this Hotfix.
  RDS client computer cannot connect to the RDS server by using a remote desktop connection in Windows
  http://support.microsoft.com/kb/2752618/
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Intune, SCCM, and the Intune client installer

  Hello,
  Was wondering if there is a way to prevent users from Installing the Windows Intune Client agent?
  Scenario:
  SCCM 2012 R2 with integrated Windows Intune subscription.  I have successfully enrolled an iPad and a Windows 8.1 computer.  I was then able to download and install the Windows Intune Client agent on my Windows 8.1 device which redirected my device
  to being managed by Intune exclusively, and no longer via SCCM.  It also changed my System Center Endpoint Protection to Intune Endpoint protection.  The only way to get it back was to go to the Intune Management Console and retire the device, which
  triggers an uninstall of the Intune client.  The good news is that it restored the previous information for the SCCM/Intune enrollment. However...
  A significant and unfortunate side effect of this is that Endpoint protection was also removed as part of the Intune client uninstall leaving the computer without Anti-malware protection.
  I would like to prevent this from happening for obvious reasons.  In a BYOD scenario the user will have the permissions locally to do this and given its the same subscription for Intune there doesn't appear to be a way to ensure they cannot.  
  Am I missing something simple here?  
  Thanks!

  I guess a couple of data points:
  - Enrolling a Win 8.1 system using OMA-DM for management by ConfigMgr via Intune does not provide additional anti-virus above or beyond the built-in Windows Defender
  - Removing the Intune agent reverts the system back to using Windows Defender the same as it was before Intune was installed
  So, I would say that first, this statement is inaccurate: "leaving the computer without Anti-malware protection". And, also, there's no difference between the two states of pre-Intune agent installation and post-Intune agent uninstallation from an AV perspective.
  As for explicitly preventing the Intune agent installation, obscurity is probably the the only way to go at this point to my knowledge -- simply don't tell folks about it or how to find it.
  Jason | http://blog.configmgrftw.com

• VPN -- different behavior between Mac and Windows XP clients.

  Hi,
  Background:
  I have a Mini server serving L2TP IPSEC vpn with both Mac and Windows (all XP, so far) clients.
  The mini sits behind a Netopia router/firewall/NAT box that port forwards L2TP traffic to the mini.
  The mini has a public but unrouted address (unrouted in the public Internet, that is.) The same Netopia serves as the router for outgoing public connections. DNS is served by other servers.
  The VPN clients are distributed addresses from the unrouted public address space.
  Client <-> NAT <-> Public Cloud <-> NAT <-> Private (with public addresses) <-> Mini (VPN)
  Mac clients work happily, accessing internal and external hosts.
  The XP clients have a registry value set to allow NAT traversal:
  under HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\IPSec, AssumeUDPEncapsulationContextOnSendRule is set to 2 to allow dual Nat traversal.
  The XP clients happily access internal hosts, but hang accessing some, but not all external hosts.
  For example, most Google services are quickly displayed, whereas www.comcast.net or www.llbean.net hang. It appears to be more frequent accessing third-party hosts while processing the initial page. Some Google web services, e.g. some Google Map plugins do eventually hang.
  An XP host internal to the network configured with the above registry key set to 0 (No NAT traversal)
  exhibits the same behavior when using a VPN connection
  Public Cloud <-> NAT <-> Private (with public addresses) <-> Mini (VPN) <-> Pvt. <-> Client
  Same host without VPN works fine.
  Clearing the XP checkbox that routes all traffic to the remote (VPN) router makes external hosts work
  as you would expect.
  So my questions are:
  a) What's XP doing?
  b) Can it be fixed? (besides routing public traffic away from the VPN.)
  Thanks Jonathan
  p.s. MrHoffman, I almost asked this in the HP Forum as well, till I noticed you were here. (Assuming you are Hoff.)

  Hi soccerdude21490-
  +Is this possible?+
  Theoretically yes. However, it would be up to the school to allow you access through their network.
  The first step would be to contact the school's IT department and ask them if they will allow such a connection, and if so, could they please provide you with the settings (ip address etc.).
  Luck-
  -DP

• Dns_probe_finished_no_iternet and windows update errors

  I have windows 8 and have been having problems lately. Whenever windows wants to do an update and I wait for too long the internet goes out and displays the error message dns_probe_finished_no_internet. there are very few times when it happens and windows
  does not need to update.
  Another problem is that when I do go to restart the computer for the windows update only to have it say that it failed and tries again in a few hours. I tried updating them individually but none of them worked.
  I have also tried to restart the dns client in services, but it won't work anymore.
  I tried looking this up but any solution I have found hasn't worked. Can someone please help me, I'm at the end of my wits with this.

  Hello Dieya105,
  To avoid misunderstanding, do you mean receive error  message‘dns_probe_finished_no_internet’ when you use Windows update or in browser?
  Please share us a screenshot for better analyzation.
  Have you run all the command ”netsh int ip reset, ipconfig /flushdns, netsh winsock reset” I mentioned in my last reply?
  If the error code is in browser, please run the command ping 8.8.8.8 and ping
  www.bing.com and check if you receive the normal respond.
  Please take a look at the following thread similar to this issue.
  http://en.kioskea.net/forum/affich-770260-dns-probe-finished-no-internet
  I suggest you to use antivirus software to scan for the malware.
  Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Problems with Solaris 10 Secure Desktop server and Windows XP Client

  Solaris 10 Secure Desktop server - Windows XP Client - I've tried to open the Solaris Machine's desktop using the browser based http://MysolarisServerName/sdg and the windows native client
  http://MySolarisServerName/tarantella.
  I log in ok to the Solaris Server.
  I can open a VT420 session with the solaris machine, and this works OK, but whenever I try anything else e.g. smc, or full screen desktop it doesn't. I get various error messages e.g. can't open display, and Session Failed - X Session timeout.
  I've also installed Cgywin X Server on the Win XP machine to see if this makes a difference, but it doesn't.
  Any clues anyone?

  Being able to run the VT420 session, but not any X-Window sessions is the clue; it's an X-specific problem. Most likely, ssh isn't configured correctly, see: http://docs.sun.com/source/819-4309-10/en-us/base/indepth/ssh.html
  Pasting in the (most) relevant bit:
  Adding support for X applications
  To support X applications through OpenSSH, enable X11 forwarding in the OpenSSH configuration file. On each Secure Global Desktop host:
  1. Edit the sshd_config file and include the following:
  X11Forwarding yes
  2. Edit the ssh_config file and include the following:
  ForwardAgent yes
  ForwardX11 yes
  3. Restart the SSH daemon.
  Using SSH and X authorization
  If SSH connections fail, when X authorization is enabled, you may have to run the SSH daemon in ipv4-only mode because Secure Global Desktop may not support the xsecurity extension used on your server. You enable ipv4-only mode by editing your system SSH configuration file. For example:
  * On SUSE Linux, edit the /etc/sysconfig/ssh file and add a SSHD_OPTS="-4" line.
  * On Red Hat Enterprise Linux, edit the /etc/sysconfig/sshd file and add a OPTIONS="-4" line.
  Note If the SSH configuration file does not exist on your system, you can create it.
  You must restart the SSH daemon after making this change.

• Why is the SCUP and Windows Update updates different

  I have an issue I cannot find an answer for. I am using the installation of WSUS within SCCM 2012 R2. I have selected all of the products associated to what is in our environment. I have downloaded and advertised all of the updates, security patches, definitions
  etc... Once the updates are all installed on test machines, I run Windows Update from online. The list still shows updates and fixes in which I should have been downloading.
  Does anyone know why this is?

  That is often the case. Have you analysed the results? You might find that these updates are superseded or expired. The same thing happens if you use Microsoft Baseline Security Analyser. You can't read the results out of context.
  By the way, you're not actually talking about SCUP. That is something different (System Center Updates Publisher). It's for integrating 3rd party updates with ConfigMgr.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Problem with Clean Access Agent and Windows Updater

  I have a problem with a laptop when using Cisco Clean Access Agent. The agent keeps directing the laptop to get updates from the Windows Update site, but when I have connected the laptop via cable, windows updates tells me there are no updates either essential or optional. The laptop is a Sony VIVO VGN-FJ270 running XP Home Edition SP2 and the Clean Access Agent is version 4.0.2.1
  Any help is appreciated!!

  Verify the allowed hosts in CCA agent.
  Try these link:
  http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
  http://www.cisco.com/en/US/products/ps6128/products_qanda_item09186a00803b7a81.shtml