SUS Woes

Tonight I spent a few hours working on an SUS issue to address the Super Bowl site exploit. I found that the SUS server did not push this patch consistently to all workstations connecting to the update server. For reasons that I have yet to figure out (with the exception of possibly another Windows Update) the IIS settings on the ADS SUS server was disallowing anonymous connections. I finally figured this out when I searched the local SUS host log (C:\windows\SoftwareDistribution\ReportingEvents.log) and discovered an error being reported by the client when it attempted to contact SUS (Error: Agent failed detecting with reason: 0x80244017). This would occur as well when I attempted to force an update the to the SUS Server using the syntax “wuauclt.exe /detectnow” from the command line. It appears that machines logged in with elevated accounts did pull updates.

Machines that I found that didn’t have the patch picked it up as a high priority update when I manually went to http://windowsupdate.com. Machines running IE7 show the patch as an Internet Explorer patch using the same KB number as the Windows XP SP2 patch which machines running IE6 would be applying. Machines running IE 6 show it as an XP Update.


The good news is that I found this tonight and that all machines from here forward should pull appropriate patches. I am not sure if this warrants a message to the campus, but it is likely that all clients will pull updates upon the next power-up. I certainly learned tonight that is something we better keep a closer eye on. I’ll continue to the monitor this over the weekend.