Skip navigation
2742 Views 11 Replies Latest reply: Oct 18, 2012 7:16 AM by abhijit222223 RSS
Rookie 12 posts since
Dec 29, 2011

Has received 1 of 9 achievements.
Currently Being Moderated

Feb 1, 2012 7:59 PM

Security scan fails to download some patches

When i run a security scan, it fails to run certain installers.

 

 

Last status:
2 patches were found to run
Last status: Done.  2 patches were found
Last status: Failed
Download Failure: Error 80004005 downloading http://CORESERVER/LDLogon/patch/skypesetupfull5.6.0.110.exe
Last status: Failed: Could not download http://CORESERVER/LDLogon/patch/skypesetupfull5.6.0.110.exe
Sending status to core
In SendRequest: Action = SOAPAction: "http://tempuri.org/SetPatchInstallStatus"
Wed, 01 Feb 2012 16:36:32 SendRequest: SOAPAction: "http://tempuri.org/SetPatchInstallStatus"
Wed, 01 Feb 2012 16:36:34 Success

 

 

 

 

Last status:

 

Last status: Done

Wed, 01 Feb 2012 16:36:35 Performing TCP connection with a timeout of -1 milliseconds

Wed, 01 Feb 2012 16:36:37 Performing TCP connection with a timeout of -1 milliseconds

Wed, 01 Feb 2012 16:36:39 Performing TCP connection with a timeout of -1 milliseconds

Wed, 01 Feb 2012 16:36:41 Performing TCP connection with a timeout of -1 milliseconds

Wed, 01 Feb 2012 16:36:42 Performing TCP connection with a timeout of -1 milliseconds

Downloading http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe

Failed to download http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe.  Error code 1

Last status: Failed

Download Failure: Error 80004005 downloading http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe

Last status: Failed: Could not download http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe

Sending status to core

In SendRequest: Action = SOAPAction: "http://tempuri.org/SetPatchInstallStatus"

 

 

Wed, 01 Feb 2012 16:36:44 SendRequest: SOAPAction: "http://tempuri.org/SetPatchInstallStatus"

 

 

 

 

However other updates run, such as adobe reader x or firefox 9.0.1 correctly downloads and installs.  All the install files are in the same patch repository.  I don't understand why it would update firefox from 8.0.1 to 9.0.1 but not to 10.0.

  • rmeyer SupportEmployee 298 posts since
    Nov 27, 2007

    Has received 7 of 9 achievements.
    Currently Being Moderated
    1. Feb 2, 2012 6:46 AM (in response to tanakaa)
    Re: Security scan fails to download some patches

    Put the following URL in IE on the client to see if you get the message asking if you want to run or save the file:

    http://CORESERVER/LDLogon/patch/Firefox Setup 10.0_ENU.exe

     

    Make sure that you remove the proxy settings from IE when you try this. If it fails you need to troubleshoot why the clients cannot access the URL.

  • mrspike SSMMVPGroup 1,319 posts since
    Dec 19, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    2. Feb 2, 2012 8:58 AM (in response to tanakaa)
    Re: Security scan fails to download some patches

    Our company blocks access to Skype and we have this issue... but we do not forbid our laptop users from using Skype when on travel, etc, so we need to patch it.  I have to either work with our security guys to get around the sitewide proxy server, or download it off site and get it at work another way.

     

    You might be having the same issue... If ZMAN's way does not work, see if you can go to skype.com and manually download a file from there or not.. note, the download you will be offered there is different than the one LANDesk uses and will not work, but worth trying to download to see what your issue is.

  • mrspike SSMMVPGroup 1,319 posts since
    Dec 19, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    5. Feb 2, 2012 2:26 PM (in response to tanakaa)
    Re: Security scan fails to download some patches

    Sorry, first off, it was not ZMAN that had posted before.. just so used to him being among the first...s

     

    Also, I assumed the url that I saw was to the Skype file from Skype, the patch core.

     

    Let's start over....

     

    This patch requires you to manually download the file from Skype, if you open the properties of the patch the default tab will state to get it from here:

     

    http://community.skype.com/t5/Windows/New-Release-5-6-0-110/m-p/214046

     

    Unzip and follow these directions:

     

    We recommend that everyone upgrades to the newly released build.
    In order to remediate this vulnerability/install the application you must manually download the zip file from http://community.skype.com/t5/Windows/New-Release-5-6-0-110/m-p/214046.
    Once the file is downloaded, Unzip and copy the file to the \patch folder on the LANDesk core server,
    \Program Files\LANDesk\ManagementSuite\ldlogon\patch. Rename the patch name to skypesetupfull5.6.0.110.exe,The vulnerability/application install can now be remediated through the normal LANDesk Patch Manager process.

  • Dave Holland SupportEmployee 801 posts since
    Jan 8, 2008

    Has received 9 of 9 achievements.
    Currently Being Moderated
    7. Feb 4, 2012 2:57 PM (in response to tanakaa)
    Re: Security scan fails to download some patches

    Anthony,

     

    The following document may be of some use to you:

     

    IIS Virtual Directories and File Permissions for Security and Patch Manager

     

    This document details the various NTFS and IIS permissions necessary for the various directories used in the Vulnerability Scan process.

     

    In addition here is some information regarding the IUSR password.

     

    http://blogs.msdn.com/b/jiruss/archive/2006/05/24/606107.aspx

     

    The LANDesk clients need to be able to access the patch repository in order to download patches.

     

    The permissions in the first document above should spell out the specific permissions for the directories, both at the NTFS level and at the IIS virtual directory level.

     

    Some information about the key directories:

     

    As the client is scanning the following directories are accessed:

     

    Default patch storage directory: LDLOGON\Patch

     

    This is where the patches are stored that the clients download and install through Patch Manager.

     

    This can be changed if necessary: http://forum.landesk.com/support/docs/DOC-2133

     

    LDLogon\VulnerabilityData directory: (This is where the .XML data is stored that tells the vulnerability scanner what to scan for)

     

    As the client only needs to be able to access and and download these XML and XMLZ (compressed XML) files, Read and Directory browsing is suffiicient for IUSR in this instance.

     

    LDLogon\VulscanResults: As the vulnerability scanner is scanning, the information regarding what has been scanned (Scan history) is sent back to the core server, is placed in the Vulscan results folder as a .VRZ file (Compressed vulscan results) and is then processed into the database.

     

    Due to the fact that the client needs to write the .VRZ files into this directory, the anonymous (IUSR) account needs Full control to this directory.

     

    LDLogon\IncomingData: The PostCGI.EXE file within this directory needs to be able to be accessed by the IUSR account in order for the core to process the incoming Vulscan Results files from the client.

     

    Once these permissions have been set and verified as functioning properly, it is recommended to make a backup of the IIS configuration.

  • Dave Holland SupportEmployee 801 posts since
    Jan 8, 2008

    Has received 9 of 9 achievements.
    Currently Being Moderated
    8. Feb 6, 2012 5:25 PM (in response to Dave Holland)
    Re: Security scan fails to download some patches

    In the end with this issue we discovered that it was an issue with Proxyhost.exe that has been resolved in Service Pack 3.  

     

    http://community.landesk.com/support/docs/DOC-1001

  • sterling22 SupportEmployee 40 posts since
    Jul 18, 2011

    Has received 2 of 9 achievements.
    Currently Being Moderated
    9. Feb 7, 2012 9:00 AM (in response to Dave Holland)
    Re: Security scan fails to download some patches

    Anthony,

     

    In looking at your IIS logs Error: 404.2 - Web service extension lockdown policy prevents this request.
    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0f4ac79a-dc2b-4a5f-89c1-d57266aa6ffe.mspx?mfr=true

    1) On the core server go to Start | All Programs | Administrative Tools | Internet Information Services (IIS) Manager
    2) Go to Web Sites | Default Web Site
    3) Right click on the new web share that has been created and click Properties
    4) On the General tab look for Execute Permissions
    5) Set Execute Permissions to "Scripts Only"
    6) Click OK and close IIS
    7) Go to Start | Run: iisreset

  • zman Master 3,277 posts since
    Dec 14, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    10. Feb 7, 2012 1:57 PM (in response to Dave Holland)
    Re: Security scan fails to download some patches

    Seeing this sporadically on our SP2+ clients in Patch and SD downloads. Good to know it is fixed in SP3.

  • abhijit222223 Rookie 9 posts since
    Jul 6, 2010

    Has received 1 of 9 achievements.
    Currently Being Moderated
    11. Oct 18, 2012 7:16 AM (in response to Dave Holland)
    Re: Security scan fails to download some patches

    Hi David,

     

     

    I am getting exactly the same problem, LANDesk 9 service pack 3 installed.

    I have changed patch manager download from http to UNC … same problem

     

    Thanks in advance

    Abhijit

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software