Archive for the 'Windows Updates' Category

Security Token Service

Had a bit of a scare during a maintenance window.  Ran some updates on our SharePoint farm and after that one of the sites wasn’t coming up.  Kept getting a 503 error.  When I checked the event log, I found this error message:

An exception occurred when trying to issue security token: The HTTP service located at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas is unavailable.  This could be because the service is too busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later..

A quick search led to this article, and when I checked the AppPools, they were all stopped.

Starting the AppPools fixed the problem.

The ordinal 120 could not be located in the dynamic link library iertutil.dll.

We have 5 Citrix Terminal Servers that are configured “identically”.  After installing IE8 on two of them, the following started showing up:




After a bunch of searching, I saw a few people have gotten this, but no one had a solution, or at least I couldn’t find it.  I did see a similar message related to Adobe Reader, and that is what helped me find the answer to our problem.

One of the servers was not having the problem, but it DID have IE8.  hmmm..  It also had Adobe Reader 9 installed on it.  The others had Adobe Reader 8. 

So to fix the problem, required uninstalling IE8, updating to AR9, and then reinstalling IE8.  I did try just installing the updated Adobe Reader, but it still got the error until I uninstalled IE8. 

Error installing update for Microsoft Forefront

I have a server that is Server 2008 x64.  It has the client for Microsoft Forefront Client Security installed.  It has been showing that it needed to update the client, but every time I told it to run, it would fail.

I found this in the Application log:

Application ‘C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe’ (pid 3304) cannot be restarted – Application SID does not match Conductor SID..


And this in the update history:

Update for Microsoft Forefront Client Security (KB956280)
Installation date: ‎3/‎25/‎2009 2:23 PM
Installation status: Failed
Error details: Code 643
Update type: Important
This patch  updates the Microsoft Forefront Client Security Anti-Malware Agent.


I started to do a little bit of searching on the “Application SID does not match Conductor SID..” and saw that it comes from the restart manager.  With that nugget of info, I went and stopped all the Forefront services, and ran the update again:

Update for Microsoft Forefront Client Security (KB956280)
Installation date: ‎3/‎25/‎2009 2:33 PM
Installation status: Successful
Update type: Important
This patch  updates the Microsoft Forefront Client Security Anti-Malware Agent.

Server Core – A few notes and links to useful commands

I asked a coworker to find the method/command to run updates on Server Core and he came back with a link to this nice little script:

And every time I forget the command to do something in Server Core, when I do a search to find it, I always come back with a link to this post:

And just because I am lazy, and don’t particularly like the command line (even though I like Server Core), I have created a folder with a few batch files that I use when I am setting up a Server Core machine.  For instance, I have a batch file that has the product key in it already and I run it to install the product key and activate. 

Windows Failed to install the update with error 0x80070643

I am responsible for keeping a number of machines (around 900 or so) up to date with all the latest Windows Updates.  Recently I noticed that a number (around 15 or so that I am sure of) weren’t installing particular updates.  I have seen this in the past, but the particular updates that wouldn’t apply weren’t of real concern to me, so I didn’t really investigate.  The latest updates were of concern though so I started looking into it.  Here are the errors that I am getting:

Installation Failure: Windows failed to install the following update with error 0x80070643: Visual Studio 2005 Service Pack 1.

The installation of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZNWF10\VS80sp1-KB926601-X86-ENU.msp is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

As you can see, this particular update is for Visual Studio Service Pack 1.  After a little digging, I found this:

It basically says that there is a problem with the way the local security policy is configured.  When I looked, it appeared that the local security Software Restrictions Policy wasn’t configured.  I “added” a policy and put the dot in the “All users except local administrators”.  After that the install ran fine.