Microsoft KB Archive/842432

= How to troubleshoot catalog file downloads for Microsoft Baseline Security Analyzer 1.2 =

Article ID: 842432

Article Last Modified on 12/5/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2.0 Standard Edition
 * Microsoft Systems Management Server 2003
 * Microsoft Baseline Security Analyzer 1.2

-



INTRODUCTION
The Microsoft Baseline Security Analyzer (MBSA) 1.2 is the scan engine for the Microsoft Systems Management Server (SMS) 2003 Software Update Scanning Tools and the SMS 2.0 Software Update Services Feature Pack. However, you can also use the MBSA as a stand-alone tool.

The MBSA uses an XML-based catalog file, mssecure.xml, to determine the security updates that are available. The catalog file is compressed and is stored in the mssecure.cab file.

Microsoft updates and posts the catalog file to the Microsoft Download Center after a new security bulletin is released. In some circumstances, the updated catalog file may not be downloaded by SMS or by the MBSA.



MORE INFORMATION
You can use the following information to help you determine if the catalog was updated. You can also use the following information to help troubleshoot if the latest version was not downloaded. You can determine if Microsoft has released an updated catalog file by visiting the following Microsoft Web sites.

The following files are available for download from the Microsoft Download Center:

English

Download the SMS 2003 .cab file package now.

Download the SMS 2.0 .cab file package now.

Japanese

Download the SMS 2003 .cab file package now.

Download the SMS 2.0 .cab file package now.

German

Download the SMS 2003 .cab file package now.

Download the SMS 2.0 .cab file package now.

French

Download the SMS 2003 .cab file package now.

Download the SMS 2.0 .cab file package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Note The localized versions of the .cab file for SMS 2.0 version require that the Internet Explorer locale match the language of the download. Otherwise, you may be redirected to a Microsoft Search Web page. To add a different language to Internet Explorer, follow these steps:
 * 1) On the Tools menu in Internet Explorer, click Internet Options.
 * 2) On the General tab, click Languages.
 * 3) Click Add, and then click the language that you want to add.

After you download the .cab file, double-click the .cab file, double-click the .xml file, and then specify a location to extract the mssecure.xml file. Double-click the mssecure.xml file to view the version information. The catalog version information is located at the top of the mssecure.xml file. An example of the catalog version information is:

<BulletinDatastore DataVersion=&quot;1.0.1.518&quot; LastDataUpdate=&quot;05/11/2004&quot;

If the file is current, but an older version of the catalog is still used by SMS, a cached older version of the file may have been copied from a corporate or Internet Service Provider (ISP) proxy server. We do not recommend that you cache the catalog file. However, individual proxy servers may be configured to cache the catalog file.

To determine if SMS is using a cached catalog file, use Microsoft Network Monitor or another network capture tool to view the download process. Start the trace immediately before you download the file. Stop the network trace immediately after the MSSecure.cab file is saved to the computer. You can filter the trace to show only HTTP traffic. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

148942 How to capture network traffic with Network Monitor

You can confirm that the catalog file is cached by viewing the frames that contain the HTTP responses to the client. A sample trace may appear similar to the following example.

Note This example has been edited for brevity and contains only the relevant information from the response packet.

   HTTP: Response to Client; HTTP/1.1; Status Code = 302 - Found HTTP: Protocol Version =HTTP/1.1 HTTP: Status Code = Found HTTP: Reason =Found HTTP: Connection =Keep-Alive HTTP: Proxy-connection =Keep-Alive HTTP: Content-Length =216 HTTP: Location =http://download.microsoft.com/download/0/d/b/0db2e5d7-0ba9-4856-b51f ... 00110: 0A 4C 6F 63 61 74 69 6F 6E 3A 20 68 74 74 70 3A   .Location: http: 00120: 2F 2F 64 6F 77 6E 6C 6F 61 64 2E 6D 69 63 72 6F   //download.micro 00130: 73 6F 66 74 2E 63 6F 6D 2F 64 6F 77 6E 6C 6F 61   soft.com/downloa 00140: 64 2F 30 2F 64 2F 62 2F 30 64 62 32 65 35 64 37   d/0/d/b/0db2e5d7 00150: 2D 30 62 61 39 2D 34 38 35 36 2D 62 35 31 66 2D   -0ba9-4856-b51f- 00160: 64 62 37 63 30 62 38 33 38 63 36 38 2F 4D 53 53   db7c0b838c68/MSS 00170: 65 63 75 72 65 5F 31 30 33 33 2E 43 41 42 0D 0A   ecure_1033.CAB.. 00180: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65   Content-Type: te 00190:  78 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74   xt/html; charset 001A0: 3D 75 74 66 2D 38 0D 0A 53 65 72 76 65 72 3A 20   =utf-8.....

The key indicator that this file is being cached is the &quot;HTTP: Proxy-connection&quot; entry. This entry points to a proxy server. The data near the bottom of the frame shows the full path of the .cab file, including its file name.

Note The URL may be different depending on the version and release date of the .cab file.

If, by viewing the network trace, you verify that the .cab file is being cached, contact your network administrator or your ISP and request that the MSSecure.cab file not be cached.

If you have another computer that is available on another network, you can try to download the .cab file from the second computer. Then, you can manually copy the .cab file to the first computer. By default, the stand-alone version of MBSA stores the catalog file in the \Program Files\Microsoft Baseline Security Analyzer folder.

The SMS 2003 Synchronization component (Syncxml.exe) downloads the latest version of MBSA and downloads the Security Update Bulletin Catalog (mssecure.xml), which contains a list of the latest hotfixes. Then the Syncxml.exe component copies the latest hotfix list on the SMS distribution points. You can use the contents of the %SystemRoot%\System32\Ccm\Logs\Securitysyncxml.log file to troubleshoot this component.

The Security Hotfix Checker scan tool (S_scan.exe) is part of the Security Update Inventory Tool in the SMS 2.0 Software Update Services Feature Pack. You can run the S_scan.exe tool on client computers to download the mssecure.xml file and scan the computer using the Hardware Inventory Agent. You can use the contents of the %SystemRoot%\System32\Ccm\Logs\Securitypatch.log file to troubleshoot this component. This log file will have a list of applicable hotfixes for a particular computer.

