Installation Of The Microsoft .NET Framework 3.5 SP1 – KB951847

An installation of the Microsoft .NET Framework 3.5 SP1 (full package) – KB951847 had failed on a passive node Exchange 2003 server. Having spent a number of days looking at it, I finally managed to resolve it today and get the Exchange server to the latest patch status.

Initially I thought the installation failure is due to the corruption of either the MSI software update registration or the .NET Framework installed on the server.

I tried the following methods mentioned in the Microsoft KB articles (i.e. KB922377, KB976982) but were not successful :

1. Manually remove the .NET Framework, and then reinstall the .NET Framework

2. Remove the .NET Framework by using the Installation Cleanup Utility and then reinstall the .NET Framework

3. Fix the MSI software update registration corruption issue by using Microsoft Fix it 50123

A detailed look at the Windows Application Event log after each installation of the Microsoft .NET Framework 3.5 SP1 revealed the following entries:

Event ID 10005 - Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2318. The arguments are: C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\30E8DF.cab, ,

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CLR' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CA' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CRT' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework PreXP' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr. Watson' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework 1' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework 2' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework ASP .NET' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

Event ID 1023 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework WinForms' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\kandti01\LOCALS~1\Temp\dd_NET_Framework20_Setup5306.txt.

In the directory C:\Windows\PCHealth\ErrorRep\Qsignoff, there is indeed a file 30E8DF.cab. 

Further investigation into the permission for the Qsignoff folder, I found out that the group EVERYONE is being assigned with DENY permission to Traverse Folder/ Execute Files and the permissions apply onto the folder itself, subfolders and files. This could be the cause for the Event ID 10005 to occur.

The DENY permission was removed and the 3 files in the directory C:\Windows\PCHealth\ErrorRep\Qsignoff were deleted successfully.

After which the installation of the Microsoft .NET Framework 3.5 SP1 was carried out successfully with the following entries in the Windows Application Event log:

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CLR' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CA' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework CRT' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework PreXP' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr. Watson' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework 1' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework 2' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework ASP .NET' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET Framework WinForms' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Installation completed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2_32' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCF' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_1' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF_32' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'XPS' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCS' installed successfully.

Event ID 1022 - Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other_32' installed successfully.

Event ID 11707 - Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Installation completed successfully.

Event ID 11707 - Product: Microsoft .NET Framework 3.5 SP1 -- Installation completed successfully.

The Exchange server was restarted and applied with the Microsoft .NET Framework 3.5 Family Update - KB959209. This update addresses a set of known application compatibility issues and consists of 3 files (i.e. NDP20SP2-KB958481-x86.exe, NDP30SP2-KB958483-x86.exe and P35SP1-KB958484-x86.exe). A reboot was performed for the Exchange server and the server was subsequently patched with those outstanding .NET Framework updates pushed down via the WSUS server.

The MBSA scan was conducted on the Exchange server after all the updates were installed successfully. The patch status report shows that the Exchange server has been updated till the latest patch status.
 

Finding IP Address With Only MAC Address Given

There is a desktops replacement exercise going on. The IP address assigned to the user's existing desktop will be used for the new desktop. At times, the outsourced computer technicians wil request us to change the MAC address of the reserved desktops in the DHCP server without providing any IP address and DHCP scope. The only information given were the MAC address of the new desktop and the MAC address of the user's existing desktop. This make our job of modifying the information of a reserved desktop rather difficult.

In order to find the IP address of the reserved desktop using the MAC address of the user's existing desktop, the below command need to be issued at the command prompt:

Netsh dhcp server dump | find /I”00237db98ab4” > c:\reserved.txt

The output c:\reserved.txt will contain information for a reserved desktop whose MAC address matches 00237db98ab4:

DHCP Server 128.155.1.29 Scope 128.248.0.0 Add reservedip 128.248.2.44 00237db98ab4 “zwen. KANDTI.com.sg” “Zhang Wen’s PC” “BOTH”

IP address reserved: 128.248.2.44
MAC address: 00237db98ab4
Reservation name: zwen.KANDTI.com.sg
Description: Zhang Wen’s PC
Support types: BOTH (i.e. DHCP and BOOTP)

From the output, we know that the desktop reservation can be found under the DHCP scope 128.248.0.0 with IP address 128.248.2.44.

Outlook Web App Is Currently Disabled For User

A user reported that he can’t login to OWA. He got the message that “Outlook Web App is currently disabled for user KANDTI\sysm1. The details of the error is as follows:

Outlook Web App is currently disabled for user KANDTI\sysm1.

---

Copy error details to clipboard

Show detailsRequest
Url: https://casrp.KANDTI.com.sg:443/owa/auth/error.aspx
User host address: 130.22.126.33
User: zzzz System Monitoring Account
EX Address: /o=KANDTI/ou=KANDTI Admin Group/cn=Recipients/cn=sysm1
SMTP Address: sg1m1@KANDTI.com.sg
OWA version: 14.2.247.5
Mailbox server: CERCO.KANDTI.com.sg

The OWA accessing feature for the account was found to be disabled. The user is able to login to OWA after the below PowerShell cmdlet is issued via the Exchange Management Shell:

Set-CASMailbox –Identity sysm1@CERCO.KANDTI.com.sg –OWAEnabled:$true

Event ID 68 Unable To Initialize Scan Engine. The Virus Definitions May Be Missing Or Corrupt

Our Helpdesk reported that there are users complaining that they were unable to send out or receive emails. The system administrator performed a check on the Exchange Servers and found the following Symantec Mail Security for Microsoft Exchange events entries in the Windows Application Event log:

Event ID 110 - The process SAVFMSESp.exe failed to start (0xC009008A).

Event ID 168 - The process SAVFMSESp.exe was restarted.

Event ID 68 - Unable to initialize scan engine. The virus definitions may be missing or corrupt. Perform a LiveUpdate to retrieve the latest virus definitions.

Event ID 167 - The process SAVFMSESp.exe terminated unexpectedly.

The following steps were carried out to resolve the problem:

1. Stop the Symantec Mail Security for Microsoft Exchange service.

2. Open usage.dat file from the directory C:\Program Files\Common Files\Symantec Shared\VirusDefs\ and confirm that it's missing SAVFMSE_SP_x=1 entries, where x is a number from 1 to 9.

Example of how an invalid usage.dat file looks:
[20121024.017]
SMSMSE=1
[20121025.021]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1

Example of how a valid usage.dat file looks:
[20120424.005]
DEFWATCH_10=1
NAVCORP_70=1
SSS_MICROSOFT_EXCHANGE_30=1
SAVFMSE_SP_3=1
SAVFMSE_SP_1=1
SAVFMSE_SP_2=1

3. Remove VirusDefs0000000x folders from the directory C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus (where 'x' is a number).

4. Remove files from the directory C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.

5. Copy all files from the latest definition folder from the directory C:\Program Files\Common Files\Symantec Shared\VirusDefs\ to the directory C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.

6. Restart the SMSMSE service.

7. When the service starts up, SMSMSE will read new definition files from incoming folder and create new virus definition folder (i.e. VirusDefs0000000x)under definitions folder.

Conducting Checks On The Patch Status Of Microsoft Servers

It is a recommended practice to generate a patch status report for the respective servers to ensure that all required security updates/ rollups are applied to the servers.

1. First, download MBSA from http://technet.microsoft.com/en-us/security/cc184923.

2. Install it on the servers to be scanned (the default installation location is C:\Program Files\Microsoft Baseline Security Analyzer 2\).

3. Download the Microsoft latest wsusscn2.cab file from http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab. It contains details on all the latest updates from Microsoft.

4. Copy the wsusscn2.cab file to a directory (i.e. mbsa).

5. Open a command window, cd into the directory C:\Program Files\Microsoft Baseline Security Analyzer 2 and issue the following command:

mbsacli /catalog c:\mbsa\wsusscn2.cab /n os+iis+sql+password > c:\scanresults.txt

/n os+iis+sql+password -- to scan for updates only.
/catalog c:\mbsa\wsusscn2.cab –specifies the location of the CAB file that contains the available security update information.

The resulting scanresults.txt file should contain all Microsoft patches that are targeted towards that particular server, both installed and uninstalled.