February 19, 2010

ITMU Functionalities: How it works?

Advertisement Begins
Check %windir%\system32\ccm\logs\execmgr.log – All advertisements executed by the SMS client are written to this log. You should be able to find the AdvertisementID for the Scan. Also, look for Requesting content from CAS for package version ## – ## should be the current package source version for the Microsoft Updates Scanner. Finally, you should see the command line used (which contains “Scanwrapper.exe”), the process created, and the Raised Program Started Event for AD: .. At this point, ScanWrapper.exe has been launched.

ScanWrapper Begins
Check %windir%\system32\ccm\logs\ScanWrapper.log – This log is generated by ScanWrapper.exe – Use the Date/Time column to find the most recent Software Updates Scan Tool Started entry. It will perform checks for Windows Update Version, Client Version, etc. ScanWrapper.log will also show the “Source Directory” and “Cache Directory” for the CAB file. ScanWrapper then launches SMSWusHandler. *Note: Scanwrapper.log is also used for other Scanning tools, such as the Extended Software Update Inventory Tool (ESUIT).

SMSWusHandler Begins
Check %windir%\system32\ccm\logs\SMSWusHandler.log – This log is generated by SMSWusHandler.exe, and is used to initiate actions on the Windows Update Agent. Use the Date/Time column to find the most recent SmsWusHandler Started entry. After performing a Windows Update version check, you will see an entry that reads similar to this: ScanPackage serviceID being used for this search is {78cc3df0-6ae3-4990-ab7c-87aeffb4b7fc}. The log will pause on this entry for a few minutes, because SMSWusHandler has handed off the scan to the Windows Update Agent.

WindowsUpdate Begins (and Completes)
Check %windir%\WindowsUpdate.log – This log is generated by the Windows Update (Automatic Updates) agent, which is used for patch scan and installation. Use the Date/Time stamp (located at the beginning of every row) to find the most recent Logging Initialized entry. Follow the log for Added Update entries. **Some entries in this log may appear as errors, but are actually “normal” – review the help link for more information.

SMSWusHandler Completes
SMSWusHandler continues after the completion of WindowsUpdate, listing each potential update, and states whether “Applicable” or “Installed”, writes the data to and .xml file in the cache directory (e.g., C:\WINNT\system32\VPCache\\Results.xml), and finishes the log with SmsWusHandler Terminating.

ScanWrapper Completes
ScanWrapper continues after the completion of SMSWusHandler, by reading the results.xml file – (e.g., Patch information from C:\WINNT\system32\VPCache\\Results.xml). The log then writes the details of each potential update, (including MS KB and security bulletin ID), and states whether the patch is applicable or installed. Next, it writes the data to Win32_PatchState_Extended. Finally, the information in Win32_ScanPackageVersion is updated, and Scanwrapper exits

Advertisement Completes
Finally, execmgr.log completes with a message similar to the following: Execution is complete for program Microsoft Security Updates. The exit code is 0, the execution status is Success.

No comments:

Post a Comment