Windows 7 / Windows Server 2008 R2 Service Pack 1 Revision Hatasi Duzeltildi

Windows 7 / Window Server 2008 R2 Service Pack 1 (SP1) sunan WSUS ortamlarinda ortaya cikan kurulum sorunu icin yeni revizyon yayinlandi.

Son versiyon kuruldugu halde WSUS da kurulmadi seklinde raporlaniyordu, yeni revizyon asagidaki kistasa uyan bilgisayarlara WSUS tarafindan uygulanacak.

• SP1 kurulmus ve tekrar kurulum statusunde olmayanlar.


• SP1 kurulmamis ve bu guncellemeye uyfun olanlar.

Kaynak : http://blogs.technet.com/b/wsus/archive/2011/05/31/windows-7-windows-server-2008-r2-service-pack-1-revision-resolved.aspx

Windows 7 / Windows Server 2008 R2 Service Pack 1 Revision Issue Resolved

A revision was made to the WSUS offering for Windows 7 / Window Server 2008 R2 Service Pack 1 (SP1) on 5/24 to address known installation issues. We are aware that this latest revision is incorrectly reporting as "Not Installed" for machines that have already installed the previous revision of the SP1 update. Also, if this revision is approved for installation, it will reoffer to machines that have already installed the previous revision of the SP1 update. Specifically

• Machines that have already installed SP1 do not need to reinstall this update


• Machines that have not yet installed SP1 can safely proceed with installing this revision of the update

This issue has been corrected with a revision released Tuesday, 5/31 at 10:00 a.m. Pacific Time. Please be sure to re-sync your servers to obtain the latest revisions and updates to these and other packages.

 

Source : http://blogs.technet.com/b/wsus/archive/2011/05/31/windows-7-windows-server-2008-r2-service-pack-1-revision-resolved.aspx

Adding/Accessing different HTTPS ports with ISA Server 2006

You will get the error below when you try to create a connection to HTTPS by using a different port than 443. This is very normal behaviour of ISA because the port you want to use is not in the range of TunnelPorts, (TunnelPortRanges)

HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)

But you can easily add necessary ports to TunnelPortRanges by the help of a very simle VB script, to do it create a clean vbs file and paste the code below to your vbs, and change the port numbers as you wish, example code is for port 8443, save and run the vbs. It will add the port you have written to TunnelPortRanges, you will need to restart Firewall Service to apply and activate your new port.

set isa=CreateObject("FPC.Root")
set tprange=isa.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL 8443", 8443, 8443)
tprange.Save

You can also use the vbs below to list ranges.
set isa=CreateObject("FPC.Root")
Dim tpRanges, tpRange

Set tpRanges = isa.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges

If tpRanges.Count > 0 Then
For Each tpRange In tpRanges
WScript.Echo tpRange.Name & " : " & tpRange.TunnelLowPort & "-" & tpRange.TunnelHighPort
Next
Else
WScript.Echo "No tunnel port ranges are defined."
End If
( Adding/Accessing different HTTPS ports with ISA Server 2006 )

ISA 2006 da farklı HTTPS portları kullanmak/eklemek

ISA Server 2006 da TCP 443 den farkli portlar ile HTTPS baglantisi kurmaya calistiginizda, baglanmak istediginiz port veya portlar TunnelPortRanges kapsaminda bulunmadigi icin baglanti hatasi alacaksinizdir.

HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)

Bu durumda ihtiyaciniz olan portlari TunnelPortRanges'a eklemeniz gerekmektedir, bunu basitce bir VBScript ile yapabilirsiniz, bir text dosyasi olusturun, adi ornegin 8443.vbs olsun, 8443 burada benim eklemek istedigim port. Dosyayi notepad ile acip icine asagidaki kodu yapistirin

set isa=CreateObject("FPC.Root")
set tprange=isa.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL 8443", 8443, 8443)
tprange.Save

Siz 8443 olan port degerlerini kendi ihtiyaciniz olan portla degistireceksiniz tabiiki, bir den fazla port ekleyecekseniz ornegin 8443 ile 8448 arasindakiler gibi o zaman

set tmp=tprange.AddRange("SSL 8443-8448", 8443, 8448) seklinde de yazabilirsiniz, ardisik degilse her portunuz icin ayti bir vbs olusturun, daha sonra vbs dosyasini calistirarak portu ISA ye ekleyin, degisikligin gecerli olmasi icin Firewall Servisini restart etmeniz gerekecektir.

Mevcut portlari listelemek icin ise asagidaki vbs scriptini kullanabilirsiniz.
set isa=CreateObject("FPC.Root")
Dim tpRanges, tpRange

Set tpRanges = isa.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges

If tpRanges.Count > 0 Then
For Each tpRange In tpRanges
WScript.Echo tpRange.Name & " : " & tpRange.TunnelLowPort & "-" & tpRange.TunnelHighPort
Next
Else
WScript.Echo "No tunnel port ranges are defined."
End If

( ISA 2006 da farklı HTTPS portları kullanmak/eklemek )

Internet Explorer 7 icin daha once yayinlanmis olan MS11-018 (KB2497640) yamasindaki hata duzeltildi ve yeni bir revizyonu yayinlandi.

Hatali versiyon bazi Windows XP ve Windows Server 2003 platformlarinda yama kurulu olmadigi halde kurulu gibi raporlanmasina yol acmaktaydi.

Detaylari icin  MS11-018 adresini ziyaret edebilirsiniz.


Kaynak : http://blogs.technet.com/b/wsus/archive/2011/05/16/ms11-018-internet-explorer-7-0-cumulative-security-update-kb2497640-revised.aspx

MS11-018 Internet Explorer 7.0 Cumulative Security Update (KB2497640) Revised

MS11-018 (KB2497640) for Internet Explorer 7.0 has been revised today to correct an error in Microsoft Update logic. The revision corrects an issue that caused the update to incorrectly report that it was already installed on some Windows XP and Windows Server 2003 platforms where it was not installed. See MS11-018 for details.

Source : WSUS Team Blog

SMS/SCCM Report - Access Denied / ASP 0178 : 80070005 Error

If you have got a SMS 2003 Server which runs on Windows Server 2003 with SP1 installed and if you gave access rights to a non-administrator user for SMS Reports , probably you are getting Error : Access is Denied error on IE. If you have already added this user to SMS Reporting Users local group on the SMS Server and if you are getting the error below

Server object error 'ASP 0178 : 80070005'
Server.CreateObject Access Error
/SMSReporting.SiteCode/Report.asp, line 64
The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
The reason is hardened DCOM settings in Windows 2003 SP1

To resolve this problem run Component Services which is under Administrative Tools and find the SMS_REPORTING_POINT as shown below



Now select Security tab



Select Customize option for Launch and Activation Permissions then select Edit



Now add SMS_Reporting_Users local group and clear Local Launch option and select Allow for Local Activation, then aprrove all setting by click OK.

If you want to read more information about DCOM changes in Windows 2003 SP1 I recommend you to visit DCOM Security Enhancements site.

SMS/SCCM Report - Access Denied / ASP 0178 : 80070005 Hatası

Merhaba

Eger Windows 2003 SP1 uzerinde calisan bir SMS 2003 Serveriniz var ise , ve Administrators grubunda olmayan bir kullaniciya SMS panelinde Raporlara erisim hakki verdiginiz halde erismeye calisinca Error : Access is Denied. hatasi aliyorsa oncelikle bu kulllaniciyi SMS Sunucunuz uzerindeki SMS Reporting Users grubuna eklemelisiniz.

Tekrar raporu cagirdiginiz ve asagidaki hatayi aldiysaniz bunun sebebi Windows 2003 SP1 ile DCOM erisim guvenlik ayarlarinin guvenlik arttirimi icin daha kati sekilde konfigure edilmesidir.



Server object error 'ASP 0178 : 80070005'
Server.CreateObject Access Error
/SMSReporting.SiteCode/Report.asp, line 64
The call to Server.CreateObject failed while checking permissions. Access is denied to this object.

Bu sorunu gidermek icin ise asagidaki yolu izlemeniz gerekmektedir.

Once Administrative Tools altindaki Component Services i calistirip asagidaki asamaya ulasip SMS_REPORTING_POINT in ozelliklerine girecegiz.



Simdi ozelliklerdeki Security tabina giriyoruz.



Security tabinda , Launch and Activation Permissions kisminda Customize i secip Edit tusuna basiyoruz.



Bu asamda gelen listeye SMS Reporting Users lokal kullanici grubunu eklemeniz gerekiyor, daha sonra bu kullanici icin Local Activation secenegini Allow etmeniz, Local Launch secenegini temizleyip islemi onaylayarak duzletmeyi tamamlayabilirsiniz.

DCOM da bu degistirdigimiz ayarlarla ayrintili bilgi icin DCOM Security Enhancements adresini ziyaret edebilirsiniz.

 

Java Updatelerini Disable etmek

Eger Java guncellemelerini iptal etmek isterseniz, control panel deki secenegi Never sectiginiz halde calismadigi icin.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy altinda bulunan EnableJavaUpdate degerini 0 yapiniz. (DWORD)

WSUS da e-mail bilgilendirmelerini ayarlamak

WSUS  da e-mail bilgilendirmeleri

WSUS  sunucusu yeni guncellemeler, raporlar hakkinda bilgileri email yolu ile gonderebilir, bu gonderimleri gunluk, haftalik gibi zaman dilimleri icin konfigure edebilirsiniz de.

e-mail bildirimlerini ayarlamak icin
1. WSUS Administration konsolunuz acip Options'i seciniz,
2. Orta pencerede E-Mail Notifications seceneginiz seciniz,
3. General sekmesini seciniz,
4. Eger guncelleme bilgilendirmelerini istiyorsaniz , "Send e-mail notification when new updates are synchronized" kutusunu seciniz.
5. Recipients(Alicilar) kutusuna, bilgilendirme mesajlarini alacak kisilerin emaillerini yaziniz, bir den fazla email adresi yazacaksaniz noktali virgul ile ayiriniz.
6. Durum raporlarini email yolu ile almak istiyorsaniz "Send status reports" kutucugunu isaretleyiniz.
7. Gonderim sikligini secmek icin "Frequency box" kutusunda "Daily" (Gunluk) veya "Weekly" (Haftalik) seceneklerinden birini seciniz.
8. Gonderim saatini belirlemek icin "Send reports at" kutusuna arzu ettiginiz saati giriniz,
9. Recipients(Alicilar) kutusuna, durum raporu mesajlarini alacak kisilerin emaillerini yaziniz, bir den fazla email adresi yazacaksaniz noktali virgul ile ayiriniz.
10. Dil secenekleri icin "Language" kutusundan dili seciniz.
11. Apply secenegi ile yaptiginiz konfigurasyonu kaydediniz.

Dogal olarak WSUS sunucunuzun bu email gonderimlerini yapabilmesi icin posta sunucusu konfigrasyonunuda yapmaniz gerekmekte.

Bunun icin;

1. "E-Mail Server" sekmesini seciniz,
2. "Outgoing e-mail server (SMTP)" kutusuna firma mail sunucunuzun adini yaziniz.
3. "Port number" kutusuna mail sunucunuzun SMTP portunu yazin, varsayilan 25 dir.
4. "Sender name" kutusuna bu bildirimlerin kim tarafindan gonderilmis gibi gozukecegini belirlemek icin bir isim yazin (WSUS Yoneticisi)
5. "E-mail address" kutusuna gondericinin email adresini yazin, ornek : WSUSYoneticisi@abc.com.tr
6. Eger mail sunucunuz kimlik dogrulamasi yapiyorsa "My SMTP server requires authentication" secenegini secin ve kullanici adi ile sifreyi yazin
Apply secenegi ile yaptiginiz konfigurasyonu kaydediniz.

Test etmek icin Test tusuna basiniz, test emailini almazsaniz Event Viewer i kontrol ediniz, ayrica SoftwareDistribution.log dosyasini bulup bu dosyayida kontrol etmenizde fayda var.