[unisog] Validation problems with Windows Update

Brance Amussen brance at jhu.edu
Fri Aug 26 20:27:11 GMT 2005


Are your users using W2K or XP, these are the only OS's that the WGA
(windows Genuine Advantage) tool works on, no 98, no ME, no 2003... 

I just ran their demo at;
http://www.microsoft.com/genuine/downloads/WhyValidate.aspx

While at the same time watching TCPView for the connection, it does not use
any other port besides 80 on the validation end. It goes to
genuine.microsoft.com:80.. 

Here's the knowledgebase article about the time issue.. 
http://support.microsoft.com/default.aspx?scid=kb;en-us;906533

Brance :)_S

__________________________________________________

Brance Amussen
Network/Systems Administrator 

Zanvyl Kreiger Mind/Brain Institute
Johns Hopkins University
3800N. Charles St. 
338 Krieger Hall
Baltimore, MD 21218

brance{at}jhu.edu
__________________________________________________





-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of BACHAND, Dave (Info. Tech. Services)
Sent: Friday, August 26, 2005 3:47 PM
To: mda at unb.ca; UNIversity Security Operations Group
Subject: Re: [unisog] Validation problems with Windows Update

Hello-

We're looking at the same issue here.

A trace is showing a connection to a number of Microsoft sites, as well as
one packet sent to 208.172.13.251.  It has a destination port of 80, and
source of 1433.

Are looking into seeing if allowing this to pass will help.


++++++++++++++++++++++++++++++++++
Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376
++++++++++++++++++++++++++++++++++

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Matt Ashfield
Sent: Friday, August 26, 2005 8:46 AM
To: 'UNIversity Security Operations Group'
Subject: [unisog] Validation problems with Windows Update

HI All

Our students are beginning to show up on campus and are looking to register
for our network. We are forcing students to do a few security related things
before they are allowed on the network. One of the main things they must do
is update their system by going to WindowsUpdate.

We have experienced a lot of problems with users being able to validate
their OS with Microsoft. Even people who appear to have legitimate copies of
Windows. 

Among the problems we've experienced:

- Users being able to download, but not install the Windows Genuine
Advantage Validation tool. Despite repeated downloads, and attempts at
installing, it simply will not install.

- A potential timeout issue when users go to the website to validate their
version of windows. There is a message stating that the validation tool was
not able to communicate properly. This is potentially a problem with our
firewall rules. What sites/addresses are people letting through their
firewalls now to accommodate for this newly revamped WindowsUpdate. The
error that's given only tells the user to ensure their date/time is correct.
Not very helpful.

Any info is greatly appreciated!

Cheers


Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
mda at unb.ca 




_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog


_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list