I had hoped that by now I would have had a concrete answer to what the problem
is, but alas, nothing yet for sure. Here's my summary of the answers, then some
specifics;
I had 50+ replies indicating they had the "exact same problem", and several
indicating similar problems. I decided to go with just the "exact" ones and
leave the similarities alone for now.
Firstly, installing updates on shutdown is a feature of Windows XP SP2. I can't
say if some 3rd party tools can do this, but it is for sure a feature of SP2,
turned on by default, and the default option when shutting down an SP2 system
unless its been turned off (by Group Policy or a registry key.) So, anyone
experiencing this "exact" problem already had XP SP2 installed. I didn't see
any replies that contradict this.
Next, many people said they were being delivered XP SP2...AGAIN! This alone
could explain the problems seen. Sean Patterson said that his machine was
seemingly dead for 8 hours before it finally shutdown itself and rebooted
cleanly. Downloading and installing SP2 could easily take that long. Mark
Vinten, however, reported that his machine was still seemingly dead 24 hours
after he had attempted to shutdown, meaning this may not be the issue.
Many people talked about the GDI+ license issue, this appears to be associated
with the GDI+ Detection Tool that MS released via WU/AU last month. The license
question appears behind another dialog, so you don't see it. I seriously doubt
this is the issue being seen with the Shutdown, but many are firmly convinced
that is where the problem lies.
If it is, then Microsoft has seriously screwed up and, as a result, many people
have turned off Automatic Updates as a result.
Almost everyone gave similar recovery methods. They simply powered off the
computer and rebooted. Almost all saw no ill side-effects, but two people
indicated that after the reboot they had no Windows Shell show up. Those two
did a CTRL-ALT-DEL and got Task Manager up, and then recovered (one by running
Setup from the XP CD, the other by invoking a CMD prompt and making changes.)
As for everyone else, after they were back up they went to the WU site and
manually installed the updates correctly and all was well.
Interestingly, nobody reported the contents of their
%Windows%\WindowsUpdate.log file. Maybe its because its too hard to figure out
what it says...or just too hard to find out about it in the first place.
I haven't performed an Install Updates on Shutdown myself, my AU clients are
scheduled to install and they did. I think one of my machines was typical, it
downloaded;
Microsoft GDI+ Detection Tool (KB873374)
Critical Update for Office XP on Windows XP Service Pack 2 (KB885884)
Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2
(KB834707)
Seems to match with what others saw, and seems to add support to the theory
that the GDI+ Detection Tool license agreement is the culprit.
One thought I had, when AU is enabled and you receive a download that requires
the user to accept an End User License Agreement (EULA), the AU Help FAQ states;
"Will I need to accept an End User License Agreement (EULA)?
Sometimes. Some updates require you to accept a EULA before the updates can be
installed. These updates can not be automatically installed so an alert and the
Windows Update icon will appear in the notification area to let you know that
updates are ready to be installed. Click the icon to view and accept the EULA
for these updates and then install them."
Now, presumably there may be a switch or something that AU detects differently
about machines which have specified a scheduled installation day/time, versus
those that haven't. It could be that you aren't prompted when you have it
scheduled to install?? So, for those that are doing the Install Updates on
Shutdown method, it could be that the notification was in the system tray
indicating you had to accept a EULA prior to shutting down. Since you didn't,
it fails as described. This would be incredibly stupid, but could be an
explanation.
Keep your eyes open for that notification.
Meanwhile, if someone from Microsoft happens to read NTBugtraq, and can get
someone there to tell us what they're saying to your other customers, I'm sure
there's somewhere near 30,000 people here who'd love to hear it!
Cheers,
Russ - Senior Scientist/NTBugtraq Editor
TruSecure Corporation
--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such
that just hitting reply is going to result in the message coming to the list,
not to the individual who sent the message. This was done to help reduce the
number of Out of Office messages posters received. So if you want to send a
reply just to the poster, you'll have to copy their email address out of the
message and place it in your TO: field.
--
