forums.wsusoffline.net

[Yaso Kuhl]

Beim Generieren eines Updates hing der Prozess bei dotnet x86-glb mit "Determining superseded updates" ewig fest. Ein ähnliches Phänomen hatte ich auch bei den Office Updates (ofc-glb) mit den dynamischen Updates. Mit Procmon habe ich mir dann mal angekuckt, was das script in dem Moment eigentlich macht. Es probiert Dateien bzw. Verzeichnisse mit einem Pfad wie z.B. "E:\wsusoffline\cmd\http:\download.windowsupdate.com\msdownload\update\software\secu\2008\08\" zu erstellen und wird verständlicherweise mit einer Fehlermeldung abgewiesen. W
Irgendwann ist das Script auch durch diesen Schritt durch und läuft weiter, aber es dauert ewig (besonders auf einem USB Stick).

Ist der Vorgang dieser Vorgang so gewollt und normal oder liegt hier ein Fehler vor? Ich kann mir nicht vorstellen, dass dabei irgendwas raus kommt wenn man probiert Verzeichnisse anzulegen, die gar nicht angelegt werden können, nur um irgendeinen Datenbestand festzustellen.

Mein Aufbau:

Wsus Offline Update 6.8.4+ (251) (Komplettpaket inklusive Updategenerator) auf einem USB Stick mit Fat32. Platz ist auf dem Stick für meine Auswahl genug. Alles läuft unter WinXP SP3 mit Adminberechtigung.

[Denniss]

Keine Ahnung ob das so gewollt ist - kann ich mir aber nicht vorstellen.
Zumindestens würde das die extremen Verzögerungen erklären, die einige Benutzer bei Ausführung auf einem Netzlaufwerk beobachtet haben.

[WSUSUpdateAdmin]

Moin!

Yep, das klingt nach einem Bug.
Ich weiß bloß noch nicht, wie ich den suche...

Danke & Gruß
Torsten Wittrock

[Yaso Kuhl]

Ich bin mal im script durchgegangen, was nach der Logzeile passiert und es passiert bei möglicherweise bei beiden das gleiche.

..\bin\msxsl.exe "%TEMP%\package.xml" ..\xslt\ExtractUpdateRevisionIds.xsl -o "%TEMP%\ValidUpdateRevisionIds.txt"
oder
..\bin\msxsl.exe "%TEMP%\package.xml" ..\xslt\ExtractSupersedingRevisionIds.xsl -o "%TEMP%\SupersedingRevisionIds.txt"

Allerdings ist das nur eine Vermutung von mir. Ich habe leider von diesem XML-Gedöhns nicht soviel Ahnung, aber kann es sein, dass in diesen XSL-Dateien nicht sauber mit Pfaden mit Leerzeichen umgegangen wird?

Ich probier das Ganze noch mal auf meinen anderen System mit Windows 7 aus. Da sollte der %TEMP%-Pfad keine Leerzeichen enthalten.

[Yaso Kuhl]

Auch auf Windows 7 macht das Script solche Scherze. Ich habe mal bei Procmon die Letzten Schritte nach verfolgt.

Es sieht so aus, als ob eine ganze Weile eine Datei namens SupersededFieldsUnique.txt geschrieben wird. Dann in eine UpdateCabExeIdsAndLocations.txt und dann fängt das Script mit diesen komischen Verzeichnissen an.

Ich hab mal einen Auszug aus Procmon hier mit reingepackt. vielleicht hilft es ja. Er ist in einer CSV-Form mit Komma als Trenzeichen.

Code: Select all

"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"18:00:24,1305656","cmd.exe","480","CreateFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1306302","cmd.exe","480","QueryStandardInformationFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","AllocationSize: 65.536, EndOfFile: 62.976, NumberOfLinks: 2, DeletePending: False, Directory: False"
"18:00:24,1306425","cmd.exe","480","QueryStandardInformationFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","AllocationSize: 65.536, EndOfFile: 62.976, NumberOfLinks: 2, DeletePending: False, Directory: False"
"18:00:24,1306538","cmd.exe","480","ReadFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","Offset: 61.952, Length: 1.024, Priority: Normal"
"18:00:24,1306905","cmd.exe","480","CloseFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS",""
"18:00:24,1326134","cmd.exe","480","CreateFile","C:\Windows\SysWOW64\ui\SwDRM.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1347645","cmd.exe","480","QuerySecurityFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
"18:00:24,1347799","cmd.exe","480","QueryBasicInformationFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","CreationTime: 30.04.2011 20:57:52, LastAccessTime: 30.04.2011 20:57:52, LastWriteTime: 20.11.2010 04:17:12, ChangeTime: 30.04.2011 21:19:39, FileAttributes: A"
"18:00:24,1348172","cmd.exe","480","CloseFile","C:\Windows\AppPatch\sysmain.sdb","SUCCESS",""
"18:00:24,1348605","cmd.exe","480","QuerySecurityFile","C:\Windows\SysWOW64\findstr.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
"18:00:24,1348788","cmd.exe","480","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride","NAME NOT FOUND","Length: 1.024"
"18:00:24,1348955","cmd.exe","480","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
"18:00:24,1349135","cmd.exe","480","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"18:00:24,1349265","cmd.exe","480","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
"18:00:24,1349378","cmd.exe","480","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
"18:00:24,1554293","cmd.exe","480","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"18:00:24,1554460","cmd.exe","480","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"18:00:24,1554560","cmd.exe","480","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"18:00:24,1554673","cmd.exe","480","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
"18:00:24,1555049","cmd.exe","480","Thread Exit","","SUCCESS","Thread ID: 4916, User Time: 0.0156001, Kernel Time: 0.0156001"
"18:00:24,1556998","cmd.exe","480","QueryNameInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Name: \Windows\System32\apisetschema.dll"
"18:00:24,1557205","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\cmd.exe","SUCCESS","Name: \Windows\SysWOW64\cmd.exe"
"18:00:24,1557365","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\winbrand.dll","SUCCESS","Name: \Windows\SysWOW64\winbrand.dll"
"18:00:24,1557525","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\apphelp.dll","SUCCESS","Name: \Windows\SysWOW64\apphelp.dll"
"18:00:24,1557688","cmd.exe","480","QueryNameInformationFile","C:\Windows\System32\wow64cpu.dll","SUCCESS","Name: \Windows\System32\wow64cpu.dll"
"18:00:24,1557838","cmd.exe","480","QueryNameInformationFile","C:\Windows\System32\wow64win.dll","SUCCESS","Name: \Windows\System32\wow64win.dll"
"18:00:24,1557978","cmd.exe","480","QueryNameInformationFile","C:\Windows\System32\wow64.dll","SUCCESS","Name: \Windows\System32\wow64.dll"
"18:00:24,1558114","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Name: \Windows\SysWOW64\cryptbase.dll"
"18:00:24,1558254","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"18:00:24,1558394","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\usp10.dll","SUCCESS","Name: \Windows\SysWOW64\usp10.dll"
"18:00:24,1558541","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Name: \Windows\SysWOW64\advapi32.dll"
"18:00:24,1558691","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Name: \Windows\SysWOW64\rpcrt4.dll"
"18:00:24,1558834","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\lpk.dll","SUCCESS","Name: \Windows\SysWOW64\lpk.dll"
"18:00:24,1558977","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll"
"18:00:24,1559117","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32.dll"
"18:00:24,1559254","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Name: \Windows\SysWOW64\msctf.dll"
"18:00:24,1559397","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Name: \Windows\SysWOW64\imm32.dll"
"18:00:24,1559543","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll"
"18:00:24,1559697","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Name: \Windows\SysWOW64\kernel32.dll"
"18:00:24,1559843","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Name: \Windows\SysWOW64\msvcrt.dll"
"18:00:24,1559990","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"18:00:24,1560133","cmd.exe","480","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
"18:00:24,1560276","cmd.exe","480","QueryNameInformationFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Name: \Windows\SysWOW64\ntdll.dll"
"18:00:24,1560583","cmd.exe","480","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0156001 seconds, Kernel Time: 0.0156001 seconds, Private Bytes: 2.433.024, Peak Private Bytes: 2.543.616, Working Set: 3.866.624, Peak Working Set: 4.128.768"
"18:00:24,1560690","cmd.exe","480","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
"18:00:24,1560779","cmd.exe","480","CloseFile","C:\Windows","SUCCESS",""
"18:00:24,1560969","cmd.exe","480","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
"18:00:24,1561043","cmd.exe","480","CloseFile","H:\wsusoffline\cmd","SUCCESS",""
"18:00:24,1561319","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
"18:00:24,1561376","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
"18:00:24,1561466","cmd.exe","480","RegCloseKey","HKLM","SUCCESS",""
"18:00:24,1561536","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"18:00:24,1561616","cmd.exe","480","RegCloseKey","HKCU","SUCCESS",""
"18:00:24,1561672","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS",""
"18:00:24,1561729","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS",""
"18:00:24,1561782","cmd.exe","480","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS",""
"18:00:24,1566463","cmd.exe","1896","FileSystemControl","H:\wsusoffline\cmd","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
"18:00:24,1569681","cmd.exe","1896","CreateFile","H:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1572256","cmd.exe","1896","QueryDirectory","H:\wsusoffline","SUCCESS","Filter: wsusoffline, 1: wsusoffline"
"18:00:24,1572679","cmd.exe","1896","CloseFile","H:\","SUCCESS",""
"18:00:24,1576191","cmd.exe","1896","CreateFile","H:\wsusoffline","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1579716","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd","SUCCESS","Filter: cmd, 1: cmd"
"18:00:24,1580065","cmd.exe","1896","CloseFile","H:\wsusoffline","SUCCESS",""
"18:00:24,1583667","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1587208","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd\http:","NO SUCH FILE","Filter: http:"
"18:00:24,1587528","cmd.exe","1896","CloseFile","H:\wsusoffline\cmd","SUCCESS",""
"18:00:24,1591192","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1597179","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1602160","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1606970","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1612154","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1616951","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1621949","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\d728b7b9-454b-4b57-8270-45dac441b0ec\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1624554","cmd.exe","1896","FileSystemControl","H:\wsusoffline\cmd","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
"18:00:24,1626992","cmd.exe","1896","CreateFile","H:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1629454","cmd.exe","1896","QueryDirectory","H:\wsusoffline","SUCCESS","Filter: wsusoffline, 1: wsusoffline"
"18:00:24,1629654","cmd.exe","1896","CloseFile","H:\","SUCCESS",""
"18:00:24,1633342","cmd.exe","1896","CreateFile","H:\wsusoffline","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1635954","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd","SUCCESS","Filter: cmd, 1: cmd"
"18:00:24,1636294","cmd.exe","1896","CloseFile","H:\wsusoffline","SUCCESS",""
"18:00:24,1639902","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1643437","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd\http:","NO SUCH FILE","Filter: http:"
"18:00:24,1643743","cmd.exe","1896","CloseFile","H:\wsusoffline\cmd","SUCCESS",""
"18:00:24,1647418","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1653411","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1658405","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1663399","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1668419","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1673400","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1678400","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\d728b7b9-454b-4b57-8270-45dac441b0ec\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1681042","cmd.exe","1896","FileSystemControl","H:\wsusoffline\cmd","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
"18:00:24,1683481","cmd.exe","1896","CreateFile","H:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1685929","cmd.exe","1896","QueryDirectory","H:\wsusoffline","SUCCESS","Filter: wsusoffline, 1: wsusoffline"
"18:00:24,1686326","cmd.exe","1896","CloseFile","H:\","SUCCESS",""
"18:00:24,1689891","cmd.exe","1896","CreateFile","H:\wsusoffline","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1693439","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd","SUCCESS","Filter: cmd, 1: cmd"
"18:00:24,1693778","cmd.exe","1896","CloseFile","H:\wsusoffline","SUCCESS",""
"18:00:24,1697410","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1700931","cmd.exe","1896","QueryDirectory","H:\wsusoffline\cmd\http:","NO SUCH FILE","Filter: http:"
"18:00:24,1701238","cmd.exe","1896","CloseFile","H:\wsusoffline\cmd","SUCCESS",""
"18:00:24,1704949","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1710909","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1715906","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1720897","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1725907","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1730898","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1735908","cmd.exe","1896","CreateFile","H:\wsusoffline\cmd\http:\download.microsoft.com\download\d\7\2\d728b7b9-454b-4b57-8270-45dac441b0ec\","NAME INVALID","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"18:00:24,1738627","cmd.exe","1896","FileSystemControl","H:\wsusoffline\cmd","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
"18:00:24,1742261","cmd.exe","1896","CreateFile","H:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"18:00:24,1744683","cmd.exe","1896","QueryDirectory","H:\wsusoffline","SUCCESS","Filter: wsusoffline, 1: wsusoffline"


Ich hoffe, der Code macht in irgendeiner Weise Sinn.

[Yaso Kuhl]

Ich hab grad gesehen, mein Procmonabschnitt ist sogar noch vor dem Schreiben in die SupersededFieldsUnique.txt. Davor wurde die ExculdeList-dotnet.txt geschrieben. Dann erfolgen sehr viele Zugriffe auf Registry-Schlüssel und Zugriffe auf Windows-Verzeichnisse und -DLLs. Ich vermute, dass hier Systemparameter oder -eigenschaften abgefragt werden. Möglicherwiese ist das auch eine Phase wo im Script was verarbeitet wird und das einfach nur die Weiterleitungen auf die Funktionen in den entsprechenden System-DLLs sind. Dann geht es mit diesen Meldungen los. Dann erneut eine Phase mit Zugriffen auf Registry und DLLs.

Dann wird Streams.exe zum Einsatz gebracht. Downloadlog wird geschrieben. Dann Zugriffe auf ValidDynamicLinks-dotnet-x86-glb.txt.

Den kompletten Ablauf hier zu rezitieren ist wahrscheinlich ein klein bisschen sinnlos. Ich werde den kompletten Ablauf im Procmon mir wahrscheinlich irgendwo hin speichern. Aber ob jemand damit etwas anfangen kann, weis ich nicht. Ich hoffe ja, dass man aus den Zugriffen auf die Dateien irgendwie raus kriegen kann, bei welchem Schritt er gerade ist.

[WSUSUpdateAdmin]

Moin!

Ich sag' jetzt schon mal: Danke!
Ich schau' mir das morgen (und vielleicht übermorgen...) mal an und werde ggf. nochmal um Hilfe bitten.

Gruß
Torsten Wittrock

[WSUSUpdateAdmin]

Moin!

So, es hat doch bis heute gedauert, dass ich mich damit beschäftigen konnte.

Das Problem sind Ausgaben wie in Zeile 817 der Form:

Code: Select all

for /F "usebackq tokens=2 delims=," %%i in ("%TEMP%\SupersededCabExeIdsAndLocations.txt") do echo %%~ni>>..\exclude\ExcludeList-superseded.txt


, wenn %%i eine URL ist, weil Windows versucht, den mit "%%~ni" geforderten Dateinamen über das Filesystem zu ermitteln und nicht über eine einfache Stringmanipulation.
Gleiches passierte beim Erzeugen der Office-Update-Tabellen (Zeile 925).

Fixed.

Danke & Gruß
Torsten

[Denniss]

Scheint zu funktionieren, einzige bisher beobachtete Änderung: ExcludeList-superseded.txt enthält nun Dateiendungen (nur wenn vorher gelöscht und danach neu erstellt).

[rednaxela]

Scheint zu funktionieren, einzige bisher beobachtete Änderung: ExcludeList-superseded.txt enthält nun Dateiendungen (nur wenn vorher gelöscht und danach neu erstellt).

Das kann ich bestätigen. Es scheint aber der korrekten Funktion (Ausschluß der "superseded"-Updates) keinen Abbruch zu tun Vielleicht ist das ja von Cheffe sogar so gewollt

Gruß,
Alexander