Thursday, January 29, 2015

Failed to Add Update Source for WUAgent of type 2 (Error = 0x80004005)

I ran across an issue this morning where Windows Updates were not getting deployed to a client. I checked the reports, and found that the client was not reporting any missing updates.
I knew this client was not working, as the compliance state was listed as unknown on the SCCM reports. The first thing I check was policy. I was unable to get to the policy editor and that seems tol point to something in this direction.
The execmgr.log was also clean.
Next, I checked the WUAHandler.log and true enough the error is in here

<![LOG[Failed to Add Update Source for WUAgent of type (2) and id ({CEF9E8E9-C241-47CC-B86A-A7380539BF47}). Error = 0x80004005

To resolve issue, delete the C:\Windows\System32\GroupPolicy folder and restart the SCCM Agent.
After which you should see entries similar to the below

<![LOG[Enabling WUA Managed server policy to use server: https://SINWSUS01.intlsos.com:8531]LOG]!><time="11:51:44.524+000" date="01-29-2015" component="WUAHandler" context="" type="1" thread="4228" file="sourcemanager.cpp:1054">
<![LOG[Waiting for 2 mins for Group Policy to notify of WUA policy change...]LOG]!><time="11:51:44.540+000" date="01-29-2015" component="WUAHandler" context="" type="1" thread="4228" file="sourcemanager.cpp:1060">
<![LOG[Waiting for 30 secs for policy to take effect on WU Agent.]LOG]!><time="11:52:05.792+000" date="01-29-2015" component="WUAHandler" context="" type="1" thread="4228" file="sourcemanager.cpp:1124">
<![LOG[Added Update Source ({CEF9E8E9-C241-47CC-B86A-A7380539BF47}) of content type: 2]LOG]!><time="11:52:35.827+000" date="01-29-2015" component="WUAHandler" context="" type="1" thread="4228" file="sourcemanager.cpp:1381">
<![LOG[Async searching of updates using WUAgent started.]LOG]!><time="11:52:35.936+000" date="01-29-2015" component="WUAHandler" context="" type="1" thread="4228" file="cwuahandler.cpp:587">

Monday, January 26, 2015

Backdoor to SQL Database


On a Monday when I am suffering from a sever bout of Garfield's Syndrome, I delete my own admin account which has been assigned sysadmin access to my SQL databases for my reporting server.

Shit! Does it mean I cannot access to the databases any more.
Then i thought of a backdoor method to access the database using the system account.

In order to do this, you will need to have a copy of the psexec which can be downloaded from here. Place this on the server and then in a command prompt execute this command:psexec -i -s SSMS.exe.

Once you are in, you will be able to very much do whatever you like :)