Steps to how to Deploy .MSP update using PsExec.exe and msiexec.exe

Under below steps will cover the Adobe Reader update 11.0.23_Update (AdbeRdrUpd11023.msp)

Step 1- Download the latest update (.MSP) from below link.

https://supportdownloads.adobe.com/product.jsp?product=10&platform=Windows

Step 2- Create a Share folder on server from all servers can access the share (Ignore if you have already shared folder)

Example Share : \\ABCD\11.0.23_Update\ (Physical path \\ABCD\C$\Temp\11.0.23_Update)

Step 3 – Copy the installer at share location (AdbeRdrUpd11023.msp)

Step 4 – Create a .bat file as below and place at same location. (AdobeUpdate.bat)

@Echo Off
msiexec.exe /p “\\ABCD\11.0.23_Update\AdbeRdrUpd11023.msp”/qn

Step 5 – Copy the PsExec.exe at desired location and run the CMD from that location.(C:\Temp)

Step 6 – Run the below command for single remote computer (XYZ).

C:\Temp\PsExec.exe \\XYZ -u Domain\user name -c -f  “\\ABCD\11.0.23_Update\AdobeUpdate.bat”

This will ask you the password for mentioned user.

Success result : AdobeUpdate.bat exited on XYZ with error code 0.

Step 7 – Run the below command for multiple remote computers (create a text file and place the list of servers) (C:\Temp\Servers.txt)

C:\Temp\PsExec.exe @Servers.txt -u Domain\user name -c -f  “\\ABCD\11.0.23_Update\AdobeUpdate.bat”

This will ask you the password for mentioned user. (One Time Password Prompt )

Success results for all servers inline:

AdobeUpdate.bat exited on XYZ with error code 0.

Advertisements

Process to add PowerShell script in “Local Security Policies” under Startup/Shutdown script.

Please find the below steps to complete the task.

  • Create desired script with requirement (i.e. C:\Script\Stop-Service.Ps1)
  • Navigate the following path :Run->gpedit.msc->Computer Configuration->windows Settings->scripts
  • Select desired option where you need to apply the Script (Startup or shutdown). In this case applying the script under Shutdown process.
  • Double Click on shutdown option.(below window will appear)

GP1

 

  • Click on PowerShell Script tab and click on Add button to browse the desired script.

 

GP2

  • Select the script run order.
  • Navigate the following path :Run->gpedit.msc->Computer Configuration->Administrative Templates->System->Scripts
  • Enable the “Run Windows PowerShell scripts first at computer startup, shutdown”

 

 

 GP3

 

Steps to set the time limit for scripts

 

Requirement: – If you need to run the script for some time and if that exceed that limit than initiate the shutdown.

Please find the below steps to complete the task.

  • Navigate the following path :Run->gpedit.msc->Computer Configuration->Administrative Templates->System->Scripts
  • Enable the “Specify maximum wait time for group policy script” and specify the time limit in seconds (from 1 to 32,000). If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default.

MS Patch Installation Failure: Solution

If you face MS Patch Installation Failure with below error codes, then try the below steps to resolve the issue.

Error logs:

********************************************************************

Application Logs : The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1011. (Event ID 257)

********************************************************************

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 24/05/2017 04:44:09
Event ID: 257
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Mysystem.abc.com
Description:
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1011.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;
<System>
<Provider Name=”Microsoft-Windows-CAPI2″ Guid=”{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}” EventSourceName=”Microsoft-Windows-CAPI2″ />
<EventID Qualifiers=”0″>257</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=”2017-05-24T03:44:09.287530700Z” />
<EventRecordID>14033562</EventRecordID>
<Correlation />
<Execution ProcessID=”480″ ThreadID=”4604″ />
<Channel>Application</Channel>
<Computer>Mysystem.abc.com</Computer>
<Security />
</System>
<EventData>
<Data>-1011</Data>
</EventData>
</Event>

********************************************************************

System Logs: Installation Failure: Windows failed to install the following update with error 0x8000ffff: Security Update for Windows (KB********). (Event ID 20)

*********************************************************************

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 24/05/2017 04:42:37
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: Mysystem.abc.com
Description:
Installation Failure: Windows failed to install the following update with error 0x8000ffff: Security Update for Windows (KB4012212).
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;
<System>
<Provider Name=”Microsoft-Windows-WindowsUpdateClient” Guid=”{945A8954-C147-4ACD-923F-40C45405A658}” />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000028</Keywords>
<TimeCreated SystemTime=”2017-05-24T03:42:37.881470200Z” />
<EventRecordID>217886</EventRecordID>
<Correlation />
<Execution ProcessID=”980″ ThreadID=”2088″ />
<Channel>System</Channel>
<Computer>Mysystem.abc.com</Computer>
<Security UserID=”S-1-5-18″ />
</System>
<EventData>
<Data Name=”errorCode”>0x8000ffff</Data>
<Data Name=”updateTitle”>Security Update for Windows (KB4012212)</Data>
<Data Name=”updateGuid”>{3CED8332-5A43-4CB1-AED9-4ABDDB4BA3CA}</Data>
<Data Name=”updateRevisionNumber”>501</Data>
</EventData>
</Event>

*******************************************************************

Steps to resolve the issue:

  1. Removed any tmp*.cat files in the

“%systemroot%\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}” folder.

  1. At the command prompt run below command

net stop cryptsvc

  1. rename %systemroot%\System32\Catroot2 oldcatroot2
  1. At the command prompt run below command

net start cryptsvc

5. Try to install the MS patch again.

***********************************************************************