This is often the case when the C$ and remote registry of a target machine
are unavailable to the MBSA machine performing the scan. This prevents MBSA
2.0 from pushing down the necessary catalog file (usually WSUSSCN2.CAB) and
potentially an updated version of the WUA client bits due to an inability to
obtain administrator and c$ share access to the target machine.
Additionally, if a firewall is present, the multiple steps needed to enable
DCOM through a firewall are required (see the MBSA 2.0 FAQ under the section
titled, "How can I scan a computer that is protected by a firewall?"). This
includes the need to potentially install a required Microsoft Security
Update number MS04-011, the QFE version of a non-public hot fix as well as
possibly firewall configuration changes to enable DCOM connections through
After these requirements are met, MBSA will attempt to push down a
MUAUTH.CAB file that executes on the remote (target) machine to authorize
WUA to take commands from and respond to the scanning MBSA 2.0 machine.
Depending on the settings of MBSA 2.0 on the scanning machine, MBSA 2.0 may
also attempt to push updated WUA client bits to the target. Any additional
error (such as 0x00000005) may be due to insufficient permissions on the
remote machine. If after following these steps, the problem is not
resolved, it may be appropriate to contact Microsoft Product Support
Services (PSS) to determine additional troubleshooting steps. Be sure to
obtain a copy of the WindowsUpdate.LOG file on the target machine to help
troubleshoot the issue.
It may be necessary to ensure Distributed COM is enabled and that the
Windows Update Agent has sufficient remote access rights on the remote
To check and update these settings on the target computer, direct access to
the remote computer in necessary. On the remote (target) computer, use the
a.. From a command prompt, type DCOMCNFG (or alternatively, open Component
Services from an MMC console)
b.. Expand Component Services | Computers | My Computer
c.. From the My Computer node, right click the 'My Computer' node and
d.. From the 'Properties' dialog, confirm the option to 'Enable
Distributed COM on this computer' is selected - then click OK
e.. From the My Computer node, expand the DCOM Config node
f.. Right-click the 'Windows Update Agent - Remote Access' object and
g.. From the 'Windows Update Agent - Remote Access' Properties dialog,
select the 'Security' tab
h.. In the Security tab, choose EDIT to select each node to ensure the
appropriate workgroup or domain credentials that will be used by the
scanning MBSA 2.x machine are included in each of the 3 sections.
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
This e-mail address does not receive e-mail, but is used for newsgroup
Post by Kryten
Really desperate to resolve this issue; it's driving us all crazy
We have been able to scan our servers from the command line of mbsa
without any issue at all until the end of last week, when every scan
a .txt file with this error contained within and no hotfix information
I've ensured that I'm using the latest version of MBSA and the latest
I've uninstalled and re-installed.
I've rebooted all the machines.
I've quadruple checked that I'm using the ADMINISTRATOR user acccounts
for the scans.
I've observed that I CAN successfully scan for SQL or IIS or OS or
Password, just don't work for Updates.
I've observed that I CAN query the WMI Win32_QuickFixEngineering class
with Powershell - no problem.
I am logging in to the server that I'm running the scans from as the
I have verified that I have the latest version of Windows Update Agent
on all the targets.
Every scan results in this error.
Please, please help if you can.