Thanks for sending this our way. I'm sorry that you're having an issue with
There are a number of things we can try to either update the the WUA client
on the remote machine with the latest WUA client or troubleshoot DCOM
settings that will cause MBSA to believe the WUA client is too low of a
To update the WUA client on the target machine, you can either let MBSA
automatically update the target machine by selecting the option 'Configure
computers for Microsoft Update and scanning prerequisites' and performing a
scan or you can follow the steps below to ensure the client is explicitly
1) Download the latest WUREDIST.CAB file to find the download location of
the latest MU client (http://update.microsoft.com/redist/wuredist.cab)
2) Open the CAB (use Notepad or any XML editor) and find the download URL
for the latest WUA agent for the correct platform (x86, x64, ia64). For
example, the latest WUA agent for x86 is version 7.0.6000.381 downloadable
3) Run this Standalone WUA Installer on the target client and perform a new
MBSA scan against the target machine
If after this, MBSA still believes the WUA client is too low of a version,
this is a DCOM issue that you can resolve with the steps below:
DCOM service not running or DCOM disabled
To resolve this, be sure to confirm that that the “DCOM Server Process
Launcher” service is running on both the target and scanning machines. If
it is, confirm that the DCOM itself is not disabled by going to Component
Services (usually under Control Panel | Administrative Tools – or from the
MMC snap-in). Once in Component Services, expand the node for Computers,
then right-click the My Computer node and select Properties. Then click the
“Default Properties” tab and ensure ‘Enable Distributed COM on this computer’
DCOM Has Insufficient Access To Perform a Remote MBSA Scan
In this case, it may be necessary to ensure Distributed COM is enabled and
that the Windows Update Agent has sufficient remote access rights on the
remote (target) machines.
To check and update these settings on the target computer, direct access to
the remote computer in necessary. On the remote (target) computer, use the
• From a command prompt, type DCOMCNFG (or alternatively, open Component
Services from an MMC console)
• Expand Component Services | Computers | My Computer
• From the My Computer node, right click the ‘My Computer’ node and choose
• From the ‘Properties’ dialog, confirm the option to ‘Enable Distributed
COM on this computer’ is selected – then click OK
• From the My Computer node, expand the DCOM Config node
• Right-click the 'Windows Update Agent - Remote Access' object and select
• From the ‘Windows Update Agent – Remote Access’ Properties dialog, select
the ‘Security’ tab
• In the Security tab, choose EDIT to select each node to ensure the
appropriate workgroup or domain credentials that will be used by the
scanning MBSA 2.x machine are included in each of the 3 sections.
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
This e-mail address does not receive e-mail, but is used for newsgroup
Post by ta
I have MBSA Version 2.1 (2.1.2104.0) installed on a Windows 2003 R2 x86.
And I'm trying to analyse some Windows 2003 R2 x64.
But I get the error:"
Computer has an older version of the client and security database demands a
newer version. Current version is and minmum required version is 18.104.22.16878.
I've already updated the windows update agent on both machines but the
errors continues. Both servers don't have acess to the internet.
I've tested several servers and every x86 works and every x64 fails.
Do I need to install MBSA on a x64 to analyse x64 servers? I think the
documentation says that is not necessary.
Thanks in advance,