排查从辅助站点到另一个林的 ConfigMgr Active Directory 发现失败的问题
Hi, 我和章艳非常兴奋的同大家分享 2012 年 1月发布在微软 TechNet 英文博客上的 System Center 相关的原创文章。请注意,这些博客中的一些链接可能导向英文博客页面。如果您想观看这些英文博客的中文译文,您可以把感兴趣的文章添加到评论告诉我们。我们会非常重视大家的意见,想知道大家感兴趣的主题。同时,在文章内容的右边,我们提供了翻译控件,您可以选择相应的语言对本页内容进行翻译。希望这些文章能给大家带来帮助,谢谢!
大家好,我是 Tyler Franke,今天我将再次向您介绍另一条疑难解答提示。您在使用 System Center Configuration Manager 2007 管理控制台,并试图为更新列表下载软件更新时,有可能发生操作失败,并收到以如下消息开头的错误提示:
无法找到请求的标头
此外,如果您利用了 PatchDownloader.log,您将看到一条与以下内容类似的条目:
Downloading content for ContentID = 27377, FileName = windowsserver2003.windowsxp-kb2621440-x64-enu.exe. Software Updates Patch Downloader 3/22/2012 3:34:37 PM 1337928 (0x146A48)
HttpQueryInfo HTTP_QUERY_CONTENT_LENGTH failed 12150 Software Updates Patch Downloader 3/22/2012 3:34:37 PM 1335744 (0x1461C0)
Download https://download.windowsupdate.com/msdownload/update/software/secu/2012/02/windowsserver2003.windowsxp-kb2621440-x64-enu\_337d75494557b29c69230ca182054ad65489847b.exe to C:\Users\SJSIMM~1\AppData\Local\Temp\2\CAB161.tmp returns 12150 Software Updates Patch Downloader 3/22/2012 3:34:37 PM 1335744 (0x1461C0)
ERROR: DownloadContentFiles() failed with hr=0x80072f76 Software Updates Patch Downloader 3/22/2012 3:34:37 PM 1337928 (0x146A48)
原因
一个内容筛选设备正在关闭会话。请注意,在以下 Netmon 框架中,连接是由 IPv4 地址为 192.168.1.100 的站点服务器启动,但是 IPv4 地址为 192.168.1.200 的设备将首先发送流量,以设法实际发送信号和启动下载。您将发现,我们需要将会话保持为连接状态(即 ProxyConnection:Keep-Alive),并将其作为由站点服务器启动的 HTTP 连接中的一部分,但是 IPv4 站点地址为 192.168.1.200 的设备将在实际上解构数据包,并关闭连接(即 ProxyConnection:close),从而消除站点服务器下载软件更新的可能。
用户应重点关注我在以下 Netmon 框架中加粗的项目/行,这些项目/行表示了关闭连接的筛选设备。
Frame: Number = 28900, Captured Frame Length = 361, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[06-7A-8B-9C-10-11],SourceAddress:[00-1A-2B-3C-04-05]
- DestinationAddress: BROADCOM CORPORATION BCE088 [06-7A-8B-9C-10-11]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
+ SourceAddress: Hewlett Packard D89A3B [00-1A-2B-3C-04-05]
EthernetType: Internet IP (IPv4), 2048(0x800)
- Ipv4: Src = 192.168.1.100, Dest = 192.168.1.200, Next Protocol = TCP, Packet ID = 17864, Total IP Length = 347
+ Versions: IPv4, Internet Protocol; Header Length = 20
+ DifferentiatedServicesField: DSCP: 0, ECN: 0
TotalLength: 347 (0x15B)
Identification: 17864 (0x45C8)
+ FragmentFlags: 16384 (0x4000)
TimeToLive: 128 (0x80)
NextProtocol: TCP, 6(0x6)
Checksum: 0 (0x0)SourceAddress: 192.168.1.100
DestinationAddress: 192.168.1.200 - Tcp: Flags=...AP..., SrcPort=50355, DstPort=HTTP Alternate(8080), PayloadLen=307, Seq=1611337238 - 1611337545, Ack=2596688289, Win=16425 (scale factor 0x2) = 65700
SrcPort: 50355
DstPort: HTTP Alternate(8080)
SequenceNumber: 1611337238 (0x600B0E16)
AcknowledgementNumber: 2596688289 (0x9AC651A1)
+ DataOffset: 80 (0x50)
+ Flags: ...AP...
Window: 16425 (scale factor 0x2) = 65700
Checksum: 0x2251, Disregarded
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 50355, DestinationPort = 8080
-Http: Request, GET https://download.windowsupdate.com/msdownload/update/software/secu/2012/02/windowsserver2003.windowsx
Command: GET - URI: https://download.windowsupdate.com/msdownload/update/software/secu/2012/02/windowsserver2003.windowsxp-kb2621440-x64-enu\_337d75494557b29c69230ca182054ad65489847b.exe
Location: https://download.windowsupdate.com/msdownload/update/software/secu/2012/02/windowsserver2003.windowsxp-kb2621440-x64-enu\_337d75494557b29c69230ca182054ad65489847b.exe
ProtocolVersion: HTTP/1.1
Accept: */*
UserAgent: Download Progress
Host: download.windowsupdate.com ProxyConnection: Keep-Alive
Pragma: no-cache
HeaderEnd: CRLFFrame: Number = 28969, Captured Frame Length = 364, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-1A-2B-3C-04-05],SourceAddress:[06-7A-8B-9C-10-11]
- DestinationAddress: Hewlett Packard D89A3B [00-1A-2B-3C-04-05]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
+ SourceAddress: BROADCOM CORPORATION BCE088 [06-7A-8B-9C-10-11]
EthernetType: Internet IP (IPv4), 2048(0x800)
- Ipv4: Src = 192.168.1.200, Dest = 192.168.1.100, Next Protocol = TCP, Packet ID = 3683, Total IP Length = 350
+ Versions: IPv4, Internet Protocol; Header Length = 20
+ DifferentiatedServicesField: DSCP: 0, ECN: 0
TotalLength: 350 (0x15E)
Identification: 3683 (0xE63)
+ FragmentFlags: 16384 (0x4000)
TimeToLive: 64 (0x40)
NextProtocol: TCP, 6(0x6)
Checksum: 2612 (0xA34)SourceAddress: 192.168.1.200
DestinationAddress: 192.168.1.100 - Tcp: Flags=...AP..., SrcPort=HTTP Alternate(8080), DstPort=50355, PayloadLen=310, Seq=2596688289 - 2596688599, Ack=1611337545, Win=54 (scale factor 0x7) = 6912
SrcPort: HTTP Alternate(8080)
DstPort: 50355
SequenceNumber: 2596688289 (0x9AC651A1)
AcknowledgementNumber: 1611337545 (0x600B0F49)
+ DataOffset: 80 (0x50)
+ Flags: ...AP...
Window: 54 (scale factor 0x7) = 6912
Checksum: 0xB4CF, Good
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 8080, DestinationPort = 50355
- Http: Response, HTTP/1.1, Status: Ok, URL: https://download.windowsupdate.com/msdownload/update/software/secu/2012/02/windowsserver2003.windowsx
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Fri, 06 Apr 2012 18:56:46 GMT
Last-Modified: Wed, 22 Feb 2012 21:36:04 GMT
+ ContentType: application/octet-stream
ETag: "03a6bfaa9f1cc1:0"
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
XPoweredBy: ASP.NET
Age: 261162
ProxyConnection: close Via: 1.1 localhost.localdomain
HeaderEnd: CRLF
注意: 在特定的情况中,该设备将是一个 Websense 内容筛选设备,但是可执行类似功能的任何设备都可引起同样的问题。
解决方法
要解决这一问题,您需要配置该内容筛选设备,以使其 Configuration Manager 站点服务器至少可访问以下 KB885819 中提及的一系列网站。
用户也需经常清除 Web 筛选设备的缓存,或在进行了必要的更改后清除 Web 筛选设备的缓存,以使站点服务器能够访问所需的 Web 地址。如果用户未能这样做,那么系统将保留缓存,从而无法成功建立连接。
允许的网站:
https://download.windowsupdate.com
https://*.download.windowsupdate.com
https://download.microsoft.com
https://*.update.microsoft.com
https://*.update.microsoft.com
https://update.microsoft.com
https://update.microsoft.com
https://*.windowsupdate.com
https://*.windowsupdate.microsoft.com
https://windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
https://ntservicepack.microsoft.com
https://wustat.windows.com
详细信息
885819 - 当您通过运行 ISA Server 的服务器来访问 Windows Update 版本 6 时,您将遇到问题。
(https://support.microsoft.com/default.aspx?scid=kb;ZH-CN;885819)
Tyler Franke | 高级支持升级工程师
在 Facebook 和 Twitter 上获取 System Center 的最新新闻:
App-V 团队博客:https://blogs.technet.com/appv/
ConfigMgr 支持团队博客:https://blogs.technet.com/configurationmgr/
DPM 团队博客:https://blogs.technet.com/dpm/
MED-V 团队博客:https://blogs.technet.com/medv/
Orchestrator 支持团队博客:https://blogs.technet.com/b/orchestrator/
Operations Manager 团队博客:https://blogs.technet.com/momteam/
SCVMM 团队博客:https://blogs.technet.com/scvmm
Server App-V 团队博客:https://blogs.technet.com/b/serverappv
Service Manager 团队博客:https://blogs.technet.com/b/servicemanager
System Center Essentials 团队博客:https://blogs.technet.com/b/systemcenteressentials
WSUS 支持团队博客:https://blogs.technet.com/sus/
Forefront Server Protection 博客:https://blogs.technet.com/b/fss/
Forefront Endpoint Security 博客:https://blogs.technet.com/b/clientsecurity/
Forefront Identity Manager 博客:https://blogs.msdn.com/b/ms-identity-support/
Forefront TMG 博客:https://blogs.technet.com/b/isablog/
Forefront UAG 博客:https://blogs.technet.com/b/edgeaccessblog/