SBS 2008 Update Rollup 2 (KB 960911) Installation Failure

SBS 2008 Update Rollup 2 (KB 960911) Installation Failure

  • Comments 7
  • Likes

[Today's post comes to us courtesy of the SBS Support Team]

 

When you attempt to install SBS 2008 UR 2 (960911) it may fail with error code 6BA "Windows Update encountered and unknown error".

 

sbsur2_6ba_sm

The C:\Windows\WindowsUpdate.log file for this update reports error 0x80070643 / 0x000006BA:

2009-05-05     10:26:47:169      360   1fd0  Agent   *   Title = Update Rollup 2 for Windows Small Business Server 2008 (KB960911)

2009-05-05     10:26:47:169      360   1fd0  Agent   *   UpdateId = {BF1AC20A-FB70-4DFA-B9DC-2D749454F4D6}.100

2009-05-05     10:36:49:666      7804  cf0   Handler     MSP Error List:

2009-05-05     10:36:49:666      7804  cf0   Handler     1: 1722 2: EnableKerberos 3: C:\Windows\Installer\MSI3833.tmp 4: /EnableKerberos

2009-05-05     10:36:49:666      7804  cf0   Handler       : MSI transaction completed. MSI: 0x80070643, Handler: 0x8024200b, Source: No, Reboot: 0

2009-05-05     10:36:49:666      7804  cf0   Handler       : WARNING: First failure for update {C4BAE973-589F-4936-8633-AB40A936AD33}, transaction error = 0x8024200b, MSI result = 0x80070643, MSI action = EnableKerberos

2009-05-05     10:36:49:666      360   1a30  AU    >>##  RESUMED  ## AU: Installing update [UpdateId = {BF1AC20A-FB70-4DFA-B9DC-2D749454F4D6}]

2009-05-05     10:36:49:666      7804  cf0   Handler       : WARNING: Operation failed at update 0, Exit code = 0x8024200B

2009-05-05     10:36:49:666      360   1a30  AU      # WARNING: Install failed, error = 0x80070643 / 0x000006BA

2009-05-05     10:36:49:666      7804  cf0   Handler     :::::::::

2009-05-05     10:36:49:666      7804  cf0   Handler     ::  END  ::  Handler: MSI Install

2009-05-05     10:36:49:666      7804  cf0   Handler     :::::::::::::

 

Troubleshooting:

 

One of the actions SBS2008 Update Rollup 2 (UR2)  performs is to change the Integrated Windows authentication in the companyweb site from NTLM to Negotiate (Kerberos) to allow you to browse http://companyweb from the server after installing IE rollup 963027, IE8 or Windows 2008 SP 2.

 

Check the C:\Windows\temp\EnableKerberosLog_2009_<date_time>.log file for more clues.

 

1.    If you see text similar to the log below, it’s most likely that the zone has changed:

2009/05/05 10:36:49| Reading registry keys to get URL for SBS SharePoint

2009/05/05 10:36:49| Url found: https://remote.contoso.com:987

2009/05/05 10:36:49| Trying to enable Kerberos

2009/05/05 10:36:49| Checking if site https://remote.contoso.com:987 is using NTLM

2009/05/05 10:36:50| Webapplication found

2009/05/05 10:36:50| Webapplication is running in app pool with identity NetworkService

2009/05/05 10:36:50| Checking authenticaiton mode for Default zone

2009/05/05 10:36:50| Authentication mode is exclusively-use-ntlm

2009/05/05 10:36:50| The authenticaiton provider is exclusively using ntlm

2009/05/05 10:36:50| Authentcation check passed. The machine is ready for authentication provider configuration

2009/05/05 10:36:50| Calling stsadm.exe to enable Kerberos with parameter "-o authentication -url https://remote.contoso.com:987 -type windows -usewindowsintegrated"

2009/05/05 10:36:52| Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.InstallException: Fail to enable Kerberos with exit code -1

at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.TryEnableKerberos()

at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.Program.Main(String[] args)

 

Check the zones in Sharepoint Central Administration.

 

a.    Open Sharepoint 3.0 Central Administration, click the Operations tab, and then click Alternate access mappings (under Global Configuration).

·         https://remote.contoso.com:987 should appear in the zone named Default.

·         http://companyweb should appear in the zone named Intranet.

·         http://<servername:port> should appear in the zone named Default.

 

b.    If https://remote.contoso.com:987 and http://companyweb are not in the zones mentioned above, adjust them accordingly and try installing SBS 2008 Update Rollup 2 again.

 

Note: https://Remote.contoso.com:987 should be in the Default zone. If it is in the Internet zone, this can prevent SBS 2008 UR2 from changing the authentication mode on companyweb and resulting in the SBS 2008 UR2 installation failure.

 

2.    If you see text similar to the log below, you may need to re-specify the external domain name in the IAMW.

2009/05/05 11:00:25| Reading registry keys to get URL for SBS SharePoint
2009/05/05 11:00:25| Url found: https://.contoso.local:987
2009/05/05 11:00:25| Trying to enable Kerberos
2009/05/05 11:00:25| Checking if site https://.contoso.local:987 is using NTLM
2009/05/05 11:00:25|
Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.InstallException:
https://.contoso.local:987 is not in correct URI format --->
Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.KerberosConfigurationExcepti
on: https://.contoso.local:987 is not in correct URI format --->
System.UriFormatException: Invalid URI: The hostname could not be parsed.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at
Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.SiteIsU
singNTLM(String url)
--- End of inner exception stack trace ---

 

Re-run the IAMW to set the proper URL.

   a.    Open the Windows SBS Console.  On the Home tab, click Set up your Internet address.

b.    Specify a valid external domain name in the wizard like contoso.com (not contoso.local).

c.    Try installing SBS 2008 Update Rollup 2 again.

 

3.    If the only text you see in the log is like the example below, your companyweb site may be inaccessible for some reason.

2009/05/05 11:00:25| Reading registry keys to get URL for SBS SharePoint
2009/05/05 11:00:25| Url found: https://remote.contoso.com:987
2009/05/05 11:00:25| Trying to enable Kerberos

 

OR

2009/05/05 13:28:41| Rolling back to NTLM

2009/05/05 13:28:41| The install was not started. Nothing to rollback

 

Sharepoint is inaccessible.

See this post for the details:

http://blogs.technet.com/sbs/archive/2009/05/06/companyweb-inaccessible-after-sharepoint-3-0-service-pack-2.aspx

 

4.    If you’ve made it to this point and it’s still not fixed, consider engaging Microsoft Support for assistance.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Comments
  • PingBack from http://www.netdeluxo.com/blog/blogs/the-official-sbs-blog-sbs-2008-update-rollup-2-kb-960911/

  • Troubleshooting #2:

    There is a problem when the PublicFQDNPrefix is not set. the Update is concatenating the URL as follow:

    https://[PublicFQDNPrefix].[PublicFQDNProvider]:987

    So if there is no PublicFQDNPrefix, the URL will be malformed.

    If the PublicFQDNPrefix is set, but the not available, the Update installes correctly, but not changing to Kerberos, because the site was not reachable.

    Remarks:

    PublicFQDNPrefix can be found in the Registry under HKLM\Software\Microsoft\SmallBusinessServer\Networking

  • Hi I have followed the above and my error is related to the prefix . in front of my domain name as below.

    2009/05/08 09:15:03| Reading registry keys to get URL for SBS SharePoint

    2009/05/08 09:15:03| Url found: https://.*******:987

    2009/05/08 09:15:03| Trying to enable Kerberos

    2009/05/08 09:15:03| Checking if site https://.*******:987 is using NTLM

    2009/05/08 09:15:03| Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.InstallException: https://.*******:987 is not in correct URI format ---> Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.KerberosConfigurationException: https://.*******:987 is not in correct URI format ---> System.UriFormatException: Invalid URI: The hostname could not be parsed.

      at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)

      at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.SiteIsUsingNTLM(String url)

      --- End of inner exception stack trace ---

      at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.SiteIsUsingNTLM(String url)

      at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.TryEnableKerberos()

      --- End of inner exception stack trace ---

      at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.TryEnableKerberos()

      at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.Program.Main(String[] args)

    When I re-run the Set Up Your Internet Address wizzard it just stops halfway through and asks me to close the program, hence, I can't remove the prefix . in front of my domain name.

    Any ideas on this would be great as it's driving me mad.

    Regards John

  • 242 Microsoft Team blogs searched, 118 blogs have new articles in the past 7 days. 314 new articles found

  • I do not use a domain prefix and this update would not install until I used the IAMW to configure a prefix. Kept getting the error in item 2. So, configured prefix, installed update, reboot, remove prefix, reinstalled trusted thawte cert.

    For future updates, please consider that many of us do not use a domain prefix.

  • Hi,

    as for the "re-specify the external domain name in the IAMW":

    Is the conclusiopn right, that the adress has to be confugured as:

    remote.contoso.com

    (explicitly the subdomain "remote").

    Because we configured ist as "contoso.com" (not ".local"!!!) and still get the exception:

    https://.contoso.com:987 is not in correct URI format

    Microsoft got to be kiddin me 8-|

    Tim

  • Im am using a no-ip domain and don't require the "remote" domain prefix when setting up the internet address. This configuration makes the rollup fail as described above.

    I ran the setup your Internet Address wizard again and let it use the remote prefix, reinstalled the rollup successfully this time and then reset the address back to how I wanted it by re-running the wizard.