Habr is not a plaintive book. This article is about Nirsoft's free tools for the Windows system administrator.
When contacting technical support, people often experience stress. Someone is worried that they will not be able to explain the problem and will look stupid. Someone is overwhelmed with emotions and it is difficult to contain indignation about the quality of the service - after all, there was not a single gap before!
I like, for example, Veeam technical support. She answers slowly, but accurately and to the point. I'm even glad to write there for nothing to learn some new trick.
Good technical support at DeviceLock. The experience of their old-timers deserves respect. After almost every call, I contribute a few lines of "Secret Knowledge" to the corporate Wiki. At the same time, they quickly assemble test builds of the product with the bug fixed - support and production are closely related.
ArcServe is not very good. The residents of the Indian Ocean coast are very, very polite and attentive, and I canβt say anything else good. If there is no KB ready, your life will be sad.
The technical support of our anti-virus flagship, Kaspersky Lab, stands apart. As a person puts off going to the dentist, so I try not to write there until the last. Because it will be long, painful and with unpredictable results. You canβt choose a doctor, even though you have 5000 rubles of licenses - whoever comes across treats. And Iβm like a doctor myself (well, not a doctor, so a locksmith), Iβm doubly offended.
To business.
Updating Kaspersky Security for Windows Server from version 10.1.1 to 10.1.2. The operation is simple, but we know something. On the next Patch Tuesday from Microsoft, I noticed that the updates were not installed on a large group of servers.
It turned out that the wuauserv and BITS services stopped working on the servers, and an error is returned when starting:
Having treated the launch of folk remedies
sc config wuauserv type= own
sc config bits type= own
I realized that there is something in common between the servers - KSWS 100 was recently installed on 10.1.2% of patients.
I got very sick, I opened an appeal.
Hello!
After upgrading from 10.1.1 to 10.1.2.996, BITS and Windows Update services broke on a number of servers.
Error returned when run: 1290
Is the error related to product installation?
The answer was not long in coming.
Good afternoon, Michael!
When installing or updating a version, Kaspersky Security 10 for Windows Server does not consider available services and does not check/change their settings.
They said they cut it off.
A cursory googling showed that the problem exists, at least existed .
I wrote back - smart people write that this problem used to be, maybe it has survived now? Provided standard technical information.
7 days (seven days, Karl!) tech support was silent. The result was not encouraging. I give it in abbreviated form:
Michael, good afternoon!
In your case, disabling services after a product upgrade is connected precisely with individual or group settings of the operating system (my conclusions are based on a study of the report you sent).
I recommend that you explore the work of system services at a deep level. I would be happy to help you with this, however, this is the responsibility of Microsoft support, since the solution you provided is a working solution and requires only one-time input.
On my own, I would like to add that both of the services you mentioned are related to updating the operating system and do not affect the operation of our product in any way, and, accordingly, the degree of your protection.
Here is the end. It's a shame.
Okay, if Kaspersky Lab can't find the defect, N soldiers will have to find it themselves.
The Windows services setting is stored in the registry branch:
HKLMSystemCurrentControlSetservicesNothing useful is stored in the file system other than binary files.
How do we monitor the registry? The most versatile tool .
What's wrong with Process Monitor? It is extremely difficult to find something in it if you do not know exactly what you are looking for.
At the same time, there are utilities from a not so widely known company. . It produces dozens of unique programs - from monitoring the connection of USB devices to reading product keys from the registry. If you have never heard of her, I highly recommend visiting the site and evaluating the collection. When I first heard about them, it was like opening a toy box.
The utility will be useful for our work.
RegistryChangesView v1.21. Download, run on the server.
The first thing to do is take a snapshot before installation.
Then we launch Sysinternals Process Monitor, disable everything except the registry, and set up saving the results to a file.
We start the installation process, make sure that everything is broken.
Making a second snapshot in RegistryChangesView.
Compare snapshots with each other.
And here is what we were interested in.
But who did it? Maybe the service broke itself?
We look at the Process Monitor log, let's start with process filtering:
We take Summary by registry, sort by the Writes field:
And here's what you're looking for:
That's all friends, in 5 minutes the cause of the problem was found.
This is definitely a Kaspersky installer, and we know exactly how it breaks the service. So, we can easily return it to its original state.
What are the conclusions?
Hope for support, but do not make a mistake yourself. No need to be lazy. Figure it out.
Use the right tool. Expand your personal set of technical tools. Learn the tools you use every day.
Well, if you yourself work in support, try to learn how to skip the first phase - βDenialβ. By the way, this is the hardest part.
I wish I could start following these tips myself. Hello Laboratories!
PS: Thank you for help with punctuation.
Source: habr.com