Install Samba4 on CentOS 6.4

This tutorial will present in detail how to install Samba4 running as a Domain Controller on Linux CentOS 6.4.
Sernet packages are used. Bind 9.8 is used as DNS backend

Server name dc01
Domain name example.local
NetBIOS domain name EXAMPLE
Server IP Address 192.168.112.100
Server role Domain Controller
Domain level Windows 2008 R2

Do a minimal install of CentOS
Configure Networking
Update packages

yum update -y

Disable SELinux and reboot

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
reboot

Install required packages

yum install -y bind bind-libs bind-utils bind-sdb \
  make gcc rpm-build libtool autoconf \
  openssl-devel libacl-devel libblkid-devel gnutls-devel \
  readlin e-devel python-devel gdb pkgconfig gtkhtml2 \ 
  policycoreutils-python libsemanage-python setools-libs-python \
  setools-libs krb5-libs krb5-workstation wget

Add sernet repository

cd /etc/yum.repos.d/
wget https://<user>:<password>@download.sernet.de/packages/samba/4.1/centos/6/sernet-samba-4.1.repo
cd
wget http://ftp.sernet.de/pub/sernet-build-key-1.1-4.noarch.rpm
rpm -i sernet-build-key-1.1-4.noarch.rpm

Edit repo file with user and password provided by Sernet

vi /etc/yum.repos.d/sernet-samba-4.1.repo
[sernet-samba-4.1]
name=SerNet Samba 4.1 Packages (centos-6)
type=rpm-md
baseurl=https:///<user>:<password>@download.sernet.de/packages/samba/4.1/centos/6/
gpgcheck=1
gpgkey=https:///<user>:<password>@download.sernet.de/packages/samba/4.1/centos/6/repodata/repomd.xml.key
enabled=1

Install Sernet packages

yum install -y sernet-samba sernet-samba-ad  sernet-samba-client

Provision new domain:

samba-tool domain provision --use-rfc2307 --interactive \
     --function-level=2008_R2 --interactive --use-ntvfs
Realm [EXAMPLE.LOCAL]:
 Domain [EXAMPLE]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ
Administrator password: ********
Retype password: ********
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
See /var/lib/samba/private/named.conf for an example configuration include file for BIND
and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              dc01
NetBIOS Domain:        EXAMPLE
DNS Domain:            example.local
DOMAIN SID:            S-1-5-21-993608604-127119729-2347203374
mv /etc/krb5.conf /etc/krb5.conf.original
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf

Edit named.conf and add include line with the conf file provided by samba

vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 192.168.112.100; } ;
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.112.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf"

+
Chnage group owner of the following files and dirs

chgrp named /var/lib/samba/private/named.conf
chgrp named  /var/lib/samba/private/

Edit sernet’s samba defaults

vi /etc/default/sernet-samba
# SAMBA_START_MODE defines how Samba should be started. Valid options are one of
#   "none"    to not enable it at all,
#   "classic" to use the classic smbd/nmbd/winbind daemons
#   "ad"      to use the Active Directory server (which starts the smbd on its own)
# (Be aware that you also need to enable the services/init scripts that
# automatically start up the desired daemons.)
SAMBA_START_MODE="ad"

# SAMBA_RESTART_ON_UPDATE defines if the the services should be restarted when
# the RPMs are updated. Setting this to "yes" effectively enables the
# functionality of the try-restart parameter of the init scripts.
SAMBA_RESTART_ON_UPDATE="no"

# NMBD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the nmbd daemon
NMBD_EXTRA_OPTS=""

# WINBINDD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the winbindd daemon
WINBINDD_EXTRA_OPTS=""

# SMBD_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the smbd daemon
SMBD_EXTRA_OPTS=""

# SAMBA_EXTRA_OPTS may contain extra options that are passed as additional
# arguments to the samba daemon
SAMBA_EXTRA_OPTS=""

# SAMBA_IGNORE_NSUPDATE_G defines whether the samba daemon should be started
# when 'nsupdate -g' is not available. Setting this to "yes" would mean that
# samba will be started even without 'nsupdate -g'. This will lead to severe
# problems without a proper workaround!
SAMBA_IGNORE_NSUPDATE_G="no"

Edit resolv.conf

vi /etc/resolv.conf
nameserver 192.168.112.100
domain example.local

Start services

service named restart
service sernet-samba-ad restart

With these steps your Domain Controller is ready. You can add clients to the domain.
In case of problems you can inspect logs:

Samba Logs:

tail -f  /var/log/samba/log.samba

Named logs:

tail -f /var/log/messages | grep named

Additional steps are required to allow DNS dynamic updates for the domain members.
Install pre-reqs & bind 9.8 SRPM

yum install -y libcap-devel libidn-devel libxml2-devel openldap-devel \
  postgresql-devel sqlite-devel  mysql-devel docbook-style-xsl libxslt
rpm -i http://vault.centos.org/6.4/updates/Source/SPackages/bind-9.8.2-0.17.rc1.el6_4.6.src.rpm
cd rpmbuild/

Edit spec file and delete following line:

vi SPECS/bind.spec
...
%if %{GSSTSIG}
  --with-gssapi=yes \
DELETE THIS LINE >>>>  --disable-isc-spnego \
...

Compile & install RPM

rpmbuild -bb SPECS/bind.spec
rpm -Uvh RPMS/x86_64/bind-9.8.2-0.17.rc1.el6.6.x86_64.rpm \
     RPMS/x86_64/bind-sdb-9.8.2-0.17.rc1.el6.6.x86_64.rpm \
     RPMS/x86_64/bind-utils-9.8.2-0.17.rc1.el6.6.x86_64.rpm \
     RPMS/x86_64/bind-libs-9.8.2-0.17.rc1.el6.6.x86_64.rpm

Restart named

service named restart

Force a name registration from a client

ipconfig /registerdns

Verify adding of record on the named log

tail -f /var/log/messages | grep named
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: starting transaction on zone example.local
Dec 12 09:30:34 dc01 named-sdb[4223]: client 192.168.112.133#59735: update 'example.local/IN' denied
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: cancelling transaction on zone example.local
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: starting transaction on zone example.local
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: allowing update of signer=w7virtual\$\@EXAMPLE.LOCAL name=W7VIRTUAL.example.local tcpaddr= type=AAAA key=1072-ms-7.19-2d6c1b.c1338974-632a-11e3-c8b6-5472454f4e14/160/0
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: allowing update of signer=w7virtual\$\@EXAMPLE.LOCAL name=W7VIRTUAL.example.local tcpaddr= type=A key=1072-ms-7.19-2d6c1b.c1338974-632a-11e3-c8b6-5472454f4e14/160/0
Dec 12 09:30:34 dc01 named-sdb[4223]: samba_dlz: allowing update of signer=w7virtual\$\@EXAMPLE.LOCAL name=W7VIRTUAL.example.local tcpaddr= type=A key=1072-ms-7.19-2d6c1b.c1338974-632a-11e3-c8b6-5472454f4e14/160/0
Dec 12 09:30:34 dc01 named-sdb[4223]: client 192.168.112.133#61440: updating zone 'example.local/NONE': deleting rrset at 'W7VIRTUAL.example.local' AAAA
Dec 12 09:30:34 dc01 named-sdb[4223]: client 192.168.112.133#61440: updating zone 'example.local/NONE': deleting rrset at 'W7VIRTUAL.example.local' A
Dec 12 09:30:34 dc01 named-sdb[4223]: client 192.168.112.133#61440: updating zone 'example.local/NONE': adding an RR at 'W7VIRTUAL.example.local' A
Dec 12 09:30:35 dc01 named-sdb[4223]: samba_dlz: added W7VIRTUAL.example.local W7VIRTUAL.example.local.#0111200#011IN#011A#011192.168.112.133
Dec 12 09:30:35 dc01 named-sdb[4223]: samba_dlz: subtracted rdataset example.local 'example.local.#0113600#011IN#011SOA#011dc01.example.local. hostmaster.example.local. 1 900 600 86400 0'
Dec 12 09:30:35 dc01 named-sdb[4223]: samba_dlz: added rdataset example.local 'example.local.#0113600#011IN#011SOA#011dc01.example.local. hostmaster.example.local. 2 900 600 86400 0'
Dec 12 09:30:35 dc01 named-sdb[4223]: samba_dlz: committed transaction on zone example.local

Other facts:
Domain Management can be done with the Remote Server Management Tools
http://www.microsoft.com/en-us/download/details.aspx?id=7887

Advertisements

Windows Firewall rules for NetBackup Client

Here a series of netsh commands to open NetBackup Client’s ports in Windows Server 2008 R2

netsh advfirewall firewall add rule name="Netbackup Client - vnetd" dir=in action=allow protocol=TCP localport=13724
netsh advfirewall firewall add rule name="Netbackup Client - bpcd" dir=in action=allow protocol=TCP localport=13782
netsh advfirewall firewall add rule name="Netbackup Client - bpx" dir=in action=allow protocol=TCP localport=1556
netsh advfirewall firewall add rule name="Netbackup Client - bprd" dir=in action=allow protocol=TCP localport=13720

Tested with Netbackup 7.1.0.3

Antivirus on Windows Server Core

As some people say AV on Server Core is a strategic choice. But what are the products that support Server Core?

Here is an exhaustive list of the enterprise anti-virus/endpoit protection products

Supported:

Not specified / Not confirmed:

Not supported:

2013 Update: Antivirus on Windows Server 2012 Core

How to remove internal routing information from headers in Exchange 2010

Just deny permission Ms-Exch-Send-Headers-Routing for Anonymous Logon

get-SendConnector <connector-name> | Add-AdPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights Ms-Exch-Send-Headers-Routing -Deny

Other permissions:

Send connector permission Description

ms-Exch-Send-Exch50

This permission allows the session to send a message that contains the EXCH50 command. If this permission isn’t granted, and a message is sent that contains the EXCH50 command, the server sends the message, but doesn’t include the EXCH50 command.

Ms-Exch-Send-Headers-Routing

This permission allows the session to send a message that has all received headers intact. If this permission isn’t granted, the server removes all received headers.

Ms-Exch-Send-Headers-Organization

This permission allows the session to send a message that has all organization headers intact. Organization headers all start with X-MS-Exchange-Organization-. If this permission isn’t granted, the sending server removes all organization headers.

Ms-Exch-Send-Headers-Forest

This permission allows the session to send a message that has all forest headers intact. Forest headers all start with X-MS-Exchange-Forest-. If this permission isn’t granted, the sending server removes all forest headers.

Reference: http://technet.microsoft.com/en-us/library/aa998662.aspx

 

 

Outlook and its mysterious ways

Is it possible to connect with Outlook Anywhere (RPC over HTTPS) via a proxy with authentication?

A: Sometimes.

Try this:

Setup the web proxy in IE

Create a folder in the mailbox, in its properties go to Home page, check Show home page by default for this folder, add some vaild URL in Address

Go to that folder, logon to the proxy when asked, and check remember user and password.

Close Outlook and open it.

Go to the same folder, verify that the page opens without asking user and password, and wait.

Tested with:

Outlook 2010

Windows 7 not joined to the same domain as ISA server.

Exhange 2003

ISA Server with NTLM Auth

 

Step by step installation of FCS 1.0 on Windows Server 2008 R2 Core

Installing FCS 1.0 standalone on R2 core is not an easy task.

Here are the steps required to get FCS running and updated.

1. Get FCS media.

2. Copy Directory CLIENT\X64

3. Get the latest hotfix for FCS. Current hotfix: Update for Microsoft Forefront Client Security (KB979536)

4. Slipstream the hotfix with RTM package. That is:

4.1. Run 

all-fcsam-kb979536-x64-enu_718720c77c7fc208f618974b9916d991141ad737.exe /extract

4.2. Copy the extracted file mp_ambits.msi to CLIENT\X64

5. Install FCS in standalone mode:

5.1. ClientSetup.exe /NOMOM

5.2. Wait for completion

6. Enable Automatic Updates with sconfig.

7. Opt-in to Microsoft Update… that’s the tricky part..

7.1. Create opt-in.vbs.

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”

‘add the Microsoft Update Service, GUID
Set NewUpdateService = ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)

5.2. Run cscript.vbs opt-in.vbs

6. Get the first updates with sconfig:
Search for for (A)ll updates or (R)ecommended updates only? a

Searching for all applicable updates…

List of applicable items on the machine:

1> Microsoft Silverlight (KB982926)
2> Definition Update for Microsoft Forefront Client Security – KB977939 (Definit
ion 1.85.837.0)

Select an option:
(A)ll updates, (N)o updates or (S)elect a single update?

7. Reboot.

8. Wait for the next definitions update.

References:

Opt-in to Microsoft Update via script: http://msdn.microsoft.com/en-us/library/aa826676(VS.85).aspx

Slipstream FCS: http://www.itgeek.co.nz/post/Patch-or-slipstream-Microsoft-Forefront-Client-Security.aspx

Forefront Client Security not downloading updates in Windows Server 2008 R2 Core Install

After installing all updates available for FCS, the product is unable to download definition updates. No solution so far.

This is the WindowsUpdate.log file where it’s shown that 0 updates are available  for FCS:

2010-06-25 17:19:37:635 1860 3ac Misc ===========  Logging initialized (build: 7.3.7600.16385, tz: -0300)  ===========
2010-06-25 17:19:37:635 1860 3ac Misc   = Process: C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
2010-06-25 17:19:37:635 1860 3ac Misc   = Module: C:\Windows\system32\wuapi.dll
2010-06-25 17:19:37:635 1860 3ac COMAPI -------------
2010-06-25 17:19:37:635 1860 3ac COMAPI -- START --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:37:635 1860 3ac COMAPI ---------
2010-06-25 17:19:37:932  800 4d4 Misc ===========  Logging initialized (build: 7.3.7600.16385, tz: -0300)  ===========
2010-06-25 17:19:37:932  800 4d4 Misc   = Process: C:\Windows\system32\svchost.exe
2010-06-25 17:19:37:932  800 4d4 Misc   = Module: c:\windows\system32\wuaueng.dll
2010-06-25 17:19:37:932  800 4d4 Service *************
2010-06-25 17:19:37:932  800 4d4 Service ** START **  Service: Service startup
2010-06-25 17:19:37:932  800 4d4 Service *********
2010-06-25 17:19:37:979  800 4d4 Agent   * WU client version 7.3.7600.16385
2010-06-25 17:19:37:979  800 4d4 Agent   * Base directory: C:\Windows\SoftwareDistribution
2010-06-25 17:19:37:979  800 4d4 Agent   * Access type: No proxy
2010-06-25 17:19:37:979  800 4d4 Agent   * Network state: Connected
2010-06-25 17:19:38:495  800 508 Report CWERReporter::Init succeeded
2010-06-25 17:19:38:495  800 508 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2010-06-25 17:19:38:526  800 508 Agent ***********  Agent: Initializing global settings cache  ***********
2010-06-25 17:19:38:573  800 508 Agent   * WSUS server: &lt;NULL&gt;
2010-06-25 17:19:38:573  800 508 Agent   * WSUS status server: &lt;NULL&gt;
2010-06-25 17:19:38:573  800 508 Agent   * Target group: (Unassigned Computers)
2010-06-25 17:19:38:573  800 508 Agent   * Windows Update access disabled: No
2010-06-25 17:19:38:589  800 508 DnldMgr Download manager restoring 0 downloads
2010-06-25 17:19:38:604  800 508 Agent Attempt 0 to obtain post-reboot results.
2010-06-25 17:19:39:010  800 508 Handler Post-reboot status for package Package_for_KB975467~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000.
2010-06-25 17:19:40:010  800 4d4 Report ***********  Report: Initializing static reporting data  ***********
2010-06-25 17:19:40:010  800 4d4 Report   * OS Version = 6.1.7600.0.0.196880
2010-06-25 17:19:40:010  800 4d4 Report   * OS Product Type = 0x0000000D
2010-06-25 17:19:40:135  800 4d4 Report   * Computer Brand = VMware, Inc.
2010-06-25 17:19:40:135  800 4d4 Report   * Computer Model = VMware Virtual Platform
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Revision = 6.00
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Name = PhoenixBIOS 4.0 Release 6.0    
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Release Date = 2009-09-22T00:00:00
2010-06-25 17:19:40:135  800 4d4 Report   * Locale ID = 14346
2010-06-25 17:19:40:432  800 62c Agent *************
2010-06-25 17:19:40:432  800 62c Agent ** START **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
2010-06-25 17:19:40:432  800 62c Agent *********
2010-06-25 17:19:40:432  800 62c Agent   * Online = Yes; Ignore download priority = No
2010-06-25 17:19:40:432  800 62c Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"
2010-06-25 17:19:40:432  800 62c Agent   * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2010-06-25 17:19:40:432  800 62c Agent   * Search Scope = {Machine}
2010-06-25 17:19:40:432 1860 3ac COMAPI &lt;&lt;-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:40:573  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:40:604  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:44:292  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:44:292  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:44:292  800 62c PT +++++++++++  PT: Starting category scan  +++++++++++
2010-06-25 17:19:44:292  800 62c PT   + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = <a href="https://www.update.microsoft.com/v6/ClientWebService/client.asmx">https://www.update.microsoft.com/v6/ClientWebService/client.asmx</a>
2010-06-25 17:19:48:776  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:48:792  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:49:198  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:49:198  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:49:198  800 62c PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2010-06-25 17:19:49:198  800 62c PT   + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = <a href="https://www.update.microsoft.com/v6/ClientWebService/client.asmx">https://www.update.microsoft.com/v6/ClientWebService/client.asmx</a>
2010-06-25 17:19:51:542  800 62c Agent   * Found 0 updates and 1 categories in search; evaluated appl. rules of 20 out of 20 deployed entities
2010-06-25 17:19:51:542  800 62c Agent *********
2010-06-25 17:19:51:542  800 62c Agent **  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:542  800 62c Agent *************
2010-06-25 17:19:51:542  800 62c Report REPORT EVENT: {0FCAEAEE-C28E-4E77-9FFE-E807B7933732} 2010-06-25 17:19:40:339-0300 1 183 101 {99DCE205-CE79-4832-B451-5C53B9884226} 101 0  Success Content Install Installation Successful: Windows successfully installed the following update: Security Update for Windows Server 2008 R2 x64 Edition (KB975467)
2010-06-25 17:19:51:557 1860 3b4 COMAPI &gt;&gt;--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:557 1860 3b4 COMAPI   - Updates found = 0
2010-06-25 17:19:51:557 1860 3b4 COMAPI ---------
2010-06-25 17:19:51:557 1860 3b4 COMAPI --  END  --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:557 1860 3b4 COMAPI -------------
2010-06-25 17:19:51:651  800 62c Report CWERReporter finishing event handling. (00000000)
2010-06-25 17:19:56:542  800 62c Report REPORT EVENT: {505DA39E-7E75-4A61-881C-F541FE3D3789} 2010-06-25 17:19:51:542-0300 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Forefront Client Secu Success Software Synchronization Windows Update Client successfully detected 0 updates.
2010-06-25 17:19:56:542  800 62c Report CWERReporter finishing event handling. (00000000)