Troubleshooting ITMU for SMS 2003

Recently my primary SMS server stopped downloading the wsusscn2.cab file from Microsoft’s update site. Without the updated cab file your client machines won’t be scanned for the latest vulnerabilities. I was fairly certain it had to do with a recent firewall upgrade project - with the upgrade our security team also disabled anonymous access on our proxy servers. The PatchDownloader.log file confirmed this:

Download http://go.microsoft.com/fwlink/?LinkID=74689 to C:\WINDOWS\TEMP\wsusscn2.cab returns 403
HttpSendRequest failed HTTP_STATUS_FORBIDDEN or HTTP_STATUS_DENIED


Microsoft has published a knowledgebase article on this issue (http://support.microsoft.com/kb/922365) and how to give the Patchdownloader utility user credentials. To assign credentials open a cmd prompt and browse to SMS\Bin\I386\000004xx\ then run patchdownloader.exe with the following syntax:

Patchdownloader /s:ServerName[:Port] /u:Domain\Username

You will then be prompted for the password of the account that you are trying to assign to the Patchdownloader utility. Now re-run you Sync Tool advertisement on your site server and monitor your patchdownloader.log file with a utility like Trace32 to confirm that everything is working properly.