This article describes how to manually update the Security Update Bulletin Catalog file (MSSecure.xml). You may have to do this when the Security Update Inventory Tool in Microsoft Systems Management Server 2.0 cannot update the file because of a firewall policy.
The Security Update Bulletin Catalog file is the security updates database that the Microsoft Baseline Security Analyzer (MBSA) and the Security Update Inventory Tool use to determine the following:
- The security updates that are installed on your computer.
- The security updates that have not yet been installed.
By default, the Security Update Inventory Tool automatically and regularly downloads the latest version of this database. The Security Update Inventory Tool uses SMS distribution points to distribute the database to the computers in your enterprise.
However, a firewall may prevent the Security Update Inventory Tool from automatically updating the Security Update Bulletin Catalog file. In this case, you can use the Syncxml.exe tool to manually download the file. To do this, follow these steps:
- Use an account that has administrative credentials to log on to the computer where the Security Update Inventory Tool is installed.
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type the following:
syncxml.exe /s /target path /site ServerName /code SiteCode /package PackageName
For example, type syncxml.exe /s /site SMSSUN /code S02 /target \\SMSServer\C$\Program Files\SecurityPatch /package S020000D
The Syncxml.log file is written to the Temp folder of the user context that is running the task.
If you log on as Administrator and manually run the Syncxml.exe tool, the Syncxm.logl file is written to the Documents and Settings\Administrator\Local Settings\Temp folder on the computer where the Security Update Inventory Tool is installed.
- If you do not have Internet access from the computer that is running the Security Update Inventory Tool, you can manually download the Security Update Bulletin Catalog file. To download this file, visit the following Microsoft Web site:
The firewall or
the proxy server may not let the SMSCliToknAcct& account access the Internet. In this scenario, examine the SecuritySyncXML.log that is contained in the Documents and Settings\Administrator
\Local Settings\Temp folder for any
For example, the SecuritySyncXML.log may report the following error:
Initialized log file - SyncXML started at 3/20/2003 2:01:33 PM
Command line specified package to update on DPs as R0100006
Command line specified folder to update as \\USCSCMGB3\D$\Program
Command line specified site code: R01.
Command line specified site server: USCSCMGB3.
Specified folder is local, changing it to: D:\PROGRAM FILES\SECURITYPATCH2
Download failed - http://go.microsoft.com/fwlink/?LinkId=9160
Sync tool failed to download "http://go.microsoft.com/fwlink/?LinkId=9160". Error
In this example, the SMSCliToknAcct& account does not have access through the
proxy server or through the firewall. Use one of the following methods to enable access for the SMSCliToknAcct& account:
- On the proxy server or on the firewall, grant the required permissions to this specific account.
- Some proxy servers or firewalls may grant permissions to an IP address to pass
through unauthenticated. To resolve this problem, you can add the IP address of the host server that is running the Security Update Inventory Tool to the list of IP addresses that can pass through without authentication.
Article ID: 889430 - Last Review: October 27, 2006 - Revision: 1.2
- Microsoft Systems Management Server 2.0 Standard Edition