DOCUMENT:Q246331 06-AUG-2002 [sms] TITLE :SMS: CRC Checking and Installation of Client-Side Hotfixes PRODUCT :Microsoft Systems Management Server PROD/VER:winnt:2.0 OPER/SYS: KEYWORDS:kbClient kbsms200 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Systems Management Server version 2.0 ------------------------------------------------------------------------------- SUMMARY ======= Systems Management Server (SMS) 2.0 verifies that Windows NT clients are running the correct versions of the client components. The SMS Client service does this by comparing the cyclical redundancy check (CRC) values of the client components on the client with the CRC values of the same programs in the site server's \Bin\ folder. The CRC values of the site server's copy of the client files are stored in the following registry key on the clients: HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Client\Configuration\Verification Data The purpose of this security checking is to provide the client with added protection against "trojan horses." Because the SMS Client service (Clisvcl) in Windows NT runs in a higher security context than the user, anything started by it also runs with greater rights on the client. To determine which client programs are CRC checked, search the Install.map file for "client application." The current list is: PROPERTY <><2> PROPERTY <><1> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><2> PROPERTY <><3> PROPERTY <><1> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><1> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><4> PROPERTY <><2> PROPERTY <><3> PROPERTY <><1> PROPERTY <><2> PROPERTY <><2> PROPERTY <><2> Note that this version checking does not occur for Microsoft Windows 95-based or Microsoft Windows 98-based clients because there is no concept of Clisvc95 running with higher security rights than the logged-on user. MORE INFORMATION ================ Manually Installing Client-Side Hotfixes ---------------------------------------- 1. Stop the SMS_EXECUTIVE and SMS_SITE_COMPONENT_MANAGER services on the site server. 2. Copy the updated components to the appropriate \Inboxes\Clicomp.src\\ folders. 3. Copy the updated Compver.ini files to the appropriate \Inboxes\Clicomp.src\ folders. 4. Copy the files for the CRC-checked programs (see the list above) to the \Bin\ folder. 5. Start the SMS_SITE_COMPONENT_MANAGER and SMS_EXECUTIVE services. This causes the CIDM thread in SMS Executive to regenerate the CRC list (it is encrypted within the Cli_inst.cfg and Clibase.cfg files). 6. Wait for the following files to be updated on the SMS logon points: SMSLOGON\Sites\\Cli_inst.cfg SMSLOGON\ALPHA.Bin\Clicore.exe (if Clicore.exe was upgraded) SMSLOGON\x86.bin\Clicore.exe (if Clicore.exe was upgraded) 7. Wait for the following files to be updated on the SMS client access points (CAPs): CAP_\Clidata.box\Cli_inst.cfg CAP_\Clidata.box\Clibase.cfg 8. Depending on whether Client Configuration Installation Manager (CCIM) is running on the clients, use the appropriate method: - CCIM is running: Use any of the SMS tools to trigger CCIM to get the latest configuration (Setevnt, Cliutils, or the Update Configuration button on the Sites tab in the Systems Management tool in Control Panel), or wait for CCIM's 23-hour maintenance cycle. - CCIM is not running: Run logon scripts or Smsman for the site that has the new configuration. The secured program information from the site is downloaded to the client's registry, and the SMS Client service picks it up the next time it wakes up and is able to start CCIM. Mismatched Client Program Files ------------------------------- If the calculated CRC value of a program that is installed on the client does not match the stored CRC value for the same program on the site server, you see the following types of error messages in the client component log files: Example 1: Clisvc.log: Client Configuration Installation Manager - (LAUNCH_CONTINUOUS_START)~ $$ Client Configuration Installation Manager - Attempting to launch application ~ $$ Verifying application [C:\WINNT\MS\SMS\core\Bin\ccim32.dll]~ $$ #$#$#$#$#$ ERROR: The Client Service is not authorised to run this application! (5)~ $$ *** Client Configuration Installation Manager - Error launching (#0x5) $$ !!!WARNING: Problem starting App (5). Doing App Verify. $$ Example 2: Clisvc.log: Verifying application [C:\WINNT\MS\SMS\clicomp\hinv\hinv32.exe]~ $$ #$#$#$#$#$ ERROR: The Client Service is not authorised to run this application! (5)~ $$ *** Hardware Inventory Agent - Error launching (#0x5) $$ !!!WARNING: Problem starting App (5). Doing App Verify. $$ **ERROR: AppVerify(Hardware Inventory Agent) returned 232~ $$ If you experience these error messages after installing a client-side hotfix, update the site server's copy of the program by using steps 1 and 4 through 8 above. Additional query words: prodsms ====================================================================== Keywords : kbClient kbsms200 Technology : kbSMSSearch kbSMS200 Version : winnt:2.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.