KB972270 won't install properly

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

KB972270 won't install properly

#1

Post by aebrown »

On our stake administrative computer, we noticed that every time we shut it down, it wanted to install updates. That made me think it was actually failing to install one or more updates. I tracked it down to KB972270, which never successfully installed.

I did some searching and found that the fix is:
  1. In Windows Explorer, find %windir%\system32\t2embed.dll
  2. right click on the file, choose Properties, then go to the Security tab
  3. Choose the Everyone user
  4. Enable all the permissions and hit OK
  5. Install the Windows update that is pending; that will update t2embed.dll
  6. Repeat the above steps to remove the permissions for the Everyone user (this last step isn't essential, but restores the original security)
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

Hopefully it doesn't come back. But as I mentioned in the Sophos Preventing a WinXP Update thread, it could well come back in a few days or weeks. If whatever set that security in the first places re-sets it, then MS update will start bugging you again.

Note that KB972270 was put out well over a year ago. I doubt if your machine has been unpatched that long.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#3

Post by aebrown »

RussellHltn wrote:Hopefully it doesn't come back. But as I mentioned in the Sophos Preventing a WinXP Update thread, it could well come back in a few days or weeks. If whatever set that security in the first places re-sets it, then MS update will start bugging you again.

In this case, I would install it, then within only a couple of minutes I would see a notification pop up that said it needed to be installed. I repeated that process 3 times, so it was very consistent. Then I ran through the procedure I described above, and it did not ever come back. Furthermore, the timestamp on the t2embed.dll file change, too. So I'm quite confident that indeed the update was deployed correctly this time. Your comment may apply to other situations, but not to this one.
RussellHltn wrote:Note that KB972270 was put out well over a year ago. I doubt if your machine has been unpatched that long.
My guess is that the recent deployment of TEM on clerk computers is what caused this issue to surface now, not the release of KB972270.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

aebrown wrote:In this case, I would install it, then within only a couple of minutes I would see a notification pop up that said it needed to be installed. I repeated that process 3 times, so it was very consistent. Then I ran through the procedure I described above, and it did not ever come back.
BTDT-GtTS. I have cleaned up the FHC, had everything working fine, and then a week later I'd have a few machines doing that again.

Yes, everything works fine - for now. But if for some reason the prior security (Everyone: Deny) is reapplied to t2embed.dll, you'll see the same behavior. If the MS updater is denied permission to check the file version, it will re-offer the update. (And of course the update is completely ineffective with that permission.)

The unsolved question is how was the "deny" update getting applied to that file? That WAS a valid Microsoft work-around at one time before a updated file was offered. It seems to be something in the Church environment, because I've never seen it at work where I manage even more machines.

Again, you'll be perfectly fine, unless that security updates itself. That doesn't happen right away, but could happen over the next few days/weeks.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#5

Post by aebrown »

RussellHltn wrote:Yes, everything works fine - for now. But if for some reason the prior security (Everyone: Deny) is reapplied to t2embed.dll, you'll see the same behavior. If the MS updater is denied permission to check the file version, it will re-offer the update. (And of course the update is completely ineffective with that permission.)

Your theory seems to hinge on the file being updated again. But that means you missed my confirmation that the file t2embed.dll did get updated. So there's no longer an update pending.

Sure, if some future update wants to update that particular DLL, I'll agree that the same problem could happen again, but not with this update -- it did get applied successfully.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#6

Post by russellhltn »

aebrown wrote:Your theory seems to hinge on the file being updated again. But that means you missed my confirmation that the file t2embed.dll did get updated. So there's no longer an update pending.
No, my theory depends on something updating the security on that file again. IIRC, in some cases, once I updated the security, a re-scan showed I no longer needed to apply the patch.

The update was being offered only because the updater couldn't read the file header to figure out the file version. I know for certain I had cases where I'd do a update scan, see none required, yet that computer needed a update the following week - for this same OLD update.

I felt I had permanently fixed the problem, only to be surprised days later. So, I guess another way to put it - there's two problems. One is getting the update to "take" (short term). The other is to not have it come back on you in the next few days (long term). You've fixed the first problem. I'm sceptical about the second.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#7

Post by aebrown »

RussellHltn wrote:I felt I had permanently fixed the problem, only to be surprised days later. So, I guess another way to put it - there's two problems. One is getting the update to "take" (short term). The other is to not have it come back on you in the next few days (long term). You've fixed the first problem. I'm sceptical about the second.

Your theory also depends on discounting the fact that the system consistently and quickly demanded updates, even after installing updates, and that it ceased demanding updates immediately upon my following the procedure I described. I'd suggest at this point that we wait and see.

My purpose in starting this thread was to share my actual experience so that others might benefit from that. I'll certainly post back if anything goes wrong, but I don't see the point in further speculation. I prefer actual experience (with the particular situation at hand) to speculation.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
russellhltn
Community Administrator
Posts: 34421
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#8

Post by russellhltn »

aebrown wrote:Your theory also depends on discounting the fact that the system consistently and quickly demanded updates, even after installing updates, and that it ceased demanding updates immediately upon my following the procedure I described.
Right. You fixed the short-term problem. So did I, following the exact same procedure over a month ago. The long-term problem still haunts me.
aebrown wrote:My purpose in starting this thread was to share my actual experience so that others might benefit from that.
And I've been sharing my experience with this issue as well. I'm a little puzzled as to why you seem to it's somehow different.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
Biggles
Senior Member
Posts: 1608
Joined: Tue May 27, 2008 5:14 am
Location: Watford, England

#9

Post by Biggles »

RussellHltn wrote:No, my theory depends on something updating the security on that file again. IIRC, in some cases, once I updated the security, a re-scan showed I no longer needed to apply the patch.

The update was being offered only because the updater couldn't read the file header to figure out the file version. I know for certain I had cases where I'd do a update scan, see none required, yet that computer needed a update the following week - for this same OLD update.

I felt I had permanently fixed the problem, only to be surprised days later. So, I guess another way to put it - there's two problems. One is getting the update to "take" (short term). The other is to not have it come back on you in the next few days (long term). You've fixed the first problem. I'm sceptical about the second.
Referring to the Sophos link in your first post in this thread, has the problem reoccurred for you?

Since I implemented the solution found at:- http://solutions.csueastbay.edu/questio ... tionid=434 I have not had a recurrence of this annoying problem. the time period being at least 6 weeks now.

Regarding aebrowns comment about TEM, I checked the MLS installed computer at the weekend, that had had the problem. TEM hasn't been installed on it yet. I believe this is intended to be rolling deployment.
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#10

Post by aebrown »

Biggles wrote:Regarding aebrowns comment about TEM, I checked the MLS installed computer at the weekend, that had had the problem. TEM hasn't been installed on it yet. I believe this is intended to be rolling deployment.

Interesting. My comment about TEM was just a guess, but I'm hard pressed to explain why what seems to be a similar problem (certainly involving the same KB972270) would have popped for some people so much earlier and yet only recently for my stake. It seemed plausible that TEM was the trigger, and I suppose that is still possible. But the fact that TEM has not been installed on the computer you're working with certainly puts some doubt on that theory.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
Post Reply

Return to “Clerk Computers”