为什么交付优化服务未能启动?
为什么交付优化服务未能启动?
提问于 2020-03-13 02:49:03
我无法从我们的WSUS服务器(或从Windows )安装更新,系统事件日志中出现了错误7024:
The Delivery Optimization service terminated with the following service-specific error:
General access denied error像这样的错误消息出现在Windows更新日志中:
2020/03/12 15:55:10.2967680 11116 8720 DownloadManager *FAILED* [80010108] Method failed [CAgentDownloadManager::DownloadUpdate:8538]
2020/03/12 15:55:10.2967780 11116 8720 DownloadManager *FAILED* [80010108] Got error starting update 0 in call 8. Notifying call.
2020/03/12 15:55:10.2992536 11116 7112 Handler *FAILED* [80004004] CAppxRangeRequestJobNoBlockValidation::Run {9EA297F8-07ED-4D73-B705-7C68F2CACF7B} [d:98DED0BF]: Job shutdown
2020/03/12 15:55:10.2997565 11116 7112 Handler *FAILED* [80004004] Method failed [CAppxStreamingDataSource::CreateRangeRequestJob:1301]
2020/03/12 15:55:10.3006678 11116 7112 Handler *FAILED* [80240007] FindDeploymentOperationForUpdate
2020/03/12 15:55:10.4196302 11116 7112 Handler *FAILED* [80070057] IA call to resume download for app category BBC38914-FE0A-41D6-B45F-24A64071962D [UpdateId: 9EA297F8-07ED-4D73-B705-7C68F2CACF7B]
2020/03/12 15:55:10.4196336 11116 7112 Handler *FAILED* [80070057] CreateDataSource failed for uri 'x-windowsupdate://9EA297F8-07ED-4D73-B705-7C68F2CACF7B/BBC38914-FE0A-41D6-B45F-24A64071962D/98ded0bf9f36e0649f79c0a30c087fe2dc1f9981'
2020/03/12 15:55:10.4554179 12552 12264 ComApi ClientId = Acquisition;explorer: Exit code = 0x00000000; Call error code = 0x80240022
2020/03/12 15:55:29.6739766 11116 15248 Misc GetUserTickets: No user tickets found. Returning WU_E_NO_USERTOKEN.这样的错误消息出现在传递优化日志中:
2020-03-04T04:43:32.4368707Z 1B78 EF8 {ServiceMain} *** Starting service ***
2020-03-04T04:43:32.4371455Z 1B78 EF8 {} (null) [onecore\enduser\deliveryoptimization\statepersistence\persistencelocation.cpp] (hr:80070005)
2020-03-04T04:43:32.4409756Z 1B78 EF8 {ServiceMain} ** Service was started due to trigger event **
2020-03-04T04:43:32.4409779Z 1B78 EF8 {CService::Run} Service starts running, with idle timeout of 300 s...
2020-03-04T04:43:32.4420184Z 1B78 EF8 {} (null) [onecore\enduser\deliveryoptimization\configmanagement\globalconfigmanager.cpp] (hr:80070005)
2020-03-04T04:43:32.4423674Z 1B78 EF8 {} onecore\enduser\deliveryoptimization\configmanagement\globalconfigmanager.cpp(57)\dosvc.dll!00007FFFA2EC07E7: (caller: 00007FFFA2E7D7D8) Exception(1) tid(ef8) 80070005 Access is denied.
[onecore\enduser\deliveryoptimization\deliveryoptimization\globalobjects.cpp] (hr:80070005)
2020-03-04T04:43:32.4423806Z 1B78 EF8 {CDeliveryOptimizationManager::Init} Failed in initialization, hr = 80070005
2020-03-04T04:43:32.4423876Z 1B78 EF8 {CDeliveryOptimizationManager::Init} Assert (!L"DO manager failed in initialization"): Failed
2020-03-04T04:43:32.4423961Z 1B78 EF8 {CService::Run} DO manager init failed with hr = 80070005
2020-03-04T04:43:32.4423976Z 1B78 EF8 {CService::_OnStop} Received service stop notification; system shutdown: 0
2020-03-04T04:43:32.4424369Z 1B78 EF8 {CDeliveryOptimizationManager::Shutdown} DoManager shutting down, final? 0
2020-03-04T04:43:32.4428958Z 1B78 EF8 {CDeliveryOptimizationManager::Shutdown} DoManager shutting down, final? 1
2020-03-04T04:43:32.4431130Z 1B78 EF8 {CService::Run} Service shutdown complete, hr = 80070005
2020-03-04T04:43:32.4431148Z 1B78 EF8 {ServiceMain} *** Service out of Run loop. Exiting... ***
2020-03-04T04:43:32.4433721Z 1B78 EF8 {} (null) [onecore\enduser\deliveryoptimization\statepersistence\persistencelocation.cpp] (hr:80070005)
2020-03-04T04:43:32.4433792Z 1B78 EF8 {ServiceMain} Assert (0): SUCCEEDED(hr)造成这种情况的原因是什么,如何纠正呢?
回答 1
Server Fault用户
发布于 2020-03-13 02:49:03
一个可能的原因是C驱动器根上的权限已被更改,从而阻止传递优化服务成功初始化。(但是,只有在第一次尝试下载之前更改权限时,才会发生此问题;一旦传递优化服务成功地初始化了自己,即使以后更改了权限,它也会继续工作。)
C驱动器根目录上的默认权限如下(Windows 10版本1809):
C:\ BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Users:(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\Authenticated Users:(AD)
Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)在本例中,通过SCCM部署的包无意中更改了权限,因此它们如下所示:
C:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
OWNER RIGHTS:
OWNER RIGHTS:(OI)(CI)(IO)
NT AUTHORITY\INTERACTIVE:(RX)
NT AUTHORITY\INTERACTIVE:(OI)(CI)(IO)(GR,GE)
Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)特别要注意的是,修改后的ACL中既没有Users也没有Authenticated Users,只有INTERACTIVE。这意味着任何在没有管理员级权限的情况下运行的系统服务都没有读取根目录的权限。在传递优化服务的情况下,这会导致初始化期间拒绝访问的错误。
解决这一问题所需的最少干扰的变化如下:
icacls C:\ /grant Users:(RX)这只会影响C:\本身的权限,而不会影响它可能包含的任何文件或文件夹的权限。根据您的情况,您可能更愿意还原默认权限,或者设置自定义权限;只要传递优化服务具有读取访问权限,它就能够初始化。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1006765
复制相关文章
相似问题
腾讯云开发者
