locked
Incorrect Status & False Alarms RRS feed

  • General discussion

  •  

    I have three PCs in my circle. Two are XP ( a desktop that is the hub and a laptop) and one is Vista.. The Vista machine is also at another location. When the Vista machine is shut down, it turns the hub PC 's status to red. It usually claims that the AV/spyware is off or the firewall is off. Sometimes it says both are off. Of course, there is nothing wrong with the Vista machine and if it is rebooted its status is green. This seems to happen when the Vista machine is on but for only an hour or two and is then shut down. Eventually the hub will return to green. If the Vista PC needs to be on for hours to report its status correctly, this is going to do nothing but genereate false alarms and make this feature useless.

     

    It doesn't seem to affect my XP laptop, as I generallly turn it on at least once every three days for about 15 or 20 minutes to let it get any updates it requires. Its status stays green on the hub PC.

    Saturday, December 8, 2007 9:16 PM

All replies

  • I wonder if during shutdown on the Vista machine it reports its status to the server as off and that is what is being communicated to the hub. Obviously, this is not desired behavior during a normal shut down.

    -steve

     

    Tuesday, December 11, 2007 2:14 AM
    Moderator
  • This problem has been recurring. When the Vista machine is turned on/off the status of the hub PC sometimes goes red. If I let the Vista machine stay on for at least a few hours the hub PC's status will eventually return to green. There is definitely a bug in the way OneCare is reporting the Vista machine's status.

     

    My XP laptop usually is only on for 15 minutes and its status has never changed in the circle.

    Thursday, December 13, 2007 5:00 PM
  • You mentioned that the Vista machine is remote - not on the local LAN. When the PC is remote, it takes about an hour to communicate status to the server and then down to the hub. However, if the Vista machine was in green status and communicated to the serer while it was on, turning it off should not change the hub status to red, it should retain the status that was last communicated. Per my previous reply, it seems that the bug is that the Vista machine may be uploading a "panic" message at shutdown that reports services being shut off instead of seeing this as a normal shut down. Once that alert hits the server and is communicated back to the hub, it will remain red until the Vista machine "phones home" to tell the OneCare server that all is well - and then that status gets sent to the hub the next time it communicates with the server.

    There is another active thread for a similar problem with a shutdown of the Vista machine causing the hub to report the red status for the Vista machine immediately on power off - and this is on the local LAN, so I do believe that it is the same bug.

    -steve

     

    Thursday, December 13, 2007 6:56 PM
    Moderator
  • It isn't just happening at shutdown. With todays incident I was better able to see what was happening. The Vista PC was turned on and shortly after that the status of my PC turned red claiming the firewall was off on that machine. After an hour or so it returned to green. The Vista machine was turned off and its status on my hub PC remains green so far.

     

    Should I contact support? At this point, I feel like I'm throwing bricks in the Grand Canyon.

    Thursday, December 13, 2007 7:29 PM
  • You could reach out for support, but that may be some more bricks being thrown.  I must admit, though, that I'm stymied as to why this is happening.

    My "hit it with a hammer" solution would be to go to the hub PC, select to remove the Vista PC from the subscription. That will force you to have to uninstall on the Vista PC. Then make the hub PC not be a hub and uninstall/reinstall OneCare on the hub. Once activated on the hub PC, make it a hub again. You should not see the Vista PC in your Circle. Now, go to the Vista PC and reinstall and activate OneCare. This should get the Vista PC to once again be part of the Circle. It may then report the correct status.

    As I said, that is the hit it with a hammer solution. I don't actually recommend it, as it is lots of work, but that's what I would try.

    In the meantime, let me see if I can get the attention of the developers on this issue.

    -steve

     

    Friday, December 14, 2007 1:48 PM
    Moderator
  •  

    I have the same problem but with 3 Vista PCs. Two are on the local LAN. the other is in a remote location. My status just turned red on my hub PC because the remote computer is off. Sometimes this even happens on the computers on the local LAN. It is extremely annoying to see the little red 1 in the system tray when it should be green. If i go to EACH computer and restart the OneCare service, it temporarily fixes it until the next shutdown.
    Saturday, December 15, 2007 9:25 PM
  •  

    Hello, I have 3 Vista PCs in My OneCare circle. Two of them are on my local network(Which are hubs). The other one is remote(Not a hub). Anytime the remote computer is shutdown, my hub PCs compain that either the Firewall or VIrus Scanning is off on the remote computer even when it is on. THis is very annoying because the status is "At Risk" when it should be "Good". This problem is happening to a lot of people in this forum, with different situations. Please advise
    Saturday, December 15, 2007 9:38 PM
  • I"ve been monitoring the problem and, in my case, it occurs every time the Vista machine is turned on. An hour later, the next time the Vista machine communicates with the OneCare server, about an hour, my PC returns to green. There seems to be a problem for Vista machines first reporting their status when they start up or in how that info is relayed to the hub.

     

    I've turned on the XP laptop for just fifteen minutes several times and it always manages to report to OneCare immediately.

    Saturday, December 15, 2007 10:42 PM
  •  Shanesnh wrote:

     

    Hello, I have 3 Vista PCs in My OneCare circle. Two of them are on my local network(Which are hubs). The other one is remote(Not a hub). Anytime the remote computer is shutdown, my hub PCs compain that either the Firewall or VIrus Scanning is off on the remote computer even when it is on. THis is very annoying because the status is "At Risk" when it should be "Good". This problem is happening to a lot of people in this forum, with different situations. Please advise

    I merged your new thread into the existing one before seeing that you had already added to the older thread. Your situation sounds the same as the original thread in that shutting down the remote machine seems  send an invalid report back to your hubs. I don't know the reason, though I continue to speculate that it is because OneCare on the Vista machine is somehow being shut down abnormally and then communicating status to the servers and then to the hub.

    Hopefully, the OneCare team can offer some direction for this issue.

    -steve

    Monday, December 17, 2007 8:08 PM
    Moderator
  • To follow up on this issue, the update yesterday to 2.0.2500.14 seems to have resolved this issue for me. I have tested the remote Vista machine three times with startups and shutdowns and the hub has remained green every time.

     

    Saturday, December 22, 2007 3:58 AM
  • I spoke too soon. The problem continues with release 2.0.2500.14 although it doesn't occur EVERY time like it used to.

    Saturday, December 22, 2007 4:54 PM
  • Thanks for the information on the current status. Although it doesn't appear to have been resolved, at least it isn't happening every time. Have all 3 PCs updated to .14?

    -steve

    Sunday, December 23, 2007 6:39 PM
    Moderator
  • Yes, all had been been updated to .14

     

    Every time the hub computer does go red it's always five or ten minutes after the remote Vista machine is turned on. An hour later the hub always returns to green. Whenever the remote machine is turned off after the hub returns to green, the hub always remains green.

     

    Monday, December 24, 2007 3:11 AM
  • This issue has returned with version .22

     

    Every time the remote Vista machine is started the XP hub machine's status goes to red until an hour later when OneCare updates its status the second time.

     

    This makes the hub function completely useless when it does nothing but generate false alarms.

     

     

    Friday, February 15, 2008 5:20 PM
  • It hasn't returned, it continues - since 2500.14 preceded 2500.22 and you had the issue with .14, too.

    I still don't have an answer for why it happens, though. It has never happened on my network with a Vista laptop that is often off network.

    -steve

     

    Saturday, February 16, 2008 3:26 AM
    Moderator
  • I have the identical problem.

     

    PC1: Vista Ultimate

    PC2: XP Pro

    PC3: Vista Home

     

    The Vista Home is the one who sends the panic staus as it shuts down.  Is MS going to work this bug out?

    Wednesday, April 2, 2008 4:55 PM
  • I sure hope so. I haven't yet heard if the cause is known.

    -steve

    Wednesday, April 2, 2008 5:25 PM
    Moderator
  • This is a very aggrivating probem, I have five machines in my circle three of which are Vista and three of which are not on my LAN.

     

    Laptop1: Vista Ultimate, LAN, Hub

    PC1: Vista Ultimate, LAN

    Laptop2: Vista Business, Remote

    Laptop3: XP, Remote

    PC2: XP, Remote

     

    I have no problems with the XP machines and rarely have any issues with PC1 (although I do occasionally) but Laptop2 is forever telling me that the Firewall is off, the AntiVirus is off etc etc.

     

    When are you going to sort this out Microsoft?  Apert from this issue the software is excellent but this is really letting it down!

     

    Kev

    Friday, April 18, 2008 2:23 PM
  • First, I'll note that you should not have more than 3 PCs in a Circle as your license is only good for up to 3 PCs on a single subscription. Additional PCs would require a different subscription, using a different LiveID, so the other 2 PCs would not be part of the first Circle.

    Even though you have more PCs that allowed in the Circle, assigned to the same subscription, that still doesn't explain the problem, unfortunately. The incorrect reporting of the status of a monitored PC would indicate a communication problem with that PC. Some people have reported that reinstalling OneCare on the problem PC fixes the issue and others report that reinstalling on the hub corrects the problem. And others report that neither solution resolves it.

    -steve

     

    Friday, April 18, 2008 4:29 PM
    Moderator
  • I'm having the same false alarm problem, but with XP instead of Vista.

     

    Every time the secondary PC is turned on then off, it gives the false alarm to the Hub circle to the point where I have to turn on the secondary PC again and either turn off and on the firewall or AV protection so the status resets to normal. The "turn on" button in the hub works but never updates the status.

     

    The only thing I can think of is since my Secondary PC is slow. (An AthlonXP 2100+ Thoroughbred) At startup, OneCare's report process boots first before the rest of OneCare and immediately sends the "Firewall is Off" or "AV is Off" or Both status messages to the circle since the OneCare firewall and/or AV processes hasn't fully booted yet. When they finally bootup it doesn't send "OK" status back to the circle, resulting in the false alarm.  Adding a simple 5 minute delay in the report module so that it won't send OneCare status messages until at least 5 minutes after bootup would most likely stop this problem dead.

    Thursday, April 24, 2008 2:24 AM
  • Same here so I turned off central management. I found no real benifit to it.
    Friday, April 25, 2008 4:29 PM
  • Whenever my daughter powers on her laptop (Vista), my PC - Vista (also the hub PC) will turn red, saying that the Firewall and Virus Monitoring are turned off. 

     

    This is not the case though. My daughter didn't change any settings and when I go to her machine, the status indicator is green.

     

    I've noticed it can take 10 minutes to an hour and the hub will update and turn green.  However, it is annoying to see the red and not know whether or not it merits attention.

     

    My question: Is there a way to force a refresh (besides a reboot) so that the hub will correctly see that the firewall and virus monitoring is on?  (Note: if I click the Turn On button, it hangs.)

     

    It seems like this is a problem because simply turning on the laptop should not cause the indicator to go red.  Are there any solutions or steps that can be taken?

    Sunday, May 4, 2008 3:52 AM
  • I am having a similar problem to the one reported here.

     

    I have 4 PCs in my Circle (don't know why the moderator thinks you can't--he should try it).

     

    Vista Desktop PC (wired LAN) -- this is the one that always displays as firewall/antivirus off

    Vista Laptop (wireless LAN) -- HUB PC

    Vista Laptop (wireless LAN)

    XP Laptop (wireless LAN)

     

    It seems everytime my husband turns on the desktop, my status shows RED--that is firewall/antivirus is off.  When I go to his computer, his status shows fine. I don't have any issues with the other computers showing incorrect statuses.

     

    Lori

    Sunday, May 4, 2008 6:22 PM
  • Lori, you can probably have 25 PCs in a Circle. You are not legally allowed to, though.

     

    As you may have already read within this unanswered thread - some people have reported that reinstalling OneCare on the hub and/or the PC that is reporting an incorrect status resolves the problem. I still don't know the cause.

    -steve

     

    Monday, May 5, 2008 5:22 PM
    Moderator
  • Windows Onecare 2.0.2500.30 with 2 Vista Home Premium computers reports false alarms.  My Hub PC indicates that my other computer firewall is off.  The message eventually goes away.  Onecare needs a way to quickly update this false alert message.  Both PCs bought with Vista preinstalled and have plenty of resources.  Rebooting both PCs did not fix the situation.
    Monday, May 19, 2008 1:44 PM
  •  djbe3000 wrote:
    Windows Onecare 2.0.2500.30 with 2 Vista Home Premium computers reports false alarms.  My Hub PC indicates that my other computer firewall is off.  The message eventually goes away.  Onecare needs a way to quickly update this false alert message.  Both PCs bought with Vista preinstalled and have plenty of resources.  Rebooting both PCs did not fix the situation.

    I've merged your post into the thread where others have reported similar behavior.

    -steve

    Monday, May 19, 2008 3:38 PM
    Moderator
  • I have the same configuration of computers as RaymondLuxuryYacht has (2 XPs, one is a desktop and the other is a laptop, and the third is a Vista desktop) and have perhaps the same problem?  The Vista desktop is the main machine and the other two are up to date with green status indicators, yet they do not communicate their status correctly to the main machine, which has Orange status indicators for the two XP's.  These machines are in the same room within ten feet of each other, yet the status is not updating.  What to do?
    Monday, June 2, 2008 12:41 AM
  • I've got no new information on the problem, unfortunately. You can try reinstalling OneCare on one or more PCs or you can contact support. On the other hand, if it were me - I'd demote the PC from hub status.

    -steve

     

    Monday, June 2, 2008 1:39 AM
    Moderator
  • Is there a tech support phone number???  --- I don't like to spend my time reading when I can talk about my issue... (Do you have a customers services dept.??? - - Microsoft should have a better way to take care of their customers.

     

    Tuesday, June 10, 2008 11:48 AM
  •  Johansson wrote:
    Is there a tech support phone number???  --- I don't like to spend my time reading when I can talk about my issue... (Do you have a customers services dept.??? - - Microsoft should have a better way to take care of their customers.

     

    You'll need to read the support FAQ post as the phone number can't be posted. Phone support is only available to subscribers.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    -steve

    Tuesday, June 10, 2008 9:43 PM
    Moderator
  • I too have the same problem as the other users. 

     

    PC1 = Vista home premium

    PC2= XP

    PC3 = Vista home premium (drops antivirus and firewall at shutdown....yes I've been around computers for 25-years+ and know how to shut a computer down......the problem is not on my end rather in the code, Probably Vista changing the firewall from home/office to public during shut down )

     

    Unfortunately I use the central backup system, therefore I can not remove any of these PCs from the circle or otherwise I would be required to create new backup sets using 10-30Gigabyes of backup resources

     

     

    I is hard for me to believe that Microsoft can't duplicate this problem and fix it.  If this persists, I will fire Microsoft and go back to Zone alarm and tell my friends to avoid this product......my right as a consumer.

     

    Rgd

    Eric

     

    Thursday, July 3, 2008 4:02 PM
  • The oddity of this, Eric, is that many people are not experiencing this issue at all. I am speculating that the cause is that the core OneCare services are being shut down before the connection is closed, so part of OneCare is still able to broadcast its status to the Hub PC and the OneCare server before Vista has shut down completely. Why that is, I can't say, but the problem is widespread enough that I'm sure that it is being actively investigated.

    As I've answered before, the workaround would be to not have any PC acting as a hub and you won't have the warning from the other PC or PCs. It may not be a viable workaround for some, I'm sure. I may be an optimist, but I remain hopeful that the cause will be identified and that it will be resolved soon.

    -steve

     

    Thursday, July 3, 2008 5:45 PM
    Moderator
  • Thank you for the information.  Please remember that I have my circle setup to use a central backup computer.  I did "disband" the circle once but that forced me to create new backup sets next time performed backups.  Perhaps I overlooked a method to reinstate the old backup sets but the express method didn't work.  I was forced to use more disk space with a complete backup.

     

    I think that more people that Microsoft realizes have this problem they just are unaware or unwilling to spend the time to complain.  This has been a problem for me for the last three months.  I just finally got fed up an spend the 20 minuets to trouble shoot.

     

    Rgds

    Eric

     

     

    Thursday, July 3, 2008 11:42 PM
  • Sorry about that, Eric. You're correct - with Centralized backup in place, turning off the hub PC as a host isn't an option for you, I'm afraid.

    I'm quite sure that they are aware that this is a widespread problem. I don't know if it is fixed in the 2.5 release that just started going out, which you will likely be seeing next week. The update requires a reboot, so you'll know you got it. Let us know if the problem persists after the update to 2.5

    -steve

     

    Friday, July 4, 2008 1:05 AM
    Moderator
  • Hum....interesting that my current version of Onecar is 2.0.2500.32 with firewall version 1.2.30.19.

     

    Is there a hot-fix/patch with the release number 2.5?

     

    Typically software release numbers are sequential......2.0....2.1.....2.2.....Mine is 2.0.###.###

     

    Rgds

    Eric

     

    Friday, July 4, 2008 11:25 AM
  • Sorry for my delayed reply, Eric. 2.0 is the released version. 2.5 was released last week and will be staged out to everyone this week, barring any unforeseen issues causing it to be pulled. Your installations will be updated automatically.

    -steve

     

    Tuesday, July 8, 2008 5:07 PM
    Moderator
  • always on red asking for ID . what is ID I am having KEY

     

     

     

    Wednesday, July 9, 2008 5:41 PM
  •  Ashis Pakhira wrote:

    always on red asking for ID . what is ID I am having KEY

     

     

     

    I think you've posted to a completely unrelated topic.

    Did you install OneCare from CD? After install, you must activate your subscription by opening OneCare, click on Subscribe, sign in with your LiveID (you used one to sign in here in the forum) and select the option to use a retail key or token to subscribe. Enter the retail key. Your OneCare subscription will be activated.

    -steve

    Wednesday, July 9, 2008 5:59 PM
    Moderator
  • I'm having a similar problem. My hub (Vista) is showing yellow. It reports that one of my PCs (XP) has an interfering program and instructs me to go to OneCare on that PC and completethe Actions to Take. But the PC it directs me to is showing green and indicating nno problems.Confusing and frustrating.

     

    Thursday, July 10, 2008 3:28 AM
  • I like your forum nickname. :-)

    Did that PC at one time have an interfering program that you removed? I believe that this is/was a known issue with the Interfering Programs removal/correction not being updated back to the hub.

    Try demoting the hub PC to not be a hub and then making the problem PC into a hub. Then switch the hub back to the original. Alternatively, remove the problem PC from the subscription, and activate it again (you may need to reinstall) to get the status updated correctly.

    And, finally, you can contact support as they may have a better solution that I'm not aware of.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    -steve

    Thursday, July 10, 2008 12:34 PM
    Moderator
  • Thanx - that nickname was awarded in college, in honor of a barbaric sense of humor!

     

    Yes, that PC installed and ran Ad-Aware. It then got the "interering program" message, and we uninstalled Ad-Aware.

     

    Removing that PC from the circle and re-adding it did the trick. The hub is green again.

     

    Thanx for your help!

    Friday, July 11, 2008 12:24 AM
  • Glad to read that your problem was solved fairly easily. :-)

    You're welcome.

    -steve

     

    Friday, July 11, 2008 12:52 PM
    Moderator
  • The problem of false status reports at the hub for PCs in the circle which have just been switched on has apparantly been fixed for me by the 2.5.2900.3 update.  The tray icon now stays green and the circle status remains good. Perhaps a bit early to shout after only two days but it is different.

     

    Regards

    Tom

    Friday, July 11, 2008 1:17 PM
  • I'll keep my fingers crossed, Tom. Thanks for the update.

    -steve

    Friday, July 11, 2008 1:45 PM
    Moderator
  • Spoke too soon.

    One care on the hub turned red for a while some time after a circle PC was switched on and subsequently has reverted to the old routine of going red at switch on of the circle PC.  The complaint is restricted to the firewall on the circle PC being off, which of course it isn't.

    It's odd that the update changed things but only for a while.

     

    Regards

    Tom

    Tuesday, July 15, 2008 10:09 AM
  • Sorry to read that the problem persists, Tom. To clarify, in your case, the hub reflects an incorrect status of the firewall on a monitored PC only when that PC is turned on. Does it then correct itself some time later? If so, how much time elapses before it corrects itself? And, is the monitored PC on the same local LAN as the Hub? Is it only the one monitored PC that has this anomaly?

    -steve

     

    Tuesday, July 15, 2008 1:46 PM
    Moderator
  • Steve,

     

    yes the Vista hub PC indicates an incorrect status of a monitored Vista PC as soon as that PC is switched on and corrects itself something like an hour later.   Some time ago it used to show firewall and AV off on that PC, this became only firewall off before the 2.5.2900.3 update, then for a while after the update it remained green.  Then the hub PC showed firewall off some time after the Vista PC was switched on and for a shorter period as I recall, but since that instance the hub has reverted to showing a status alarm as soon as the monitored Vista PC is switched on.

     

    The Vista hub, one monitored Vista PC and a monitored XP PC are on the same router connected LAN but the XP PC has remained green both before and after the 2.5.2900.3 update. The XP machine is not run as often and is about to be retired.

     

    I had commented in another thread in this section - 'One Care Circle network activity' - on the two blips a minute communication between hub and monitored PCs. This continues but obviously doesn't convey useful information :-)

     

    Regards
    Tom

    Wednesday, July 16, 2008 3:16 PM
  • Ah, I recall that other discussion. From your description of the current behavior, it appears that the initial status is successfully communicated to the hub - that is that protection is off. Unfortunately, that's false since the PC is booting. The hour delay in correcting the status would seem to indicate that the hub is not getting the status from the other PC directly after that initial notification, since an hour sounds about right for a round trip server check on status. The hub is getting the new status from the OneCare server, not the other PC directly, I mean. So, the "pings" you are seeing may be unsuccessful attempts to get through...

    -steve

     

    Wednesday, July 16, 2008 3:35 PM
    Moderator
  • There needs to be a way to manually refresh the Onecare status on the hub machine!!!!!

    Saturday, July 19, 2008 4:21 AM
  • The problem is not in the need to refresh the status immediately, as this should happen automatically when the PCs are on the same network. The problem is that sometimes a false status is being provided for unknown reasons.

    -steve

     

    Monday, July 21, 2008 4:53 PM
    Moderator
  • Maybe or maybe not, I can delete the machine creating the false status from the hub and then resubscribe on that machine and the error almost always clears up within a minute or two.  Either way this is unacceptable in my opinion, or an hour for the server to clear up is unacceptable as well.  This is obviously a know issue and should be resolved if the hub function is to be a viable tool.

    Monday, July 21, 2008 11:55 PM
  • I can also confirm that this bug is still present. My off-site Vista computer still triggers an "at risk" status in my hup PC(XP) about five to ten minutes after every cold start. An hour later (when the Vista machine makes the second report to the OneCare servers) the hub PC returns to green. 

     

    My current workaround has been to set the Vista machine too sleep after an hour of inactivity and to awaken with mouse movement. This has reduced the false alarms to those times that a restart is required for the Vista PC after a security update or software installation.

     

    This workaround did uncover another bug, though.

     

    Sometimes after waking, the Vista PC could not open OneCare through the system tray icon. Clicking on the icon would do nothing but OneCare would still open normally using the entry on the Start Menu. This problem would go away after a restart. I have not seen it occur since 2.5.2900.03 was released.

    Thursday, July 24, 2008 5:22 PM
  • Thanks for the update on your status. I've been wondering if it was still affecting you as the originator of this thread. :-)

     

    I'll keep my fingers crossed that the cause of this problem gets identified and addressed sooner than later.

    -steve

     

    Thursday, July 24, 2008 5:33 PM
    Moderator
  • This problem was not solved by release 2.5.  OneCare still reports that my daughter’s computer firewall and/or antivirus is off.

     

    Thank you and best regards

    Eric

     

    Thursday, July 24, 2008 10:45 PM
  • I hadn't been watching this thread, since I don't use the Circle management feature of OneCare myself.

     

    However, I can clearly see that the core problem likely isn't OneCare itself, it's more likely it's simply a reflection of problems within the Windows Management Instrumentation (WMI) services, which were developed to conform to the Web-Based Enterprise Management (WBEM) initiative. These issues have occured since the early days of this system, but were only evident from limited visual indications such as the Windows Security Center application, which is a local consumer of information collected by WMI and has often displayed false information during operating system startup.

     

    Unfortunately, it appears that the OneCare Cricle feature was built on top of the WMI base without regard to these well known issues. From the recent description of the additional traffic it appears a workaround using local direct PC to PC communication has been attempted, but isn't working in all cases if at all.

     

    I don't know how many here recall the early days of the public beta for the original OneCare 1.0 product, but at the time there were major issues occuring within the Windows Update, .NET 2.0 and other core systems used by OneCare. Within several months before and just after the release of OneCare 1.0 there were several updates to these technologies, likely designed to fix or improve weaknesses discovered in them, though no specific announcement of this ever occured. In some cases the issues were caused by malware or even self inflicted by users making changes or causing damage to their own operating system, often called 'tweaks'.

     

    I'm not at all certain where the specific problems in this case are found, but I suspect it will require changes at all levels to fix some of them. Though many of the core Windows technologies like Windows Updates, Automatic Updates, .NET 2.0 and WMI have existed for about 10 years, few outside organizations ever used them in products, so OneCare and it's related family of Microsoft security products (Windows Defender, ForeFront Security) have been the first to really test them. This is actually good in the global sense, since it requires Microsoft to take a hard look at this core Windows code and improve it for everyone, including the OneCare Product Team.

     

    I know this doesn't resolve the immediate issue for anyone with these issues, but I hope it helps you to understand where the problems might actually lie. Since the WMI platform was initially designed for use in well connected corporate LAN environments, it's likely that operating this system over the much less dependable Internet to remote servers is exposing weaknesses in this system. It may just be possible that the OneCare Team will be required to partially or completely bypass the WMI system in this case, though I suspect they'll attempt to improve it first, since that would only improve it's operation for all users of Windows including the other security product vendors.

     

    OneCareBear

    Sunday, July 27, 2008 7:08 PM
    Moderator
  • Thankyou OneCareBear for the update and explanation.

     

    Just a snippet more related to my post regarding the one minute cycle of network activity between Hub and Circle PC, but probably better inserted here now. I have for some time been puzzled by entries in the Security logs on my two Vista PCs showing a pair of Crypto operations ocurring once a minute. These are a 'Key file operation' of type 'Other System events'  - Read persisted key from file, and a 'Crytopgraphic operation' of type 'System Integrity'  - Open Key. Both are successful and exist in numbers that totally dominate the Security log.

     

    I now suspect that these events are related to One Care Live. If the monitored Circle PC is running then the events are once a minute and if the monitored PC is off they become something like half-hourly on the Hub PC, also The Machine Key file being opened was created on the date One Care Live was installed. Or is it just co-incidence.


    Tom

     

    Tuesday, August 5, 2008 3:57 PM
  • Not a stretch at all, since the Crypto Services API set are another part of the .NET system used by OneCare and securing these transmissions while they travel over potentially unprotected networks would be a reasoable protection.

     

    Protect Private Data with the Cryptography Namespaces of the .NET Framework

     

    Though other organizations have used these tools, I doubt many have required them to the extent and depth that the Microsoft security applications have done. Since most previous third-party security applications have chosen to use their own developed core services, these deeper levels of ability have been less well tested, except by a rare few.

     

    This means that they are also less likely well known to malware developers, so they are thus less able to circumvent them at the current time. This isn't itself 'security', but at least reduces the chance that current attacks will be successful across the entire ecosystem. Pushing the envelope in the development of security applications has both plus and minus components, with additional potential security and additional side effects due to new technologies both having major significance.

     

    Though there are obvious growing pains here, I'm personally glad to see the improvements in development and the competition they have caused within the previously mostly stagnant security products community. Microsoft rarely talks about what they're doing 'under the covers' and few would understand it if they did, but it has really raised the bar with respect to what 'security' is in the real world today.

     

    OneCareBear

    Tuesday, August 5, 2008 4:54 PM
    Moderator
  •  Stephen Boots wrote:

    I've got no new information on the problem, unfortunately. You can try reinstalling OneCare on one or more PCs or you can contact support. On the other hand, if it were me - I'd demote the PC from hub status.

    -steve

     

     

    Steve,

    Having researched this issue herein I have talked myself out of trying to install a third Remote PC location!

     

              It so seems that from reading this and other posts section about issue that your reference to "Delay from remote  PC to server and back to a hub" seems for the most part to be in the area of an hour. Understandable!          

    Would appreciate hearing back from the 3 unit circles w/Remote what happens when the hub is removed as you suggested. Also does the Vista PC have SP1 update currently or any reference to being needed?        

     

    We have solved the issue relative to MISREPORTING FIREWALL OFF ISSUE between three XP PC's in an office wired lan by updating all manually and installing XP3 to all.  All reporting GREEN STATUS individually and to the HUB for two weeks since these updates. In the staggered auto update served of XP3 requirement I question if this could be though not mentioned above an issue? 

     

    Wednesday, August 20, 2008 1:35 PM
  •  RaymondLuxuryYacht wrote:

    To follow up on this issue, the update yesterday to 2.0.2500.14 seems to have resolved this issue for me. I have tested the remote Vista machine three times with startups and shutdowns and the hub has remained green every time.

     

     

    *  It tells me the machine had sufficient time to recieve all it's auto updates from servers while powered up.

    Also suggest you check the settings between all systems as to timing of automated tuneups, scans, etc. as this may have an effect on the problematic machine not having proper UPTIME prior to shutdown to complete tasks and throw off incorrect data. Hope this helps!

    Wednesday, August 20, 2008 1:55 PM
  • You aren't removing a hub, but demoting it. In effect, no longer monitoring the other PCs. You can do that at any time with absolutely no effect on the Circle other than not seeing the status of the other PCs on the one that was the hub.

     

    I don't think that the staggered offering of SP3 is at all a factor, though an update to SP3 fixing the problem suggests that the cause may be service related and that the update to SP3 may replace a faulty service.

    -steve

     

    Wednesday, August 20, 2008 2:04 PM
    Moderator
  • Steve/OneCareBear/all

     

    I now find that the problem has disappeared, WLOC on the hub remains green with the Circle status 'Good' when the monitored PC is booted. Still at Version 2.5.2900.03.

     

    I have not made any changes directly related to the fault although I did set the AV monitor off on the hub PC during a graphics driver update on 28 July. However I would guess the fix was since the August Windows Updates were applied on Hub and monitored PC but I have been distracted and can't be sure of the date the fault last happened. It's sometimes difficult to spot when something isn't there any more.  I physically removed The XP machine from the network around the same time.  The network activity and security events I have mentioned still continue.

     

    Fingers crossed,

    Tom

    Monday, August 25, 2008 10:42 AM
  • Thanks for the update, Tom.

    -steve

     

    Monday, August 25, 2008 6:04 PM
    Moderator
  • I'm having a similar problem with my PC's.  I have three with windows vista.  I have onecare on all of them.  I use the desktop in the living room as the hub pc.  It turns red and says that the firewall on my laptop is off.  But when I check my laptop, it is green and everything is working fine.  How do I fix this?

     

    Sunday, September 14, 2008 3:45 AM
  •  crymson wrote:
    I'm having a similar problem with my PC's.  I have three with windows vista.  I have onecare on all of them.  I use the desktop in the living room as the hub pc.  It turns red and says that the firewall on my laptop is off.  But when I check my laptop, it is green and everything is working fine.  How do I fix this?

     

     

    Here is a link to a firewall tool you may read about carefully and use as instructed in bulletin>

     

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7ee728a2-3c67-4a12-8d7e-954e86233206

     

     

    Sunday, September 14, 2008 9:15 AM
  •  

    Thank you.  That link and download did the trick.  I am saving that page to favorites just in case I need it again.  I hope I don't but you never know....One Care has been a very good product except for this one little hiccup....
    Sunday, September 14, 2008 7:58 PM
  •  Custom Computers & Technology wrote:
     crymson wrote:
    I'm having a similar problem with my PC's.  I have three with windows vista.  I have onecare on all of them.  I use the desktop in the living room as the hub pc.  It turns red and says that the firewall on my laptop is off.  But when I check my laptop, it is green and everything is working fine.  How do I fix this?

     

     

    Here is a link to a firewall tool you may read about carefully and use as instructed in bulletin>

     

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7ee728a2-3c67-4a12-8d7e-954e86233206

     

     

     

    Is the firewall repair tool something that you run once and the problem is fixed, or did you need to run it repeatedly?

    Do you need to run it only when the condition exists, or can it be run at anytime?

     

    I haven't tried the repair tool yet.  I still have the problem when my daughter's machine is turned on.  However, it eventually will return to green after an hour or less.

     

    I'd be willing to run the program if the fix is permanent.  If you need to run it after each occurence, then that doesn't help too much, since eventually to status will go green on its own.

    Sunday, September 14, 2008 9:55 PM
  • no,its false.actually i have only one laptop

    Sunday, September 14, 2008 10:29 PM
  •  BullishDad wrote:
     Custom Computers & Technology wrote:
     crymson wrote:
    I'm having a similar problem with my PC's.  I have three with windows vista.  I have onecare on all of them.  I use the desktop in the living room as the hub pc.  It turns red and says that the firewall on my laptop is off.  But when I check my laptop, it is green and everything is working fine.  How do I fix this?

     

     

    Here is a link to a firewall tool you may read about carefully and use as instructed in bulletin>

     

    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7ee728a2-3c67-4a12-8d7e-954e86233206

     

     

     

    Is the firewall repair tool something that you run once and the problem is fixed, or did you need to run it repeatedly?

    Do you need to run it only when the condition exists, or can it be run at anytime?   Meant as a One time fix ,When used as directed !

     

    I haven't tried the repair tool yet.  I still have the problem when my daughter's machine is turned on.  However, it eventually will return to green after an hour or less.  I hesitate to comment as you have not provided me how your system is configured,  Single PC or multi with hub.

     

    I'd be willing to run the program if the fix is permanent.  If you need to run it after each occurence, then that doesn't help too much, since eventually to status will go green on its own. ARE YOU FAMILIAR with settings in One Care?  READ THE DIRECTIONS for tool CAREFULLY!

    Monday, September 15, 2008 8:01 AM
  •  Mr.Mahboob Mosaddeq wrote:

    no,its false.actually i have only one laptop

     

    Answer: Not enough information to offer guidance!  May find help to your problem in above links.

    Monday, September 15, 2008 8:13 AM
  • This is Happening to me as well it is so annoying, But i guess its a Microsoft product, Microsoft need to Address this issue =/
    Saturday, October 11, 2008 2:25 AM
  • Having the same problem here too.  I have one Vista PC setup as the hub, a second Vista notebook and a third Windows XP notebook both running onecare and in my circle.  The hub PC keeps showing as "at-risk" with a red onecare symbol.  It usually reports the firewall on the vista notebook is turned off or sometimes the anti-spyware is off, neither of which is true.  When I attempt to turn-on the firewall from the hub pc (even though it's actually on), I get the following message:

     

    "This computer can't be contacted right now.  You should check to be sure it is turned on and connected before continuing."   Well, it is turned on and onecare is reporting a status of good (green indicator) on that machine.

     

    There is no problem communicating to my Windows XP notebook.  I finally quit using my PC as a onecare hub since I can't tell if there is an actual problem without opening onecare to see why it's showing red.  I actually never noticed this issue until recently and I've had the same configuration for many months. 

    Monday, October 13, 2008 4:40 AM
  • I have been having the same problem and I stumbled upon this forum in search of a permanent solution. I thought I'd share a quick fix solution that I seem to find has worked for me well so far:
    - On the computer that supposedly has the firewall and antivirus turned off I actually DO turn them off (this sets the status on this computer as red)
    - Then, back on the hub pc I click "turn on". This then proceeds to turn on the antivirus and firewall on the other computer right away.
    Now both computers are green and happy!

    Hopefully others will find this works for them too. It's not a long term solution but I have found it to be an effective temporary fix.

    Wednesday, October 29, 2008 3:07 AM
  • I am also getting this problem.  As with others on this thread, I have 1 Desktop PC (Vista Ultimate) as the Hub, one Laptop PC (Vista Business) and onw Desktop PC running XP Pro SP3.  All three PC's are on the same LAN and the Hub Machine shows that the Vista Laptop has "Protection Plus" off & "Firewall" off despite the laptop showing both as on.

     

    There is an option on the Hub machine to turn on the Firewall but nothing for Protection Plus.  Clicking the Turn on button for the Firewall results in "An Error is preventing this PC from accessing the remote PC, please try again later or resolve the issue on the local machine".  There is no issue with accessing the laptop via the network and the status appears to update after about 1 hour.

     

    I have tried the "Quick Fix" offered in the previous post but obvisously as the Nub PC will not communicate with the laptop all it get is the error message.

     

    I am not expecting a reply with a resolution as I can see this is an outstanding issue, but I thought there might be some extra information in my case that helps the bug fix team.

     

    Wednesday, November 12, 2008 1:25 PM
  • Thanks for adding your experience to the thread.

    I think that the most successful solution has been a reinstall of OneCare on one or both of the machines - the Hub and the monitored client.

    -steve

     

    Wednesday, November 12, 2008 2:45 PM
    Moderator
  • I am experiencing an issue that I think should classify as "false alarms", so here it goes..

    On our main family PC, which is also the hub PC for our circle, I keep receiving a message that I need to "update or renew my account" so that all of my status information is correct, which leads me to the log-in / account screen. After entering the account password, all seems to be well, but I also find that when I visit www.hotmail.com my username and password have been saved, allowing me to log in with a single click. That's all fine and good, but I've deliberately clicked "forget me", because I do NOT want my email account log in and password retained (since it is used by multiple people). I'm hoping that if it's needed for "OneCare Circle status" that OCL retains my log in information somewhere else, and that there is a setting I've overlooked that links my OneCare account to saving my password for email. I realize they all fall under the "Live Account" umbrella, but I'm providing the credentials for OneCare live so it will leave me alone, not for HotMail so everybody can mess with my email account. THis seems to be a recent development, because ot only started doing it within the last month or so it seems.

    Please advise.
    Thursday, February 26, 2009 7:21 AM
  • Dustin Hudson said:

    I am experiencing an issue that I think should classify as "false alarms", so here it goes..

    On our main family PC, which is also the hub PC for our circle, I keep receiving a message that I need to "update or renew my account" so that all of my status information is correct, which leads me to the log-in / account screen. After entering the account password, all seems to be well, but I also find that when I visit www.hotmail.com my username and password have been saved, allowing me to log in with a single click. That's all fine and good, but I've deliberately clicked "forget me", because I do NOT want my email account log in and password retained (since it is used by multiple people). I'm hoping that if it's needed for "OneCare Circle status" that OCL retains my log in information somewhere else, and that there is a setting I've overlooked that links my OneCare account to saving my password for email. I realize they all fall under the "Live Account" umbrella, but I'm providing the credentials for OneCare live so it will leave me alone, not for HotMail so everybody can mess with my email account. THis seems to be a recent development, because ot only started doing it within the last month or so it seems.

    Please advise.

    No, this would not be the same issue as the rest of this thread.
    Your LiveID credentials are not related to the saved or not saved LiveID for web sites such as Hotmail. The prompt you are receiving, assuming that it is from OneCare, is due to one of the following:
    1. Your account information for renewal purposes needs to be updated at https://billing.microsoft.com - perhaps your credit card information is not correct (new expiration date) or you originally subscribed with a retail copy.
    2. Your PC is unable to refresh the credentials from the registration servers due to a network issue or problem on that PC.
    I suspect it is the former. Go to the account profile at the link I provided and review your payment information for the subscription.
    -steve


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Thursday, February 26, 2009 1:56 PM
    Moderator
  • After doing a search for "false alarms", perhaps I did miscategorize my post because I see after taking a closer look that as per the parent topic it wouldn't necessarily be considered a "multi-PC management problem".
     
    Could you please direct me to where to seek help? The problem I am facing is not something I am misunderstanding, and I have been dealing with it for a couple of weeks now. My OneCare account isn't expired for several months yet, and it keeps telling me I need to renew or update my information. Why would it need my information months before I need to renew?!?
     
    This is an on-going cycle of me telling HotMail to forget me, and the OneCare again going yellow and asking me to update / renew my information. As soon as I enter my credentials at the LiveID screen the OneCare pops-up (which DON'T include the "save username / password / forget me" options that the HotMail login does) then OneCare goes green and seems happy, until I visit HotMail, log out (since it goes right into my mailbox without asking for password), click "forget me" and then OneCare goes yellow again shortly thereafter.
     
    If OneCare needs further information (credit card, etc..) why doesn't it take me to another screen indicating this, and why does the status immediately go green and the LiveID log in goes away as soon as I enter my LiveID and password?
     
    I might expect the program to be so persistent once my renew date is upon me, but since it's months away I'm approaching the point of considering this registration nagware. Also, if the product is to be discontinued, why would it be so set on renewing for me, shouldn't that part of the process be disabled if the product is to cease further development? Makes me wonder if I need to make sure my account is NOT set to auto-renew, but even though I've paid for the final months of the term I have paid for, am I going to continue to receive the nag false alarms? Please help!
    Friday, February 27, 2009 11:19 AM
  • I think that you need to contact OneCare support as it appears that there is a credentials problem on your PC. if OneCare is forgetting your subscription information, that is a problem, but should not also affect or be affected by your Hotmail login in the web browser. Something odd is certainly  happening.

    If you are being prompted to renew and OneCare isn't expiring in 30 days or less, it could be as simple as a date and time issue on the computer.

    How to reach support (FAQ) - http://social.microsoft.com/Forums/en-US/onecareinstallandactivate/thread/30400b52-7f26-4ba0-bc18-17e305329d90

     

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Friday, February 27, 2009 5:03 PM
    Moderator
  • My OneCare circle status of 3 Windows Vista is frequently incorrect regarding firewall and/or malware turned off in two of them.
    All PCs belong to the same wireless lan.
    I've already applied firewall and malware fixes without success.
    There should be a "fix" from MS since I'm getting sick of this wrong status. Afterall this is version 2...
    One could think: Should I trust or not this software as its circle status is sort of a mess!?
    • Merged by JimR1Moderator Saturday, April 11, 2009 6:52 PM Add to continuing discussion of issue.
    Saturday, April 11, 2009 3:47 PM
  • It seems I also have the same problem with 3 vista machines, two laptops one using vista ultimate, one using vista home premium, and a desktop running vista ultimate X64. the are all on my wireless LAN but the home premium laptop is showing as firewall turned off. I've tried rebooting with no avail. Its not very good when I have to stop what I am doing to check the other laptop to see if the firewall is on just to see its got a green good status.
    will there be a bug fix for this?
    "Testiing Microsoft Beta products to make better Microsoft products"
    Sunday, May 10, 2009 4:31 PM
  • It seems I also have the same problem with 3 vista machines, two laptops one using vista ultimate, one using vista home premium, and a desktop running vista ultimate X64. the are all on my wireless LAN but the home premium laptop is showing as firewall turned off. I've tried rebooting with no avail. Its not very good when I have to stop what I am doing to check the other laptop to see if the firewall is on just to see its got a green good status.
    will there be a bug fix for this?
    "Testiing Microsoft Beta products to make better Microsoft products"

    I don't expect a bug fix for this. In fact, I'm not sure that a definitive cause for the problem is known.
    If you've read the rest of the thread, you'll have seen the possible solutions:
    1. Stop using the PC as a Hub
    2. Reinstall OneCare on the Hub and possibly the machine exhibiting the problem.

    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, May 11, 2009 12:28 PM
    Moderator
  • I have the same exact problem too.
    The one item that differs, is that all three computers worked perfectly with Live OneCare until I replaced my laptop from a Dell laptop to a HP laptop.  Now the HP latop shows Live OneCare working perfectly, but on my Vista Hub, it shows the HP laptop having the firewall turned off with the red (1) showing on the hub computer.  Could there be something about the HP laptop having a odd problem?
    Monday, May 25, 2009 11:48 AM
  • I have the same exact problem too.
    The one item that differs, is that all three computers worked perfectly with Live OneCare until I replaced my laptop from a Dell laptop to a HP laptop.  Now the HP latop shows Live OneCare working perfectly, but on my Vista Hub, it shows the HP laptop having the firewall turned off with the red (1) showing on the hub computer.  Could there be something about the HP laptop having a odd problem?

    Sorry for the late reply, Phil70. It is hard to say where the problem lies when this condition occurs. The problem can be network related, on the hub or on the client that is mis-reporting the status in your Circle.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Wednesday, June 3, 2009 1:39 PM
    Moderator
  • I didn't want to start a new thread, as my issue is similar to the thread originators, but not as perplexing.  My OC Circle has three stations:

    Hub: desktop PC w/VHP SP2 w/automatic update
    Satellite1:  Notebook PC w/VHP SP2 w/automatic update
    Satellite2: Notebook w/XPPro

    All three communicate with each other quite well, including MSSQL Server SMS and my DataReplication apps.

    All three are configured to backup files to a central device, DriveJ:\ on the HubPC.  The backup runs weeekly and completes w/o problem.

    Yet, the Hub PC show LOC status as amber and instructs me to backup files on Satellite1.  I run a manual backup on Satellite1, yet the HubPC status indicator in the tray remains amber.

    Reassigning the hub, removing the Satellites and reinstalling to the LAN w/new names [a real drag ;-)  ] has no effect.  As soon as Satellite1 comes up on the net, the green status on the Hub switches to amber.

    In my world, I'd simply create a status.dll which allows users to verify the status is incorrect and "flip the switch."  MS could easily make the switch, IMHO, because status is not a program function.  I.e., it doesn't oprotect anything, only inform the user. Once informed, we 'grownups' should be able to correct it.  As in days gone by when we'd have to flush the print buffers in order to clear the cache and get the dot-matrix machines printing again.

    Not looking for a solution ('less'n of course you have one (G), but perhaps an input to those who can?  After all, like a blind date who has everything you want in a mate except they are bone ugly, the interface is what users rely on to say the like a program or not...

    Friday, July 10, 2009 9:16 PM
  • Hi, woodturner. If you've read through this thread, you'll know that there are a few solutions that have worked for some. The long term solution, I'm afraid, is the end of OneCare. See the announcements at the top of the General forum for details. The replacement to OneCare, Microsoft Security Essentials will not have multi-PC management or anything from OneCare other than the virus and spyware protection.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator
    Sunday, July 12, 2009 5:02 PM
    Moderator