resolved issue (1). msftncsi. This is the 'keep alive' indicator for Vista/Win 7. It probes a text file on this site (owned by microsoft). If it finds this file, then it puts a pretty little picture of earth on your network connection indicator.
If you set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing to 0, the OS will no longer probe for internet connectivity, but you also lose the pretty 'earth' graphic.
So there you go.. Now for issue (2). Do I need verisign for patching purposes?
Still ongoing issues.
Found that the problem has 'spread'. It's definitely occuring on several XP stations.
Have confirmed that the user being used in the credential can login, download the patch and execute the patch with no errors.
Have found that the kpmchk.exe file is a kpmchkbad.txt (or whatever it is exactly). Interestingly, it's a 403 error at the top of the page pre-pended to the exe file. If you chop of the error at the top and rename the file to .exe it executes normally. So, why does it download the file, rename it and prepend it with a HTTP error?
I've just exact the same problems with kpmchk.exe - do you have found any solution?
See my post http://community.kaseya.com/xsp/f/30/t/14290.aspx
The answer to this mysterious issue lies in the KB article:
I discovered that if you verified access with the user account in Set Credential and you can successfully download vsaupdate.kaseya.net/.../kPmChk.exe from the endpoint, just delete kPmChk.exe from the endpoint's PATCH SERVER.
Once they get stuck, they seem to be stuck forever, but I am going through about 100 of these today and the fix works every time.