- Remove From My Forums
-
Question
-
Hi,
the last time when updating the Server 2012 R2 then reboot it I surprised to see the status of all update failed.
any help ..
thanks
TRKMANY
All replies
-
Hello,
which error number is shown in the event viewer?
As first step I would stop the Windows Update service, then delete the C:windowssoftwaredistribution folder and start the Windows Update service again.
Then run again the update check.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP — Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
-
Proposed as answer by
Tuesday, August 19, 2014 2:09 AM
-
Proposed as answer by
-
Hello,
I want to confirm if the issue has been resolved.
To add some more information, is KB 2919355 installed successfully on the computer since this is a 2012R2 computer?
Windowsupdate.log may help us address the issue.
-
Hi Meinolf,
I delete software distribution folder then start update then reboot the server .and collect these info.
Hi Daniel :
Yes KB 2919355 is already installed .
«Actually I start facing this issue recently ,I have other 3 server updated normally»
Log entries in Event Viewer / Windows Logs / Setup:
Package KB2918614 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2967917 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2962409 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2978668 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2976897 failed to be changed to the Installed state. Status: 0x8007371b.
Package KB2973351 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2975061 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2971203 failed to be changed to the Installed state. Status: 0x8007371b.
Package KB2981580 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2973201 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2959626 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2896496 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2958262 failed to be changed to the Installed state. Status: 0x800736b3.
Package KB2961072 failed to be changed to the Installed state. Status: 0x8007371b.
Package KB2976627 failed to be changed to the Installed state. Status: 0x800736b3.The system log entries are:
Installation Failure: Windows failed to install the following update with error 0x8007371B: Security Update for Windows Server 2012 R2 (KB2973201).
Installation Failure: Windows failed to install the following update with error 0x8007371B: Security Update for Windows Server 2012 R2 (KB2961072).
Installation Failure: Windows failed to install the following update with error 0x800736B3: Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2976627).
Installation Failure: Windows failed to install the following update with error 0x800736B3: Security Update for Windows Server 2012 R2 (KB2918614).
Installation Failure: Windows failed to install the following update with error 0x800736B3: Update for Windows Server 2012 R2 (KB2967917).
…..
From Systeminfo command I found this :
Hotfix(s): 46 Hotfix(s) Installe
[10]: KB2911106
[11]: KB2911804
[12]: KB2912390
[13]:
KB2919355
[14]: KB2919394
[15]: KB2919442
[16]: KB2920189
TRKMANY
-
Edited by
TRKMANY
Wednesday, August 20, 2014 6:36 AM
-
Edited by
-
Hi,
Based on my research, the issue may be caused by system corruption, most of the solutions to the issue is to do a in-place upgrade. If the solution is acceptable for you, it should resolve the issue.
Pleaes feel free to let us know if you have any feedback.
-
Hi Daniel,
This production server part of failover cluster ( 4 servers 2012 r2 standard Ed.),now it is out off .
the load on 3 only.
I tried to start from the DVD and select repair But it stuck .
So what the consequences of in-place upgrade .
please advice ..
thank you
TRKMANY
-
Hi,
Since this is a production server, let’s do some more test before in place upgrade.
First, please share windowsupdate.log, you can upload it to onedrive and share the link if the file is very large.
Download theupdate from microsoft download center, andtry to install it manually.
Regarding the upgrade, it just like install a newoperating system, but the roles, features and settings persist.
-
Hi Daniel,
Thank for your reply,
Please find the file at link :
https://drive.google.com/folderview?id=0Bxso9GFeORt2Q2tqQ1c2VEtkQlk&usp=sharing
And for downloading the Kb one by one and install it manually on the server it gives the same result (Failed).
I tried to uninstall one of the old installed successfull KB then install it again ,it works fine for those old KB.
Thanks in advance.
TRKMANY
-
Hi TRKMANY,
Thanks for contacting Microsoft.
Based on my experience, the cause of this issue may be that some related files and registry are corrupt. So please run the DISM commands which scan the OS to check for corruption and check whether any corruption has been detected :
————————————————————————-
1.Open Powershell with Administrative Rights.
2. type the following command, and then press Enter
Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /CheckHealth
After that, please let me know the results. Besides, I have downloaded the file you uploaded. I will update you on the results as soon as I can.
Thanks,
Sophia Sun
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Hi TRKMANY,
Hope you are doing well.
I am writing to see whether there are any updates about this issue. If there are anything I can do, feel free to contact me. Thanks for your cooperation.
Best Regards,
Sophia Sun
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Hi Sophia,
Sorry for the last couple days, I was busy with updating Exch2013 to CU5 .
The output for the two commands:
C:Windowssystem32>Dism /Online /Cleanup-Image /ScanHealth
Deployment Image Servicing and Management tool
Version: 6.3.9600.17031Image Version: 6.3.9600.17031
[==========================100.0%==========================]
Error: 2The system cannot find the file specified.
The DISM log file can be found at C:WindowsLogsDISMdism.log
C:Windowssystem32>Dism /Online /Cleanup-Image /CheckHealth
Deployment Image Servicing and Management tool
Version: 6.3.9600.17031Image Version: 6.3.9600.17031
No component store corruption detected.
The operation completed successfully.I also did this command :
C:Windowssystem32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windirLogsCBSCBS.log. For
example C:WindowsLogsCBSCBS.log. Note that logging is currently not
supported in offline servicing scenarios.The system file repair changes will take effect after the next reboot.
CBS.log Shared on this link :
https://drive.google.com/file/d/0Bxso9GFeORt2MUwzN05LWWo4TmM/edit?usp=sharing
Thanks in advance ….
TRKMANY
-
Hi TRKMANY,
Thanks for the uploaded information.
From the CBS logs, I found the following errors.
==============================
2014-08-31 15:05:42, Error CSI 000051f7 (F) Failed on regenerating file [l:32{16}]»SynthNic.dll.mui»[gle=0x80004005]
2014-08-31 15:05:42, Error CSI
0000520b@2014/8/31:12:05:42.976 (F) basewcplibrarydelta_library.cpp(287): Error NTSTATUS_FROM_WIN32(ERROR_INVALID_DATA) originated in function Windows::Rtl::DeltaDecompressBuffer expression: g_pfnApplyDeltaB((
(DELTA_FLAG_TYPE)0x00000000 ), ReferenceInput, CompressedInput, &UncompressedOutput)
[gle=0x80004005]2014-08-31 15:05:43, Error CSI 0000520c (F) Failed on regenerating file [l:26{13}]»CCFFilter.sys»[gle=0x80004005]
2014-08-31 15:05:42, Error CSI 000051e7 (F) Failed on regenerating file [l:50{25}]»HyperVMigrationPlugin.dll»[gle=0x80004005]
After analyzing the CBS log and Windows Update log, would you please try the following steps to see how the issue goes.
————————————————————————————————
1. Increase the time out value for HKLMSystemCurrentControlSetServicesTrustedInstallerBlockTimeIncrement to be Hexadecimal “5460” (6 hours timeout)
2. Reset Windows Update components by following article below:
How do I reset Windows Update components?
http://support.microsoft.com/kb/9710583. Reboot the server and test how the issue goes.
Best regards,
Sophia Sun
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Hi Sophia,
I received error for the first option :
error Editing Value
Cannot edit BlockTimeIncrement : Error writing the value’s new contents.
For the second option : I found it’s for Windows 8.1, Windows 8, and Windows 7 not for Server 2012 R2.
Please advice ,
Regards
TRKMANY
-
Hi TRKMANY,
Thanks for your reply.
We need administrator permission to modify registry. So would you please let me know whether you perform the registry modifying using administrator permission? Besides, please back up the registry key before modifying it.
For the second option, please allow me to explain that it is also suitable for Windows Server 2012 R2. Because Windows Server 2012 R2 has the same core with Windows 8.1. So please try this option and test how the issue goes.
If there are any concerns, please feel free to contact me.
Best regards,
Sophia Sun
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Hi Sophia,
I used domain admin which is member of local admin group but same message ,I tried to did this on my win 7
pc and same message.I will try to
Reset Windows Update components by following article and inform you what happened .thanks in advance
TRKMANY
-
Hi TRKMANY,
Thanks for your update.
Based on current status, I will wait for your update. If there are anything I can do, please feel free to let me know.
Thanks,
Sophia Sun
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Hi Sophia,
Thanks for your kind help, But same result after reset windows update components.
What to do is remove the node from the cluster then reinstall from scratch then join it again.
OR,if you have something else Please.
Thanks in advanced..
TRKMANY
Overview
We had this issue on some virtual servers migrated from a «cloud» provider back to our internal data center. The root cause was permissions to the %SystemRoot%System32catroot2 folder. There were a number of differences between the permissions on that folder on a healthy server vs those on the migrated server. I believe the key one was that TrustedInstaller didn’t have full access.
Additional Symptoms
Looking at the Application log in the event viewer, we saw a number of errors:
Source: CAPI2
EventId: 257
Text: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
Source: ESENT
EventId: 490
Text: Catalog Database (416) Catalog Database: An attempt to open the file "C:Windowssystem32CatRoot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}catdb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).
The clue is in the ESENT error’s text; i.e. permissions issue accessing a file under the catroot2 folder.
Resolution
Give the Trusted Installer account full control to the catroot2 folder and its children.
In case that’s not enough, for comparison, running icacls %systemroot%system32catroot2 on a healthy server gives this:
C:Windowssystem32catroot2 NT SERVICECryptSvc:(F)
NT SERVICECryptSvc:(OI)(CI)(IO)(F)
NT SERVICETrustedInstaller:(I)(F)
NT SERVICETrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITYSYSTEM:(I)(F)
NT AUTHORITYSYSTEM:(I)(OI)(CI)(IO)(F)
BUILTINAdministrators:(I)(F)
BUILTINAdministrators:(I)(OI)(CI)(IO)(F)
BUILTINUsers:(I)(RX)
BUILTINUsers:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITYALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITYALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
NB: To add Trusted Installer, you’ll need to search on the local computer accounts for nt servicetrustedinstaller.
After replacing permissions on catroot2, ensure you click the replace permissions on child objects & containers checkbox to ensure that child items have their permissions resolved also.
No reboot is required for the fix itself (though obviously, once updates start working again, you’ll likely need to reboot for those).
Posted by tp_ahaas 2020-05-25T17:00:28Z
I’ve been working on our WSUS server and finally started getting updates installed on all our servers, but I have one outlier, a Windows Server 2012 R2 Standard machine that has 17 updates needed.
Installing any of them results in the server rolling it back because the updates could not be installed.
The WindowsUpdate log has almost 30 lines per second, and I don’t know what I’m looking at. Somethings that stand out:
Attached is the log for today.
attach_file
Attachment
WindowsUpdate.txt
282 KB
37 Replies
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
Install only the 2020-05 Security Monthly Quality Rollup (the one that’s 500MB+)
Does that work?
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
They will all «install» but after reboot I get this:
We couldn’t complete the updates
undoing changes
Don’t turn off your computer.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
Have you installed the latest servicing stack update?
2020-03 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB4540725)
Was this post helpful?
thumb_up
thumb_down
-
check
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
FYI, updates are transactional — that means that if it doesn’t install ‘properly’ it reverts to what it was before — meaning your updates are not actually ‘installing’
Check the EventViewer logs for more details.
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
KB4540725 is already installed on this server.
Was this post helpful?
thumb_up
thumb_down
-
I would say there is something wrong from last year, as the updates go back to last May. Some of those would be superseded, so it doesn’t seem like it is seeing the correct updates available. You may need to mark those updates as superseded in WSUS( if that is still a thing ). You could try to reset the Windows Update ( clearing downloads from Software Distribution and other relevant folders )( or try the update troubleshooter ) reboot and check for updates again. You could also try downloading and manually installing those last 5 updated from May, then checking for updates again.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
I would say there is something wrong from last year, as the updates go back to last May. Some of those would be superseded, so it doesn’t seem like it is seeing the correct updates available. You may need to mark those updates as superseded in WSUS( if that is still a thing ). You could try to reset the Windows Update ( clearing downloads from Software Distribution and other relevant folders )( or try the update troubleshooter ) reboot and check for updates again. You could also try downloading and manually installing those last 5 updated from May, then checking for updates again.
Yes, from WSUS’s point of view,
It looks like you’re not. That won’t happen in this scenario though, but you should be doing it (or automate it with WSUS Automated Maintenance (WAM) ©)
View previously installed updates. Remove the last few of them including the SSU (Servicing stack update). Then install the latest SSU and the latest CU like I mentioned above.
I’ve seen it where removing previous updates fix the problem due to one of the updates causing a block.
Beyond that, look at the eventlog and see what it says.
Was this post helpful?
thumb_up
thumb_down
-
check
-
In the logs this error seems suspect to me. Something to do with SSL and that server not being able to check for the correct updates.
FATAL: EP: CSLSEndpointProvider::GetWUClientData — failed to get SLS data, error = 0x8024500C
In researching that error, there are some mentions of an update for WSUS, which resolves issues updating Server 2012 R2.
https://serverfault.com/questions/694708/wsus-2012-r2-clients-not-reporting Opens a new window
And mention of disabling IPv6.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Our WSUS server had not been maintained in several months. I have been tasked with learning it, getting it up to speed, and getting all our machines updated. I’ve been installing updates for the last several days on these servers, and approving the updates that supersede others. As those installs have been happening, the list of those updates has shrunk and now these servers only need a handful of updates. This server has always been an issue with Windows Updates, but it’s been years and before my time as to what the issues have been. I am the fresh eyes looking at this.
grantnoturbus wrote:
I would say there is something wrong from last year, as the updates go back to last May. Some of those would be superseded, so it doesn’t seem like it is seeing the correct updates available. You may need to mark those updates as superseded in WSUS ( if that is still a thing ). You could try to reset the Windows Update ( clearing downloads from Software Distribution and other relevant folders )( or try the update troubleshooter ) reboot and check for updates again. You could also try downloading and manually installing those last 5 updated from May, then checking for updates again.
I’ve used a script found online to rebuild the software distribution folder. I can’t find the troubleshooter.
I have not tried downloading the latest update and installing manually, but I’ve tried it with the oldest and the largest.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
tp_ahaas wrote:
Our WSUS server had not been maintained in several months. I have been tasked with learning it, getting it up to speed, and getting all our machines updated. I’ve been installing updates for the last several days on these servers, and approving the updates that supersede others. As those installs have been happening, the list of those updates has shrunk and now these servers only need a handful of updates.
Spend some time looking on my site — all my guides will help you understand WSUS
https://www.ajtek.ca/category/wsus/ Opens a new window
At the same time, when it comes to the maintenance of WSUS — what is your time worth? A couple of good scenarios are in that article that I recommend reading.
https://www.ajtek.ca/blog/how-to-justify-a-wam-subscription/ Opens a new window
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
I’ve seen mention of installing
support.microsoft.com/en-us/kb/2734608 on the WSUS server, but it’s when I tried it said it was already installed.
Was this post helpful?
thumb_up
thumb_down
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Adam (AJ Tek) wrote:
tp_ahaas wrote:
Our WSUS server had not been maintained in several months. I have been tasked with learning it, getting it up to speed, and getting all our machines updated. I’ve been installing updates for the last several days on these servers, and approving the updates that supersede others. As those installs have been happening, the list of those updates has shrunk and now these servers only need a handful of updates.
Spend some time looking on my site — all my guides will help you understand WSUS
https://www.ajtek.ca/category/wsus/ Opens a new window
At the same time, when it comes to the maintenance of WSUS — what is your time worth? A couple of good scenarios are in that article that I recommend reading.
https://www.ajtek.ca/blog/how-to-justify-a-wam-subscription/ Opens a new window
I have 26 other servers that have installed WSUS updates without issue. This is an isolated issues I am looking to resolve.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
tp_ahaas wrote:
Adam (AJ Tek) wrote:
tp_ahaas wrote:
Our WSUS server had not been maintained in several months. I have been tasked with learning it, getting it up to speed, and getting all our machines updated. I’ve been installing updates for the last several days on these servers, and approving the updates that supersede others. As those installs have been happening, the list of those updates has shrunk and now these servers only need a handful of updates.
Spend some time looking on my site — all my guides will help you understand WSUS
https://www.ajtek.ca/category/wsus/ Opens a new window
At the same time, when it comes to the maintenance of WSUS — what is your time worth? A couple of good scenarios are in that article that I recommend reading.
https://www.ajtek.ca/blog/how-to-justify-a-wam-subscription/ Opens a new window
I have 26 other servers that have installed WSUS updates without issue. This is an isolated issues I am looking to resolve.
Absolutely, that’s why I mentioned in this instance, WAM won’t help. It’s not about WSUS or the updates, there’s a problem happening on this server (check event logs — I still haven’t seen you mention any error messages at the time of installation from the event logs).
Was this post helpful?
thumb_up
thumb_down
-
check
-
If the manual updates are failing to install, definitely the issue is on the 2012 R2 server.
Usually, the Windows Update reset will resolved these types of issues. Maybe there is a registry key preventing the updates from installing? You could take out the WSUS registry setting to have the server just check online for updates, but again if the manual update did not even this is unlikely to work either..
At this point I would be more aggressive with resetting Windows Update, maybe the script you used did not do all you need.
Maybe this?
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness#checksur Opens a new window
Was this post helpful?
thumb_up
thumb_down
-
As at least one other has mentioned, you may need to uninstall an update (or updates) from about the time updates started failing. I’ve seen this happen before and in my case I had to uninstall a (supposedly) successfully installed update and install a more recent patch in order to get them to start installing properly. A nice thing that M$ has been doing for a while now is the monthly cumulative patches, so uninstalling the old updates doesn’t mean you have to reinstall that update again and hope it works (and doesn’t block all the subsequent patches, just uninstall the old one and install the very latest. Something else to try is installing them one at a time to see if the updates will install singly since it seems that it fails when trying to install all of them at once, so maybe try installing one patch, then rebooting, then another, and rebooting until you’re down to only one patch that fails. Once you’ve narrowed it down (if that works) you can maybe research issues with that one patch and/or open a ticket with Microsoft to see why that one fails. Sometimes it’s more a case of being stubborn and not giving up, and trying different things until you have success. Good luck!
Was this post helpful?
thumb_up
thumb_down
-
adrian_ych
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
71
Best Answers -
thumb_up
364
Helpful Votes
The real question is with Win10, do you still need WSUS ? Win10 is able to get updates from peers, even it still needs Internet to check for updates.
Then use PDQ deploy to deploy win10 CUs.
Then what I would do is untick the repeated updates and install the newer ones for .net, only monthly & monthly updates for the latest…then check again after clearing contents of c:windowssoftware distribution folder (need to stop windows update service first).
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Running DISM.exe /Online /Cleanup-Image /Restorehealth
Text
Error: 0x800f0906 The source files could not downloaded. Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. The DISM log file can be found at C:WindowsLogsDISMdism.log
attach_file
Attachment
dism.txt
147 KB
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
-
check
-
Was this post helpful?
thumb_up
thumb_down
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Rita Hu wrote:
I’m taken a back here. I can’t ping my WSUS server from the machine I’m trying to update or the WSUS server itself:
Text
ping http://server.domain.local:8530 Ping request could not find host http://server.domain.local:8530. Please check the name and try again.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
drop the :8530 and the http://
ping server.domain.local
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
I can ping server.domain.local without issue.
I was able to download the cab file.
I was then able to access the URL:
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
again, I believe this is something you need to look in the event viewer for.
download the patch from the catalog
install the patch, restart, review the event logs (Application, System) for the time you just tried to install and restart.
This will give you SOME information as to what’s going on.
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Adam (AJ Tek) wrote:
download the patch from the catalog
Sorry, I’m not sure what you mean. Do you want me to run the script from my previous screenshot?
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
If you’re wanting me to download the Windows Update (any of them) that are failing, I’ve already downloaded them from Microsoft and tried installing them outside of Windows Update only to get the same result, rolled back because they could not install.
Checking the Even Viewer for the last time I tried to install it reveals some oddities ever once and a while:
System
- Error Service Control Manager
The Windows Modules Installer service terminated with the following error:
The data is invalid. - Warning Window Remote Management
The WinRM service is not listening for WS-Management requests.User Action
If you did not intentionally stop the service, use the following command to see the WinRM configuration:winrm enumerate winrm/config/listener
- Error IIS-APPHOSTSVC
The Application Host Helper Service encountered an error trying to access the root history directory ‘C:inetpubhistory’. The directory either doesn’t exist or the permissions on it don’t allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number. - Error Iphlpsvc
Unable to update the IP address on Isatap interface isatap.{6793FD6C-010E-439B-BF95-376E9F1CD7CB}. Update Type: 1. Error Code: 0x490. - Warning LSA (LsaSrv)
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.NTLM is a weaker authentication mechanism. Please check:
Which applications are using NTLM authentication?
Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
If NTLM must be supported, is Extended Protection configured?Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699 Opens a new window.
- Error DistributedCOM
The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout. - Warning TerminalServices-RemoteConnectionManager
The Remote Desktop Session Host server could not contact the Remote Desktop license server dc2.domain.local. Ensure that the Remote Desktop Licensing service is running on the license server, that the license server is accepting network requests, and that the license server is registered in WINS and DNS. - Warning GroupPolicy (Microsoft-Windows-GroupPolicy)
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
The first 4 or 5 of those repeat over and over. Looks like I have a lot of work to do before I wonder why Windows Updates aren’t installing.
Was this post helpful?
thumb_up
thumb_down
- Error Service Control Manager
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
I’d look at the IIS one regarding permissions on the history folder, the Isatap interface, and the
DCOMfix those 3 and the update will probably either give new errors, or succeed.
Was this post helpful?
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
adrian_ych wrote:
The real question is with Win10, do you still need WSUS ? Win10 is able to get updates from peers, even it still needs Internet to check for updates.
Then use PDQ deploy to deploy win10 CUs.
Then what I would do is untick the repeated updates and install the newer ones for .net, only monthly & monthly updates for the latest…then check again after clearing contents of c:windowssoftware distribution folder (need to stop windows update service first).
Just noticed your comment. That’s a good point, however in our situation most of our clients are offices are rural areas. Everyone is connected via an MPLS-style (forgot what it’s called that we just switched to a few years back) network so everyone gets their update approvals from our server at a colo. 700 some computers as dozens of sites up and down CA make a PDQ style delivery too hands on. This way machines updates themselves, in time.
Was this post helpful?
thumb_up
thumb_down
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Thank you Adam (AJ Tek), grantnoturbus, Scott696d, adrian_ych, and Rita Hu
I will update this ticket… uh… post once I have some progress.
Was this post helpful?
thumb_up
thumb_down
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
Looks like the second IIS-APPHOSTSVC was literally the «history» did not exist (which is the default location if not specified in «ApplicationHost.config»)
https://kb.eventtracker.com/evtpass/evtPages/EventId_9010_Microsoft-Windows-IIS-APPHOSTSVC_66285.asp Opens a new window
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
adrian_ych wrote:
see some flaws as we used to have the same thinking in «rural» or even remote locations.
1. Even if those places have slow Internet, WSUS updates one machine at a time or a few machines at a time by sending updates to each machine. So if the update is like 1GB for example and you have 10 machines, 10GB needs to be transferred. But if Win10 is left to auto-update with optimized updates, probably 3 GB or 4 GB or maybe even less needs to be transferred via Internet or WAN.
https://docs.microsoft.com/en-us/windows/deployment/update/waas-optimize-windows-10-updates Opens a new window
DO is available using WSUS — I recommend using it Opens a new window Opens a new window. Express delivery can also be enabled with WSUS too, but I don’t recommend that unless you have a need where bandwidth is a concern (multiple slow connections with LIMITED number of systems in that location…. think a handful…. if there are a number of systems there, DO will take over and distribute the update LOCALLY)
2. WSUS being single point of failure. There are known updates to,the WSUS server that causes or have potential to cause issues to window updates on clients.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/e7e0445a-2c19-405b-9f2a-bd7455200a95/cl… Opens a new window
While WSUS can be a single point of failure — single point of failure to WHAT? If an update server goes down and has to be rebuilt (another story all together), we’re not talking about a LONG TIME to go without it. It’s not a mission critical service unless you NEED to be patched by HOURS after Microsoft releases the updates on patch Tuesday. While it would be a DREAM to have everyone work this way, from a business standpoint, it’s mostly not going to happen. There are other Microsoft MVPs (Harjit, for example) who do patch their systems very close to the release of the updates. That being said, servers are different and will have maintenance windows (or not) and will be restarted off-hours automatically or manually by an IT person.
The URL nicely points to a topic I responded to at the bottom regarding the use of WSUS Automated Maintenance (WAM) ©. If clients are not reporting properly, the Client side script usually helps — https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/ Opens a new window — and if it doesn’t that page has all the other troubleshooting steps to get them working. Since developing and using WAM, clients continually report to WSUS. I think I may have a 1% need to run the client side script over the last 3 years together (not 1% a year, but 1% over the 3 year span)
adrian_ych wrote:
3. WSUS may not be able to deploy win10 CU or win10 CU updates.
If you noticed, some win10 CU cannot be installed or worse win 10 install updates then the CU although the CU makes those updates obsolete. Then WSUS-2012 is known to miss win10 CU updates
This is not true. WSUS on Server 2012 works perfectly fine for Windows 10 servicing and I used a Server 2012R2 box all the way until January 2019 when I upgraded the box IN-PLACE to Server 2019 (2012>2012R2>2019 — all IN-PLACE upgrades). The biggest problems were in the beginning with regards to understanding the servicing requirements for Upgrades — not CU’s. Hell, Server 2008/2008R2 WSUS systems CAN STILL patch Windows 10 systems through the CU’s — just 2008/2008R2 systems can’t UPGRADE them — but 2012/2012R2 systems CAN if you have the right configuration Opens a new window Opens a new window.
Now, although Microsoft would like everyone to auto-update directly from Microsoft, on their schedules or augmented schedules by customers (WUfB Policies), the last 2-3 years have been ATROCIOUS for Microsoft’s quality for publishing updates. Really big ones where data is DELETED on upgrades, where updates even cause deletions of data (this was recently), and the like… Controlling the updates in your network and testing in-production Opens a new window Opens a new window, and being able to HOLD OFF on updates for longer than 30 days while Microsoft attempts to fix their patches (remember
Meltdown and Spectre? — took them 3-4 months to fully mitigate the issue enough with STABLE patches.)WUfB has it’s place Opens a new window Opens a new window, but as I say — you must explicitly trust Microsoft… and trust their update system (which is getting better, contrary to popular belief — but they are still a ways off before they will be trusted explicitly)
1 found this helpful
thumb_up
thumb_down
-
check
-
adrian_ych
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
71
Best Answers -
thumb_up
364
Helpful Votes
Adam (AJ Tek) wrote:
adrian_ych wrote:
see some flaws as we used to have the same thinking in «rural» or even remote locations.
1. Even if those places have slow Internet, WSUS updates one machine at a time or a few machines at a time by sending updates to each machine. So if the update is like 1GB for example and you have 10 machines, 10GB needs to be transferred. But if Win10 is left to auto-update with optimized updates, probably 3 GB or 4 GB or maybe even less needs to be transferred via Internet or WAN.
https://docs.microsoft.com/en-us/windows/deployment/update/waas-optimize-windows-10-updates Opens a new window
DO is available using WSUS — I recommend using it Opens a new window. Express delivery can also be enabled with WSUS too, but I don’t recommend that unless you have a need where bandwidth is a concern (multiple slow connections with LIMITED number of systems in that location…. think a handful…. if there are a number of systems there, DO will take over and distribute the update LOCALLY)
2. WSUS being single point of failure. There are known updates to,the WSUS server that causes or have potential to cause issues to window updates on clients.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/e7e0445a-2c19-405b-9f2a-bd7455200a95/cl… Opens a new window
While WSUS can be a single point of failure — single point of failure to WHAT? If an update server goes down and has to be rebuilt (another story all together), we’re not talking about a LONG TIME to go without it. It’s not a mission critical service unless you NEED to be patched by HOURS after Microsoft releases the updates on patch Tuesday. While it would be a DREAM to have everyone work this way, from a business standpoint, it’s mostly not going to happen. There are other Microsoft MVPs (Harjit, for example) who do patch their systems very close to the release of the updates. That being said, servers are different and will have maintenance windows (or not) and will be restarted off-hours automatically or manually by an IT person.
The URL nicely points to a topic I responded to at the bottom regarding the use of WSUS Automated Maintenance (WAM) ©. If clients are not reporting properly, the Client side script usually helps — https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/ Opens a new window — and if it doesn’t that page has all the other troubleshooting steps to get them working. Since developing and using WAM, clients continually report to WSUS. I think I may have a 1% need to run the client side script over the last 3 years together (not 1% a year, but 1% over the 3 year span)
adrian_ych wrote:
3. WSUS may not be able to deploy win10 CU or win10 CU updates.
If you noticed, some win10 CU cannot be installed or worse win 10 install updates then the CU although the CU makes those updates obsolete. Then WSUS-2012 is known to miss win10 CU updates
This is not true. WSUS on Server 2012 works perfectly fine for Windows 10 servicing and I used a Server 2012R2 box all the way until January 2019 when I upgraded the box IN-PLACE to Server 2019 (2012>2012R2>2019 — all IN-PLACE upgrades). The biggest problems were in the beginning with regards to understanding the servicing requirements for Upgrades — not CU’s. Hell, Server 2008/2008R2 WSUS systems CAN STILL patch Windows 10 systems through the CU’s — just 2008/2008R2 systems can’t UPGRADE them — but 2012/2012R2 systems CAN if you have the right configuration Opens a new window.
Now, although Microsoft would like everyone to auto-update directly from Microsoft, on their schedules or augmented schedules by customers (WUfB Policies), the last 2-3 years have been ATROCIOUS for Microsoft’s quality for publishing updates. Really big ones where data is DELETED on upgrades, where updates even cause deletions of data (this was recently), and the like… Controlling the updates in your network and testing in-production Opens a new window, and being able to HOLD OFF on updates for longer than 30 days while Microsoft attempts to fix their patches (remember
Meltdown and Spectre? — took them 3-4 months to fully mitigate the issue enough with STABLE patches.)WUfB has it’s place Opens a new window, but as I say — you must explicitly trust Microsoft… and trust their update system (which is getting better, contrary to popular belief — but they are still a ways off before they will be trusted explicitly)
If thats the case why need sccm or PDQ deploy etc focus on Win 10 CU & CU updates ?
nevermind…i delete the post….you obviously read OPs posts in detail right ??
1 found this helpful
thumb_up
thumb_down
-
check
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
PDQ won’t fix his problem… It is localized to that server. I use PDQ Deploy and Inventory in addition to WSUS in my network. WSUS for ALL Microsoft products, and PDQ for 3rd party apps.
SCCM (NOW known as MEMCM) is a great tool instead of PDQ but it is a heavy install, costly, and big learning curve for doing just updating…. And WSUS is still there in the background feeding MEMCM all the updates.
Anyway, we are derailed. Waiting for the OP for the next set of updates on the situation.
1 found this helpful
thumb_up
thumb_down
-
check
-
adrian_ych
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
71
Best Answers -
thumb_up
364
Helpful Votes
Adam (AJ Tek) wrote:
PDQ won’t fix his problem… It is localized to that server. I use PDQ Deploy and Inventory in addition to WSUS in my network. WSUS for ALL Microsoft products, and PDQ for 3rd party apps.
SCCM (NOW known as MEMCM) is a great tool instead of PDQ but it is a heavy install, costly, and big learning curve for doing just updating…. And WSUS is still there in the background feeding MEMCM all the updates.
Anyway, we are derailed. Waiting for the OP for the next set of updates on the situation.
OP have rural sites pulling updates from one WSUS…so unless he have branchcache, bandwidth is issue. In the «best case scenario» is update 1 machine via WAN, then that machine will update the next 100. thats why I said both single point of failure (if wsus down, nobody in his location knows how to fix) and many sites depending on 1 server. Unless MS allows update optimization from wsus and peers (currently is Internet & peers, unless I am mistaken)
Have you deployed win10 CU using wsus and/or win10 cu updates ? have you seen the process ? do you find any faults or failure in logic in it ? In win10…MS split into updates vs manually install CU or updates vs manually install CU updates. Even setting to automatic updates from Internet does not install CUs or CU updates…only updates.
PDQ deploy have «pre-defined» deployment for win1o cc and win10 cu updates…literally 1 touch to download, one touch to deploy. It is free if you do not need things like scheduler (who schedule CU deployments) ?
1 found this helpful
thumb_up
thumb_down
-
check
-
OP
tp_ahaas
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.chipotle
We’ve decided this server isn’t worth the hassle and we’re replacing it with a VM with a more current version of Windows Server.
Was this post helpful?
thumb_up
thumb_down
-
OverDrive
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.mace
Windows Server Expert
-
check
43
Best Answers -
thumb_up
167
Helpful Votes
Sounds like a plan
Was this post helpful?
thumb_up
thumb_down
-
check
Read these next…
Merging two domains with the same name?
Windows
It seems that a possible company merger is coming down the pipeline, but as luck would have it, the active directory domains have the same name (ie, domain.local)The domain I maintain is running server 2019 at a 2016/2019 functional level.The other domain…
How can I track changes to network adapter configuration
Windows
Ok, so we have a site where most of the users have local admin and they have a small group of users who «know about computers». The site runs pretty smoothly but we’re seeing a bunch of users who are able to function on the wired network but aren’t able …
Snap! — Cooling in Antarctica, Back to the Moon, Biological Clothing, AI Sci-Fi
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: February 3, 1986: The term “vaporware” is first used by Philip Elmer-DeWitt in a TIME magazine article (Read more HERE.)
Bonus Flashback: February 3, 1966: Luna 9 Lan…
Safety Glasses with Glasses
Networking
I’m going to be pulling some new wire soon through some dirty drop ceilings, and without fail, at some point I always get a piece of something in my eye at some point during the job.I’d like to avoid that this time.I have struggled to find safety glasses …
AD on-premise courses
IT & Tech Careers
Hello!We have a predominantly on-prem AD environment. Whilst we will be moving to M365 that will be in a while.We have a number of junior staff that need basic instruction in Active Directory and file/folder permissions. I recall many years ago the MC…
После установки нового сервера WSUS в сети нашей компании многие клиенты не смогли получить новые обновления с сервера с ошибкой 0x80244010. Как оказалось, эта ошибка характерна не только для компьютеров, обновляющихся с внутреннего сервера WSUS, но и для устройств, получающих обновления напрямую с Windows Update. Рассмотрим, основные способы исправления ошибки 0x80244010 и восстановления работоспособности системы обновлений.
Для диагностики проблемы нужно открыть лог агента обновлений WindowsUpdate.log (в Windows 7 и 8 он находится в каталоге %Windir% , а в Windows 10 его можно получить так). В журнале обновлений при этом будут присутствовать такие строки:
2018-04-10 18:40:38:994 828 11a3c PT WARNING: Exceeded max server round trips: 0x80244010
2018-04-10 18:40:38:994 828 11a3c PT WARNING: Sync of Updates: 0x80244010
2018-04-10 18:40:38:994 828 11a3c PT WARNING: SyncServerUpdatesInternal failed: 0x80244010
2018-04-10 18:40:38:994 828 11a3c Agent * WARNING: Failed to synchronize, error = 0x80244010
2018-04-10 18:40:39:024 828 11a3c Agent * WARNING: Exit code = 0x80244010
2018-04-10 18:40:39:024 828 11a3c Agent *********
2018-04-10 18:40:39:024 828 11a3c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2018-04-10 18:40:39:024 828 11a3c Agent *************
2018-04-10 18:40:39:024 828 11a3c Agent WARNING: WU client failed Searching for update with error 0x80244010
2018-04-10 18:40:39:024 828 1017c AU >>## RESUMED ## AU: Search for updates [CallId = {128CCEAD-F84D-405E-9BC2-607D1694894B}]
2018-04-10 18:40:39:024 828 1017c AU # WARNING: Search callback failed, result = 0x80244010
2018-04-10 18:40:39:024 828 1017c AU # WARNING: Failed to find updates with error code 80244010
Наибольший интерес вызывает строка Exceeded max server round trips: 0x80244010. Т.е. превышено максимальное число обращений к серверу обновлений (WSUS) во время сканирования обновлений. Об этом же свидетельствует код ошибки Windows Update согласно таблице (SUS_E_PT_EXCEEDED_MAX_SERVER_TRIPS). Т.е. сервер отключает клиента, который превысил лимит обращений. Этот лимит обращений в протоколе получения обновлений Windows устанавливается на сервере обновлений и по умолчанию составляет 200 обращений. Также имеется лимит на максимальный размер XML файла, который клиент получает с сервера в рамках одного обращения — 200 Кб. Чем большее количество обновлений на сервере для клиента нужно проверить, тем больший размер скачиваемого XML файла. В том случае, если клиенту не удается получить необходимые данные за 200 сессий, он временно отключается от сервера и возвращает ошибку.
Эта ошибка возникает, как правило, из-за плохого или нестабильного сетевого соединения с сервером обновлений или когда клиенту нужно получить слишком большое количество обновлений (новый клиент сервера WSUS или компьютер, на котором давно не устанавливались обновлений).
Самый простой вариант попробовать на клиенте несколько раз (3-7 раз) нажать кнопку Try Again или выполнить команду
wuauclt.exe / detectnow
Важно. После каждого запуска поиска обновлений нужно выждать около 15 минут, чтобы дождаться окончания предыдущего цикла поиска обновлений).
В большинстве случаев это решает проблему, но в том случае если клиентов в сети много, такой способ решения проблемы неприемлем.
По умолчанию клиент проверяет обновления на сервере каждые 22 часа. Можно увеличить частоту таких синхронизаций с помощью групповой политики Automatic Update detection frequency (в секции Computer Configuration -> Adminsitrative Templates -> Windows Components -> Windows Update), например до 3 часов.
Также можно на стороне сервера WSUS убрать ограничение на максимальный размер XML файла, который может скачать клиент с сервера. Для этого придется выполнить следующую команду в базе данных WSUSDB.
USE SUSDB
GO
UPDATE tbConfigurationC SET MaxXMLPerRequest = 0
Если вам не хочется менять настройки в базе WSUS, можно выполнить очистку WSUS сервера с помощью встроенного мастера очистки (Консоль Update Service -> Options -> Server Cleanup Wizard -> все опции -> Next), удалив старые, неиспользуемые и замененные обновления (особенно много мусора от обновлений MS Office). В результате такой операции, клиент Windows Update будет получать намного меньше мета-информации с WSUS сервера, и его взаимодействие должно уместиться в 200 сессий по 200кб.
Кроме того, если клиентов сервера WSUS достаточно много, можно попробовать увеличить производительность пула WsusPool согласно рекомендаций из статьи: Ошибка обновления Windows 80244022.
Если все рассмотренные способы не помогли исправить ошибку обновления на каком-то клиенте, выполните на нем скрипт сброса текущих настроек WSUS и удаления локального кэша. После чего выполните несколько циклов поиска обновлений.
I have set up a virtual network with two virtual machines. The first VM is Server 2008 R2 and is set up as a domain controller. The second VM is Server 2012 R2, and has been joined to the domain. The DC (TestVM1) is also set up as a DNS server.
From TestVM2 (Server 2012 R2), I am able to log in using a domain login, and I am able to browse to a public website.
I was able to run Windows Updates from TestVM1, but when I attempt to run Windows Updates from TestVM2, it fails.
The Windows Update client shows «Error(s) found:» and «Code 8024402F».
Errors in WindowsUpdate.log include
2014-10-17 18:26:14:235 800 950 Setup FATAL: GetClientUpdateUrl failed, err = 0x8024D009
2014-10-17 18:26:26:238 800 950 Misc WARNING: Send failed with hr = 80072ee7.
2014-10-17 18:26:26:238 800 950 Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-10-17 18:26:26:238 800 950 Misc WARNING: Send request failed, hr:0x80072ee7
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://v4.download.windowsupdate.com/c/msdownload/update/others/2014/08/13518740_b1b71791444e5dec0018bcd60303445108442c12.cab>.
error 0x8024402c
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: WinHttpQueryHeaders(WINHTTP_QUERY_CONTENT_TYPE) for X-CID failed. error 0x80072ef3
2014-10-17 18:26:26:238 800 950 PT WARNING: ECP: DownloadCabFile: failed to get CDN Provider for error reporting, hr = 0X80072EF3
2014-10-17 18:26:26:238 800 950 Misc WARNING: WinHttp: WinHttpQueryHeaders(WINHTTP_QUERY_CONTENT_TYPE) for X-CCC failed. error 0x80072ef3
2014-10-17 18:26:26:238 800 950 PT WARNING: ECP: DownloadCabFile: failed to get CDN Country for error reporting, hr = 0X80072EF3
2014-10-17 18:26:26:238 800 950 PT WARNING: ECP: Failed to download cab file from
http://download.windowsupdate.com/c/msdownload/update/others/2014/08/13518740_b1b71791444e5dec0018bcd60303445108442c12.cab with error 0x8024402c
2014-10-17 18:26:26:238 800 950 PT WARNING: ECP: This roundtrip contained some optimized updates which failed. New Update count = 34, Old Count = 60
2014-10-17 18:26:26:317 800 950 PT + SyncUpdates round trips: 1
2014-10-17 18:26:26:317 800 950 PT WARNING: Sync of Updates: 0x8024402f
2014-10-17 18:26:26:317 800 950 PT WARNING: SyncServerUpdatesInternal failed: 0x8024402f
2014-10-17 18:26:26:317 800 950 Agent * WARNING: Failed to synchronize, error = 0x8024402F
2014-10-17 18:26:26:317 800 950 Agent * WARNING: Exit code = 0x8024402F
This is blocking further work. Assistance would be greatly appreciated.
This tutorial contains several methods to fix Windows Update Problems in Windows 7/8/8.1 & Server 2008/2012 OS. In many cases, even in fresh Windows installations, the Windows Update is not working as expected, or it stuck when checking for updates or it displays several errors whenever you try to search for the available updates.
In such cases your system may become slow or unresponsive, because the Windows Update service (svchost.exe) causes high CPU usage. The Windows Update service is an essential feature in all Windows versions, because it is needed to provide all the available important and optional updates needed for the proper Windows operation and security.
The Windows Update problems often occur on Windows 7 or Vista based computers and in most cases, the errors are caused without any obvious reason and without a permanent solution to fix them from Microsoft. For all these reasons, I decided to write this troubleshooting guide, with the most efficient methods to resolve Windows Update problems on Windows 8.1, 8, 7 & Server 2008 or Server 2012.
Problems-Symptoms that are solved with this guide:
Windows Update is checking for updates forever.
Windows Update stuck/freezes.
Windows Update cannot find new updates.
Windows Update cannot currently check for updates because the service is not running.
Windows Update occurred an Unknown error: Code 8007000E
How to Solve Windows Update Issues on Windows 7/8/8.1 & Server 2008/2012
Important:
1. Before proceeding to apply the methods below, in order to troubleshoot Window Update problems, make sure that the Date and Time settings are correct on your system.
2. Try the following trick: Change the Windows Update settings from «Install updates automatically» to «Never check for updates (not recommended)» & restart your system, After restart set the update settings back to «Install updates automatically« and then check for updates. If this trick fails then set the Windows Update Settings to «Check for updates but let me choose whether to download and install them» and then check for updates again.
3. If you have performed a fresh Windows 7 or Server 2008 installation, install Service Pack 1 for Windows 7 or Windows Server 2008 R2, before you continue.
4. Make sure that your computer is clean from viruses and malware. To accomplish this task you can use this Malware Scan and Removal Guide to check and remove viruses or/and malicious programs that may be running on your computer.
Method 1. Force Windows to re-create the Windows Update Store folder.
Method 2. Install the KB3102810 security Update.
Method 3. Install the latest Update Rollup.
Method 4. Run the Windows Update Troubleshooter.
Method 5. FIX Corrupted System Files and Services (SFC).
Method 6: FIX Windows corruption errors with the System Update Readiness tool (DISM).
Method 7: Update Windows by using the WSUS Offline Update tool.
Method 1. Force Windows to re-create the Windows Update Store folder
The Windows Update Store folder (commonly known as «SoftwareDistribution» folder), is the location where Windows stores the downloaded updates.
-If the SoftwareDistribution folder becomes corrupted then it causes problems with Windows Update. So, one of the most efficient solutions to resolve problems with Windows Update, is to recreate the SoftwareDistribution folder. To do that:
1. Simultaneously press the Windows 
+ R keys to open run command box.
2. In run command box, type: services.msc and press Enter.
3. Right click on Windows Update service and select Stop.
4. Open Windows Explorer and navigate to C:Windows folder.
5. Select and Delete the “SoftwareDistribution” folder.*
(Click Continue at «Folder Access Denied» window).
* Note: The next time that the Windows Update will run, a new empty SoftwareDistribution folder will be automatically created by Windows to store updates.
6. Restart your computer and then try to check for updates.
Method 2. Install the KB3102810 (KB3102812) security Update.
I have seen many times, that Windows Update is checking for updates forever (stuck) without finding updates, even in fresh Windows 8, 7 or Vista installations. Thankfully, Microsoft has released a security update to resolve the «Installing and searching for updates is slow and CPU utilization is high» issue. To apply the fix:
Step 1. Install Internet Explorer 11. *
* Note: This step is applied only to a fresh Windows 7 or Windows 2008 installation. If Internet Explorer 11 is already installed on your system, then skip this step and continue to step 2 below.
1. Download and install Internet Explorer 11 according to your OS version.
2. Restart your computer.
Step 2. Install the KB3102810 Update.
1. Download – but do not install it yet – the following security update according to your OS version, to your computer:
- Windows 7 & Server 2008: KB3102810
- Windows 8.1 & Server 2012: KB31028102
2. After the download, restart your computer.
3. After the restart, immediately install the security update, otherwise the installation hangs.
4. After the installation, restart your computer.
Step 3. Delete the SoftwareDistribution folder.
1. Follow the steps in Method-1 and delete the «SoftwareDistribution» folder.
2. Restart your computer.
2. Navigate to Windows Update and check for updates. Then, let it run at-least half to one hour. If you ‘re lucky, Windows will find all available updates.
Method 3. Install the latest Update Rollup to fix Windows Update issues.
The Windows Update Rollups, in most cases can fix issues with Windows Update. But before installing the latest Windows update rollup, first change the way that Windows install updates to «Never check for updates (not recommended«. To do that:
1. Simultaneously press the Windows 
+ R keys to open run command box.
2. In run command box, type: wuapp.exe and press Enter.
3. Select Change settings on the left.
4. Set Never check for updates (not recommended).
6. Proceed and download the latest Windows Update rollup for your system, but don’t install it (yet).
July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2
September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2
7. After the download, restart your computer.
8. After restart, then proceed and install the downloaded rollup.
9. Check for updates.
Method 4. Run the Windows Update Troubleshooter.
Microsoft offered the Windows Update Troubleshooter tool, in order to fix problems with Windows Update.
1. Navigate to Control Panel > All Control Panel Items > Troubleshooting > Fix Problems with Windows Update.
2. Click Next and let Windows to try to fix the update problems.
3. When the repair is completed, restart you PC and check for updates again.
Method 5. FIX Corrupted System Files and Services (SFC).
The next method to solve Windows Update problems is to run the System File Checker (SFC) tool in order to fix Windows’ corrupted files and services. To do that:
1. Open an elevated command prompt:
- Right click at Windows start button
and select Command Prompt (Admin)
2. In the command window, type the following command and press Enter.
- SFC /SCANNOW
3. Wait and do not use your computer until SFC tool checks and fixes the corrupted system files or services.
4. When SFC tool finishes, reboot your computer and check for Updates.
Method 6: FIX Windows corruption errors with the System Update Readiness tool (DISM).
The System Update Readiness tool is a Microsoft tool that can fix Windows corruption errors.
Windows 7, Vista & Server 2008:
1. Download and save to your desktop the System Update Readiness tool according to your Windows version.
2. Double click to install the downloaded file (e.g. Windows6.1-KB947821-v34-x86.msu).
3. When the installation is completed, restart your computer and try to install Windows Updates.
Windows 8, 8.1 & Server 2012:
1. Right click at Windows start button 
and select Command Prompt (Admin).
2. At the command prompt window, type the following command & press Enter:
- Dism.exe /Online /Cleanup-Image /Restorehealth
3. Be patient until DISM repairs component store.
4. When the operation is completed, you should be informed that the component store corruption was repaired.
5. Close command prompt window and restart your computer.
6. Check for updates.
Method 7: Update Windows by using the WSUS Offline Update tool. (Windows 10, 8.1, 8 or 7)
1. Download the latest version of WSUS Offline Update utility.
2. After the download, extract the «wsusoffline.zip» file.
3. From the «wususoffline» folder, double click at UpdateGenerator.exe application.
4. At Windows tab, select the Windows Edition, that you are using.
5. Press the Start button.
6. Be patient until the WSUS Offline Update utility downloads all the available updates.
7. When the download is completed, open the client folder (wsusofflineclient) and double click at «UpdateInstaller.exe» application.
8. Place a check at «Automatic reboot and recall» checkbox.
9. Finally press the Start button and be patient until the WSUS Offline Update installer, installs the downloaded updates to your system.
That’s it! Which method worked for you?
Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:
If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO by clicking below (we
do earn a commision from sales generated from this link, but at no additional cost to you. We have experience with this software and we recommend it because it is helpful and useful):
Full household PC Protection — Protect up to 3 PCs with NEW Malwarebytes Anti-Malware Premium!
Обновлено 28.01.2020
Добрый день! Уважаемые читатели и гости одного из популярнейших IT блогов рунета Pyatilistnik.org. В прошлый раз мы с вами успешно устранили ошибку «Запуск этого устройства невозможен код 10». Двигаемся дальше, сегодня я столкнулся с ошибками 80244010 и C80003FB при попытке поиска обновлений Windows Server 2012 R2, в момент сервисного обслуживания терминального сервера. Ниже я покажу, как вы легко сможете их устранить, буквально за несколько минут.
Причины ошибок 80244010 и C80003FB
Прежде чем я покажу, как вы можете устранить ошибки 80244010 и C80003FB я бы хотел дать вам понимание их появления. Вот так вот выглядит ошибка с кодом C80003FB:
Возникла проблема при проверке наличия обновлений. Найдены ошибки: код C80003FB
Далее появилась ошибка:
Центру обновления Windows нужна ваша помощь. Центр обновления Windows не мог проверить наличие обновлений в течении последних 30 дней. Перейдите в Центр обновления Windows для устранения этой проблемы
В итоге я видел все ту же ошибку.
Основными причинами вызывающими данную ошибку выступает:
- Поврежден файл DataStore.edb
- Повреждены системные файлы
- Установка свежего агента для обновления Windows
- Не доступны сервера обновлений Microsoft
Как устранить ошибки 80244010 и C80003FB
Первое, что нужно проверить, это нет ли проблем с файлом DataStore.edb. DataStore.edb — это лог-файл, он сохраняет историю обновлений Windows , и она находится в папке SoftwareDistribution (C:WindowsSoftwareDistributionDataStore DataStore.edb). Его размер будет увеличиваться при каждой проверке Центра обновления Windows.
Можно ли удалить файл DataStore.edb?
Да вы легко можете, это сделать. Удалив DataStore.edb Windows при следующем запуске поиска обновлений просто пересоздаст его. Так же этот файл может весить очень много, например более 1 ГБ и вы легко так сможете освободить в системе некоторое количество дискового пространства
Советую прочитать, как очистить папку Windows процентов на 40% и не сломать систему
Когда я вижу проблему с обновлениями, она в 90% случаев решается моим скриптом, который я приведу чуть ниже и дам его описание:
- Производится отключение службы «Фоновая интеллектуальная служба передачи (BITS)»
- Производится отключение службы «Центр обновления Windows»
- Производится отключение службы «Удостоверение приложения»
- Производится отключение службы «Службы криптографии»
- Далее удаляется файлы qmgr*.dat из профиля пользователя
- Происходит переименовывание файла catroot2 в catroot2.bak
- Происходит переименовывание папки SoftwareDistribution в SoftwareDistribution.bak
- Перерегистрируются библиотеки
- Производится запуск службы «Фоновая интеллектуальная служба передачи (BITS)»
- Производится запуск службы «Центр обновления Windows»
- Производится запуск службы «Удостоверение приложения»
- Производится запуск службы «Службы криптографии»
- Запускается обновление Windows
net stop bits
net stop wuauserv
net stop appidsvc
net stop cryptsvc
Del «%ALLUSERSPROFILE%Application DataMicrosoftNetworkDownloaderqmgr*.dat»
Ren %systemroot%SoftwareDistribution SoftwareDistribution.bak
Ren %systemroot%system32catroot2 catroot2.bak
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
cd /d %windir%system32
regsvr32.exe atl.dll /s
regsvr32.exe urlmon.dll /s
regsvr32.exe mshtml.dll /s
regsvr32.exe shdocvw.dll /s
regsvr32.exe browseui.dll /s
regsvr32.exe jscript.dll /s
regsvr32.exe vbscript.dll /s
regsvr32.exe scrrun.dll /s
regsvr32.exe msxml.dll /s
regsvr32.exe msxml3.dll /s
regsvr32.exe msxml6.dll /s
regsvr32.exe actxprxy.dll /s
regsvr32.exe softpub.dll /s
regsvr32.exe wintrust.dll /s
regsvr32.exe dssenh.dll /s
regsvr32.exe rsaenh.dll /s
regsvr32.exe gpkcsp.dll /s
regsvr32.exe sccbase.dll /s
regsvr32.exe slbcsp.dll /s
regsvr32.exe cryptdlg.dll /s
regsvr32.exe oleaut32.dll /s
regsvr32.exe ole32.dll /s
regsvr32.exe shell32.dll /s
regsvr32.exe initpki.dll /s
regsvr32.exe wuapi.dll /s
regsvr32.exe wuaueng.dll /s
regsvr32.exe wuaueng1.dll /s
regsvr32.exe wucltui.dll /s
regsvr32.exe wups.dll /s
regsvr32.exe wups2.dll /s
regsvr32.exe wuweb.dll /s
regsvr32.exe qmgr.dll /s
regsvr32.exe qmgrprxy.dll /s
regsvr32.exe wucltux.dll /s
regsvr32.exe muweb.dll /s
regsvr32.exe wuwebv.dll /s
netsh winsock reset
netsh winhttp reset proxy
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc
wuauclt /Updatenow
Вы можете либо отдельно запускать команды, или же скачать готовый скрипт у меня и так же запустить его в командной строке от имени администратора или просто запустить его в режиме администратора.
Просмотрите, чтобы не было ошибок в выводе скрипта
Далее я вам советую перезагрузить компьютер, иначе вы можете поймать ошибку 80244010.
Хочу отметить, что у вас в системе останется старая версия папки SoftwareDistribution по пути C:WindowsSoftwareDistribution.bak. Так, что если проблема будет устранена, не забывайте ее удалить.
Теперь зайдя в «Центр обновления Windows» я сделал поиск новых обновлений и получил их, аж 29 штук. Ошибок 80244010 и C80003FB больше не наблюдал.
Скачивание доступных обновлений пошло успешно и они спокойно стали устанавливаться в моей Windows Server 2012 R2.
Устраняем ошибки на системных файлах
Если у вас после манипуляций с папкой SoftwareDistribution и файлом DataStore.edb остаются проблемы с поиском обновлений Windows и вы получаете ошибку C80003FB, вы можете попробовать произвести поиск и устранение ошибок на системных файлах Windows. Для этого есть две замечательные утилиты командной строки sfc и DISM. Выполните в командной строке в режиме администратора вот такую команду:
sfc /scannow && Dism /online /cleanup-image /restorehealth && Dism.exe /Online /Cleanup-Image /StartComponentCleanup
В моем примере программа защиты ресурсов Windows обнаружила повреждение файлов и успешно их восстановила. Пробуем снова найти и установить новые обновления.
Использование средства устранения неполадок Центра обновления Windows
Windows не идеальная система и Microsoft это понимает, они стараются признавать свои ошибки и помогать людям их устранять. В самые свежие версии клиентских ОС, я говорю про Windows 10 они внедрили встроенную утилиту по устранению неполадок для различных компонентов, в том числе и «Центр обновления Windows». В более старых версиях Windows 7 и Windows 8.1, а так же всех серверных Windows Server данный компонент загружается отдельно, по представленным чуть ниже ссылкам:
- Скачать средство устранения неполадок для Windows 7, Windows 8.1, Windows Server 2008R2-2012R2 — https://aka.ms/diag_wu
- Скачать средство устранения неполадок для Windows Server 2016-2019 — https://aka.ms/wudiag
Напоминаю, что встроенное средство устранения неполадок в Windows 10 находится в параметрах Windows, которые вы можете открыть через сочетание клавиш Win и I одновременно. Далее вы открываете пункт «Центр обновления Windows»
Находите пункт «Устранение неполадок — Центр обновления Windows».
Запустите ее.
В некоторый ситуациях вы можете получить ошибку:
В других версиях Windows запустите WindowsUpdate.diagcab. И в том и в другом случае у вас появится окно, единственное в версии для Windows 10 будет дополнительный пункт «Диагностика сетей Windows«.
Выбираем пункт «Центр обновления Windows» и нажимаем далее.
Начнется сканирование вашей системы, будет так же проверка реестра, перезапуск служб, вот так выглядит обнаружение и устранение проблем с файлами базы данных центра обновлений Windows.
Этот так же может может помочь в решении ошибок 80244010 и C80003FB.
Обновление и переустановка агента обновления Windows до последней версии
В Windows 7 и выше у вас может остаться ошибка 80244010, даже после всего того, что мы делали. Одной из экзотических причин может быть старая версия агента по обновлению Windows (Windows Update Agent). На момент января 2020 года самая актуальная версия WUA для Windows 7, это 7.6.7601.24436. Файл располагается по пути C:WindowsSystem32wuaueng.dll.
Если вам нужно его скачать для обновления или переустановки, вы можете перейти по ссылке:
https://support.microsoft.com/en-us/kb/949104
Находите пункты «Stand-alone packages for Windows 8 and Windows Server 2012» или «Stand-alone packages for Windows 7 SP1 and Windows Server 2008 R2 SP1» и загружаете нужную версию.
Далее вы можете произвести установку новой версии агента. Тут два варианта из графического интерфейса или через cmd/powershell. В режиме командной строки положите файл windowsupdateagent-7.6-x64.exe в нужное Вместо, обратите внимание, что у меня семерка 64-х битная, если у вас 32-х битная, то файл будет другой (Как проверить разрядность Windows смотрите по ссылке). Далее переходите в командной строке в расположение файла через команду cd и вводите:
WindowsUpdateAgent-7.6-x64.exe /quiet /norestart /wuforce
Если выскочит окно UAC, то нажмите да. Начнется принудительная переустановка агента по обновлению Windows.
Обратите внимание, что ваша KB будет распакована и появятся несколько временных папок.
В мониторе ресурсов будет видно, что идет обращение к папке SoftwareDistribution. Ждем когда система закончит туда писать, это около минуты.
Далее вы перезагружаете компьютер. Можно для надежности еще выполнить теперь команду для обращения к серверу обновления microsoft с синхронизацией.
wuauclt /resetauthorization /detectnow
Пробуем снова проверить доступность новых обновлений, и ошибка 80244010, должна исчезнуть. В графическом варианте будет простой мастер установки агента Windows Update, нажимаем далее.
Принимаем лицензионное соглашение.
И начинается установка агента.
Использование скрипта Reset Windows Update Agent
За, что я люблю популярные продукты, так это за большое комьюнити, кто не в курсе, это объединение людей по интересу к продукту. У Microsoft оно огромное, можете для примера посмотреть статистику по операционным системам за 2019 год. Есть замечательный пользователь Manuel F. Gil, который создал отличный скрипт под названием «Reset Windows Update Agent«. Данный скрипт поможет вам в решении проблем с обновлениями. Загрузите его по ссылке:
Распаковываете архив и утилитой SetupDiag.exe. Запустите от имени администратора файл ResetWUEng.cmd.
Вас попросят согласиться с тем, что вы даете согласие, что могут быть произведены изменения в реестре Windows или настройках системы, говорим Y.
В итоге вы увидите окно с 19 настройками, нас будет интересовать второй пункт «Reset the Windows Update Components«. Нажимаем двойку.
скрипт выключит нужные службы, произведет настройки и заново все включит.
Если все успешно, то он об этом отрапортует «The operatiom completed successfully»
На этом у меня все, надеюсь что вы смогли обновить свою Windows и избежали ошибок 80244010 и C80003FB. Если остались вопросы, то пишите их в комментариях. С вами был Иван Семин автор и создатель IT портала Pyatilistnik.org.