WSUS failing to update various machines

Discussion in 'Windows Server Systems' started by Punkrulz, Feb 19, 2007.

  1. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Definitely a feat that has been assigned to me! I have been given the task at trying to resolve why there are numerous machines that aren't getting all of the updates being handed out by WSUS. There are a select few machines where no matter what we try, they refuse to check with the server... Is there any sort of log on WSUS that will tell me why Machine A failed to download 3 updates? What's even more funny is we have some servers where if we go to Windows Update, they fail... no matter what, three specific updates will refuse to download when running automatic update...

    I'm just kind of frazzled, I never like it when something doesn't work the way it should... and there is no rhyme or reason... then the weird issues continue to build up on my plate. Ugh... Any idea where to start?

    One of the machines, it's a file server with NAS... It's operating on Windows 2000. The three updates that fail to download, fail to install, etc (I think they might work if I do them one by one, but to go to every box and start doing that? No!) are 925454, 923689, and 928090.
     
  2. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Event Log says? (get WUS errors, and client workstation errors)
    Checked with Network ? (ports, traces)
    Any users have local admin? (real easy to cut off the automated processes)
     
  3. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Let's start with one machine that I was specifically addressed about this morning. I was being told that the machine always says Install Updates and Shut down, but it always hangs up. I first removed the Automatic Update settings that point to WSUS in the Local Group Policy. For some reason, however, I still can't check anything under automatic updates... the options are greyed out, set to Automatically Update every Monday at 2am... I can't change that. How can I make it so I can select an option? I thought clearing the GPO would do that.

    Tried running windows update, Windows still had to install it's "base" files to do AU Operations. WU failed on the "Windows Installer 3.1" installation. Manually installed that. Attempted WU again. 76 Updates downloaded... 76 Updates failed to install. Checked the Event Log, and I saw in the event log that there were numerous updates downloaded and ready for installation (Again going back to the AU settings that I can't change). I don't have anything to check the ports with, however we do have a company coming in and we already know there are NUMEROUS issues with the wiring here... it will have to be re-done.

    Cliffs:

    1) How do I enable the option to change options under Automatic Update settings? Remove the greyed out!
    2) How do I "delete" the updates that were previously downloaded to the computer, so AU doesn't see them and tell me there are updates to be installed?
    3) Where at in the registry is the AU Settings, maybe I have to change that and not just the Group Policy
     
  4. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    Which policy settings did you turn off? There is a user policy that will prevent all access to Windows Update as well as the computer policies that setup the WSUS settings. Either of these can cause the options to be unavailable.

    Have you checked the windowsupdate.log file? (usually found in c:\windows\windowsupdate.log)
     
  5. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    I haven't checked the log yet, that will be next. As per the policy, I turned the two options off under computer policy -> Administrative -> The two options that control when/how Windows Update works, and the option that specifies where Windows Update is pointing to.

    I do not recall any other option ever being set besides those two. Where else should I look? I know on computers before if those options weren't set, and I was logged in as the local administrator, I could change the AU Settings from the AU Applet... I will check the log and get back to you.

    What about deleting the already downloaded updates on the machine so that doesn't error out?
     
  6. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    MS Doc on autoUpdates using GPO or Reg settings (http://support.microsoft.com/kb/328010/en-us)

    There are also some WUS settings under the user policy/administrative Templates/Windows Components/Windows Update

    I believe most of the updates gets pulled into the c:\windows\softwaredistribution folder tree..

    check out the windowsupdate.log file though first before deciding to blow the softwaredistribution folder away. The log file tends to have more useful info.
     
  7. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Ok,

    I just tried running another update so I could update the log file... here is what I have... It isn't the full thing, to me this looks to be the important information. Let me know if you need anything more.

    Code:
    2007-02-20 13:59:34:005 1528 a64 Report REPORT EVENT: {A370EC00-8235-4CB6-9EF4-4D7F05489636} 2007-02-20 13:59:28:989-0500 1 162 101 {2D0ED4E7-8678-404C-868A-32F316AF067C} 100 0 MicrosoftUpdate Success Content Download Download succeeded.
    2007-02-20 14:02:28:646 1528 a00 Handler Attempting to create remote handler process as DTPD1\Administrator in session 0
    2007-02-20 14:02:52:414 2240 3a4 Misc ===========  Logging initialized (build: 7.0.5451.90, tz: -0500)  ===========
    2007-02-20 14:02:52:414 2240 3a4 Misc   = Process: C:\WINDOWS\system32\wuauclt.exe
    2007-02-20 14:02:52:414 2240 3a4 AUClnt FATAL: Error: 0x80004002. wuauclt handler: failed to spawn COM server
    2007-02-20 14:02:53:477 1528 a00 Handler FATAL: 0x80004002: ERROR: Remote update handler container process created (PID: 2240), but exited before signaling event
    2007-02-20 14:03:15:354 1528 a00 Agent   * WARNING: Exit code = 0x80004002
    2007-02-20 14:03:15:526 1528 a00 Agent *********
    2007-02-20 14:03:15:526 1528 a00 Agent **  END  **  Agent: Installing updates [CallerId = MicrosoftUpdate]
    2007-02-20 14:03:15:526 1528 a00 Agent *************
    2007-02-20 14:03:15:526 1528 a00 Agent WARNING: WU client failed installing updates with error 0x80004002
    2007-02-20 14:03:21:495  260 6e4 COMAPI >>--  RESUMED  -- COMAPI: Install [ClientId = MicrosoftUpdate]
    2007-02-20 14:03:21:651  260 6e4 COMAPI   - Install call failed
    2007-02-20 14:03:21:760  260 6e4 COMAPI   - Reboot required = No
    2007-02-20 14:03:21:760  260 6e4 COMAPI   - WARNING: Exit code = 0x80240FFF; Call error code = 0x80004002
    2007-02-20 14:03:21:760  260 6e4 COMAPI ---------
    2007-02-20 14:03:21:760  260 6e4 COMAPI --  END  --  COMAPI: Install [ClientId = MicrosoftUpdate]
    2007-02-20 14:03:21:760  260 6e4 COMAPI -------------
    2007-02-20 14:03:26:339  260 ad4 COMAPI WARNING: Operation failed due to earlier error, hr=80004002
    
     
  8. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    looks like a bad install of the windows update files on the client..

    try re-registering the client dll files..
    1) stop the windows update service on the client
    2) Run the following commands from a command line:
    Code:
    regsvr32.exe c:\winnt\system32\wuweb.dll
    regsvr32.exe c:\winnt\system32\wups2.dll
    regsvr32.exe c:\winnt\system32\wups.dll
    regsvr32.exe c:\winnt\system32\wucltui.dll
    regsvr32.exe c:\winnt\system32\wuaueng1.dll
    regsvr32.exe c:\winnt\system32\wuaueng.dll
    regsvr32.exe c:\winnt\system32\wuapi.dll
    
    3) restart the update service on the client
    4) try to reinstall existing updates

    edit: obviously change the path to the \system32 directory as necessary.. I copied this from a batch file on a win2k box..
     
  9. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Ok, I followed your instructions explicitly, I'm waiting for the process to go through again and to start the installation process. While I'm sitting here waiting, there is one thought running through my mind...

    Is there any way to speed up the process it takes from when you click Express / Customize to the point it detects what updates you need? I think it takes ungodly forever to wait to even be able to start the process... I don't know what's going on, while I'm waiting it doesn't even appear the internet connection is being used... :(
     
  10. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    I don't think there is a way if you are going directly through Microsoft site. If you are running your own WSUS server, you can force an update (instead of waiting for the random interval it usually gets) from your local WSUS server specified by running "wuauclt /detectnow" from the commandline.
     
  11. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    God I hope Fitz looks at this...

    Fitz, having another problem with Exchange, it's reporting that there are 2 more updates available that it's not downloading from WSUS... here is the entry in the log:

    Code:
    2007-03-02    10:36:37:290    1108    d10    AU    #############
    2007-03-02    10:36:37:290    1108    d10    AU    ## START ##  AU: Search for updates
    2007-03-02    10:36:37:290    1108    d10    AU    #########
    2007-03-02    10:36:37:290    1108    d10    Misc    cached token 00001C10 for elevated non admin
    2007-03-02    10:36:37:290    1108    d10    Misc    cached token 00001C10 released
    2007-03-02    10:36:37:290    1108    d10    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {2645DF83-BA6E-4090-B901-62B5D9146854}]
    2007-03-02    10:36:37:306    1108    12bc    Agent    *************
    2007-03-02    10:36:37:306    1108    12bc    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2007-03-02    10:36:37:306    1108    12bc    Agent    *********
    2007-03-02    10:36:37:306    1108    12bc    Misc    Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
    2007-03-02    10:36:37:306    1108    12bc    Misc     Microsoft signed: Yes
    2007-03-02    10:36:37:321    1108    12bc    Misc    Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
    2007-03-02    10:36:37:321    1108    12bc    Misc     Microsoft signed: Yes
    2007-03-02    10:36:37:353    1108    12bc    Misc    Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
    2007-03-02    10:36:37:353    1108    12bc    Misc     Microsoft signed: Yes
    2007-03-02    10:36:37:368    1108    12bc    Setup    ***********  Setup: Checking whether self-update is required  ***********
    2007-03-02    10:36:37:368    1108    12bc    Setup      * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup    Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.0.5451.90, required version = 7.0.5451.90
    2007-03-02    10:36:37:368    1108    12bc    Setup      * IsUpdateRequired = No
    2007-03-02    10:36:38:759    1108    12bc    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2007-03-02    10:36:38:759    1108    12bc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://BEAST/ClientWebService/client.asmx
    Any ideas? It appears that Exchange doesn't need the updates, but then why would it report that it needs 2?
     
  12. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    We also have a problem with our Windows 2000 File Server box, here is the AU report:

    Code:
    2007-03-02    10:35:52:424    1596    584    DnldMgr    *************
    2007-03-02    10:35:52:424    1596    584    DnldMgr    ** START **  DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
    2007-03-02    10:35:52:424    1596    584    DnldMgr    *********
    2007-03-02    10:35:52:424    1596    584    DnldMgr      * Priority = 2, ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
    2007-03-02    10:35:52:424    1596    584    DnldMgr      * Updates to download = 1
    2007-03-02    10:35:52:424    1596    584    Agent      *   Title = Security Update for Windows 2000 (KB923689)
    2007-03-02    10:35:52:424    1596    584    Agent      *   UpdateId = {852688D7-0CFA-4F44-800A-9045A79F77D5}.101
    2007-03-02    10:35:52:424    1596    584    Agent      *     Bundles 1 updates:
    2007-03-02    10:35:52:424    1596    584    Agent      *       {F1B8659D-34A8-45BE-9767-C9BD1BF39C51}.101
    2007-03-02    10:35:52:440    1596    584    DtaStor    Update service properties: service registered with AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
    2007-03-02    10:35:52:440    1596    584    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {F1B8659D-34A8-45BE-9767-C9BD1BF39C51}.101]  ***********
    2007-03-02    10:35:52:440    1596    584    DnldMgr      * Queueing update for download handler request generation.
    2007-03-02    10:35:52:440    1596    584    DnldMgr    Generating download request for update {F1B8659D-34A8-45BE-9767-C9BD1BF39C51}.101
    2007-03-02    10:35:52:549    1596    584    Handler    Windows Patch download for UpdateId = {F1B8659D-34A8-45BE-9767-C9BD1BF39C51}: selected action is download full-file.
    2007-03-02    10:35:53:331    1596    584    Handler    Updateci: ProcessIpdManifestBuffer: verify invalid hash text b1035a2e505af840eaaa5ed685d072d6 (13)
    2007-03-02    10:35:53:331    1596    584    Handler    Updateci: WinSEUpdateHandler::_UnpackCab: Failed extracting IPD to C:\WINNT\SoftwareDistribution\Download\S-1-5-18\55bf2bf0a244ad03094947777c390e28 (13, 0xd)
    2007-03-02    10:35:53:331    1596    584    Handler    Updateci: WinSEUpdateHandler::_Unpack: C:\WINNT\SoftwareDistribution\Download\S-1-5-18\55bf2bf0a244ad03094947777c390e28\Windows2000-KB923689-x86-ENU.EXE failed (13)
    2007-03-02    10:35:53:331    1596    584    Handler    FATAL: UH: 0x8007000d: Unpack failed in CUHWindowsPatchHandler::ValidateAndUnpackPackage
    2007-03-02    10:35:53:331    1596    584    Handler    FATAL: UH: 0x8007000d: ValidateAndUnpackPackage failed in CUHWindowsPatchHandler::GetRequiredFilesForSandboxState
    2007-03-02    10:35:53:331    1596    584    Handler    FATAL: UH: 0x8007000d: GetRequiredFilesForSandboxState failed in CUHWindowsPatchHandler::GenerateDownloadRequest
    2007-03-02    10:35:53:331    1596    584    DnldMgr    FATAL: DM:CAgentDownloadManager::GenerateAllDownloadRequests: GenerateDownloadRequest failed with 0x8007000d.
    2007-03-02    10:35:53:331    1596    584    DnldMgr    Error 0x8007000d occurred while downloading update; notifying dependent calls.
    2007-03-02    10:35:53:331    1596    584    DtaStor    Update service properties: service registered with AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
    2007-03-02    10:35:53:346    1596    584    Agent    *********
    2007-03-02    10:35:53:346    1596    584    Agent    **  END  **  Agent: Downloading updates [CallerId = AutomaticUpdates]
    2007-03-02    10:35:53:346    1596    584    Agent    *************
    2007-03-02    10:35:53:362    1596    584    AU    >>##  RESUMED  ## AU: Download update [UpdateId = {852688D7-0CFA-4F44-800A-9045A79F77D5}]
    2007-03-02    10:35:53:362    1596    584    AU      # WARNING: Download failed, error = 0x8007000D
    2007-03-02    10:35:53:362    1596    584    AU    #########
    2007-03-02    10:35:53:362    1596    584    AU    ##  END  ##  AU: Download updates
    2007-03-02    10:35:53:362    1596    584    AU    #############
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {3C265891-692F-4233-A201-F0DF7FF7225F}    2007-03-02 10:35:50:175-0500    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Software Synchronization    Windows Update Client successfully detected 2 updates.
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {D26186D2-1BEE-41D1-94A1-F0BF27B7497E}    2007-03-02 10:35:50:175-0500    1    156    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Pre-Deployment Check    Reporting client status.
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {6E6AAE52-C954-43DC-A896-C38DC55AA318}    2007-03-02 10:35:50:175-0500    1    155    101    {852688D7-0CFA-4F44-800A-9045A79F77D5}    101    0    AutomaticUpdates    Success    Software Synchronization    <no message for this event>
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {8363CADB-77B3-4A8A-9989-C65A877115D1}    2007-03-02 10:35:50:175-0500    1    155    101    {480DA958-608C-4897-8657-FFBC55A198BC}    102    0    AutomaticUpdates    Success    Software Synchronization    <no message for this event>
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {71976449-10A9-482A-9609-5AD50E410749}    2007-03-02 10:35:52:393-0500    1    161    105    {480DA958-608C-4897-8657-FFBC55A198BC}    102    8007000d    AutomaticUpdates    Failure    Content Download    Error: Download failed.
    2007-03-02    10:35:55:190    1596    584    Report    REPORT EVENT: {C77B6ACF-D062-41ED-B43B-D909296D4B31}    2007-03-02 10:35:53:331-0500    1    161    105    {852688D7-0CFA-4F44-800A-9045A79F77D5}    101    8007000d    AutomaticUpdates    Failure    Content Download    Error: Download failed.
    2007-03-02    10:36:05:252    1596    c04    AU    No pending client directive
    2007-03-02    10:42:11:709    1596    584    Report    Uploading 12 events using cached cookie, reporting URL = http://BEAST/ReportingWebService/ReportingWebService.asmx
    2007-03-02    10:42:11:709    1596    584    Report    Reporter successfully uploaded 12 events.
    
     
  13. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    which updates does it say it needs?
     
  14. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Exchange:
    911829
    Root Certificate Update
    Note: after attempting to update, "Root certificate update" appeared to succeed, where as 911829 still failed.

    2000 File Server:
    928090 (Security Update for IE6)
    923689 (Security Update for Win2000)
    Note: After another attempt to update, both of these updates failed to download / install.
     
  15. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    are these cloned images?

    Have you tried resetting the WSUS Client ID?
    Code:
    net stop wuauserv
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    net start wuauserv
    wuauclt /resetauthorization/detectnow 
     
  16. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    No, they are not cloned images. I will however give the resetting the WSUS Client ID a shot when I get the chance. I will let you know how it goes.
     
  17. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    so, how did it go?
     
  18. gh057

    gh057 w3lc0m3 t0 7h3 r3al w0r1d

    Messages:
    62
    Location:
    nyc
    Normally don't you disable Windows Automatic update? and manually download and update the servers. Its usually not a good idea to enable automatic updates in a server you never know which upgrade screwed your server.
     
  19. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    WSUS is much improved in that regard. You can set servers to check the local WSUS server for updates but not automatically install updates.
     
  20. Punkrulz

    Punkrulz Somewhat eXPerienced

    Messages:
    790
    Location:
    Woodbury, NJ
    Sorry for the late reply fitz. I do believe that when I did reset the WSUS ID, it failed still. :/