2

In the past I have not had any issues with Windows Update. My system is Windows 7 Home x64 SP1.

A couple of weeks ago the monthly rollup update came out "September 12, 2017—KB4038777 (Monthly Rollup)". The update failed as follows:

I have Windows Update set to download important updates, but wait until I install them. The update was successfully downloaded.
Opened Windows Update and installed the update. Finished "Successful". Clicked on "Restart". Update got to 30% (as usual) and computer restarted. After restart, system loading looked OK, and the update proceeded to around 70%.
Then it displayed "Failure configuring Windows updates - Reverting changes".

enter image description here
After that and another restart, the systems booted OK and Windows Update history showed the update "Failed".

I had tried the update several times since then with the same results (error codes 80073AA2 and 80070570.

I tried the standalone updater for KB4038777, but it failed in the same manner.
Then I tried the standalone updater for KB4038779 (Security-only update), and this update was successful.

I would like to understand better how to troubleshoot these kinds of problems though.

When a monthly rollup update fails, is there any way to know which specific update caused it? And does the "revert" step remove all the updates, or just the failed ones?

And what log file(s) contain such information? I found "WindowsUpdate.log" but there did not seem to be any judgmental information, just activity information.

UPDATE November

Same occurrence for the October and November monthly rollup updates (failed), but the Security only updates were successful.

For November, the Windows Update error:

enter image description here

This time I localized the error in the cbs.log file.
You can see it in this file: cbs error log if you search for "80073aa2".
Seems to be related to WmiCmiPlugin, but I have no idea beyond that.

Is further troubleshooting possible?

user3169
  • 298
  • 1
  • 5
  • 14
  • 1
    Can you update question with exact messages/errors? “Could the download be corrupted?“ - Download the update from the catalog and attempt to install it and update your question – Ramhound Sep 24 '17 at 23:03
  • Can't believe that I didn't think of that, since I already got KB4038779 from the catalog. I'll try it. This wasn't high on my list since I assume the update confirms the integrity of the download. Also I am adding one more question. – user3169 Sep 25 '17 at 01:45
  • I would reduce the number of questions you asked not increase them – Ramhound Sep 25 '17 at 02:22
  • “When a monthly rollup update fails, is there any way to know which specific update caused it?” check the log of course – Ramhound Sep 25 '17 at 02:23
  • I asked because it may be a related issue. Anyway I checked the update log and don't see any error. As I said, the update (in Windows Update dialog box) ends in success. Only after restart and loading the system updates (prior to the login screen) does the "revert" message appear. I could attach a portion of the log file, but I don't know how to attach text files. – user3169 Sep 25 '17 at 03:27
  • setuperr.log should exist. Without knowing what exactly is displayed researching where the log file located is difficult – Ramhound Sep 25 '17 at 04:28
  • KB4038779 was successful. I revised my question, and at this point would like to understand better how to troubleshoot these kinds of failures. – user3169 Sep 25 '17 at 05:26
  • If I were to hazard a guess it’s likely connected to https://support.microsoft.com/en-us/help/3170005/ms16-087-security-update-for-windows-print-spooler-components-july-12 it’s also possible it’s the Non-security IE update. Would ask if this was connected to a domain but your using Home WindowsUpdate and CBS.log should contain some kind of clue. – Ramhound Sep 25 '17 at 06:13
  • 80073AA2 = ERROR_EVT_CONFIGURATION_ERROR. look in C:\windows\logs\cbs\CBS.log which event provider has issues and delete the entry under **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\WINEVT** – magicandre1981 Sep 25 '17 at 15:06
  • @Ramhound Is this discussing restrictions on Windows print drivers? I do have two older print drivers installed, for printers I no longer have. I just never bothered to uninstall them. Could that be the hangup? – user3169 Sep 26 '17 at 05:04
  • @magicandre1981 cbs.log only contained entries for today, but setupact.log (same folder as setuperr.log) lists an error during at least some of the original update attempts. Ex: "2017-09-12 21:34:14, Info DPX CreateFileW failed, FileName:\\?\C:\Windows\SoftwareDistribution\Download\a4f2bb8b0e109ea19369da7ece61832f\$dpx$.tmp\job.xml, Error:0x80070002" – user3169 Sep 26 '17 at 05:10
  • @Ramhound Also if you could take a look at my last comment. – user3169 Sep 26 '17 at 05:12
  • there are CAB files in CBS folder with older logs. copy them to desktop, expand them wand look in older logs for which provider has issues – magicandre1981 Sep 26 '17 at 14:53
  • @magicandre1981 I added some relevant information from the CBS .cab files. Anything there that is helpful? – user3169 Oct 03 '17 at 22:45
  • @Ramhound I added some info. from the CBS.cab files that seems relavent. – user3169 Oct 03 '17 at 22:47
  • Are you able to install the KB4038803 preview security update by chance? – Ramhound Oct 03 '17 at 22:49
  • Based on the pending.xml issues: https://superuser.com/questions/323471/cannot-install-windows-7-sp1-64-bit should help. – Ramhound Oct 03 '17 at 22:56
  • @Ramhound I checked that question, but it refers to SP1 install. I am already at SP1. Anyway, I couldn't identify any helpful information. – user3169 Oct 03 '17 at 23:34
  • @Ramhound I didn't install KB4038803 because it is optional and I don't install optional updates unless applicable to me in some way. But since it includes the non-security updates in KB4038777. I suppose it is worth a try. In any case, I am satisfied that security updates are taken care of. These kinds of cryptic problems in Windows are discouraging in any case. – user3169 Oct 03 '17 at 23:38
  • KB4038803 is the preview patch for the next security rollup (i.e October) If you don’t have the KB4038777 you have none of the security patches released in the last month. – Ramhound Oct 03 '17 at 23:45
  • this is not helpful. share the whole CBS folder and I'Ll look at the older logs – magicandre1981 Oct 04 '17 at 15:22
  • FWIW same problem with the October monthly rollup update (KB4041861). Offline update of the October security only update (KB4041678) was successful. In common non-security updates include those for Internet Explorer. Maybe I should re-install IE11? – user3169 Oct 16 '17 at 05:05
  • @magicandre1981 cbs.log file is too large to share, but on this month's update I localized a portion of the log where the error occurred. I added a link to it, and hope it gives a better idea about the problem. – user3169 Nov 18 '17 at 06:27
  • ok, delete the key Microsoft-Windows-RPCSS under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\WINEVT and try to reinstall the update – magicandre1981 Nov 18 '17 at 17:19
  • @magicandre1981 Thanks but I couldn't find that key. There is Microsoft-Windows-RPC/Debug, RPC/EEInfo and RPC-Proxy/Debug. Any help? – user3169 Dec 10 '17 at 02:48
  • remove this key and try agin: **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{d8975f88-7ddb-4ed0-91bf-3adf48c48e0c}** – magicandre1981 Dec 10 '17 at 18:53
  • does this work? Were you able to install the December update rollup? – magicandre1981 Dec 13 '17 at 16:29
  • @magicandre1981 Yes it worked, thanks. Looking back at the cbs log I see how you came to your conclusion. If you would like to write an answer with some description on finding the cause, I'll accept it. – user3169 Dec 13 '17 at 21:06
  • ok, I've posted it as answer. – magicandre1981 Dec 14 '17 at 15:59
  • How did you create a localized cbs.log file? I have encountered a similar problem described [Windows 7 Update Failed on Multiple attempts](https://superuser.com/questions/1322413/windows-7-update-failed-on-multiple-attempts) – Mahendra Gunawardena May 14 '18 at 10:50
  • @MahendraGunawardena copy the CBS folder to desktop and look inside the CBS.log which error you get – magicandre1981 May 14 '18 at 15:25
  • @MahendraGunawardena Also it is helpful to note the time the error occurred, to narrow down the portion of the CBS.log file that needs to be checked (because the file can be really large). – user3169 May 14 '18 at 17:05

2 Answers2

3

The error code 0x80073aa2 means ERROR_EVT_CONFIGURATION_ERROR. So there is an configuration issue regarding Windows Events.

Looking in your CBS.log shows that the configuration for Microsoft-Windows-RPCSS is damaged:

2017-11-16 10:07:19, Error CSI 00000002 (F) Logged @2017/11/16:18:07:19.635 : [ml:284{142},l:282{141}]"EventAITrace:Provider Microsoft-Windows-RPCSS{{d8975f88-7ddb-4ed0-91bf-3adf48c48e0c}} is missing the channel name for the index key (null).

2017-11-16 10:07:19, Error CSI 00000003 (F) Logged @2017/11/16:18:07:19.698 : [ml:170{85},l:168{84}]"WmiCmiPlugin wevtcfg.cpp(2271): InstrumentationManifestAssert failed. HR=0x80073aa2."

To fix this, run regedit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion‌​\WINEVT\Publishers\, press CTRL+F and search for Microsoft-Windows-RPCSS. Now you see the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion‌​\WINEVT\Publishers\{‌​d8975f88-7ddb-4ed0-9‌​1bf-3adf48c48e0c} where the Microsoft-Windows-RPCSS events are stored.

enter image description here

So delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion‌​\WINEVT\Publishers\{‌​d8975f88-7ddb-4ed0-9‌​1bf-3adf48c48e0c} and now Windows Update should install fine.

magicandre1981
  • 97,301
  • 30
  • 179
  • 245
-1

SOLUTION! THIS WORKED FOR ME!

Check the free space on your 'System Reserved Drive' (Drive Z: in my case). Mine was 99% full, so I increased the partition size from 50MB to 100MB using Minitool Partition Wizard (free).

I asumed the 'monthly quality rollup' updates might be trying to write to this drive during boot sequence, but because there was no space left it failed and done a roll-back. Since doing this, all my Windows Updates have worked fine now for past 3 months!

I had the same issue as many others report (on Windows 7) and for 6-8 months I read all these posts with no solution in sight.

Hope this helps somebody :)

Truman
  • 1
  • 1
    You should have just unassigned the drive letter. This particular partition doesn't need nor should it have a drive letter. Sadly, the answer you propose, wouldn't have helped solved the author's problem. [The partition is known to be randomly assigned a drive letter from time to time.](https://superuser.com/questions/395634/how-do-i-hide-the-system-reserved-partition) – Ramhound May 24 '18 at 18:09