Windows

A simple fix for Microsoft Update problems


Microsoft Windows is the most widely used desktop operating system in the world. That doesn't necessarily make it the best. For many of us, supporting it is how we make our living. One of the endearing and annoying features of this ubiquitous OS is the monthly patch update process.  Most of the time it occurs seamlessly.  It just kind of works in the background when you're not looking.  However, there are times when it rears its ugly head and demands attention.

Windows Server Update Services 

In our company we run WSUS - Windows Server Update Services - to keep all our Windows desktops updated.  In case you are not familiar with it, WSUS is Microsoft's free patch management tool.  I don't know why they named it WSUS.  I only use it to update my workstations.  I don't trust it on the servers.  I would rather manage that process myself.  I'll install the updates on a non-critical server during the week to test them.  I do the rest of the servers on the weekend.

But for the workstations it does a pretty good job - most of the time.  It pushes them out after I approve them and then installs them late at night, usually with an automatic reboot when completed.  I have trained my users over the years to ALWAYS leave their computers on to accommodate the patch process, the weekly AV scans and so that I can get into their workstations any time I need to work on them in the evening.  They are pretty good about logging off.

Microsoft likes WSUS because it cuts down on the number of users hitting the Windows Update site.  And that's what this post is really about.  Microsoft has been slowly moving everyone over to Microsoft Update instead of Windows Update.  If you don't know the difference then you don't do Windows support.  OK, here's the main difference: In addition to OS patches, Microsoft Update takes care of your MS Applications like Office, SQL Server and Exchange.

Repairing Microsoft Update the old way 

Occasionally, the patch process will throw up.  WSUS has a good monitoring and reporting feature that allows me to see at a glance which machines are struggling with the stuff Microsoft is trying to send to it.  So I do a Remote Desktop session to the machine in question and run the process manually.  I know something is really messed up when I get a 0x8024001D error or some other stupid hex number. That's when it used to get really annoying.  Not any more.

I used to spend hours looking up ways to get around these errors.  At one time I liked Scott Hanselman's method of renaming the c:\windows\SoftwareDistribution\Download to c:\windows\SoftwareDistribution\Download.poo.  Someone on his blog actually asked if the .poo extension was necessary.  I think he was teasing.  After nuking the old folder, run the update again and all is well but it takes a long time to go through that long download and update process.

Here is the "Simple Fix"

That's not really necessary.  I have found that the easiest way to fix a Microsoft Update problem is to switch back to Windows Update from the "Change Setting" option on the left-side menu.  Don't see it?  Scroll down.  Click on "Disable Microsoft Update software and let me use Windows Update only" and then click on "Apply changes now."  After the silly thing asks if you are sure (duh!), it will then launch Windows update.  Run it and then switch back to MS Update.

This process of switching from the newer method to the older one and then back again seems to fix a host of registry errors and other wastes of time.  It is simple and fast and has almost always worked for me.

47 comments
55418und
55418und

Does windows updates disable hardware that is not Microsoft authenticated? Reason I ask is, just after installing a new wifi adapter which was not authenticated by Microsoft, one week later the update happened and after the reboot, the adapter never worked again.

mszs2
mszs2

Hi, I have tried to repair a Windows XP installation with the installation CD. After that all patches failed to install with no error code, just failed. How can I repair that? Thanks for any advice, Michael

mike_patburgess
mike_patburgess

I am concerned that when you leave your computers on; do you leave them on all of the time or just when you are doing an update. Doing this consumes a ton of power, ac, not to mention security issues.. Let me fix the issue.. abandon the pc on the desktop and give everyone a dumb terminal that connects to a server. Do any updates to the test server and and test the updates; that's what the T&D systems are for. I cannot think of one instance where anyone would need a PC at their desk anymore. There is no complelling argument that would convince me otherwise.

olu akinsola
olu akinsola

We actually use WSUS for everything including servers. I have a few of test servers in a test group, which also includes 5 workstations. This allows me to test all the updates and how they affect all the different bits of software we run. when I am satisfied, I enable it to download and prompt on the server. I click a button and voila it installs. if it needs a rboot it prompts as well. It installs the workstations automatically. the new version of WSUS which allows you to easily move computers between groups etc work a treat. To be honest I have had very few problems with the new one which I've been using for almost a year.

jeelanimunawar
jeelanimunawar

Yeh we use WSUS server very essy to manage u save bandwith seat one place check all so client computer update or not no need go check.

CharlieSpencer
CharlieSpencer

I've spent hours with a variety of registry fixes, file deletions, registering .DLL's, clearing caches and temp directories, resetting the clock, and this is all I needed to do? Someone in Redmond should be strung up by whatever is most applicable to his / her gender. TIM MALONE, YOU ARE DA MAN!!!

wesley.chin
wesley.chin

queestion. The computers here are all standalone, no server at all. there is simple file sharing enabled between the computers. With this kind of environment, can WSUS be used?

tim
tim

Standard disclaimer applies here. Fixing Microsoft Update problems with this little trick may not work for you. You may have more serious problems with the computer in question. Read the article: http://blogs.techrepublic.com.com/techofalltrades/?p=130 By the way, WSUS uses group policy to push the updates out to the workstations. You will notice that the Automatic Updates is greyed out in the System Properties. Have you had success in your organization with WSUS or do you use something more robust like SMS (Systems Management Server)?

sbspangl
sbspangl

I also have tried to repair an XP instalation with service pak 2 cd. After the repair none of the patches will install, they download fine, but fail with no error code. any ideas Steve

mkoelsch
mkoelsch

Michael, was your XP install disk SP2? Most of the updates are predicated now on that, and that could cause a failure I would think. If it is not, I would run the SP2 install over. Then, I would run Windows Update, and see what happens.

aarondellis
aarondellis

Do you run PRO/Engineer over a dumb terminal? Doesn't sound like the terminal is dumb to me! Dumb terminals would work for most of our 300 users but not for Engineering.

tmalonemcse
tmalonemcse

This has been a major argument, and I mean argument, for as long as I have been supporting computers. There are two camps on this issue. The subject is worthy of a well-researched post, which I may just do if I can't find one already written here on Tech Republic. In a nutshell, yes, we leave our computers on 24/7/365. I mentioned three reasons in my post: 1) patch updates, 2) AV scans and 3) evening and weekend remote desktop support for the IT staff. I can think of one more reason: remote backups. Although I don't employ remote backups, it simply doesn't work if the power is not on. We have our staff turn off the monitors at night and on the weekends but we leave the computer on. As far as security issues: In my opinion, the security risk is no greater with our computers on while logged off and unattended than if they are when in use during regular busines hours. They are still behind my corporate firewall. Your comment about PCs vs dumb terminals or thin clients is also worthy of another post. I'll bet it has been adressed here on TR. If not, let's tackle it. Thanks for bringing up both these issues.

Mycah Mason
Mycah Mason

Although I haven't tried this yet, it sounds promising. Just another tool to add to my belt:) The great thing is that it is so simple, even if it didn't work you haven't really lost anything. Thanks for the info. Tim!

tim
tim

Palmetto, you are too kind and generous in your praise. If I know TR Readers, someone will soon post a comment, "Hey, I tried that and it didn't work for me!" For purposes of CYA I refer to the last line in my post: "...and has almost always worked for me." I know, that's weasly (is that a word?). Anyway, it worked yesterday and it worked last week and it worked last month. Before that I used to nuke the folder.

Schuylkill
Schuylkill

You need either Windows Server 2003 SP 1 or Windows Server 2008. It helps to have an Active Directory environment, but this is not required. If you search for WSUS on Google, you can get the minimum requirements. Nothing is particularly difficult, but you do need plenty of free disk space on the WSUS server. If you have a WAN, you can configure a hierarchy of WSUS servers, for better performance.

tdh2112
tdh2112

Yeah, we get pretty good mpg out of WSUS. We also do not let servers update automatically. In addition, we separate out mission-critical workstations, and do their updating manually. I learned that lesson the hard way, on the first Saturday that we ran WSUS (actually, SUS at the time). We're still on WSUS v2, as I haven't had the time to get around to testing/upgrading to v3. -tim

ChewyBass
ChewyBass

Here are a few scripts that I have found very useful if I run into update problems. If you are getting an error when trying to run updates either copy this to a command prompt or create a bat file as I did. sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU), This with reauthorize the machine for WSUS updates, wuauclt.exe /resetauthorization And this will force it to check for a WSUS server now instead of any pre-define settings you may have given the machine, wuauclt.exe /detectnow

mkoelsch
mkoelsch

After having experienced a couple disastrous Windows/Microsoft update I dug in and figured out that a bad update can mess up the dll files registrations. If this happens you cannot reinstall windows or microsoft update. To fix (at least in XP) copy the following into a batch file, and execute. Mark net stop wuauserv regsvr32 wuapi.dll /s regsvr32 wups.dll /s regsvr32 wuaueng.dll /s regsvr32 wucltui.dll /s regsvr32 wuweb.dll /s regsvr32 msxml.dll /s regsvr32 msxml2.dll /s regsvr32 msxml3.dll /s regsvr32 urlmon.dll /s net start wuauserv regsvr32 softpub.dll /s regsvr32 initpki.dll /s regsvr32 mssip32.dll /s regsvr32 wintrust.dll /s regsvr32 dssenh.dll /s regsvr32 rsaenh.dll /s regsvr32 gpkcsp.dll /s regsvr32 sccbase.dll /s regsvr32 slbcsp.dll /s regsvr32 cryptdlg.dll /s regsvr32 jscript.dll /s

WTRTHS
WTRTHS

And it does a pretty good job too. We have 2 logical groups, servers and clients. On the clients, a different group policy applies then on the servers. The servers are monitored closely and installed manually, the clients get the "Install updates and shut down button" as standard choice when they try to shut down the computer. Works pretty good, but as you say with "your mileage may vary", we are a medium sized bussiness. We have only about 20 workstations and 8 servers (and a host of thin clients, but that doesn't apply here).

jedurham36
jedurham36

I use WSUS to manage ~35 workstations. The only problem I have is when it asks for the Office CD.... For being free from M$, I personaly think it is one of better tools put out by them. It is a real time/bandwidth saver, and it's stable too!

JCitizen
JCitizen

Two questions; 1. Were you using a OS installation disk with SP2 slipstreamed?(reboot Windows environment) 2. Or were you attempting a repair with the SP2 update installation disk alone?

JCitizen
JCitizen

and was doing a "skip to repair" operation which would uninstall all previous updates, he should have been able to re-install them with the SP2 or SP3 disk, however. Perhaps I misread his meaning?

johnawilson
johnawilson

Michael, I have fixed a myriad of XP problems by popping an XP-SP2 disk in the CD drive and typing sfc /scannow in the "run" command. This command replaces any corrupted OS files and fixes .dll issues. As a second measure, I run the latest version of Ccleaner (ccleaner.com)- both cleaner and registry fixer. Great performance boost!! John

JCitizen
JCitizen

hardware/thin client why not? It's not the way I would do engineering; but then I wouldn't put a CAD system unit on the network at all, myself. I person has enough problems trying to run things like Autodesk without worrying about network breaches and malware attacks.

cousintroy
cousintroy

...as long as you have a large drive to store the updates usually storing the updates is not a problem. As far as the WAN setup is concerned that is my next step. I currently have approved 95% off all available updates for each of my computer groups and when that is all done I am going to set up downstream servers for my other four locations across the city. So far WSUS is better than SUS & WSUS 2.0. Thumbs up!

Chris910
Chris910

I dont understand this script. Can you spell it out for me?

dvkirushev
dvkirushev

Try to install MS Offcie by Group Policy. It's easy !

sylvain.drapeau
sylvain.drapeau

I have the same problem here, but since the process runs in the background for the users, they never see the "Insert Office CD" prompt and their computer slows to a crawl. I refused every Office update since then. Maybe I should remote-edit the registry to point Office install path to a network drive containing the CDs files, this might just work. Ain't got the time to test it. I agree it's a nice piece of software that saved us a lot of money in bandwidth and time.

JCitizen
JCitizen

fix the problem. On the other hand, this is why I don't like removing the uninstaller references to the service pack hotfixes. That way you can uninstall as many as it takes to solve the problem. If you copy is unsupported; and you can't uninstall SP2, perhaps it is time to go to Macecraft and use their uninstaller program (RegSupreme) to at least set the registry straight, so one could start over. When I do things like this; I use the SP2 or SP3 CD that can be ordered from Microsoft. That way I know it is not network corruption that is fouling up the process. The small charge for shipping and handling is well worth it. There again; I assume you tried sfc /scannow and did it properly. And I assume you tried the windows environment from the OS installation disk to do a REPAIR operation. There are several options to take under the Windows environment; some of them may result in unintended consequences.

mszs2
mszs2

This is the same situation, I have encountered. Windows update shows a lot of updates to install but fails everyone without error.

JCitizen
JCitizen

dosen't it require reinstalling all updates after that? Or perhaps there is a switch that makes it possible to avoid this? (edited) I should have said, "I've never tried that with the service pack CDs, always the OS installation disk. I guess I better recheck the Microsoft site for that technique!

JCitizen
JCitizen

good to hear how different shops operate. Most of my work was done with CAD CAM direct to the work center. But every other shop I ever worked in did things differently. I got farther away from that environment, as I found factory automation more interesting. I made the copyright comments because of the very real danger now days of commercial industrial espionage. Our floor developers weren't even allowed to leave the plant with paper, or media of any kind; and the design network was closed from the external WAN and the internal LAN. The server and terminal station rooms were locked and off limits to any but authorized personel.

aarondellis
aarondellis

(Not sure of copyright and patent infringement comment.) You have never worked with PRO/E have you? It takes a dual core, 64bit Windows, 8GB RAM Workstation (not pc but workstation) to render the 3D models and calculate finite element analysis. Try that with 20 designers over a network. Could you do it with dumb terminals? I supposed so but what a backend network that would be! (I just looked it up and PRO/E won't run in a terminal environment) So back to the original issue of this thread, we too leave our computers on for updates and the like.

JCitizen
JCitizen

If you replaced the mother board, you may have inadvertantly changed the relationship to your hard drive; some hard drives change all geometry depending on how the board and drive controller talk to one another..Your mother board vendor should have information or help on this. I couldn't tell you if this caused irrepairable damage to the present installation or not; at least I assume you have data availability so you can back it up. With the radical changes you made perhaps it is time for a re-install. I would recommend first I would do a diagnostic scan and then a low level format using the hard disk manufacturers utility. The diagnostic scan may save you a lot of heartache down the road. For me it was simple - I put the OS installation CD(not the sp2CD) in the tray and closed it, then opened the run box and typed sfc /scannow in it and clicked OK. After a minute or two all Internet Explorer and related files were repaired; and if I remember correctly I had to reinstall SP2 and download the hotfixes from Microsoft Update. If this doesn't work this usually does for me: http://www.misco.co.uk/microsites/upgrades/content/workshops/reinstall_windows.asp?sourceid=4115 That page explains the windows environment after booting up the XP installation CD and how to do a skip-to-repair. I leave all uninstall reference files on my system unit so I can uninstall any hotfixes that started the problem in the first place. I have had great success in certain circumstances there also. Occasionally a good registry repair is in order also. The last .NET Framwork 2.0 Service Pack 1 update comes to mind here!?

sbspangl
sbspangl

Had to replace my mother board. lan, video and sound cards are same increase memory to 2GB from 512MB. Tried to repair from xp system cd. I have XP service pack 2. ran install from this cd. and Still updates don't work. I tried using sfc scannow, but not sure what is the right way to run it. any suggestions. Update will not install and no error codes given. Steve s.

JCitizen
JCitizen

patent infringment to do sharing like that. Your system of free collaboration is the superiour model if you can keep network security integrity. The company I worked with on that contract was definitely not net centric at all. I would still think if the client were robust enough a hard drive on the terminal would be unnecessary. Perhaps your PRO/E was a bandwidth hogger?

aarondellis
aarondellis

Obviously you have not worked with PRO/E. The document management system, called Windchill, allows multiple people to collaborate on projects. We have a plant in TN that can design part of a project while the plant here can design other parts. All of that gets checked-in to a document management system that shows versioning of the different drawings and among many other things prevents people from working on the same drawing at the same time. If you are going to collaborate across multi-sites (one I forgot to mention in India) with design projects, how would you do it without a network?

JCitizen
JCitizen

like scripting for dummies. Or dig in the MSCE books and do some practice on a lab unit until you get it right.

cillbat
cillbat

not all it worlds are created equal. we have outlying sites that have a measly 56k line so updating anything via gpo kills them. we're still waiting for promised upgrades - its called a money crunch.

Gis Bun
Gis Bun

MS has a tool for Office 2003 to change the source path to a different/common location such as a network share. Possibly with reg keys you can send it to your users. Try it on a few PCs [IT of course]. It's in the Office Resource Kit section of office.microsoft.com

LynnP
LynnP

Depending on the version of Office you're running, you could have the option either to delete or leave the Office installation files on the target system. If you leave them, the prompt for the CD is not necessary, and WSUS can do its job with no problems. Obviously, it eats some disk space (the setup usually tells you how much), but the automation of updates is worth it.