Failed to Create Cbs Worker - Waiting for a Second and Trying Again [hresult = 0x80004002]

#xvi

Shplad

• 
• Members
• 4,528 posts
• OFFLINE

• Gender: Non Telling
• Location: Canada
• Local time: 12:46 PM

Posted 15 June 2022 - 06:fourteen PM

My thoughts exactly. I urge you to continue researching, cause if it was corruption of a single bit on a bulldoze somewhere,

a reg. entry or any, if it happened once, it could happen again. And the last matter you want is a server that isn't

properly udpating itself, for obvious security reasons, among others.

As for the corrupted registry hive, what about your backups? I'yard bold you exercise proper backups/system images?

TBH, I know aught about this detail registry hive.

This is long-winded but seems relevant.

https://www.sysnative.com/forums/threads/restoring-a-backup-of-the-components-hive-what-are-the-bug.11691/

You have my sympathies on this one. I can't even imagine how many hours you put in to attempt to resolve this trouble.

Edited by Shplad, fifteen June 2022 - 06:14 PM.

• Back to top

BC AdBot (Login to Remove)

• 
• BleepingComputer.com
• Register to remove ads

#17 jat24788

jat24788

• Topic Starter


• 
• Members
• thirteen posts
• OFFLINE

• Local time: 12:46 PM

Posted 15 June 2022 - 06:22 PM

@Shplad - I'1000 calling Cisco Meraki Support right now; their hardware firewall is the simply thing I can think of that would globally affect the network similar that in a strange way; I'll take them review logs and do packet captures.

Nosotros do daily backups (I don't count RAID equally a backup) via TapeDrive (these are swapped weekly, one offsite at all times) besides equally a baremetal differential to an external SSD; I would have an external motorcar as a VM backup/spinup for backup/disaster-recovery that likewise replicates to the cloud merely the client is non-profit and doesn't trust "the cloud".

If this turns out to exist a foreign Meraki Firewall quirk I'll exist extremely aroused because of the time spent on this simply also relieved if it explains what has happened and provides a resolution if there'south a "next" time. Thanks again for all the extra eyes on this and suggestions. I'll post back with my findings hopefully by tomorrow, 06/16/2020.

• Dorsum to acme

#xviii Shplad

Shplad

• 
• Members
• 4,528 posts
• OFFLINE

• Gender: Not Telling
• Location: Canada
• Local time: 12:46 PM

Posted 15 June 2022 - 06:32 PM

This is a fascinating case, and I'm quite eager to hear the results of whatsoever you find. Go along us posted!

• Back to top

#19 jat24788

jat24788

• Topic Starter


• 
• Members
• 13 posts
• OFFLINE

• Local fourth dimension: 12:46 PM

Posted sixteen June 2022 - 09:sixteen AM

Cisco Meraki Back up for their MX64 Firewall (Advanced licensing blazon) claimed they did not run into anything in the logs to betoken that the MX64 firewall had blocked any Windows Update connections/traffic (though they have said this 1 time earlier, and I know for a fact from parcel capture their logging just failed to report correctly and they eventually admitted they did find a issues in their backend reporting they would set). So unfortunately I have no definitive respond that information technology was the Firewall that caused the network wide Windows Update Issue, but with all the information gathered, and the other opinions from hither I'yard willing to bet information technology was the Firewall that caused the network wide Windows Updates to fail. Of course if it happens again (network wide) I'll practice my ain packet capture and telephone call them back for them to diagnose as the issue is occurring.

Withal, while Meraki said the logs looked good, Meraki back up did say they do sometimes see the kind of Windows Update issue I mentioned and when they practice it most always has to do with their MX Firewall Threat Protection options. One of which is AMP (Advanced Malware Protection), and the other is their IDS that I believe makes use of Snort. They had me modify the IDS Mode to the less ambitious "Detection" option instead of the "Prevention" option I initially chose when the MX64 firewall was installed and licensed 3 years agone (to the month really), which also led me to see that my client'south Meraki Advanced Licensing expired this month (licensing was for 3 years) and they were automatically put on a thirty 24-hour interval "Grace Catamenia" until they receive their new license from TechSoup (Meraki gear with no license or expired licenses ceases to part beyond powering on and are essentially paperweights from my understanding). Then for all I know, due to the licensing non-compliance (despite the "grace period") this also could have played a office/role in this.

With that beingness said, windows update *appears* to be functioning, merely I say "appears to" because the WindowsUpdate repair tool still claims there are cleaved Windows Update components when it is run. And while an

SFC /scannow

on the Server returns clean with no integrity violations, whenever I run the

Dism /Online /Cleanup-Image /RestoreHealth

control it claims to repair component store corruption every unmarried fourth dimension it is run (multiple runs, and some reboots later for good measure out). I'yard beginning to wonder if Windows Updates for the Server appear to work *right now*, only may still not be functioning fully/properly as intended or may stop "actualization to work" altogether at some point in the future once again, and likewise that the abuse detected by DISM may extend beyond Windows Update instability.

I'll post the Server'due south full CBS log - but from another forum (sysnative) that I was browsing, I take a sinking feeling there'south a possibility the Server's "C:\Windows\System32\config\COMPONENTS" file may be corrupted (which from my inquiry this is extremely delicate and sometimes repairable past i of their Windows Update experts, but other times the expert says the file/hive is completely borked and there's no other repair option other than a clean install).

Any extra eyes on the latest CBS log file would be greatly appreciated - as well equally any cognition/thoughts/insight into my COMPONENTS file abuse theory.

Likewise, while I hate running this (especially on a Server, because it feels like it takes forever), whatsoever thoughts on a

chkdsk C: /r

on startup in the hopes it might yield some boosted details (or at least some other eliminated cistron)? I simply ask considering sometimes on Windows 10 machines I've noticed DISM will say it repaired abuse, merely doesn't fully repair information technology until a chkdsk is run (and finds repairs that need to exist done).

Latest full CBS log attached, but hither is a snippet of some of the failures I'yard seeing logged:

2020-06-16 07:47:32, Info                  CBS    Could not load SrClient DLL from path: SrClient.dll.  Continuing without system restore points. 2020-06-sixteen 07:47:32, Info                  CBS    SQM: Initializing online with Windows opt-in: Fake 2020-06-sixteen 07:47:32, Info                  CBS    SQM: Cleaning upwards report files older than x days. 2020-06-16 07:47:32, Info                  CBS    SQM: Requesting upload of all unsent reports. 2020-06-16 07:47:32, Info                  CBS    SQM: Failed to beginning upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL] 2020-06-16 07:47:32, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL] 2020-06-16 07:47:32, Info                  CBS    SQM: Queued 0 file(s) for upload with blueprint: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6 2020-06-sixteen 07:47:32, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL] 2020-06-16 07:47:32, Info                  CBS    NonStart: Prepare pending shop consistency bank check. 2020-06-16 07:47:32, Info                  CBS    Session: 30819292_1298022865 initialized by client WindowsUpdateAgent. 2020-06-16 07:47:34, Info                  CBS    Session: 30819292_1320789063 initialized by customer WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1324921681 initialized by client WindowsUpdateAgent. 2020-06-xvi 07:47:35, Info                  CBS    Session: 30819292_1326776966 initialized by client WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-sixteen 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1326931041 initialized past customer WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Failed to internally open up package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-16 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1326931042 initialized by customer WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-16 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1326931043 initialized by client WindowsUpdateAgent. 2020-06-sixteen 07:47:35, Info                  CBS    Session: 30819292_1326971059 initialized by customer WindowsUpdateAgent. 2020-06-xvi 07:47:35, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-16 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1326971060 initialized by client WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Failed to internally open bundle. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-16 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-xvi 07:47:35, Info                  CBS    Session: 30819292_1327011048 initialized past client WindowsUpdateAgent. 2020-06-sixteen 07:47:35, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-sixteen 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2020-06-16 07:47:35, Info                  CBS    Session: 30819292_1327011049 initialized by customer WindowsUpdateAgent. 2020-06-16 07:47:35, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2020-06-16 07:47:35, Info                  CBS    Failed to OpenPackage using worker session [HRESULT = 0x800f0805]

Edited by jat24788, xvi June 2022 - 09:17 AM.

• Dorsum to elevation

#20 sflatechguy

sflatechguy

• 
• BC Counselor
• 2,693 posts
• OFFLINE

• Gender: Male
• Local fourth dimension: 12:46 PM

Posted 16 June 2022 - 10:14 AM

An IDS in prevention mode is a likely culprit. The IDS is only equally skillful as the signatures it gets, and isn't always able to distinguish friendly from unfriendly network traffic. Information technology's odd that it would block Windows Updates traffic, but I've seen firewalls with IDS cake things that are totally harmless. It's always best to start in "detection" manner and whitelist things information technology may flag as harmful when they aren't.

If yous suspect it is problems with the registry settings for Windows Updates, I would (over again) propose opening a support ticket with Microsoft. Considering it'southward Windows Server, you'll become improve response times and responses.

• Back to top

#21 Shplad

Shplad

• 
• Members
• iv,528 posts
• OFFLINE

• Gender: Non Telling
• Location: Canada
• Local fourth dimension: 12:46 PM

Posted 16 June 2022 - 10:24 AM

IMO, Windows Update funcitonality is one of the most basic functions there is for a server. If  Cisco'due south Meraki team can't assure you that the firewall won't block information technology, I'd be looking for some other firewall solution (assuming that IS the problems). It doesn't say much that's good about Cisco'due south QA or support attitudes.

Here's a helpful page from MS well-nigh their Update log files:

https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-logs

And another one from MS listing and describing the Windows Update fault codes:

https://docs.microsoft.com/en-united states/windows/deployment/update/windows-update-error-reference

Windows Update error codes by Don Pick (Technet):

https://social.technet.microsoft.com/wiki/contents/manufactures/15260.windows-update-agent-error-codes.aspx

I'chiliad still searching for a URL I saw that actually helps yous with troubleshooting steps for some of the major

errors with WU. Tin't find the darned thing.

And RE: what sflatechguy wrote, did y'all ever test the firewall past adding the WU URLs in question to a whitelist, or did it start working again before you lot could exercise that? Maybe if it acts upwards again, you lot could endeavor whitelisting the URLs.

EDIT: IIRC, sometimes when registry hives go corrupted, information technology'southward listed as an event in the Arrangement Log. You might

want to check there for clues. Even if it's non corrupted, the System Log might reveal some helpful diagnostic

information here. I'd take a careful look at information technology.

Edited by Shplad, 16 June 2022 - ten:53 AM.

• Back to top

#22 jat24788

jat24788

• Topic Starter


• 
• Members
• xiii posts
• OFFLINE

• Local fourth dimension: 12:46 PM

Posted xvi June 2022 - 10:51 AM

@sflatechguy - Aye, they are in Detection mode for that exact reason now

@Shplad - Normally everything has been not bad with Meraki's firewall, just like sflatechguy said, the IDS is only as good as the signatures it gets, and I practise think they use Snort (possibly in combination with other signatures). The WU hostnames were already whitelisted as role of my initial troubleshooting steps - notwithstanding they plainly were simply whitelisted under "Content Filtering" and not the actual Layer3 Firewall rules...

On that note I checked the dism.log file besides the CBS.log file and this is what stood out to me:

    Line 132735: 2020-06-12 22:13:25, Fault                 DISM   DISM Package Manager: PID=332 TID=1820 Failed opening packet. - CDISMPackageManager::Internal_CreatePackageByPath(hour:0x80070002)     Line 132736: 2020-06-12 22:13:25, Error                 DISM   DISM Package Manager: PID=332 TID=1820 Failed to become the underlying CBS package. - CDISMPackageManager::OpenPackageByPath(hr:0x80070002)     Line 132737: 2020-06-12 22:13:25, Error                 DISM   DISM Parcel Manager: PID=332 TID=1820 Failed to open the package at location: "C:\25097976_d500d0be79c5effb0407939c8b9777cef094af48.cab" - CPackageManagerCLIHandler::ProcessPackagePath(hr:0x80070002)     Line 132738: 2020-06-12 22:13:25, Error                 DISM   DISM Package Manager: PID=332 TID=1820 Failed while processing command add-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070002)     Line 132740: 2020-06-12 22:thirteen:25, Mistake                 DISM   DISM.EXE: DISM Package Manager processed the control line but failed. HRESULT=80070002     Line 132916: 2020-06-12 22:fourteen:25, Fault                 DISM   DISM Parcel Manager: PID=2884 TID=3460 Failed opening parcel. - CDISMPackageManager::Internal_CreatePackageByPath(hour:0x80070002)     Line 132917: 2020-06-12 22:14:25, Mistake                 DISM   DISM Package Manager: PID=2884 TID=3460 Failed to go the underlying CBS bundle. - CDISMPackageManager::OpenPackageByPath(hr:0x80070002)     Line 132918: 2020-06-12 22:fourteen:25, Error                 DISM   DISM Bundle Director: PID=2884 TID=3460 Failed to open up the packet at location: "C:\25097976_d500d0be79c5effb0407939c8b9777cef094af48.cab" - CPackageManagerCLIHandler::ProcessPackagePath(60 minutes:0x80070002)     Line 132919: 2020-06-12 22:14:25, Mistake                 DISM   DISM Bundle Manager: PID=2884 TID=3460 Failed while processing control add together-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070002)     Line 132921: 2020-06-12 22:fourteen:25, Mistake                 DISM   DISM.EXE: DISM Bundle Manager processed the command line simply failed. HRESULT=80070002     Line 133097: 2020-06-12 22:15:09, Error                 DISM   DISM Parcel Manager: PID=4676 TID=1396 Failed opening package. - CDISMPackageManager::Internal_CreatePackageByPath(60 minutes:0x80070002)     Line 133098: 2020-06-12 22:15:09, Mistake                 DISM   DISM Bundle Manager: PID=4676 TID=1396 Failed to get the underlying CBS package. - CDISMPackageManager::OpenPackageByPath(hr:0x80070002)     Line 133099: 2020-06-12 22:15:09, Fault                 DISM   DISM Package Manager: PID=4676 TID=1396 Failed to open up the packet at location: "C:\update\myupdate.cab" - CPackageManagerCLIHandler::ProcessPackagePath(hr:0x80070002)     Line 133100: 2020-06-12 22:fifteen:09, Mistake                 DISM   DISM Package Manager: PID=4676 TID=1396 Failed while processing command add-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070002)     Line 133102: 2020-06-12 22:fifteen:09, Fault                 DISM   DISM.EXE: DISM Package Manager processed the command line merely failed. HRESULT=80070002

More than Specifically:

Error                 DISM   DISM Package Manager: PID=332 TID=1820 Failed to open the package at location: "C:\25097976_d500d0be79c5effb0407939c8b9777cef094af48.cab" - CPackageManagerCLIHandler::ProcessPackagePath(hr:0x80070002)

Error                 DISM   DISM Parcel Director: PID=2884 TID=3460 Failed to open up the package at location: "C:\25097976_d500d0be79c5effb0407939c8b9777cef094af48.cab" - CPackageManagerCLIHandler::ProcessPackagePath(hr:0x80070002)

Error                 DISM   DISM Package Director: PID=4676 TID=1396 Failed to open up the bundle at location: "C:\update\myupdate.cab" - CPackageManagerCLIHandler::ProcessPackagePath(60 minutes:0x80070002)

And it would neglect to open the cab file because no such file(s) exist...

And I think this correlates with the original CBS log that had the following error entry when WU was failing altogether:

2020 - 06 - 13 ten : 27 : 16 : 982 364 1888     PT    Warning : ECP : Failed to download cab file from http : //download.windowsupdate.com/d/msdownload/update/others/2017/06/25097976_d500d0be79c5effb0407939c8b9777cef094af48.cab with error 0x80072efe

Edited by jat24788, sixteen June 2022 - 10:55 AM.

• Dorsum to top

#23 Shplad

Shplad

• 
• Members
• 4,528 posts
• OFFLINE

• Gender: Not Telling
• Location: Canada
• Local time: 12:46 PM

Posted 16 June 2022 - 12:27 PM

From the last link I sent you:

https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting

Is your firewall supporting RANGE rules?

Issues related to HTTP/Proxy

Windows Update uses WinHttp with Fractional Range requests (RFC 7233) to download updates and applications from Windows Update servers or on-premises WSUS servers. Because of this proxy servers configured on the network must back up HTTP RANGE requests. If a proxy was configured in Internet Explorer (User level) only not in WinHTTP (System level), connections to Windows Update will fail.

To fix this issue, configure a proxy in WinHTTP by using the following netsh control:

Console

netsh winhttp set proxy ProxyServerName:PortNumber

The aforementioned md. as well lists some URLs to whitelist. Though this is for Windows 10, I'chiliad sure information technology can't injure to test with them:

Device cannot access update files

Cheque that your device tin can access these Windows Update endpoints:

• http://windowsupdate.microsoft.com
• http://*.windowsupdate.microsoft.com
• https://*.windowsupdate.microsoft.com
• http://*.update.microsoft.com
• https://*.update.microsoft.com
• http://*.windowsupdate.com
• http://download.windowsupdate.com
• https://download.microsoft.com
• http://*.download.windowsupdate.com
• http://wustat.windows.com
• http://ntservicepack.microsoft.com

In that location's more in that document I haven't included here. You might want to have a read through it also.

Edited by Shplad, 16 June 2022 - 12:48 PM.

• Back to top

#24 jat24788

jat24788

• Topic Starter


• 
• Members
• 13 posts
• OFFLINE

• Local time: 12:46 PM

Posted sixteen June 2022 - 01:39 PM

@Shplad Yeah, thanks for that link, I'grand using it for additional codes that are being returned (Warnings in the Dism log instead of Errors). Unfortunately I realized those Errors I just listed were not today only on June twelfth, which is all the same when the firewall was blocking admission, so both the errors you just listed brand perfect sense now and have me more convinced than ever that it was originally a Firewall event like others here originally suggested/idea.

These are what I whitelisted in the firewall (just in case for the future, and what Meraki recommended):

windowsupdate.microsoft.com update.microsoft.com windowsupdate.com download.windowsupdate.com download.windowsupdate.com wustat.windows.com ntservicepack.microsoft.com

The only thing I'thou left scratching my head at now is why the "Dism RestoreHealth" control yet reports corruption and says it is repaired but upon subsequent runs says the same thing once again!

Looking at the DISM log, this seems to exist the recurring theme for Warnings (no "Errors" are showing, and all other entries are "Info")

    Line 139074: 2020-06-16 08:11:48, Warning               DISM   DISM Provider Shop: PID=5180 TID=4892 Failed to go the IDismObject Interface - CDISMProviderStore::Internal_LoadProvider(hr:0x80004002)     Line 139075: 2020-06-16 08:xi:48, Alert               DISM   DISM Provider Store: PID=5180 TID=4892 Failed to Load the provider: C:\Users\ADMINI~1\AppData\Local\Temp\58BDB8A8-5396-4D53-85B4-83919717F066\Wow64provider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x80004002)     Line 139082: 2020-06-16 08:11:48, Warning               DISM   DISM Provider Store: PID=5180 TID=4892 Failed to Load the provider: C:\Users\ADMINI~i\AppData\Local\Temp\58BDB8A8-5396-4D53-85B4-83919717F066\EmbeddedProvider.dll. - CDISMProviderStore::Internal_GetProvider(60 minutes:0x8007007e)     Line 139240: 2020-06-16 08:43:34, Alarm               DISM   DISM Provider Shop: PID=1628 TID=5488 Failed to Load the provider: C:\Users\ADMINI~i\AppData\Local\Temp\63485198-18DC-40DD-9EFA-8543A82B2883\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)     Line 139266: 2020-06-16 08:43:34, Warning               DISM   DISM Provider Store: PID=1628 TID=5488 Failed to Load the provider: C:\Users\ADMINI~1\AppData\Local\Temp\63485198-18DC-40DD-9EFA-8543A82B2883\IBSProvider.dll. - CDISMProviderStore::Internal_GetProvider(hour:0x8007007e)     Line 139279: 2020-06-16 08:43:34, Alert               DISM   DISM Provider Store: PID=1628 TID=5488 Failed to become the IDismObject Interface - CDISMProviderStore::Internal_LoadProvider(hr:0x80004002)     Line 139280: 2020-06-16 08:43:34, Warning               DISM   DISM Provider Store: PID=1628 TID=5488 Failed to Load the provider: C:\Users\ADMINI~one\AppData\Local\Temp\63485198-18DC-40DD-9EFA-8543A82B2883\Wow64provider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x80004002)     Line 139287: 2020-06-16 08:43:34, Warning               DISM   DISM Provider Store: PID=1628 TID=5488 Failed to Load the provider: C:\Users\ADMINI~ane\AppData\Local\Temp\63485198-18DC-40DD-9EFA-8543A82B2883\EmbeddedProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)

# for hex 0x80004002 / decimal -2147467262
COR_E_INVALIDCAST                                              corerror.h
# Indicates a bad bandage condition
DIERR_NOINTERFACE                                              dinput.h
DSERR_NOINTERFACE                                              dsound.h
STIERR_NOINTERFACE                                             stierr.h
E_NOINTERFACE                                                  winerror.h
# No such interface supported
# 5 matches plant for "0x80004002"

# No results plant for hex 0x8007007e / decimal -2147024770
# as an HRESULT: Severity: FAILURE (1), FACILITY_WIN32 (0x7), Code 0x7e
# for hex 0x7e / decimal 126
ERROR_MOD_NOT_FOUND                                            winerror.h
# The specified module could not be plant.
# 1 matches constitute for "0x8007007e"

Nevertheless the Dism log likewise reports the following even though Dism inside CMD reports it has repaired corruption:

Checking Arrangement Update Readiness.   Summary: Performance: Detect and Repair Functioning result: 0x0 Last Successful Footstep: Entire functioning completes. Total Detected Corruption:    0     CBS Manifest Corruption:    0     CBS Metadata Abuse:    0     CSI Manifest Corruption:    0     CSI Metadata Corruption:    0     CSI Payload Abuse:    0 Total Repaired Corruption:    0     CBS Manifest Repaired:    0     CSI Manifest Repaired:    0     CSI Payload Repaired:    0     CSI Store Metadata refreshed:    True

If information technology weren't for DISM saying corruption was repaired in CMD this is something I usually wouldn't worry about since the log looks proficient/make clean and only Warnings testify upwardly instead of Errors (which I'm being told is normal). Is this somehow a false positive reported in CMD by Dism? Dism.log fastened, CBS.log attached and screenshot attached of CMD window.

----EDIT----

@Shplad - the terminal link you referenced "https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting" I went through extensively before my OP. That's also how I manually downloaded the latest server updates and installed them.

The firewall does permit for ranges, and I'll be adding all those entries to the Layer3 to be whitelisted for the future just in case.

Fastened Files

Edited by jat24788, 16 June 2022 - 01:44 PM.

• Back to top

#25 Shplad

Shplad

• 
• Members
• four,528 posts
• OFFLINE

• Gender: Not Telling
• Location: Canada
• Local time: 12:46 PM

Posted 16 June 2022 - 02:53 PM

I'm not sure, but from a the looks of those errors from the DISM.log I'd say you should call MS back up to inquire about those. They're pretty ambiguous/proprietary-looking.

• Back to peak

#26 jat24788

jat24788

• Topic Starter


• 
• Members
• xiii posts
• OFFLINE

• Local fourth dimension: 12:46 PM

Posted 18 June 2022 - 10:27 PM

Just an update: Microsoft refused to offer whatever support for Server 2012 R2 (only Server 2022 and 2019) unless I paid them at least $499 for a "Unmarried Incident" plan. I guess extended support for Server 2012 R2 until 2023 doesn't mean much other than connected Windows Update security patches (if yous tin get Windows Update to work properly, that is). If I have to pay Microsoft that much just to become whatever kind of support for this result, I might but do an in-place upgrade to Server 2022 (forth with licensing updates, every bit licensing changes/increases with CPU cores etc with Server 2019). Thoughts?

• Back to top

#27 Shplad

Shplad

• 
• Members
• four,528 posts
• OFFLINE

• Gender: Not Telling
• Location: Canada
• Local fourth dimension: 12:46 PM

Posted eighteen June 2022 - 10:43 PM

Hmm...that'southward disappointing. I've heard good things about both versions. I'd go with 2022 if it's within your budget, just because in that location'll be less

worry nigh deprecation any time soon.

I suggest you take a good look at the licensing details befor y'all make the jump. Microsoft has made the details very complicated when compared

with older versions.

Somewhere floating effectually the Spider web is a very well-designed matrix of all the licensing complexities, greatly simplified and made easier to grasp.

I can't find it right now.

• Back to summit

#28 Shplad

Shplad

• 
• Members
• 4,528 posts
• OFFLINE

• Gender: Non Telling
• Location: Canada
• Local time: 12:46 PM

Posted 18 June 2022 - 10:46 PM

Await...I'm non clear...did yous ever end up running a CHDSK on the main volume in question? If so, what were the results?

What about restoring that corrupted registry hive? Did you end up attempting that?

This isn't information technology, but it's helpful:

Windows Server 2022 licensing datasheet

https://download.microsoft.com/download/7/C/E/7CED6910-C7B2-4196-8C55-208EE0B427E2/Windows_Server_2019_licensing_datasheet_EN_US.pdf

Almost CALs

https://www.microsoft.com/en-us/licensing/product-licensing/customer-access-license

Double-check those resources. Sometimes, MS types up long docs and doesn't carp to indicate whether

they only utilise to volume-licensing or i-off packs etc.

Edited by Shplad, 18 June 2022 - 10:50 PM.

• Back to top

#29 jat24788

jat24788

• Topic Starter


• 
• Members
• 13 posts
• OFFLINE

• Local fourth dimension: 12:46 PM

Posted 18 June 2022 - 11:03 PM

@Shplad - Since the visitor owning the server is a non-profit they can get Server 2022 and licenses pretty cheap through TechSoup (probably way cheaper than $499).

I'g running "chkdsk C: /r" on the Server tonight, just hoping it doesn't have overly long to run as business hours brainstorm in nine hours from now. I'll post back the results of the browse once information technology is completed; maybe I'll go lucky.

As for the registry hive, and manually repairing corruption, I have no thought how to do that myself. I suppose I could endeavour a postal service at SysNative, which is where I heard about this kind of procedure - unless someone here knows how to analyze and practice such a repair?

• Back to pinnacle

#thirty jat24788

jat24788

• Topic Starter


• 
• Members
• 13 posts
• OFFLINE

• Local fourth dimension: 12:46 PM

Posted 19 June 2022 - 12:01 AM

Chkdsk returned the following after 1 run:

Checking file organization on C: The type of the file arrangement is NTFS.  A disk bank check has been scheduled. Windows will now check the disk.                           Stage 1: Examining basic file system construction ... Cleaning up instance tags for file 0x1acb8. Cleaning up instance tags for file 0x268ac. Cleaning up instance tags for file 0x26a85.   997632 file records candy.                                                         File verification completed.   22567 big file records processed.                                      0 bad file records processed.                                       Stage 2: Examining file name linkage ...   1115002 index entries processed.                                                        Index verification completed.   0 unindexed files scanned.                                           0 unindexed files recovered.                                        Stage 3: Examining security descriptors ... Cleaning up 1097 unused index entries from index $SII of file 0x9. Cleaning upwardly 1097 unused index entries from index $SDH of file 0x9. Cleaning up 1097 unused security descriptors. Security descriptor verification completed.   58686 data files processed.                                            CHKDSK is verifying Usn Journal... Usn Journal verification completed.  Stage four: Looking for bad clusters in user file data ...   997616 files candy.                                                                File data verification completed.  Phase 5: Looking for bad, free clusters ...   8193491 costless clusters processed.                                                        Free infinite verification is consummate. CHKDSK discovered free infinite marked as allocated in the volume bitmap.  Windows has made corrections to the file system. No farther activeness is required.    83345407 KB total disk space.   49326416 KB in 209323 files.     176264 KB in 58687 indexes.          0 KB in bad sectors.    1068759 KB in use by the system.      65536 KB occupied past the log file.   32773968 KB available on deejay.        4096 bytes in each allocation unit.   20836351 total allocation units on disk.    8193492 allocation units available on disk.

DISM however reports abuse being repaired every time it is run.

2nd chkdsk run:

Checking file arrangement on C: The blazon of the file organization is NTFS.  A disk cheque has been scheduled. Windows will now check the disk.                           Stage one: Examining basic file system structure ...   997632 file records processed.                                                         File verification completed.   22560 large file records processed.                                      0 bad file records processed.                                       Phase 2: Examining file name linkage ...   1115014 index entries processed.                                                        Index verification completed.   0 unindexed files scanned.                                           0 unindexed files recovered.                                        Phase iii: Examining security descriptors ... Cleaning up 10 unused alphabetize entries from alphabetize $SII of file 0x9. Cleaning upward ten unused index entries from alphabetize $SDH of file 0x9. Cleaning up 10 unused security descriptors. Security descriptor verification completed.   58692 data files processed.                                            CHKDSK is verifying Usn Periodical...   837832 USN bytes processed.                                                            Usn Periodical verification completed.  Stage 4: Looking for bad clusters in user file data ...   997616 files processed.                                                                File data verification completed.  Stage 5: Looking for bad, free clusters ...   8091862 free clusters processed.                                                        Free space verification is complete.  Windows has scanned the file system and found no issues. No further activity is required.    83345407 KB total disk space.   49731900 KB in 209342 files.     176272 KB in 58693 indexes.          0 KB in bad sectors.    1069787 KB in utilize past the system.      65536 KB occupied past the log file.   32367448 KB available on disk.        4096 bytes in each allocation unit.   20836351 full allotment units on deejay.    8091862 allocation units available on deejay.

Edited by jat24788, 19 June 2022 - 12:26 AM.

• Back to top

clarktherromes.blogspot.com

Source: https://www.bleepingcomputer.com/forums/t/723993/windows-server-2012-r2-windows-update-fails-8024402f-not-wsus/page-2

Share this post