Azure VM: Windows Updates Troubleshooting
At this post, we are going to describe the ways that we can handle Windows Update issues in an Azure VM and of course in any other Windows OS.
Windows Update Service & Windows Temp Folder
The first and easiest step is to restart the Windows Update Service from the Windows Services panel as the image below shows.
We can also delete the Windows Temp folder files, by executing the following command in elevated CMD.
del %windir%\Temp\
If these steps don't solve the problem follow the next.
Windows Update Offline Installation
If the problem didn't solve with the previous step then, we can download the files for offline installation from the MS Update Catalog as the image below shows.
Windows CMD Tools
System File Checker (SFC) command
The SFC command is used to verify and replace Windows system files.
To run
- Open elevated CMD as Administrator
- Type
sfc /scannowand press Enter
After sfc scan completed, try to install windows updates and restart the computer.
Deployment Image Servicing and Management (DISM) Tool
The DISM is a command line tool which can be used to check the system files and try to restore them.
To run the DISM tool we must follow the next steps:
- Open elevated CMD as Administrator
- Type the following commands as the examples show
Check for corruption
Dism /Online /Cleanup-Image /ScanHealth
Scan and Repair the Windows image from any corruption
DISM.exe /Online /Cleanup-image /Restorehealth
Scan and Repair On-Line Image with own source files
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
Note
These actions might be delay we MUST wait until finished. Do not Cancel it.
If the problem is not solved and the issue persists, then we can manually reset the Windows Update Components and run the Windows Update process.
Windows Update Components Reset
Before we start we must clear out what are these Components and Services which we deal with.
Services
- The Windows Update service (wuauserv/strong>), enables detection, download, installation of windows updates.
- The Cryptographic service (cryptsvc), makes use of the %windir%\System32\catroot2\edb.log file for the updating process.
- The Background Intelligent Transfer (bits) service, transfer files between a server and a client.
- The Windows Installer service (msiserver), provides the Windows Installer (*.msi) package, to add ,modify and remove apps.
Folders
- **Software Distribution **folder windows keep the Windows Updates history logs.
- Catroot folder contains system files that are important for the Windows Update process actually store the signature of the Windows Update package.
To reset Windows Update Components we must follow the next steps:
- Open a Command Prompt window as Admin
- And start executing the following commands:
net stop wuauserv
net stop cryptsvc
net stop bits
net stop msiserver
Note
By executing the following commands the services BITS, MSI Installer, Windows Update, and Cryptographic service will stop.
Then rename the Software Distribution and Catroot2 folders from the elevated command prompt console.
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old
Finally, start the stopped services again, by executing the following commands:
net start wuauserv
net start cryptsvc
net start bits
net start msiserver
After those steps, try to install windows updates and restart the computer.
Component-Based Service (CBS) Logs
CBS Log is a file which includes logs for the components that they are installed or uninstalled during Windows Updates.
The CBS file is located in the Windows directory.
We can find CBS definitions in Windows Registry:
Cached State Location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\<package name>
Package Location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\<package name>
Delete The CBS log
We can delete this file by following the next steps:
Stop the Windows Update Service, delete the log and start the Windows Update Service.
net stop wuauserv
del %windir%\Logs\CBS\*.*
net start wuauserv
Cleaning CBS update pending records
Open the Regedit key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing and then delete PackagesPending.
If we don't have the required permissions to do this action, we must give by following the next directive.
Right-click the key PackagesPending and open Permissions. Click on Advanced and change owner to Administrator.
After deleting the key, we must restart the VM.
Update Management
Azure gives the ability to users enable windowsupdate management from the Azure Portal.
To do that we must apply the following steps:
From the left VM main blade, select Operations - Update Management, and press Enable.
Until the solution is enabled we must wait for a few minutes.
After the solution is enabled in the Azure Portal, we have to wait up to 15' minutes for the VM configuration
At the final image, we have a view of the Update Management Portal, where there are no pending updates.
Summary
In this post, we read most of the ways that we can handle issues on the Windows Update system, not only in an Azure VM but in every Windows OS system. At the last chapter of this post, we read about the Update Management feature which gives everyone the ability to not be required to deal with Windows Updates.
See Also
- CBS Servicing States Chart – Refresher
- Fix Windows Update errors by using the DISM or System Update Readiness tool
- Windows Update Troubleshooter
- Background Intelligent Transfer Service
- Manage Windows updates by using Azure Automation
Note
All the information in this article is only provided for reference. The article provides options to change critical system parameters, you **MUST **be very careful to test and deploy them because in some cases the changes can render a system defunct! Use it at your own discretion.
This solution is not supported under any Microsoft standard support program or service. It is provided AS IS without warranty of any kind. Microsoft or the author disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample script remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script, even if Microsoft has been advised of the possibility of such damages.