Updates Rollback on restart Server 2019 1809 17763.5206

J

jlyle

Member
Joined
Nov 6, 2024
Posts
20
Hi,

I have a Server 2019 (1809 17763.5206) box that refuses to take any updates, I have tried updating online, and downloading updates from mscatalog and running the updates manually. They appear to be fine until a restart on shutting down the % never goes over 0% then system restarts and a message like rolling back updates appears.

I have run DISM /Online /Cleanup-Image /RestoreHealth

Currently update histroy shows a mix of 0x800703f1 and 0x80240034 error codes for security updates, cumulative server and cumulative .net updates.

Thanks so much for any help you can provide.
 

Attachments

Hi @jlyle,

Welcome to Sysnative Forums!

If you haven't already, please review the posting instructions here, and attach the requested log files. Without log files, our helpers will not be able to assist, and this will slow down fixing your machine.

If logs have been already been provided, our team of volunteers will analyse the provided log files to build a fix for your system. Please be aware that this may take several days from your initial post, due to the high volume of threads that we receive.


- Sysnative Windows Update Team
 
Hi and welcome to Sysnative,

Upload your DRIVERS Hive
  • Navigate to C:\Windows\System32\config and locate the DRIVERS file.
  • Please copy this file to your desktop.
  • Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
  • Right-click on this file on your desktop and select Send To > Compressed (zipped) folder. This will create a file named DRIVERS.ZIP on your desktop.
  • If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.
 
Hi,

Replace Drivers Hive Manually

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
  1. Download DRIVERS.ZIP and save to your desktop.
  2. Right-click on it and select Extract all.... Make sure the "Show extracted files when complete" is checked and click Extract.
  3. Now we have the DRIVERS file that we will be using to replace your current one.
  4. Navigate to C:\Windows\System32\config
  5. Right-click on the current DRIVERS file and select rename. Rename it to DRIVERS.bad.
    Note: If you get an error that the file is in use, reboot your computer and then try again.
  6. Take the file from the Drivers folder on your desktop and paste it into C:\Windows\System32\config

Afterwards reboot the server and attempt to update. If it fails attach the latest CBS logs and the following logfile.

Upload the setupapi.dev.log file
  • Open Windows Explorer and browse to the C:\Windows\INF folder.
  • Right-click on the file setupapi.dev.log and choose Send to > Compressed (zipped) folder.
  • Now the message will appear, "Windows cannot create the Compressed (zipped) Folder here. Do you want it to be placed on the desktop instead?"
  • Click on the Yes button here.
657716925b62b-setup-api-dev-folder.png

  • Attach the file setupapi.dev.zip in your next reply.
 

Attachments

Hi Maxstar,

Thanks for the Drivers hive, unfortunately the updates undo on restart. I had to apply from an msu (2024-08 cumulative server) this time as WU is convinced it is not connected to the internet. Please see attached CBS zip.

Thank you for your time.
 

Attachments

Hi,

Here's the next fix.

Warning: This fix was written specifically for this system. Do not run this fix on another system.
  • Save any work you have open, and close all programs.
  • Download the attachment SFCFix.zip and save it to your desktop.
  • Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
650c22f99662d-6190d993a26f3-SFCFix-Zip-Eng.gif

  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Post the logfile (SFCFix.txt) as attachment in your next reply.

Afterwards try to install te update and post the result. If it fails attach a new copy of the CBS logs and the Setupapi.dev.log.
 

Attachments

Here's the next fix for another driver.

Warning: This fix was written specifically for this system. Do not run this fix on another system.
  • Save any work you have open, and close all programs.
  • Download the attachment SFCFix.zip and save it to your desktop.
  • Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
650c22f99662d-6190d993a26f3-SFCFix-Zip-Eng.gif

  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Post the logfile (SFCFix.txt) as attachment in your next reply.

Afterwards try to install te update and post the result. If it fails attach a new copy of the CBS logs and the Setupapi.dev.log.
 

Attachments

Hey,

Ok so manually applying updates from mscatalog seems to be working but windows update is not working it seems convinced that it is offline, and stuck attempting to download/install old updates (already applied). I have attached the logs just in case they are helpful. Thanks for your time on this.
 

Attachments

Hi,

Export the Windows Update log
  • Right-click on the Start button and click Windows PowerShell (Admin).
  • Copy and paste the following command into it, press enter afterwards
Code: 
Get-WindowsUpdateLog
  • Wait for the message "WindowsUpdate.log written to C:\Users\<username>\Desktop\WindowsUpdate.log".
  • Attach the logfile WindowsUpdate.log to your next reply.
 
Good morning too!

I would first check the Date & Time setting in the Settings screen to see if the option set time automatically is turned off. I've this issue in combination with error 80072F8F on another server.
 
Hi,

It looks like the time and date, timezone is correct and is using our domain controllers as the time source. If I visit sls using edge I get a certificate error net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED its an ms certificate so I am not sure why -

Subject: sls.update.microsoft.com
Issuer: Microsoft Update Secure Server CA 2.1
Expires on: Jun 27, 2025
Current date: Nov 26, 2024
38d998a2e1318a954457905b6c19daaaf300d5de5ad97727d75a1ef2e18f9030

And the root that signed it is in the trusted roots.

I'm currently having a poke at the certs
 
I am wondering if it has to do with the TLS/ssl version deprication a while back.
 
Ok some progress ended up turning the old ciphers and tls 1.0 1.2 back on and copying cert reg key from another working 2019 box (Redirecting) and I have a list of new updates :D , all sat in pending download at the moment. I have a feeling that a restart might help but can't restart until after 17:00 GMT.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top