[SOLVED] Cumulative Update 2024-3 Server Operating System Version 21h2 x64 (KB5035857) Failed to install

Hi,

Open an elevated command prompt and run the following command. Attach Dirlist.txt to your next post.
Code: 
dir /s /a %systemroot%\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.20348.2340_none_0f83ce4c2d07fcf9 > "%userprofile%\Desktop\Dirlist.txt"
 
Please do the same for another component.
Code: 
dir /s /a %systemroot%\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.20348.2334_none_fe3e7fb3a2b1400d > "%userprofile%\Desktop\Dirlist.txt"
 
Hmm, please attempt to update again with Process Monitor, hopefully this will show a bit more information about this issue.

Capture Process Monitor BootLog
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Select the Options....Enable Boot Logging option. A Enable Boot Logging dialog will come up. Just click OK.
3. Create a folder on your desktop named BootLog.
4. Attempt to install the update just like you have in the past. Let the machine reboot and revert just like it has in the past.
5. After the machine has rebooted and come back up to the desktop, open Process Monitor again. A message box will come up telling you that a log of boot-time activity was created and ask if you wish to save it. Click Yes and save to the BootLog folder on your desktop.
6. This may take some time as it converts the boot-time data. Allow it to finish.
7. Zip up the entire BootLog folder on your desktop and upload to a file sharing service like: WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free
8. Attach also a new copy of the CBS for the time stamps.
 
Please upload a new copy of the SideBySide hive to look at. Zip SBS.hiv and attach it to your next post.
Code: 
reg Save "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" "%systemdrive%\SBS.hiv"
 
Rich (BB code): 
2024-04-01 13:20:51, Error                 CSI    000004b1 (F) STATUS_ACCESS_DENIED #212556# from Windows::Rtl::SystemImplementation::CKey::QueryValue(flags = 1, kn = [l:154]'\Registry\Machine\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.20348.2334_none_fe3e7fb3a2b1400d\', vn = [l:5 ml:6]'S256H', ic = KeyValuePartialInformation, info = {l:0 b:}, disp = 0)[gle=0xd0000022]
2024-04-01 13:20:51, Info                  CSI    000004b2 ERROR MAPPING HRESULT - No proper NTSTATUS mapping available.  Error is: "c0000022 [Error,Facility=(0000),Code=34 (0x0022)]".

2024-04-01 13:20:51, Info                  CSI    000004b3@2024/4/1:11:20:51.798 Failed to load CSI AI DLL from keyform; falling back to Base-SS directory.

2024-04-01 13:20:51, Info                  CSI    000004b4 Loading installer DLL from stack-relative path: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.20348.2334_none_b1d6bd2af980b2b6\fveupdateai.dll
2024-04-01 13:20:51, Error                 CSI    000004b5@2024/4/1:11:20:51.798 (F) onecore\base\wcp\componentstore\com\advancedinstallers.cpp(73): Error HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND) originated in function LoadHandlerDll expression: Tmp != nullptr
[gle=0x80004005]

Please do the following.

Step 1.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
  • Save any work you have open, and close all programs.
  • Download the attachment SFCFix.zip and save it to your desktop.
  • Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
650c22f99662d-6190d993a26f3-SFCFix-Zip-Eng.gif

  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Post the logfile (SFCFix.txt) as attachment in your next reply.


Step 2. Run the following DISM command and post the result. If it fails attach a new copy of the CBS log.
Code: 
DISM /online /cleanup-image /RestoreHealth
 

Attachments

Please attempt to update again and post the result. If it fails attach a new copy of the CBS logs.
 
Which (third-party) security software is installed on this server?

In the Process Monitor log I noticed the MalwareBytes service was running as well as Wazuh!. I cases like this I would suggest to uninstall all the 3th-party security applications and then attempt to update again.
 
Yes there is only Malwarebytes installed. I can do the uninstall of course. I'm thankful that you are willing to help me in this matter! I will uninstall now and retry the update.
 
Oh yes, forgot to mention, sorry. I just recently added this. Wanted to try wazuh and check if i could get some more insights about my network. Should i also uninstall this one?
 
Yes, please uninstall this application as well. And restart the server after uninstalling both apps before attempting to update again.
 
Finally!! Thank you so much!! You're a real IT-Jedi!! Man, thank you so much!! I guess i can reinstall Malwarebytes and wazuh again? Really strange issue, i don't think it had to do with Wazuh, since no active response was configured. I forgot yo reboot after installation, but it still worked out.

Thanks & Regards!
 
This is great news, and you're welcome. Honestly, I have to admit I had never heard about 'Wazuh', but MalwareBytes is a well-known tool though and this was the culprit in this case, I guess.

If you want you can re-install both applications again, however, if you run into the same problems again! Uninstall them first....

I will mark this as solved....(y)
 
Thank you again! And for sure i will next time first uninstall malwarebytes! 😄 Wazuh seems pretty cool to give some more insights in a Domain for instance CIS Benchmarks for Windows Server. I could tight security quite a lot, since i saw the different recommendations for Domain Security. Since this domain it's just my playground, i gave it a shot. ;)

Keep up that excellent work!!

Thanks & Best Regards
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top