[SOLVED] Windows Server 2016 failing updates error 0x80246002

[Gratiskeder]

It doesn't give anything,

PS C:\WINDOWS\system32> Get-MpComputerStatus
Get-MpComputerStatus : Operation failed with the following error: 0x80070002
At line:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpCompute
   rStatus], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070002,Get-MpComputerStatus

 

[Maxstar]

Please run this command again with Process Monitor running.

 

[Gratiskeder]

Here you go

 

[Maxstar]

Please run the System File Checker, I suspect this component might be corrupted: amd64_windows-defender-management-powershell_31bf3856ad364e35_10.0.14393.0_none_1137c685b804c9a3
If it fails attach a new copy of the CBS logs.

 

[Gratiskeder]

SFC didn't find anything,

C:\Program Files\Windows Defender>SFC /Scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

 

[Maxstar]

What is the result of the following command in PowerShell?

(Get-Service windefend).Status

 

[Gratiskeder]

PS C:\WINDOWS\system32> (Get-Service windefend).Status
Stopped

 

[Maxstar]

Please run the following commands in an elevated command prompt and post the result.

sc config WinDefend start= auto
sc start WinDefend

Wait a few seconds and then run the following command:

sc query WinDefend

 

[Gratiskeder]

Doesn't start,

C:\WINDOWS\system32>sc config WinDefend start= auto
[SC] OpenService FAILED 5:

Access is denied.


C:\WINDOWS\system32>sc start WinDefend

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x1
        WAIT_HINT          : 0x7530
        PID                : 1684
        FLAGS              :

C:\WINDOWS\system32>sc query WinDefend

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 2147942403  (0x80070003)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Also tried manually starting it from services - Gives this error,

---------------------------
Services
---------------------------
Windows could not start the Windows Defender Service service on Local Computer.



Error 0x80070003: The system cannot find the path specified.


---------------------------
OK   
---------------------------

Startup type is set to automatic

 

[Maxstar]

Export registry key as hive file.

• Open the Start menu of Windows and type CMD.
• When you see Command Prompt on the list, select the option Run as administrator.
• Copy and paste the following command into the command prompt and press enter.

reg save "HKLM\SYSTEM\CurrentControlSet\Services" "%userprofile%\Desktop\Services.hiv"

• Once done, a file will appear on your desktop, called Services.hiv.
• ZIP this file and attach it to your next reply.

 

[Gratiskeder]

Here you go

 

[Maxstar]

Please run the following commands and post the result:

certutil -hashfile "%ProgramFiles%\Windows Defender\MpAsDesc.dll" SHA256
certutil -hashfile "%ProgramFiles%\Windows Defender\MsMpEng.exe" SHA256

 

[Gratiskeder]

C:\WINDOWS\system32>certutil -hashfile "%ProgramFiles%\Windows Defender\MpAsDesc.dll" SHA256
SHA256 hash of file C:\Program Files\Windows Defender\MpAsDesc.dll:
e2163106dcffc94e897d6a4adc3b4f0e5ab8523d0a26edbfa55d4bb53a7d5f74
CertUtil: -hashfile command completed successfully.

C:\WINDOWS\system32>certutil -hashfile "%ProgramFiles%\Windows Defender\MsMpEng.exe" SHA256
SHA256 hash of file C:\Program Files\Windows Defender\MsMpEng.exe:
15d57684b9abb07a6a58972aefe1ffab0af2f602e3b3da5be0c58b66e0b12532
CertUtil: -hashfile command completed successfully.

 

[Maxstar]

Let's replace the Defender service with a known good copy to see if you are able to start the service then.

Warning: This fix was written specifically for this system. Do not run this fix on another system.

• Save any work you have open, and close all programs.
• Download the attachment SFCFixScript.txt and save it to your desktop.
• Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt.
• Post the logfile (SFCFix.txt) as attachment in your next reply.

 

[Gratiskeder]

It failed

 

[Maxstar]

ERROR_INVALID_OWNER
1307 (0x51B)
This security ID may not be assigned as the owner of this object.

Let's try to restore the permissions first.

Warning: This fix was written specifically for this system. Do not run this fix on another system.

• Save any work you have open, and close all programs.
• Download the attachment SFCFixScript.txt and save it to your desktop.
• Drag the SFCFixScript.txt file over the SFCFix.exe executable and release it.

• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt.
• Post the logfile (SFCFix.txt) as attachment in your next reply.

 

[Gratiskeder]

Successfull

 

[Maxstar]

Please try to start the WinDefend service using sc start WinDefend.

 

[Gratiskeder]

Still the same,

C:\WINDOWS\system32>sc start WinDefend

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x1
        WAIT_HINT          : 0x7530
        PID                : 2540
        FLAGS              :

C:\WINDOWS\system32>sc query WinDefend

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 2147942403  (0x80070003)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

---------------------------
Services
---------------------------
Windows could not start the Windows Defender Service service on Local Computer.



Error 0x80070003: The system cannot find the path specified.


---------------------------
OK   
---------------------------

 

[Maxstar]

Let's try to forcibly remove the service and add it back using FRST.

Download the

Farbar Recovery Scan Tool and save it to your Desktop:

Download the 64 bit version: - Farbar Recovery Scan Tool Link

Warning: This script was written specifically for this system. Do not run this script on another system.

• Download the attachment fixlist.txt and save it to your desktop.
• Right-click on FRST.exe and select "Run as administrator".
• Press the Fix button.
• If for some reason the tool needs a restart, please make sure you let the system restart normally.
• When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
• Post the logfile Fixlog.txt as attachment in your next reply.