[SOLVED] Windows Server 2016 failing updates error 0x80246002

[Maxstar]

Open an elevated command prompt, run the following command and post the result:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"

 

[Gratiskeder]

C:\WINDOWS\system32>reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
    ProductType    REG_DWORD    0x2
    ProductStatus    REG_DWORD    0x0
    InstallLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\
    InstallTime    REG_BINARY    ED93656DB7C4D201
    OOBEInstallTime    REG_BINARY    CC4AB30FB8C4D201
    ManagedDefenderProductType    REG_DWORD    0x7
    DisableRoutinelyTakingAction    REG_DWORD    0x0
    BackupLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0
    DisableAntiVirus    REG_DWORD    0x0
    ReportingGUID    REG_SZ    F0C7CADF-A457-A211-DCCA-08F4B254F37C
    HybridModeEnabled    REG_DWORD    0x0
    VerifiedAndReputableTrustModeEnabled    REG_DWORD    0x0
    LastEnabledTime    REG_BINARY    2D870A70FD37D801
    ProductAppDataPath    REG_SZ    C:\ProgramData\Microsoft\Windows Defender
    ProductIcon    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\EppManifest.dll,-100
    ProductLocalizedName    REG_EXPAND_SZ    @%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
    RemediationExe    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Device Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Diagnostics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\DLP Websites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Miscellaneous Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\MpEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\NIS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Quarantine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Remediation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\WCOS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard

 

[Maxstar]

Great, please check if the following folder exists, I suspect it is missing.

InstallLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\

 

[Gratiskeder]

Yep, only goes to C:\ProgramData\Microsoft\Windows Defender

 

[Maxstar]

Please download KB4052623 (versie 4.18.23050.9) and install this update manually.

https://catalog.s.download.windowsu..._aa7e29ece94fbaacd94a7f34896b3f9671a18d18.exe

Afterwards check if the following directory is created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0

Then run the following command again to see if the InstallLocation has changed or still pointing to: 4.18.23050.5-0

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"

 

[Gratiskeder]

Have run the file as administrator.
Directory still not there
InstallLocation REG_SZ C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\

 

[Maxstar]

Hmm, please try to install KB4052623 again with Process Monitor running.

 

[Gratiskeder]

Here you go

 

[Maxstar]

InstallLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\
BackupLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0

In the meantime I've also checked my Server 2016 VM's and found both directory's where your system is looking for.
So we could try to recreate the platform directory "C:\ProgramData\Microsoft\Windows Defender\Platform" with the attached package.

 

[Gratiskeder]

Copied content to C:\ProgramData\Microsoft\Windows Defender.
Started service.
Service is running,

C:\WINDOWS\system32>sc query WinDefend

SERVICE_NAME: WinDefend
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

 

[Maxstar]

Nice, I will wait a moment to see if the system will update to 4.18.23050.9-0. After copying the platform directory, my server VM updated within a few minutes to 4.18.23050.9-0, so I was just in time copying these files....

 

[Gratiskeder]

When checking now,

InstallLocation    REG_SZ    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\

 

[Maxstar]

Great, then I would suggest to restart the server and check Windows Update again.

 

[Gratiskeder]

Tried running Windows update.
Came with failed updates and errors.
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify intranet Microsoft update service location - Changed to 'Not configured'
Tried running Windows update again.


When checking again nothing comes

 

[Maxstar]

Which updates failed when this server is connected to the (WSUS) SCCM Server? (edit: screenshot didn't load..)

I would also suggest to run the following command to restore the WSUS database.

wsusutil /reset

 

[Gratiskeder]

KB5028169 - Installed when not connected to SCCM server

KB4475581
KB5002419
KB5002426
KB4493154
KB5002427
KB5002058
KB5002406
KB5002349
KB4011621
KB5002221
KB5002197
KB4022193

Will not run from neither CMD or Powershell,

C:\WINDOWS\system32>wsusutil /reset
'wsusutil' is not recognized as an internal or external command,
operable program or batch file.

PS C:\WINDOWS\system32> wsusutil /reset
wsusutil : The term 'wsusutil' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ wsusutil /reset
+ ~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (wsusutil:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

 

[Maxstar]

All the failed updates are for Microsoft Office 2016, but were sucessfully installed in post #53?

Will not run from neither CMD or Powershell,

This command can only be run on the WSUS (SCCM) Server: Managing WSUS from the Command Line

reset

Checks that every update metadata row in the database has corresponding update files stored in the file system. If update files are missing or have been corrupted, WSUS downloads the update files again.

After restoring the WSUS database. When troubleshooting

 

[Gratiskeder]

I do not have access to work on the SCCM servers, so are not able to do that.
Just tried reset windows update, and clearing ccmcache.
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify intranet Microsoft update service location - Enabled and configured.
Windows update do not find any updates. SCCM still showing the Office updates and failing on install (error "0x87d00668","-2016410008","2278557288","Software update still detected as actionable after apply"). So looks to be a mismatch here.
Will try and reinstall SCCM and see what that makes of it

 

[Maxstar]

So looks to be a mismatch here.

Let me know the result after reinstalling SCCM if it resolved the issue.

Since the problem with Defender is fixed, I'm curious if ou are able to run this command:

Get-MpComputerStatus

 

[Gratiskeder]

PS C:\WINDOWS\system32> Get-MpComputerStatus


AMEngineVersion                  : 1.1.23060.1005
AMProductVersion                 : 4.18.23050.9
AMRunningMode                    : Normal
AMServiceEnabled                 : True
AMServiceVersion                 : 4.18.23050.9
AntispywareEnabled               : True
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  : 7/27/2023 8:08:28 PM
AntispywareSignatureVersion      : 1.393.1629.0
AntivirusEnabled                 : True
AntivirusSignatureAge            : 0
AntivirusSignatureLastUpdated    : 7/27/2023 8:08:28 PM
AntivirusSignatureVersion        : 1.393.1629.0
BehaviorMonitorEnabled           : True
ComputerID                       : F0C7CADF-A457-A211-DCCA-08F4B254F37C
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  : Default Allow
DeviceControlPoliciesLastUpdated : 3/23/2023 5:35:09 AM
DeviceControlState               : Disabled
FullScanAge                      : 4294967295
FullScanEndTime                  :
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         :
FullScanStartTime                :
IoavProtectionEnabled            : True
IsTamperProtected                : False
IsVirtualMachine                 : True
LastFullScanSource               : 0
LastQuickScanSource              : 2
NISEnabled                       : True
NISEngineVersion                 : 1.1.23060.1005
NISSignatureAge                  : 0
NISSignatureLastUpdated          : 7/27/2023 8:08:28 PM
NISSignatureVersion              : 1.393.1629.0
OnAccessProtectionEnabled        : True
ProductStatus                    : 524288
QuickScanAge                     : 7
QuickScanEndTime                 : 7/20/2023 3:29:21 PM
QuickScanOverdue                 : False
QuickScanSignatureVersion        : 1.393.870.0
QuickScanStartTime               : 7/20/2023 3:20:26 PM
RealTimeProtectionEnabled        : True
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        :
SmartAppControlState             : Off
TamperProtectionSource           : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     :
TroubleShootingDailyQuotaLeft    :
TroubleShootingEndTime           :
TroubleShootingExpirationLeft    :
TroubleShootingMode              :
TroubleShootingModeSource        :
TroubleShootingQuotaResetTime    :
TroubleShootingStartTime         :
PSComputerName                   :

Reinstalled SCCM.
Office updates fails from SCCM - Error 0x87D00668(-2016410008)
Also tried running Windows update from Windows settings, and even though it looks to keep running in a loop, update history says successfully installed for the updates,


So I guess we can say that the updates are installed, and SCCM got something that'll need at look into. That I'll forward to our SCCM team.
Thanks for all the help!