Windows Server 2016 x64 - unable to enable Defender Missing KB's

[stinger007]

After trying to enable defender via Server Manager it failed with the error below. CBS logs attached, Thanks

 

[Maxstar]

1. Start the

Command Prompt as administrator.

• Open the startmenu and type the command cmd.
• After you find the Command Prompt, right click on it and select Run as Administrator.
• Copy and paste the following into the Command Prompt and press enter.

reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

2.Right-click on the file

FRST.exe and choose Run as administrator.

• Copy and paste the following (code) into the Search box and click the Search Registry button.

KB5010359

• When the scan is complete, a message will display that SearchReg.txt is saved in the same folder FRST was started from.
• Post the logfile SearchReg.txt as attachment in your next reply.

 

[stinger007]

Thanks, Searchreg.exe attached

 

[Maxstar]

It seems something went wrong while uploading the attachement.

 

[stinger007]

Sorry about that, will attach again this time zipped, hope that helps.

 

[Maxstar]

Thanks, please make a full image / snapshot of this server and then do the following.

Start the

Farbar Recovery Scan Tool again.

Warning: This script was written specifically for this system. Do not run this script on another system.

• Download the attachment fixlist.txt and save it to your desktop.
• Right-click on FRST.exe and select "Run as administrator".
• Press the Fix button.
• If for some reason the tool needs a restart, please make sure you let the system restart normally.
• When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
• Post the logfile Fixlog.txt as attachment in your next reply.

 

[stinger007]

Thanks, I'll need to raise a change as the server is Live. Will get back to you as soon as I've completed the above.

 

[stinger007]

Hello Again,

I've run the fix above, and attached log files fixlog.zip

Thanks

 

[Maxstar]

Hi,

Great, please try to install the Defender feature again using the Server Manager. If it fails attach a new copy of the CBS logs.

 

[stinger007]

Unfortunately enabling defender via server manager failed. CBS logs attached, Thanks

 

[Maxstar]

Did you get another failure message this time in the Server Manager window?

 

[stinger007]

No error code just the below

 

[Maxstar]

In the CBS logs I noticed error 0x8024002E (WU_E_WU_DISABLED - Access to an unmanaged server is not allowed). Can you please try to install the latest updates to see if it will result in the same error.

 

[stinger007]

Thanks, will get the server patched over weekend and come back to you. Thanks for all your help so far

 

[Maxstar]

In the meantime can you please run the following command in an elevated prompt, just to check some policies. Copy and paste the result in your next post.

reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate" /s

 

[stinger007]

Thanks, result below

 

[Maxstar]

I would set the DisableWindowsUpdateAccess to 0, now all update services and its capabilities are diabled. You can use the following command to change the REG_DWORD value temporarily to see if you can install the Defender feature.

reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 0x0 /f

 

[stinger007]

Thanks, I've amended the registry to enable update services.

Tried to enable defender again via server manager and unfortunately it's failed with no error code as shown below. It seemed to take a lot longer to try and install this time.


New CBS logs attached

 

[Maxstar]

2024-05-24 09:55:10, Info                  CBS    Failed to stage execution chain. [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]
2024-05-24 09:55:10, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]
2024-05-24 10:03:34, Info                  CBS    DWLD: Failed to begin WU search [HRESULT = 0x80072ee2 - Unknown Error]
2024-05-24 10:03:34, Info                  CBS    Failed to search Windows update [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]
2024-05-24 10:03:34, Info                  CBS    Failed to enumerate cloud capabilities [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]

Still the same issue, it seems that some GPO policies preventing to connect to Windows Update, and the WSUS does not contain the required files to enable the Defender feature. As stated in the screenshot you'll need to specify an alternate source path. What you could try is the following command and specify a server with Defender installed. This could also be a newly installed VM for example.

DISM /Online /Enable-feature:Windows-Defender /All /Source:\\ServerName\C$\Windows\WinSxS /LimitAccess

 

[stinger007]

Thanks for the above.

I have tried the command above before posting. I've tried two ways

1) Pointing DISM at a mounted WIM file from 2016 server ISO (this didn't work)
2) Pointing DISM at another 2016 server, however a little lightbulb just went off when you said New VM. What I didn't check at the time is, does the server I pointed DISM at actually have those defender features enabled.

I'll go away and see if I can track down a server that has Windows Defender available and point DISM at that server. If that fails, I'll build a new 2016 server and make sure those features are available, then point DISM at that server.

tbh if the DISM method works that'll be better for me as I have around 200 of these problem servers to work through.

Thanks again for all your help. Will get back to you once I've tried the above