[SOLVED] Windows update b0rked, trying to avoid a reinstall

Back after the weekend which was thoroughly enjoyable. :-).

So in the end, I temporarily removed the computer from the domain in order to get logged in properly with a profile as a local admin and re-ran the SFC and DISM commands, then saved the event logs. I've re-joined the computer to the domain as it was quite painful to use remotely when not on the domain.

Event and CBS logs attached.

Thanks.
 

Attachments

Hi,

Open an elevated command prompt and run the following command. Attach Dirlist.txt to your next post.
Code: 
dir /s /a %systemroot%\Servicing\Sessions > "%userprofile%\Desktop\Dirlist.txt"
 
Could you please check nothing inside "%systemroot%\Servicing\Sessions" is blocked by the ESET Security software.
 
I opened both the xml files in "%systemroot%\Servicing\Sessions" with Notepad without issue. We have central logging for ESET and I've not seen any notifications for it.

The timestamps on those files and the lack of other content in the folder is odd though.
 
Before the TiWorker process crashed I noticed the following. Are you able to stop all the Ivanti processes?

Rich (BB code): 
Log Name:      System
Source:        Service Control Manager
Date:          5/13/2024 8:16:25 AM
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CLAR*****
Description:
The Windows Modules Installer service terminated with the following error:
The RPC server is unavailable.

Log Name:      System
Source:        Service Control Manager
Date:          5/13/2024 8:11:11 AM
Event ID:      7030
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CLAR****(
Description:
The Ivanti Security Controls Deployment Tool Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Rich (BB code): 
(services.exe ->) (Ivanti, Inc. -> Ivanti) C:\Windows\ProPatches\Scheduler\STSchedEx.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1610_none_16d8d2032a45b189\TiWorker.exe
Failed to access process -> TiWorker.exe
 
I've uninstalled the Ivanti deployment service for the moment (it will come back when the next deployment attempt is scheduled).

Re-running DISM still results in the error 1762. CBS logs attached.
 

Attachments

NB. according to Ivanti, the error is harmless:

Ivanti Community

Ivanti Security Controls Deployment Tool Service Is Marked As An Interactive Service
Products / Topics :
Security Controls
Created Date
Nov 1, 2023 6:06:32 PM
Last Modified Date
Nov 17, 2023 11:42:50 PM
Description
After running an Agentless Operation on a target device with a scheduled deployment, the Ivanti Security Controls Deployment Tool Service service may create an error message in the device's Windows System Event logs with the following error message:The Ivanti Security Controls Deployment Tool Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
image.png


The service was formerly known as the ST Remote Scheduler service.
Cause
The error is due to the fact that some patches require the scheduled operation run as an interactive service to properly to execute the patch.
On systems that do not allow interactive services, this can cause a minor monitoring/reporting issue since the error shows in the System event log, but the operation will execute as normal.
Resolution
If your monitoring system is flagging this error as an issue, you'll need to configure your software to whitelist or ignore this error.
It's a false positive since it doesn't actually cause any problems.
Applies to
Security Controls - Security Controls 2023.3, Security Controls 2023.4
Article Number :
000088954
Article Promotion Level
Normal
Click to expand...
 
Indeed, but it was just some 'issue' to rule out. Let's check another folder.

Open an elevated command prompt and run the following command. Attach Dirlist.txt to your next post.
Code: 
dir /s /a %systemroot%\Servicing\Packages > "%userprofile%\Desktop\Dirlist.txt"
 
Please provide a copy of the following files from %systemroot%\Servicing\Packages:
Code: 
19/03/2019  05:00            10,074 WindowsSearchEngineSKU-Group-Package~31bf3856ad364e35~amd64~~10.0.18362.1.cat
19/03/2019  00:12               836 WindowsSearchEngineSKU-Group-Package~31bf3856ad364e35~amd64~~10.0.18362.1.mum
 
Open %systemroot%\Servicing\Packages and scroll down, do you see (hidden) files without the *.cat/mum extension?
 
I see one file without the cat/mum extension:

Package_for_KB4535680~31bf3856ad364e35~amd64~~10.0.1.1.ses
 
Please make a backup of that file and remove it into "%systemroot%\Servicing\Packages". Then run DISM again and let me know the result.
 
Hi,

Step 1.
Warning: This fix was written specifically for this system. Do not run this fix on another system.
  • Save any work you have open, and close all programs.
  • Download the attachment SFCFix.zip and save it to your desktop.
  • Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
650c22f99662d-6190d993a26f3-SFCFix-Zip-Eng.gif

  • SFCFix will launch, let it complete.
  • Once done, a file will appear on your desktop, called SFCFix.txt.
  • Post the logfile (SFCFix.txt) as attachment in your next reply.


Step 2. Run the following DISM command and post the result. If it fails attach a new copy of the CBS log.
Code: 
DISM /online /cleanup-image /RestoreHealth
 

Attachments

I think you've hit gold! The DISM command ran to completion, albeit with "The source files could not be found". This is probably because the installed Windows 10 version is 1909 I guess.

At any rate, you're an absolute star! Thank you so much!

A question on providing the /Source option to DISM. Should I use the 1909 Windows ISO for this?
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top