[SOLVED] Windows update CU problems

[Remy]

 

[Maxstar]

Do you recognize this account with the following SID?

2023-03-10 16:30:37, Info                  CSI    00000363 Performing HKCU for sid: [b]S-1-5-21-1208116320-4157040111-3380523825-1124[/b]
2023-03-10 16:30:37, Error                 CSI    00000364 (F) STATUS_OBJECT_NAME_NOT_FOUND #126446# from Windows::Rtl::SystemImplementation::DirectRegistryProvider::SysOpenKey(flg = (AllowAccessDenied), key = {provider=NULL, handle=0, name= ("null")}, da = (KEY_READ|KEY_WOW64_64KEY), oa = @0x675227c330->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[61]'\Registry\USER\S-1-5-21-1208116320-4157040111-3380523825-1124'; a:(OBJ_CASE_INSENSITIVE)}, disp = Unmapped disposition: 1378337032)[gle=0xd0000034]
2023-03-10 16:30:37, Error                 CSI    00000365@2023/3/10:15:30:37.300 (F) onecore\base\wcp\sil\merged\ntu\ntsystem.cpp(5238): Error STATUS_OBJECT_NAME_NOT_FOUND originated in function Windows::Rtl::SystemImplementation::DirectRegistryProvider::SysOpenKey expression: (null)
[gle=0x80004005]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1208116320-4157040111-3380523825-1124
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\scriptneh

 

[Remy]

Yes, ScriptNEH is an account where we run scheduled tasks and script with.

 

[Maxstar]

Where all users logged off before attempting to update last Friday?

 

[Remy]

Yes. I was the only account logged on with RDP.

 

[Maxstar]

Okay, let't take a look at the following logs if exists.

C:\$Windows.~BT\Sources\Panther\setupact.log
C:\$Windows.~BT\Sources\Panther\setuperr.log

 

[Remy]

I found the two logs on the next location: C:\Windows\System32\Sysprep\Panther\IE\
Setuperr.log is an empty file.

 

[Maxstar]

Download and run SetupDiag from Microsoft

• Download
  
  SetupDiag to your desktop.
• Right-click on SetupDiag.exe and select Run as administrator.
• When completed the following files are created: "Logs.zip, SetupDiag.exe.config and SetupDiagResults.log"
• Attach SetupDiagResults.log and Logs.zip to your next reply.

 

[Remy]

I get the following error:

 

[Maxstar]

Does the following directory exists?
C:\Windows\Panther

 

[Remy]

yes

 

[Maxstar]

Please attach a copy of that folder.

 

[Remy]

See attachment.

 

[Maxstar]

These logs are from 2020, so I would suggest to log off all the users again, then reboot the server and try to update again.

 

[Remy]

The update failed again. I see on the console of the server that de updates are reverting after the reboot.

 

[Maxstar]

That's right, the update is failing with this rollback error 0x800f0922.
Please attach a new copy of the CBS log(s) and the following logs if exists.

C:\$Windows.~BT\Sources\Panther\setupact.log
C:\$Windows.~BT\Sources\Panther\setuperr.log

 

[Remy]

The path above does not exist. And the logs in C:\Windows\Panther are out of date.
I uploaded the CBS logs.

 

[Maxstar]

2023-03-13 11:42:05, Error                 CSI    00000369 (F) STATUS_OBJECT_NAME_NOT_FOUND #126476# from Windows::Rtl::SystemImplementation::CBufferedRegistryProvider::SysOpenKey(flg = 0, key = {provider=NULL, handle=0, name= ("null")}, da = (KEY_READ), oa = @0x28a497c268->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[61]'\REGISTRY\USER\S-1-5-21-1208116320-4157040111-3380523825-1124'; a:(OBJ_CASE_INSENSITIVE)}, disp = Unmapped disposition: 2761408960)[gle=0xd0000034]
2023-03-13 11:42:05, Error                 CSI    0000036a (F) STATUS_OBJECT_NAME_NOT_FOUND #126474# from Windows::Rtl::SystemImplementation::CUserProfile::OpenProfileRootKey(...)[gle=0xd0000034]

2023-03-13 11:42:05, Error      [0x018063] CSI    0000036e (F) Failed execution of queue item Installer: Per-User Registry Installer ({f60fff05-7c5c-48dd-a1d2-b75aa14ad9b4}) with HRESULT HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND).  Failure will not be ignored: A rollback will be initiated after all the operations in the installer queue are completed; installer is reliable[gle=0x80004005]

I suspect the scriptneh user is causing this issue, are you able to clone this server so we can try safely to delete this account and try the update again?

 

[Remy]

mm oke. It is difficult to clone this server. Is it an option to temporary disable the scriptNEH user in AD? It is an domain account.
Or can we delete the items that block the update and import it again after updating? We working with versioning. So we can delete thing without a problem. After i revert the image, al the deleted items are restored.

 

[Maxstar]

Yes, you could try to disable the scriptNEH user to see what happens.

Please also provide a list of the services.

WMIC SERVICE GET caption, name, startmode, state > "%userprofile%\desktop\services.txt"