Technology Tips and News
It looks like there is a problem with the KB2920189 update.
When trying to install it via Windows Update on some servers, they all fails the installation of this update - they are all running 2012 R2 inside generation 2 Hyper-V machines.
Has this update been tested with the UEFI implementation inside Hyper-V?
Okay, this is broken - however, there is a workaround:
After a bit of searching around using <INSERT SEARCH ENGINE HERE> for the error code, I found this article: http://www.eightforums.com/windows-updates-activation/39758-error-800f0922-installing-update-kb2871690.html
The solution is simple:
Annoying, but it works :)
in addition:
the update fails with error code 0x800f0922 at event id 20
server 2012 r2 updating from wsus
the update installed correct to win 8.1 computers
in addition:
the update fails with error code 0x800f0922 at event id 20
server 2012 r2 updating from wsus
the update installed correct to win 8.1 com
Hi Gurli,
the workaround works for me as well. thanks for that.
but I have to do about 10 VM's. I'll will be awaiting a solution by MS. Hope you don't mind.
regards
Hi Gurli,
the workaround works for me as well. thanks for that.
but I have to do about 10 VM's. I'll will be awaiting a solution by MS. Hope you don't mind.
r
Hi,
The workaround worked for me as well.
Thank you!
Work around works!
Microsoft should have tested this :(
Hmm it sure looks like this update not only causes problems on VM's using UEFI. I have a 2012R2 server that runs on physical hardware, and UEFI + secure boot are enabled on this machine.
It did most of the updates except for 13 off them. After reboot it would revert back the changes for these 13 updates with error:
update(KB number) failed to be changed to the Installed state. Status: 0x800f0922.
I actually did these 13 manually and one by one to find the offending update, which is KB2920189
Now I do use generation 2 vm's, so definitely will exclude this update until MS bothers to issue a fix.
I don't get it, since a couple of monhts, patch tuesdays has been changed to horror Tuesday, it seems some kicking is in order, as in all my years as admin I have not seen such a mess on patch Tuesday as the last 4-5 months.
Edit:
Oh and sure enough, a VM on which I installed the updates, and just rebooted, the exact same behaviour, updates are being reverted back during boot. I don't get it, how does ONE update cause 12 others to be reverted back, these are SERVERS we are talking about here.
Description of the update rollup of revoked noncompliant UEFI modules: May 13, 2014:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2920189
Is someone willing to work with me to open a free support case?
If so email me at susan-at-msmvps.com (change the -at- to @)
Thank you! I was wondering what was up when I tried to update a brand new VM install and Windows Update was already failing. It would find 38 updates, it would appear to install them, it would continue wrapping up the install after a reboot, but after a long delay, it would say that the updates couldn't be installed. It would then take an extraordinarily long time rolling them back. After another reboot, it would report 38 updates available again.
It's amazing how much time in IT ends up wasted on stuff like this. Thank you for posting the answer!
Now if I could just get KB2919355 to install through Windows Update. It hasn't run successfully for me on any machine yet--2012 R2 or 8.1, physical or VM. Not one. I've had to run the update manually on each. When the update is so problematic, the requirement
for this update for ongoing patches is baffling.
I believe this issue is documented in the KB article: https://support.microsoft.com/kb/2962824
The relevant text is here:
You receive a 0x800f0922 error when you try to install this security update
Symptoms
Consider the following two configurations:
A fix for the installer issue is being investigated.
Where do you see the phrase "a fix for the installer issue is being investigated"? It may be documented, but to ask admins to install additional roles on a server is a tad unreasonable (IMO).
I've received a few different errors installing KB2919355, including:
80244021
8024402C
80200056
The first two errors suggest a proxy settings issue, but it's odd that only this update would be affected if that's the case. In a couple cases, I also had to run the Windows Update diagnostic tool afterwards in order to make Windows Update start working
again.
Okay, this is broken - however, there is a workaround:
After a bit of searching around using <INSERT SEARCH ENGINE HERE> for the error code, I found this article: http://www.eightforums.com/windows-updates-activation/39758-error-800f0922-installing-update-kb2871690.html
The solution is simple:
- Shutdown the VM
- Disable Secure Boot for the VM
- Start the VM and install the update
- Shutdown the VM again
- Enable Secure Boot
- Start the VM
Annoying, but it works :)
pretty amazing how a 31KB update fails to install on WS2012R2 server running in Gen2 VM only because of a Secure Boot ... LOL!
Anyways, the workaround worked here as well, thanks for posting it!
Symptoms
Consider the following two configurations:
- Configuration 1
You have a Windows Server 2012-based server that uses UEFI firmware and has the Secure Boot option enabled.- Configuration 2
You have a Windows Server 2012 R2-based Hyper-V host running and you are running a Generation 2 virtual machine guest that uses UEFI firmware support and has the Secure Boot option enabled. The guest virtual machine is running Windows 8 or Windows Server 2012....
Workaround
To work around this issue, use one of the following methods, based on your scenario:...
- Workaround for configuration 2
Install the BitLocker optional component on the guest virtual machine in the Hyper-V configuration.
FWIW, I can confirm that Workaround for configuration 2 worked for my VM's.
Hi,
I'm very happy that I've found this post here. I belief that the Windows Server 2012 R2 has issues with more updates than only that one here. I've a Server 2012 R2 Hyper-V Cluster with among others 2012 R2 guests as V2 machines. This machines have a terrible Long list of failing updates. When I'm back in the Office I'll try to diable secure boot to get rid of this issue.
Cheers
Robert
Robert, it is likely that the "terrible long list of failing updates" is triggered by the failure of security update 2871690 alone. By default, when multiple updates are installed at once, if a single one fails all others will also be rolled back and marked as failed in the updates history log.
Personally, I temporarily declined the violating update in WSUS until I had time to enable the Bitlocker Drive Encryption feature. After doing so, the other updates that were getting logged as failing installed without issue. While my experience may not be applicable to your scenario, I at least offer this as anecdotal evidence that the other updates are likely not problematic.
I agree with merv_f.
I've seen those massive failures on updates many times, and usually it was just a single update failed (or a conflict between updates) causing that massive roll back. Happens to me once in a while when I (re)install older 2008 server in some VM and do the initial flood of updates manually not yet from WSUS and forget to uncheck IE7/8 patches and leaving IE9 upgrade package in the list.
Try doing updates in smaller batches to see if you can push through as much as it can take without failing all. or do them by categories, e.g. security patches one time, platform patches other time, IE patches
next time and so on, that should narrow it down at least a bit.
Hello,
yes this might be really it. When I was writing my comment I could not check the updates on my test servers as I was home already. But now I can confirm that the update KB2920189 was also in the queue which caused then the roll-back of all updates. Quite nasty problem anyway but good that this is workarounded now.
Thanks for that.
Regards
Robert
Okay, this is broken - however, there is a workaround:
After a bit of searching around using <INSERT SEARCH ENGINE HERE> for the error code, I found this article: http://www.eightforums.com/windows-updates-activation/39758-error-800f0922-installing-update-kb2871690.html
The solution is simple:
- Shutdown the VM
- Disable Secure Boot for the VM
- Start the VM and install the update
- Shutdown the VM again
- Enable Secure Boot
- Start the VM
Annoying, but it works :)
It actually worked perfectly for my Gen 2 VM not joined to my domain. I will try it for one of my clients' domain controller that has this issue.
Thanks for this.
The workarounds are good but is Microsoft expecting us to do this to 100's
This also worked for my customer's domain controller and other domain-joined VMs.
Appreciate this.
I confirm that installing Bitlocker feature "fixes" the issue but...
Good, I am not a hosting service provider :)
Wait, I AM!
How do you Shut it down for this to work?
I have tried Shutdown. I have tried Turn off.
Turn it Off will at least stop it, but when ever I restart the VM, it's right back at the spot I left off trying to Undo changes.
This is a pretty serious issue. Our Directory Sync is on this box. WTF Microsoft?
I have turned off the Secure boot but that does nothing.
Help!
Thanks.
Over a year later, and this issue STILL seems to exist. You'd think that a pure MS virtual virtual machine would work with a pure MS OS and pure MS patch. It's not like there's ANY non-microsoft component involved with installing updates on a 2012R2 Gen2 VM.
The frightening thing is that most people would probably wait 2-3 hours to install the (currently 122) windows updates, watch it reboot, see it fail... wait another 2-3 for the rollback, and do it all again thinking that it must have been a bad d/l or something. It's not like the one patch fails and a message pops up saying "Hey, patch XYZ failed so you should check KB article ABCD for a work-around"
I wonder how many people have just given up on using hyper-v because of this....
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier