KB3000061 fails to install on Server 2012
When we tried to install KB3000061 that was released today, it fails to install on all of our Server 2012 machines, with a 'failure configuring windows updates, reverting changes' after restart.  On 2012R2, the update installs OK.  Has anyone else experienced this?
October 14th, 2014 8:54pm

Did you try installing the update manually ? Or it was via Windows Update only? 

Can you check it manually, if not checked.

Free Windows Admin Tool Kit Click here and download it now
October 14th, 2014 11:44pm

I also am experiencing the same issue with KB30000061. I have about 12 HyperV machines, and I am already seeing this on 3, and have yet to get around the rest in applying todays Windows Updates....

I find the amount of Windows Update issue this year is off the charts!!!!

October 15th, 2014 1:14am

I am also seeing this issue, on 2 systems out of 40. both are on hyperv. one is a sql server the other has dirsync which has a local version of sql. I cant find anything else in common. most of the other systems that work are 2012 R2 but some are 2012. I did try to install off download, no joy.
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2014 7:38am

Ironically the systems I am experiencing this issue, are also on Hyper-v machines, as I was able to successfully install the patch on 1 physical Windows Server 2012 machine so far, with success. I will have a better idea as the day goes on and I patch the rest of the VM's and Physicals.
October 15th, 2014 11:06am

I have a host running server 2012 R2 with 4 hyper-v machines running Server 2012. KB30000061 does not install on 3 of the hyper-v systems. I have not updated the host yet. So far 3 hours troubleshooting this MS FUBAR.
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2014 6:37pm

We have this problem on both a physical and a virtual Server 2012. Both are only domain controllers with no other services running. Puzzling.
October 15th, 2014 6:54pm

Someone needs to open a case folks, there are way too many "me toos" on this thread.  Email me at susan-at-msmvps.com (change the -at- to @) if you need help with getting a free security patch support case set up.
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2014 7:18pm

There is also a similar thread regarding this for windows 8 x86 and x64
October 15th, 2014 8:01pm

what about sending a mail on : 

secure 'at' microsoft 'dot' com

Free Windows Admin Tool Kit Click here and download it now
October 15th, 2014 11:21pm

No, support engineers need log files.  Merely emailing secure won't work here.  I'm more than willing to help anyone open a support case if you don't have the resources to do so, Anyone?  Bueller?
October 15th, 2014 11:27pm

Anyone opened a case yet?

Anyone willing to work with me to open a support case?

Free Windows Admin Tool Kit Click here and download it now
October 16th, 2014 9:25pm

Same shit here

two laptop, ASUS and LENOVO, MS Windows 8 Enterprise 32 bits

both failed to install kb3000061. I did cold reboot fix it Windows update but nothing change

this update KB3000061 is CORRUPTED

October 16th, 2014 9:48pm

Hello,
are there any cases, if so can I get the Case numbers?

Also looking for logs from these machines.

All the logs under c:\windows\logs\cbs

Can we make them available for download?

Free Windows Admin Tool Kit Click here and download it now
October 16th, 2014 11:00pm

Thank you Darrell for the offer.   If anyone on this thread has not opened a case and would like a free support case for this issue, email me at susan-at-msmvps.com (change the -at- to @) and I'll set up a support case for you.  I'll need a phone number so that the Microsoft support engineering team can call you back. 

Otherwise zip up the log files and place them in a onedrive link and post the link here.  If you would prefer a bit of privacy, the security support case will keep these log files more private.

October 16th, 2014 11:06pm

Just opened a case for Neil D. Case 114101711915623
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 2:51pm

If your CBS.log shows the following error as the cause
2014-10-16 20:41:48, Error                 CSI    00000002 (F) Logged @2014/10/16:18:41:48.424 : [ml:240{120},l:238{119}]"EventAITrace:Provider Microsoft-Windows-Win32k is already installed with GUID {e7ef96be-969f-414f-97d7-3ddb7b558ccc}.

"
[gle=0x80004005]

you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT

Then reboot and install KB3000061.

You might want to take a backup of the registry key first and then restore everything from it apart from the keys that KB3000061 recreates.

  • Proposed as answer by CountryKING Friday, October 17, 2014 3:06 PM
October 17th, 2014 3:06pm

I also have this issue. See my data dump here

Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 3:15pm

I am seeing this on my Windows 8 laptop as well.  Have not had time to dig into it just yet.

Jeff

October 17th, 2014 3:19pm

It's not just KB3000061. I pulled it from our WSUS server, successfully ran one of the other pending updates (KB2853587) updates, ran the next (KB2923392), same failue without KB3000061 having been downloaded.
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 3:31pm

I appear to be able to replicate this problem with the following 4:

Security Update for Windows Server 2012 (KB2923392)
Update for Windows Server 2012 (KB2995387)
Security Update for Windows Server 2012 (KB3000061)
Update for Windows Server 2012 (KB3000988)

I've been shutting down wuauserv, renaming the softwaredistribution folder, starting it back up and doing each one by one. The other 4 updates I had pending all installed properly. Those 4 fail in the same way.

October 17th, 2014 4:05pm

I showed the same error.  I only deleted the key called {e7ef96be-969f-414f-97d7-3ddb7b558ccc} listed under the Providers key.  Rebooted, installed 3000061 and all of the other 10 updates that failed installation successfully installed on the restart.  I observed this behavior on a VM and a physical machine.
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 4:09pm

Thanks.  I followed this and only deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} and the patch installed fine and the registry key was also back then.   
  • Proposed as answer by Jack Jameson Saturday, October 18, 2014 8:55 PM
October 17th, 2014 11:41pm

Same problem on Windows Server 2012. I restored the system state from a backup prior to the updates and was able to install all updates successfully except KB3000061.

Symptoms:

Once I install KB3000061

  1. No other updates will install.
  2. Unable to remove Hyper-V role from the server (have not tried adding or removing any other roles or features).
  3. I get the following Manageability error in Server Manager "Online - Data retrieval failures occurred 10/18/2014 11:57:58 AM [product id] (Activated)"
Free Windows Admin Tool Kit Click here and download it now
October 18th, 2014 4:03pm

Opened case for Charles P. 114101811917976


October 18th, 2014 5:16pm

Thanks. Deleting registry key did the trick for me too.

(Just HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}.)

All updates installed normally and my error in Server Manager went away.

Does anyone know what this key does? Should I restore it now that the server is running properly? Thanks.

Free Windows Admin Tool Kit Click here and download it now
October 18th, 2014 10:33pm

Hey it worked good. I tried it.

1. Please remember to take a back up first.

2. open Run> type "regedit"

3. Locate the WINEVT using the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEV

4. Export the the folder for the backup

5. Delete everything in the folder but the default key cant be deleted, let it be

6. Restart the computer

7. Performed Windows updates.

8. It will work now. :)

October 20th, 2014 1:34am

I continue to have this problem but my server does not have the e7ef96be-969f-414f-97d7-3ddb7b558ccc key.
Free Windows Admin Tool Kit Click here and download it now
October 20th, 2014 1:11pm

We do too. No key. We have 750+ 2012 servers, this issue has only occurred on 1/3 of them, all with the same configuration interestingly.
October 21st, 2014 4:56am

you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT

Then reboot and install KB3000061

This solution is perfetc for windows  server 2012 but service windows remote management will be afected.

I am using thix corrector for windows 8. I am waiting

.

Thanks

Free Windows Admin Tool Kit Click here and download it now
October 21st, 2014 2:51pm

you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT

Then reboot and install KB3000061.

running regedit you will find this registry.

After a short wait updates for windows 8 are corrects. There is not reverting "puto fastidioso".

Thanks again

October 21st, 2014 3:09pm

I'd like to get an understanding of what's going on before we start advising everyone to nuke out this registry key.

I've got a couple of support cases opened, let's see what they say first before deleting this across the board.

Free Windows Admin Tool Kit Click here and download it now
October 21st, 2014 3:44pm

Agreed. Most sensible answer so far.
October 21st, 2014 4:03pm

I concur. I'm not willing to delete hundreds of keys from the registry on production machines without a full grasp of the issue *especially* given that not everyone appears to even have the key in question.
Free Windows Admin Tool Kit Click here and download it now
October 21st, 2014 5:23pm

From some deducing what i can tell is the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} points to a resource
Microsoft-Windows-Win32k at %SystemRoot%\system32\win32k.sys

The KB article for the patch ( http://support.microsoft.com/kb/3000061 ) lists as files being changed:

For all supported x64-based versions of Windows 8 and Windows Server 2012

File name File version File size Date Time Platform
Win32k.ptxml Not applicable 4,172 11-Oct-2012 00:37 Not applicable
Win32k.sys 6.2.9200.17130 4,068,352 28-Sep-2014 04:18 x64
Win32k.ptxml Not applicable 4,172 25-Jul-2012 20:29 Not applicable
Win32k.sys 6.2.9200.21247 4,067,840 28-Sep-2014 03:39 x64
Wow64_win32k.ptxml Not applicable 4,172 12-Feb-2013 00:14 Not applicable
Wow64_win32k.ptxml Not applicable 4,172 12-Feb-2013 00:09

Not applicable

I can see the relevance of deleting that registry key ONLY (not the whole WINEVT root) as a probable workaround solution. Granted if that is the case then Microsoft should release an updated patch that checks for and correct whatever issue is with that tree causing the update to fail.

It seems from the CBS.log that the updater doesn't not correctly unregister the win32k publisher prior to updating and attempting to re-register the publisher causing it to fail with an already registered message. Deleting the key must simulate the unregistration so when the update gets applied it doesn't fail there.

For those that don't have the key present it is likely there is another issue as the root of the install problem.

EDIT 1:

If I just delete the reg key without rebooting and install the update it works. It succeeded, I also double checked and the registry key did not come back. I will check for more updates then do a reboot see if the keys come back and which ones. If they don't I will restore the backup I took and let you know what happens. I assume it will work as normal, I think these registry keys are just for the event logs.


EDIT 2:

Looks like the old key is supposed to be deleted but it is not being deleted. The key does get replaced but under a different GUID {8c416c79-d49b-4f01-a467-e56d3aa8234c} everything is the same as before with the exception of 2 new entries and one changed one (basically counting the number of entries).

ChannelReferences 5 (Messages) and 6 (Contention) get added and the count in the main key updated to account for the two new references.

I am not sure why the GUID changed, either someone at Microsoft goofed and set the wrong GUID or its supposed to change but again there was a mistake in where the accidentally put the wrong GUID (new one) for the old key thus doesn't get deleted before being re-inserted.

FINAL NOTES:

I would say it is very safe to delete the key under the old GUID since it is being recreated by the update under a new GUID and the issue seems to be that the updater is not correctly deleting the old key thus leading to the update error. Hopefully this helps put to ease J Cervero's concern of grasping the issue. Those who do not have they key likely got it correctly deleted or are already using the new GUID. Can someone who did not have they key originally check to see if one with the new GUID is present?

  • Edited by Axelrtgs Tuesday, October 21, 2014 11:04 PM
October 21st, 2014 10:08pm

Hello,

I would like to see more logs from these failures.

Thanks for ones we have gotten so far, but we could use some more.

looking for the logs under c:\windows\logs\CBS.

if they could be made available for download that would be great.

or you can email the logs ( zipped up please)

My first name and last initial @microsoft.com

Free Windows Admin Tool Kit Click here and download it now
October 21st, 2014 11:31pm

Well I have 270 production servers which no longer install any updates or report software update compliance in SCCM. Case number: 114102011918799
October 22nd, 2014 12:08am

Hello,

Thanks, got the logs from that case

Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2014 12:52am

Hello,

Can one of you experiencing this issue do the following for me please.

If you dont have KB2756872, install it and retry the update

If you do have KB2756872:

  1. Go to http://www.microsoft.com/en-us/download/details.aspx?id=34908
  2. Click download
  3. Select delmigprov.exe
  4. Confirm
  5. Run that executable locally
  6. Try installing the update again and let me know if it works

October 23rd, 2014 6:42pm

Hello,

Can one of you experiencing this issue do the following for me please.

If you dont have KB2756872, install it and retry the update

If you do have KB2756872:

  1. Go to http://www.microsoft.com/en-us/download/details.aspx?id=34908
  2. Click download
  3. Select delmigprov.exe
  4. Confirm
  5. Run that executable locally
  6. Try installing the update again and let me know if it works
Free Windows Admin Tool Kit Click here and download it now
October 24th, 2014 1:20am

Interesting point, here are all and only RODC (physical) affected (4 at all). Failing Updates are KB3000988 and KB2995387.
October 24th, 2014 7:50am

Another case opened for a customer:

114102811959987

Free Windows Admin Tool Kit Click here and download it now
October 28th, 2014 4:06pm

Me help next:

you can fix this by deleting everything in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT

Then reboot and install KB3000061.

You might want to take a backup of the registry key first and then restore everything from it apart from the keys that KB3000061 recreates.

October 29th, 2014 9:29am

I am seeing engineers tell customers to delete this reg key.  It would be WONDERFUL if there was authoritative information about what this reg key is and what the impact is of removing it.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2014 9:54pm

Interestingly, I only had an issue with KB3000061 on  5 Server 2012 machines - all of which were HyperV VMs.  We have only 6 other Windows Server 2012 boxes (We have a lot of 1012 R2 servers).  2 2012 Servers are physical HyperV hosts and 4 are VMware VMs.  None of these 6 had issues.

I only deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} and the patch installed fine.  Also, Server Manager remote management also started behaving afterwards.

October 30th, 2014 5:27pm

  • To alleviate this problem on Windows 8 and Windows Server 2012 based systems, please export and delete the following registry value, reboot your system and then re-attempt the update: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}
  • If deleting the above registry value does not resolve the issue for you, please ping this thread as I'd like to see your follow-up CBS.logs from the system
  • For those of you running Windows 8 and Windows Server 2012, I'd actually like to know some additional information about your environments, namely, if the systems impacted were upgrades of a specific kinda (Vista->Win7->Win8) or if there was a special process used when creating your images.  Anything you think might be relevant and would be outside of a 'clean install' from media.
  • For Windows 8.1 and Windows Server 2012 R2 customers, I still haven't seen a set of logs to confirm we're seeing the same issue.  Everything I've seen to this point has been on Windows 8/Windows 2012.  I'd love to see logs if you're having an issue.

This is the supported method to resolve this issue (and as others have noted above, this works).  This occurs when servers have been upgraded from 2008R2 to 2012 (or WinVista to Win8).  The key is being carried over in these scenarios and not being set to the proper value.  We're investingating why this occurred but deleting the key and rebooting the system will resolve the problem.  If you see something otherwise, please let me know.

Free Windows Admin Tool Kit Click here and download it now
October 30th, 2014 7:35pm

All 5 of the systems that experienced the issue were upgraded from 2008 R2 SP1 to Server 2012 .  Systems built from scratch did not display the issue
October 30th, 2014 7:39pm

Thank you very much for this clarification!
Free Windows Admin Tool Kit Click here and download it now
October 30th, 2014 7:39pm

Same as above.. My 2 affected systems were in-place upgrades from 2008 R2 SP1
  • Edited by adamf83 Thursday, October 30, 2014 7:41 PM
October 30th, 2014 7:40pm

This occurs when servers have been upgraded from 2008R2 to 2012 (or WinVista to Win8).

Free Windows Admin Tool Kit Click here and download it now
October 30th, 2014 11:38pm

What typo are you referring to exactly?  This is an upgrade only scenario on client or server.
October 30th, 2014 11:48pm

My systems are all clean installs and I do not have that registry key on at least one of the affected systems.
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2014 12:27pm

Can you share your CBS.logs somewhere for me so we can take a look at them? 

Do you have the following key in your registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8c416c79-d49b-4f01-a467-e56d3aa8234c}

October 31st, 2014 2:35pm

Joseph,

After installing KB3000061, I do have the registry key you specified.

How can I get you the logs?

Free Windows Admin Tool Kit Click here and download it now
October 31st, 2014 2:41pm

If the fix is installing, you're all set and I dont need the logs.  I only need logs from folks who have clean installs and are still having issues getting the fix installed.  Thanks!
October 31st, 2014 2:43pm

The fix for me was manually deleting the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}.  After that, I was able to install the patch
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2014 2:45pm

Excellent, then you're good to go.  Glad that worked for you and have a good weekend.
October 31st, 2014 2:46pm

Yuhong was questioning directly going from Vista to Windows 8.  There's a stop at Windows 7 along the way.
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2014 10:29pm

Ahh gotcha, thanks Susan
October 31st, 2014 10:46pm

Just to confirm that this fix (del just the sub key) works fine for me on several W2012 systems, both VMs and physical, and also upgrades and clean installations.OOI all of them are Datacentre editions...

Many thanks!

Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2014 6:06pm

Are there plans to release a patch that does the registry surgery for end users, or is everyone advised to take it upon themselves to experiment with production servers?
November 3rd, 2014 3:46pm

We're rooting causing this on our side and will need to figure out the best way to eliminate this in the future.  For now, the 'registry surgery' is the supported method for resolving this on impacted systems.
Free Windows Admin Tool Kit Click here and download it now
November 3rd, 2014 3:48pm

OK. You said the magic words that this was a "supported method" (which I missed in your earlier post). Just tried this on a virtual domain controller whose history includes having been upgraded from Server 2008 R2. The update succeeded, WSUS can now receive status updates from this machine, and all appears to be well. Thanks for your useful assistance. Those who are waiting for a patch that does all of this automatically should consider the simple registry key value delete/reboot/repatch/reboot method outlined in Joseph's Oct. 30 post and get on with their other security chores.
November 4th, 2014 6:08pm

Glad to hear that worked.  Have a good week
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2014 6:14pm

Thank you for the help but what I want to know is why it causes all the other updates to fail at the same time. I had just upgraded to windows 8 from windows 7 and wanted to upgrade to windows 8.1. There were well over 100 updates and they all failed and took about 2 hours to do so. I tried to choose a few but the automatic update kept adding 80 or 100 to the ones I had chosen and each time it took about 2hours to undo the changes. I eventually turned off automatic updates and ran one at a time before progressing to 2 at a time until the KB3000061, which is so small, failed. Only then could I find a work around to the problem after spending the better part of 4 days updating the system.
November 4th, 2014 10:46pm

At a simplistic level, we keep a change list where we store information about all of the updates being installed in a session.  We parse a portion of this list prior to shutdown and pass that through to the reboot.  If we notice any of the changes in the list didnt properly take place on the reboot, we halt the session and roll back all updates in the list to preserve the integrity of the machine.  Thats what happened in this case, because you had a large amount of updates, even if only one requires a rollback, the entire session is rolled back.

Free Windows Admin Tool Kit Click here and download it now
November 4th, 2014 11:12pm

I still cannot install KB3000061 after eliminating HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}.

I also tried eliminating HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}, but that did not help.

The system is 64-bit Windows 8, originally installed directly from a Win8 install media.
November 6th, 2014 11:52pm

Can you share out your CBS logs for me so I can look at them.  You dont need to delete the Wi6432Node key.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2014 12:40am

Tried again.  Worked this time.  Not sure what I was doing wrong, but all appears to be well now.

Any point in importing the deleted key back in?

November 7th, 2014 1:56am

Excellent, glad you got it working.  You dont need to reimport the key.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2014 3:17pm

great info.  Your solution worked great.  All current updates installed.
November 10th, 2014 6:37pm

I removed the key from the WOW6432Node location (it's not in the other location), and I still cannot install KB3000061.  My system is Windows 8 and it was an in-place upgrade from Windows 7.

I also am getting failures on all of the November updates (not sure if that is related).

Thanks,

Jeff

Free Windows Admin Tool Kit Click here and download it now
November 12th, 2014 6:13pm

The Wow6432Node key isnt related to the problem above and should not be deleted.  I would reimport it if you have the key still.  It sounds like you have other servicing related problems though, I would recommend opening a case if with support if you havent already.
November 12th, 2014 6:17pm

I have the Key "KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8c416c79-d49b-4f01-a467-e56d3aa8234c}". There is no Key like "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}". All affected hosts are clean installs and all of them are physical RODC. Updates KB3000988 and KB2995387 failed.

Any suggestion? If needed, I would share the cbs.logs (how can I get the logs to you?).

Free Windows Admin Tool Kit Click here and download it now
November 13th, 2014 2:40pm

There is an issue with RODCs we're investigating that is seperate from the WMI Provider issue mentioned above.  I'll let you know once we have more information on a workaround.
November 13th, 2014 3:08pm

Any news on the RODC issue}
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2014 3:23pm

Still investigating.  At this point, its likely that the fix for this wont be until after the first of the year.

November 24th, 2014 3:38pm

OK, thank you for the info.
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2014 3:55pm

That's handy - I've 79 2008R2->2012 RODCs that I now can't apply any patches to until 2015 then?

I did a trial with WSUS last night and a couple non-kernel patches (IE, Flash, dotnet) etc and they all rolled back.


November 27th, 2014 10:53am

Try removing the 300061 update from the deployment.  If you're still seeing rollbacks after that, then you have a different issue.
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2014 5:11pm

Microsoft needs to address this issue period!

Telling users to open a case is like telling a million people whom are sick with the same virus that in order to have a cure that we first have to tell you whether our cough is scratchy or wheezy. What does that matter. Microsoft is the one creating these problems and they know it.

Instead of using the public as guinea pigs, they should be more focused on proper development from the very beginning and perform thorough testing before releasing any so-called fixes to end-users.

Microsoft is a multi-(Billion)-dollar corporation! Should we be expected to believe that they don't have enough resources to run their own test-labs of hundreds of differently configured systems with various versions of Windows, some of which are sand-boxed as well as others which are connected to the net?!]

It's nothing but the same old song and dance from Microsoft. If they spent enough time to get it right before releasing anything, then maybe more of the updates we actually see from them would simply be software additions rather than patches and bug-fixes.

We already pay through the nose for this so-called "Proprietary Software" but in the end, it really is anything but that!

Microsoft needs to improve upon its development and implementation strategy so that it is not needlessly causing so much software distortion and frustration for it's customer's whom rely heavily upon their software to be dependable.


  • Edited by zeroneday Friday, November 28, 2014 8:51 AM Spelling
November 28th, 2014 8:35am

Thanks for the comment.  We will be addressing the problem in the near future.  I've tried to stick to being as transparent as possible.  We have a fix in testing now but its unlikely to ship before the end of the year (with the next patch Tuesday being just next week it likely wont make it).
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2014 2:56am

I've been running into this problem on three different Server 2012 servers. Tons of updates are failing and reverting. I've been able to cherry-pick some updates and install them individually, especially those that don't trigger a reboot. However, I've seen dozens of updates across these three servers failed with error 0x800F0922. That led me to some forum posts suggesting that the System Reserved partition was missing. I created the partition, but that didn't fix the problem.

So while finding some success installing updates one or two at a time (the .NET updates I did in larger batches), I came across a different error 0x80073AA2. I'm not sure how I didn't see that yesterday or today, but maybe after seeing so many occurrences of 0x800F0922, I may have simply missed the 0x80073AA2. Only once I was performing updates one or two at a time did it become apparent.

In my case, the 0x80073AA2 error appeared on KB3002885, the successor to KB3000061. I also noticed on all three servers, in Server Manager, the "online - data retrieval failures occurred" was present. And so I am attempting the Registry key removal fix on one server and will see how it goes. Given the fact that many of you have found success, I am cautiously optimistic it may work for me as well. If it works on one server, I'll try it on the other two. And also make sure KB300061 is yanked from our WSUS.

December 11th, 2014 9:08pm

Matthew,

Unless those servers were upgraded from a downlevel OS like 2008 R2, you aren't hitting the same issue described above.  It sounds like you have a completely different servicing issue across the environment.

Free Windows Admin Tool Kit Click here and download it now
December 11th, 2014 9:13pm

Joseph,

It's possible that the 0x800F0922 error may have come from a different source, but I don't think so. I applied the Registry fix described above (just HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc) and the problem went away on all of the servers. I just realized there was a fourth server involved, and when I viewed the update history--it had updates failing since November. Sure enough, the problems started when KB3000061 showed up.

So to the folks who identified the Registry fix, I applaud you. And thank you!

December 12th, 2014 1:11am

Glad to hear it worked for you Matthew.
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2014 2:22am

Excellent! - having spent 2 days trying to figure out why updates were failing, this registry fix worked for me.

My situation: Windows 8 Pro x64 running as a virtual machine under VMware Fusion 7.0.1

After much trial an error (manually installing each of 100+ updates as standalone patches) I determined that KB3002885 was the culprit.  

Exporting and deleting  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}  enabled me to install KB3002885and now everything is working fine.

Many thanks to all the Alan Turings out there who figured this out.

December 14th, 2014 3:48pm

Were you also an inplace upgraded workstation?
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2014 6:55pm

I have been searching for this for 3 months when I came across it.

I noticed that I had all the symptoms for this problem but could not find the KB3000061 in the list of updates to install.  When I look back at the history of updates, I found that it was the first update to fail. 

I followed the instructions to remove only the key and all my VMs that were having this problem now are up to date without any errors.

Thank you for this help

December 17th, 2014 8:04pm

This worked! Per instructions, I deleted the registry key {e7ef96be-969f-414f-97d7-3ddb7b558ccc} identified in a TechNet thread and was able to FINALLY install the dastardly Security Update KB 3000061. As confirmed in the TechNet thread, the KB 3000061 recreated the security key with a different GUID upon reboot.

Free Windows Admin Tool Kit Click here and download it now
December 29th, 2014 1:21am

Oh, forgot to mention that I did follow CountryKING's menu path to get to the above-mentioned registry key - {e7ef96be-969f-414f-97d7-3ddb7b558ccc}. Sorry about that...

December 29th, 2014 1:24am

Any further progress on this issue?
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 9:05pm

In regards to the registry related issue, the workaround of exporting and deleting the key is the fix.  We wont be packaging anything additional for it.

January 14th, 2015 9:40pm

I have removed the key mentioned multiples times in this thread. But it won't solve my issue .
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2015 1:43pm

Good morning all

Our product support group opened an official case and reported this with Microsoft and they've found the cause. PLEASE NOTE however, that this relates to RODC and ALL patches failing, not just 3000061 on non-RODC. I'll open a separate thread for this as well.

000093 2015-01-23 20:18:30, Info                  CSI    00000015 Begin executing advanced installer phase 38 (0x00000026) index 4 (sequence 43)
000094     Old component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.16384, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS"
000095     New component: [ml:350{175},l:348{174}]"Microsoft-Windows-Web-Services-for-Management-Core, Culture=neutral, Version=6.2.9200.17100, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=wow64, versionScope=NonSxS"
000096     Install mode: install
000097     Installer ID: {118ca598-79a0-4297-953d-e82183960fd2}
000098     Installer name: [13]"Group Trustee"
000099 2015-01-23 20:18:30, Error                 CSI    00000001@2015/1/23:20:18:30.673 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED)
000100  [
000101 (null)
000102 ]
000103 [gle=0x80004005]
000104 2015-01-23 20:18:30, Error                 CSI    00000002@2015/1/23:20:18:30.673 (F) CMIADAPTER: AI failed. HRESULT = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED)
000105     Element:
000106     [372]"<groupTrustee xmlns="urn:schemas-microsoft-com:asm.v3" name="WinRMRemoteWMIUsers__" description="Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user." type="User" enabled="true">
000107 
000108   <members></members>
000109 
000110 </groupTrustee>"
000111 [gle=0x80004005]
000112 2015-01-23 20:18:30, Error                 CSI    00000003@2015/1/23:20:18:30.673 (F) CMIADAPTER: Exiting with HRESULT code = HRESULT_FROM_NT(STATUS_NOT_SUPPORTED).
000113 [gle=0x80004005]

Cause: 
The installer uses SAM API calls to manage the group. It always connects to the local SAM instance. The component also handles an uninstall task in the same function. On uninstall the group is being deleted.
So the SAM handle is requested with "Create Group" and "Delete" access.
The error happens because a RODC does not allow any changes and thus returns STATUS_NOT_SUPPORTED.
More information about the prevent from accidental deletion feature please refer :
http://technet.microsoft.com/en-us/library/cc773347(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/cc739350(v=WS.10).aspx
Recommendation:
This is a Bug in the RODC running on server 2012, However you may do an in place upgrade to Server 2012 R2 and then proceed with the installation of the patch.


The bad news is this is fixed in 2012 R2 with a hotfix - but it isn't fixed in 2012 and it won't be because.. they've only had one official report logged. And that was by us. So, if you want this fixed, you need to start logging this with MS now.

What I can say just now is that this isn't related to the registry fixe with WinEVT we've all been trying, it's NOT limited to 2008 that has been upgraded in place to 2012 (our product support group replicated it in the lab with a brand new 2012 promoted to RODC) and it IS only happening with RODC. Possible fix might be to make your RODC RW for a bit and install your patches then.

More details when I get them.





  • Edited by andreww Friday, February 06, 2015 11:49 AM
February 6th, 2015 11:16am

@andreww

If you're referring to the RODC issue, I'm not sure who in support said we weren't fixing this (and I would like to know so we can correct them) on anything but 2012 R2 but I can tell you that isn't accurate.  I'm the PM for the team working on this and we're investigating several editions of the OS including 2012.  We are (and have been) investigating this since December but the fix isn't as straightforward as we'd initially hoped.  I'm not guaranteeing a fix but we are investigating it. 

Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 2:32pm

Hmm. Thanks @joscon - could I just check tho whether you're referring directly to KB3000061 or is this the failure of all patches on RODC since ~October ?

Can you direct message me at andyjgw / gmail.com and I'll pass on the MS call reference number? I don't want to post too much here, not sure if it's appropriate (altho if it's OK to quote internal reference numbers here, I can do so if you prefer).


  • Edited by andreww Friday, February 06, 2015 2:48 PM
February 6th, 2015 2:42pm

I'm referring to the RODC issue all up.  I believe KB300061 was the red herring that started the conversation.  Obviously if we do get this fixed and rolled out and there are additional problems then I'd want to know about it.  For the case information, you can send it to me directly here at work and I'll make sure CSS has a proper update on where we are with our investigations.
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 2:52pm

Thanks, I will do - can't see where your contact details are tho.. ;-)

Should I just post the call number here instead? Or can you email me?

February 6th, 2015 2:56pm

I'll shoot you mail.
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 3:04pm

Any update on this? We have 6 RODC's out of 87 that are experiencing this issue with Update KB2995387.

The error in the CBS.log is exactly as described with the WinRM issue. These are fresh install RODC's on a Hyper-V host (2012 Standard) as guest CORE 2012 vm's.

I don't have the reg keys mentioned so I am stuck with these 6 and behind on updates unless I manually install all updates besides this particular one.


  • Edited by Quo-Vadis Tuesday, April 14, 2015 9:09 PM
April 14th, 2015 9:09pm

Actually, yes, I have an update.  We have a fix created for this which is likely to ship next week.  We're in the final stages of testing it now.
Free Windows Admin Tool Kit Click here and download it now
April 14th, 2015 9:26pm

Actually, yes, I have an update.  We have a fix created for this which is likely to ship next week.  We're in the final stages of testi
April 15th, 2015 3:05pm

This sounds very relevant:

https://support.microsoft.com/en-us/kb/3020370

Issue that is fixed in this update

If the Protect object from accidental deletion option is enabled in the domain root object, some component updates cannot be installed on a read-only domain controller (RODC) in Windows Server 2008 R2 Service Pack 1 (SP1).

Tho I'm a little concerned it says W2008R2 and our issue is with 2012... Any thoughts, Joseph?

edit: checked our WSUS server, it's only listed for 2008R2 (x86 and x64)

A



  • Edited by andreww Thursday, April 23, 2015 1:26 PM
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2015 9:28am

Thanks for the question, I was in the middle of trying to put a response together when I saw this.  There are two components to this fix for Win7, one of which is referenced above and the other is the servicing stack update itself.  We haven't released the SSU broadly however these updates are now available via DLC.  We dont have a timeframe on when the updates will release via WU/WSUS channels at this time.  You can find the relevant version of the files via the links below:

Windows 7/Server 2008 R2 SP1: https://www.microsoft.com/en-us/search/result.aspx?q=KB3020369&form=DLC

Windows 8/Server 2012: https://www.microsoft.com/en-us/search/result.aspx?q=KB3003729&form=DLC

Windows 8.1/Server 2012 R2: https://www.microsoft.com/en-us/search/result.aspx?q=KB3021910&form=DLC

In addition, on Tuesday 4/21, we released a new version of the cmitrust.dll binary which is held in the %windir%\System32\AdvancedInstaller directory.  For customers experiencing the RODC failure on Windows 7/Server 2008 R2, this file is required in addition to the SSU noted above.  For Windows 8 and Windows 8.1, this is not required to fix the RODC issue but we are recommending that this update be installed alongside the SSU to keep versions up to date. 

The DLC version of this file is available for all Windows editions here: https://www.microsoft.com/en-us/search/result.aspx?q=KB3020370&form=DLC and the KB for Win7 specifically is located here: https://support.microsoft.com/en-us/kb/3020370/

April 23rd, 2015 2:50pm

Hi,

Confirm the patch above resolves the issue With 2012 Server RODC. It is also available via WSUS now. It did not require restart so you can immediately install problem Update KB2995387 afterwards.

Free Windows Admin Tool Kit Click here and download it now
May 4th, 2015 3:04am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics