Windows Server 2008 R2 Update Issues and Role Errors
For sometime now we have been finding that some of our Windows Server 2008 R2 servers were not installing Windows Updates.
Some servers would not even find any updates, and others would simply get to the "Downloading..." screen and never progress any further. In addition we would also get an annoying problem in Server Manager; where the Roles and features are usually displayed, the window would be blank with a message that simply said "Error."
After alot of research from various sources on the Internet, we have found this to be caused by a combination of a corrupt Trusted Installer and corrupt or missing Windows Update Files.
Althrough time comsuming, we have found the following solution:
First of all navigate to C:\windows\servicing on the server with the problem. In here you will find the "Trusted Installer package files. It consists of four files:
TrustedInstaller.exe
CbsApi.dll
CbsMsg.dll
wrpintapi.dll
These need to be deleted and replaced from a known working server.
Before you can do this you will need to stop and disable the "Windows Modules Installer" service and the "Windows Update" service.
Copying these files over should replace the corrupt Trusted Installer.
Keep these services in this state until after the next step.
Open the properties of C:\windows\servicing\Packages and take ownership of it. Note: NT SERVICE\TrustedInstaller is the current owner and MUST be replaced afterwards.
Delete the contents of this folder.
Now replace with the contents of C:\windows\servicing\Packages from a known working, up to date Windows Server 2008 R2 box. I found I had to copy from several servers to ensure I had all of the packages.
Change the owner of C:\windows\servicing\Packages back to NT SERVICE\TrustedInstaller. Remember this is a local account on the Server, not the domain.
Re-enable the "Windows Modules Installer" service and the "Windows Update" service and reboot the server.
You will know if the fix has been successful as Server Manager will load correctly displaying the Server Roles.
Now run Windows updates.
If the problom persists it is possible you are still missing a Windows Update file in the C:\windows\servicing\Packages folder.
You can either go through the process again with packages from another server or run: Windows6.1-KB947821-v10-x64 from Microsoft.
This will install the System Update Readiness Tool and run a check on your packages. A log file "c:\windows\logs\CBS\CheckSUR.log" will be created to tell you which packages are missing. Then you can simply copy them from another server or download the update from Microsoft and extract the files you need using the "KBArticleNumber /X:C:\ExtractedPackage" command.
As I said before this can be time consuming, the server may require several reboots and you need to keep running Windows Updates until your server is patched and up to date.
0 comments:
Post a Comment