none
Issues with SBS and windows updates

    Question

  • I have an SBS2008 server (Virtual machine on ESXi 5) that I'm trying to patch to prep it for a SBS2011 migration.  The migration tool won't load because windows updates haven't been run for quite some time.  Every time I've run updates I get the message "Updates were not configured correctly. Reverting Changes. Do not turn off your computer".  The failure code on the first update is Code80073AA2 which a Google search led me to a couple "fixes".

    One of them involved adding information into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT.  Adding the info in there didn't work, but when I renamed WINEVT to WINEVT_old I was able to install updates successfully...but it broke Exchange and I had to revert to my snapshot.

    I see plenty of "fixes" for Vista, Win7/8 I'd like to try except I'm running a host of other software (Exchange and RWW mainly) those OS' don't so I'm a little reticent to apply those.  I inherited this server from another tech so I'm not sure when this started...and I no longer have open lines of communication with them.

    Who else has experienced this and what fixed it?

    Sunday, February 24, 2013 6:53 PM

Answers

  • happy to say the server is now completely patched!

    I made a snapshot and renamed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT_old, then rebooted

    After reboot I loaded all updates successfully.

    I believe the issues I was having with Exchange was caused by the system attendant being stuck in a "starting" state instead of "started"  This has been corrected as well, but that was a whole other issue.

    Thanks everyone who responded!

    • Marked as answer by Steve Tondini Tuesday, February 26, 2013 5:45 AM
    Tuesday, February 26, 2013 5:45 AM

All replies

  • Take a backup of the server.

    Test it.

    Do you have the hardware to spin up a second VM running from the backup?

    Post up the windowsupdate.log file.


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Sunday, February 24, 2013 7:09 PM
    Moderator
  • Thanks for responding!

    I have made backups and tested the above, is that what you were referring to?  I've made so many snapshots, tested, and prayed over the past two weekends it made the pope resign!

    I don't have the spare hardware to spin up a 2nd VM unfortunately.  I have thought of moving the VM (500GB) to my home lab but the client doesn't like this idea because of the information on the server (legal field)...and downtime is hard to get!

    How do I upload the windowsupdate.log file?  I'd paste it...but it's massive

    Sunday, February 24, 2013 7:27 PM
  • zip it upload it at http://skydrive.live.com and post back the link of the uploaded file.

    Moreover "One of them involved adding information into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT.  Adding the info in there didn't work, but when I renamed WINEVT to WINEVT_old I was able to install updates successfully...but it broke Exchange"

    I am not sure what you followed but what I recall is you don't add anything , you have to rename existing winevt key and import the same key from a working SBS2008. Secondly if it broke exchange then what broke in exchange?(updates worked after what you followed)

    Monday, February 25, 2013 12:51 AM
  • Thanks Mohitkapoor

    Here is the file windowsupdate.log as well as the registry information I imported:
    http://sdrv.ms/Ys39rT

    When I added the information to the registry it didn't resolve the problem.  I rebooted after I imported the reg key and then attempted to download updates.  The result was the "Updates were not configured correctly. Reverting Changes. Do not turn off your computer" message.  Everything functioned normally after the updates were reverted.  As I mentioned most of the "fixes" I've found have been for Windows Vista/7/8.

    When I renamed the WINEVT registry key and rebooted a new WINEVT was created.  I was able to download windows updates and actually installed IE8 and Powershell 2.0.  After the server rebooted I was testing the other services and that's when I noticed accessing email via Outlook gave me a login similar to the one you get if the System Attendant isn't running.  I verified both storage groups were mounted and performed some basic troubleshooting but could not make Exchange work.  After an hour of searching and not being able to connect to email,  I reverted back to the snapshot.

    What's in the WINEVT registry hive?  Is it system ambiguous enough you can simply copy one from a working SBS and you're golden?

    Monday, February 25, 2013 1:19 AM
  • Winevt registry hive contains all information for the events generated in the event logs and their resources channel. System attendant isn't running ? did you actually verified if the exchange services were down? system is ambiguous enough provided you import export from the machines similar in service pack , physical hardware etc...
    Monday, February 25, 2013 8:15 AM
  • All exchange services were running (including system attendant).  Everything looked exactly as it should, but outlook users logged into the domain kept getting a login prompt.

    Monday, February 25, 2013 11:58 AM
  • That's not a service issue in that case and not related to winevt key at all. this is if I remember correctly is related to netbios name in exchange console that needs to be investigated further as a separate post.
    Monday, February 25, 2013 5:41 PM
  • OK sounds like my Exchange issue was caused by something altogether...which is what I needed to know

    What could possibly be in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT that's causing windows updates to roll back? 

    What possible damage could be done by deleting it?

    Monday, February 25, 2013 6:35 PM
  • What possible damage could be done by deleting it?  -- Nothing . You are renaming the existing key not deleting it. Why it was caused is hard to comment on as I am not aware of the history of the server.

    Exchange issue --- I have to refresh memory if it can be fixed  easily , for now I don't have it.

    Monday, February 25, 2013 8:47 PM
  • P.S. if the server has partitions where the data is on another
    partition, take copies of just the parts you need for the virtual machine.
     
    Monday, February 25, 2013 9:31 PM
    Moderator
  • happy to say the server is now completely patched!

    I made a snapshot and renamed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT_old, then rebooted

    After reboot I loaded all updates successfully.

    I believe the issues I was having with Exchange was caused by the system attendant being stuck in a "starting" state instead of "started"  This has been corrected as well, but that was a whole other issue.

    Thanks everyone who responded!

    • Marked as answer by Steve Tondini Tuesday, February 26, 2013 5:45 AM
    Tuesday, February 26, 2013 5:45 AM
  • Hi,

    I’m glad to hear that you have resolved the issue and thanks for sharing your solution in the thread. If there is anything else I can do for you, please do not hesitate to let me know and I will be very happy to help.

    Best Regards,

    Andy Qi


    Andy Qi
    TechNet Community Support

    Tuesday, February 26, 2013 10:05 AM
    Moderator