[Troubleshooting] How to check CBS logs RRS feed

  • General discussion

  • CBS & Persist logs:


    When troubleshooting update installation failures, the first logs you will normally begin investigating are the component-based servicing logs under C:\Windows\log\CBS\

    Be sure to confirm the KB number having issues and date-time period of the attempted installation.

    This will help ensure you do not spend time looking at previously resolved error messages

    When reviewing logs contained in the CBS folder you will often see number of different log files e.g. CBSPersist with a long string afterwards.

    The string is the date & time that the log file was written, displayed in U.S. format.

    For example, the following log name (SystemName_CbsPersist_20180122143820.log) would read - SystemName_CbsPersist_2018_01_22_14:38:20_log

    Which is written on the 22<sup>nd</sup> January 2018 2:38PM.

    CBS persist logs are written roughly every 50mb worth of log data.

    The exception to this rule is when the Update is in the middle of a servicing operation. In this scenario we wait until Servicing finished prior to archiving log data. This means that you can sometimes see much larger logs.


    If you have a large amount of CBS & CBS persist logs, copying and extracting them all into one folder and running a find string command to look for the error keyword, that can help you narrow down your log analysis:

    Common errors we use to search for:

    Below are some common errors that can be useful to search for when reviewing servicing issues:

    • , error
    • Failed to pin
    • Failure will not be ignored


    Common CBS component acronyms:

    • EXE, Windows module installer service e.g. contains CSI & CBS components
    • CSI (Component Servicing Infrastructure) – make file & registry changes
    • CBS – applicability checking, can be thought of as the orchestrator managing the planning
    • DMI (Driver Management and Install) – Advanced driver installation processes
    • CMI (Component Management Infrastructure) - Handles advanced installers
    • SMI (Systems Management Infrastructure) – Used to manage registry settings
    • DPX (Delta Package eXpander) – decompresses packages
    • SQM – Support Quality Metrics – reporting (often ignorable when troubleshooting)
    • Doqe (Driver Operations Queue) – processes drivers
    • Primitive Installers – Basic changes e.g. file & registry manipulation
    • Advanced Installers – Complex changes e.g. configuring a firewall rule

     Go Back


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Wednesday, January 2, 2019 3:17 AM