locked
WSUS server 3.0 sp2 RRS feed

  • Question

  • hi

    I have removed WSUS from my server but now cant remove the internal database, using msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} CALLERID=ocsetup.exe
    I have a windows 2008 server standard SP2,

    below is log report, please assist my network is under a virus attack!!

    === Verbose logging started: 2015/08/11  16:29:37  Build type: SHIP UNICODE 4.05.6002.00  Calling process: C:\Windows\system32\msiexec.exe ===
    MSI (c) (DC:38) [16:29:37:623]: Resetting cached policy values
    MSI (c) (DC:38) [16:29:37:623]: Machine policy value 'Debug' is 0
    MSI (c) (DC:38) [16:29:37:623]: ******* RunEngine:
               ******* Product: C:\Windows\SysMsiCache\WSSEE\ssee_10.msi
               ******* Action:
               ******* CommandLine: **********
    MSI (c) (DC:38) [16:29:37:639]: Client-side and UI is none or basic: Running entire install on the server.
    MSI (c) (DC:38) [16:29:37:639]: Grabbed execution mutex.
    MSI (c) (DC:38) [16:29:37:701]: Cloaking enabled.
    MSI (c) (DC:38) [16:29:37:701]: Attempting to enable all disabled privileges before calling Install on Server
    MSI (c) (DC:38) [16:29:37:701]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (78:3C) [16:29:37:717]: Running installation inside multi-package transaction C:\Windows\SysMsiCache\WSSEE\ssee_10.msi
    MSI (s) (78:3C) [16:29:37:717]: Grabbed execution mutex.
    MSI (s) (78:58) [16:29:37:717]: Resetting cached policy values
    MSI (s) (78:58) [16:29:37:717]: Machine policy value 'Debug' is 0
    MSI (s) (78:58) [16:29:37:717]: ******* RunEngine:
               ******* Product: C:\Windows\SysMsiCache\WSSEE\ssee_10.msi
               ******* Action:
               ******* CommandLine: **********
    MSI (s) (78:58) [16:29:37:717]: Machine policy value 'DisableUserInstalls' is 0
    MSI (s) (78:58) [16:29:37:733]: SRSetRestorePoint skipped for this transaction.
    MSI (s) (78:58) [16:29:37:733]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2
    MSI (s) (78:58) [16:29:37:733]: File will have security applied from OpCode.
    MSI (s) (78:58) [16:29:37:811]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Windows\SysMsiCache\WSSEE\ssee_10.msi' against software restriction policy
    MSI (s) (78:58) [16:29:37:811]: SOFTWARE RESTRICTION POLICY: C:\Windows\SysMsiCache\WSSEE\ssee_10.msi has a digital signature
    MSI (s) (78:58) [16:29:38:232]: SOFTWARE RESTRICTION POLICY: C:\Windows\SysMsiCache\WSSEE\ssee_10.msi is permitted to run at the 'unrestricted' authorization level.
    MSI (s) (78:58) [16:29:38:232]: End dialog not enabled
    MSI (s) (78:58) [16:29:38:232]: Original package ==> C:\Windows\SysMsiCache\WSSEE\ssee_10.msi
    MSI (s) (78:58) [16:29:38:232]: Package we're running from ==> C:\Windows\Installer\1a2e31.msi
    MSI (s) (78:58) [16:29:38:232]: APPCOMPAT: looking for appcompat database entry with ProductCode '{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}'.
    MSI (s) (78:58) [16:29:38:232]: APPCOMPAT: no matching ProductCode found in database.
    MSI (s) (78:58) [16:29:38:247]: MSCOREE not loaded loading copy from system32
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'DisablePatch' is 0
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'AllowLockdownPatch' is 0
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'DisableLUAPatching' is 0
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'DisableFlyWeightPatching' is 0
    MSI (s) (78:58) [16:29:38:247]: APPCOMPAT: looking for appcompat database entry with ProductCode '{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}'.
    MSI (s) (78:58) [16:29:38:247]: APPCOMPAT: no matching ProductCode found in database.
    MSI (s) (78:58) [16:29:38:247]: Transforms are not secure.
    MSI (s) (78:58) [16:29:38:247]: Note: 1: 2205 2:  3: Control
    MSI (s) (78:58) [16:29:38:247]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\Administrator.APTCSERV.000\AppData\Local\Temp\1\msi.log'.
    MSI (s) (78:58) [16:29:38:247]: Command Line: REBOOTPROMPT=S REBOOT=ReallySuppress CALLERID=ocsetup.exe CURRENTDIRECTORY=C:\Windows\system32 CLIENTUILEVEL=3 CLIENTPROCESSID=3292
    MSI (s) (78:58) [16:29:38:247]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{FCB95BAC-21EB-443B-9B4A-323B15A8DB2F}'.
    MSI (s) (78:58) [16:29:38:247]: Product Code passed to Engine.Initialize:           ''
    MSI (s) (78:58) [16:29:38:247]: Product Code from property table before transforms: '{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}'
    MSI (s) (78:58) [16:29:38:247]: Product Code from property table after transforms:  '{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}'
    MSI (s) (78:58) [16:29:38:247]: Product registered: entering maintenance mode
    MSI (s) (78:58) [16:29:38:247]: Product {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} is admin assigned: LocalSystem owns the publish key.
    MSI (s) (78:58) [16:29:38:247]: Product {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} is managed.
    MSI (s) (78:58) [16:29:38:247]: MSI_LUA: Credential prompt not required, user is an admin
    MSI (s) (78:58) [16:29:38:247]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
    MSI (s) (78:58) [16:29:38:247]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
    MSI (s) (78:58) [16:29:38:247]: Entering CMsiConfigurationManager::SetLastUsedSource.
    MSI (s) (78:58) [16:29:38:247]: Specifed source is already in a list.
    MSI (s) (78:58) [16:29:38:247]: User policy value 'SearchOrder' is 'nmu'
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'DisableBrowse' is 0
    MSI (s) (78:58) [16:29:38:247]: Machine policy value 'AllowLockdownBrowse' is 0
    MSI (s) (78:58) [16:29:38:247]: Adding new sources is allowed.
    MSI (s) (78:58) [16:29:38:247]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
    MSI (s) (78:58) [16:29:38:247]: Note: 1: 1729
    MSI (s) (78:58) [16:29:38:247]: Product: Windows Internal Database -- Configuration failed.

    MSI (s) (78:58) [16:29:38:263]: Windows Installer reconfigured the product. Product Name: Windows Internal Database. Product Version: 9.2.3062.00. Product Language: 0. Reconfiguration success or error status: 1638.

    MSI (s) (78:58) [16:29:38:263]: MainEngineThread is returning 1638
    MSI (s) (78:3C) [16:29:38:263]: No System Restore sequence number for this installation.
    Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}
    MSI (s) (78:3C) [16:29:38:263]: User policy value 'DisableRollback' is 0
    MSI (s) (78:3C) [16:29:38:263]: Machine policy value 'DisableRollback' is 0
    MSI (s) (78:3C) [16:29:38:263]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (78:3C) [16:29:38:263]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
    MSI (s) (78:3C) [16:29:38:263]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
    MSI (s) (78:3C) [16:29:38:263]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2
    MSI (s) (78:3C) [16:29:38:263]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress 3: 2
    MSI (s) (78:3C) [16:29:38:263]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (s) (78:3C) [16:29:38:263]: Restoring environment variables
    MSI (c) (DC:38) [16:29:38:263]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (c) (DC:38) [16:29:38:263]: MainEngineThread is returning 1638
    === Verbose logging stopped: 2015/08/11  16:29:38 ===

    Thursday, August 13, 2015 8:28 AM

All replies

  • If your server is SBS 2008 - stop now.

    If your server is WS2008R2, this probably won't work.

    If your server is WS2008, and assuming you have a backup and are prepared for a total reinstall, you could try this:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/f447e7d6-7007-4eb6-b38b-90f92525e092/how-to-uninstall-wsus?forum=winserverwsus


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    • Proposed as answer by Steven_Lee0510 Tuesday, September 8, 2015 9:19 AM
    Thursday, August 13, 2015 8:57 AM
  • i dont have backup
    Thursday, August 13, 2015 9:30 AM
  • i have used the above procedure and it shows WSUS is no longer installed, and from the features menu on server manager it shows that internal database is not installed but when i try to install the database it tells me there is another version installed and i can see the internal database listed in the add/remove feature in control panel but cannot unistall from there when i click on it it wont give options to uninstal or repair
    Thursday, August 13, 2015 9:42 AM
  • Have you tried simply reinstalling WSUS now?

    Why do you see the need to uninstall/reinstall WID anyway?


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Thursday, August 13, 2015 9:38 PM