locked
In Windows 10 how do I debug Windows Update logs? RRS feed

  • Question

  • Also posted in Windows 10 IT Pro.

    I have a small network with 10 users in a domain connecting to a Windows 2008 R2 server used for authentication, file serving, Exchange and WSUS.

    The clients are a mix of Win7, Win8.1 and a Win10 pc. I am having problems with the Win10 PC not getting and applying updates from the WSUS server and I do not know how to debug this.

    On the older OSes I can simply check the c:\windows\windowsupdate.log file to see what error messages are there. I can even tail this file so I can see the log entries on the fly. Nice and simple and easy to debug problems. This all seems to have changed in Windows 10, and not for the better either as I now can't seem to get ANY useful information out of the system.

    I have followed the guides such as :
    https://support.microsoft.com/en-us/help/3036646/how-to-read-windows-update-logs-in-windows-10-version-1607
    and
    https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/

    but all I get is rubbish information. Examples of both Win7 and Win10 logs follow:

    Example of Win 7 windowsupdate.log
    2017-11-02 13:30:25:401 1328 cc8 AU #############
    2017-11-02 13:30:25:495 1328 cc8 AU ## START ##  AU: Search for updates
    2017-11-02 13:30:25:495 1328 cc8 AU #########
    2017-11-02 13:30:25:931 1328 cc8 AU <<## SUBMITTED ## AU: Search for updates [CallId = {54220F94-1317-4908-8174-FB0D36521EDC}]
    2017-11-02 13:30:25:931 1328 1058 Agent *************
    2017-11-02 13:30:25:931 1328 1058 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2017-11-02 13:30:25:931 1328 1058 Agent *********
    2017-11-02 13:30:25:931 1328 1058 Agent   * Online = Yes; Ignore download priority = No
    2017-11-02 13:30:25:931 1328 1058 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2017-11-02 13:30:25:931 1328 1058 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2017-11-02 13:30:25:931 1328 1058 Agent   * Search Scope = {Machine}
    2017-11-02 13:30:28:116 1328 1058 Setup Checking for agent SelfUpdate
    2017-11-02 13:30:28:303 1328 1058 Setup Client version: Core: 7.6.7601.23806  Aux: 7.6.7601.23806
    2017-11-02 13:30:29:785 1328 1058 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
    2017-11-02 13:30:33:904 1328 1058 Misc Microsoft signed: NA
    2017-11-02 13:30:33:951 1328 1058 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMPD8BC.tmp with dwProvFlags 0x00000080:
    2017-11-02 13:30:34:169 1328 1058 Misc Microsoft signed: NA
    2017-11-02 13:30:34:263 1328 1058 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab with dwProvFlags 0x00000080:
    2017-11-02 13:30:34:263 1328 1058 Misc Microsoft signed: NA
    2017-11-02 13:30:34:278 1328 1058 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab with dwProvFlags 0x00000080:
    2017-11-02 13:30:34:278 1328 1058 Misc Microsoft signed: NA
    2017-11-02 13:30:37:882 1328 1058 Setup Determining whether a new setup handler needs to be downloaded
    2017-11-02 13:30:37:882 1328 1058 Setup SelfUpdate handler is not found.  It will be downloaded
    2017-11-02 13:30:37:929 1328 1058 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320"
    2017-11-02 13:30:47:805 1328 1058 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320" is not applicable
    2017-11-02 13:30:47:805 1328 1058 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320"
    2017-11-02 13:30:47:836 1328 1058 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" is not applicable
    2017-11-02 13:30:47:836 1328 1058 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320"
    2017-11-02 13:30:47:883 1328 1058 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" is not applicable
    2017-11-02 13:30:47:883 1328 1058 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
    2017-11-02 13:30:59:422 1328 1058 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
    2017-11-02 13:30:59:422 1328 1058 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://server1:8530/ClientWebService/client.asmx
    2017-11-02 13:31:08:841 1328 1058 PT WARNING: Cached cookie has expired or new PID is available
    2017-11-02 13:31:08:856 1328 1058 PT Initializing simple targeting cookie, clientId = 06ef55e9-7c6c-4d54-95fb-11a7d2034c4b, target group = , DNS name = 101-ext.marinesoftware.ext
    2017-11-02 13:31:08:856 1328 1058 PT   Server URL = http://server1:8530/SimpleAuthWebService/SimpleAuth.asmx
    2017-11-02 13:34:30:516 1328 1058 PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2017-11-02 13:34:30:516 1328 1058 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://server1:8530/ClientWebService/client.asmx
    2017-11-02 13:34:34:462 1328 1058 Agent   * Found 0 updates and 88 categories in search; evaluated appl. rules of 1829 out of 2648 deployed entities
    2017-11-02 13:34:34:773 1328 1058 Agent *********
    2017-11-02 13:34:34:773 1328 1058 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2017-11-02 13:34:34:773 1328 1058 Agent *************
    2017-11-02 13:34:34:929 1328 172c AU >>##  RESUMED  ## AU: Search for updates [CallId = {54220F94-1317-4908-8174-FB0D36521EDC}]
    2017-11-02 13:34:34:929 1328 172c AU   # 0 updates detected
    2017-11-02 13:34:34:945 1328 172c AU #########
    2017-11-02 13:34:34:945 1328 172c AU ##  END  ##  AU: Search for updates [CallId = {54220F94-1317-4908-8174-FB0D36521EDC}]
    2017-11-02 13:34:34:945 1328 172c AU #############
    2017-11-02 13:34:35:116 1328 172c AU Successfully wrote event for AU health state:0
    2017-11-02 13:34:35:148 1328 172c AU Featured notifications is disabled.
    2017-11-02 13:34:35:148 1328 172c AU AU setting next detection timeout to 2017-11-02 19:29:54
    2017-11-02 13:34:35:179 1328 172c AU Setting AU scheduled install time to 2017-11-02 14:00:00
    2017-11-02 13:34:35:179 1328 172c AU Successfully wrote event for AU health state:0
    2017-11-02 13:34:35:194 1328 172c AU Successfully wrote event for AU health state:0
    2017-11-02 13:34:39:763 1328 1058 Report REPORT EVENT: {422D8477-98C1-49EE-8257-A4F3FF9B581A} 2017-11-02 13:34:34:649-0000 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates.
    2017-11-02 13:34:39:763 1328 1058 Report REPORT EVENT: {48FE29AE-8C12-41C8-8448-9925F2807B75} 2017-11-02 13:34:34:773-0000 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
    2017-11-02 13:35:47:987 1328 1058 Report Uploading 2 events using cached cookie, reporting URL = http://server1:8530/ReportingWebService/ReportingWebService.asmx
    2017-11-02 13:35:48:081 1328 1058 Report Reporter successfully uploaded 2 events.
    2017-11-02 14:00:10:074 1328 cc8 AU Forced install timer expired for AUInstallType = 4
    2017-11-02 14:00:10:074 1328 cc8 AU UpdateDownloadProperties: 0 download(s) are still in progress.
    2017-11-02 14:00:10:120 1328 cc8 AU Setting AU scheduled install time to 2017-11-03 14:00:00
    2017-11-02 14:00:10:120 1328 cc8 AU Successfully wrote event for AU health state:0
    2017-11-02 14:39:25:024 1328 cc8 AU AU received policy change subscription event
    2017-11-02 16:24:33:225 1328 cc8 AU AU received policy change subscription event

    Example of my Windows 10 windows update log, decrypted from the etl files using PowerShell Get-WindowsUpdateLog
    2017/11/02 15:13:32.0156801 7572  12800                 Unknown( 24): GUID=160f477e-baec-392d-3b9f-7cf9c8f0f411 (No Format Information found).
    2017/11/02 15:13:32.0156805 7572  12800                 Unknown( 25): GUID=160f477e-baec-392d-3b9f-7cf9c8f0f411 (No Format Information found).
    2017/11/02 15:13:32.0159668 7572  12800                 Unknown( 28): GUID=3247cdd8-c573-3a05-1975-2d939beb960b (No Format Information found).

    I would have thought that Microsoft was full of highly intelligent people so how on earth did something like this get "developed". I put that in quotes as it is anything but a development, taking a simple reporting process and turning it into an unintelligible mess. A massive own goal by Microsoft I think.

    I can't believe that there hasn't been a massive outcry about this so I don't understand why this overly complicated and utterly useless logging process is still in place.

    Can someone please explain to me how I can debug my Windows 10 PC attempting to get and install updates from the WSUS server. BTW, I have also tried this connecting directly to Microsoft's servers and it still won't update, however, that is not the point of my post. I need to be able to read log files.

    Many thanks
    Max

    Friday, November 3, 2017 9:08 AM

All replies

  • Hi Max,

    >>a domain connecting to a Windows 2008 R2 server used for authentication, file serving, Exchange and WSUS.

    As for this scenario, It is recommended to use 2012 or later WSUS server to service win10 clients .

    "
    During this time, WSUS 3.0 SP2 will remain in the old servicing model.  Technically, it can provide minimal Windows 10 update support 
    "

    https://blogs.technet.microsoft.com/wsus/2016/01/22/for-those-on-wsus-3-0-sp2-or-sbs-2011/

    If you need to upgrade to 2012/R2 WSUS server from 2008R2 , please check the following article to achieve that :

    https://technet.microsoft.com/en-us/library/hh852339.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Elton_Ji Wednesday, November 29, 2017 9:19 AM
    Monday, November 6, 2017 4:08 AM