locked
Client reporting of required updates RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Does anyone know where the WSUS engine searches on a client to see which updates it requires?

    I have been having some problems with clients receiving the correct software packages from SCE. As part of the troubleshooting I deleted all the folders under C:\windows\SoftwareDistribution on one of the clients having problems. Following this the client then detected the updates it needed but it also reported that it needed software packages that had already been installed. This was only true for some updates that had been installed, it didn't offer to install Office again for example.

    I thought the WSUS engine might be checking files in the SoftwareDistribution folder to determine which updates  were required by the client, the inconsistencies above however suggest otherwise. Does it look in the client's registry?

    Thanks for your help,

    Tom

    Wednesday, January 16, 2008 1:50 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Tom,

     

    If the update was re-offered, it seems that the update has not been installed successfully. To troubleshoot this issue, please follow these steps:

     

    1. Enable Windows Update debug logging

     

      a. Open regedit and navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
      b. Create a New Key called Trace
      c. In Trace, create a new DWORD value called Flags with a Data of 7
      d. In Trace, create a new DWORD value called Level with a Data of 4
      e. Close regedit

     

    2. Navigate to %windir%, find the file named 'WindowsUpdate.log', rename it to 'WindowsUpdate.old'.

     

    3. Restart the Automatic Updates server and run the “wuauclt /detectnow” command to force an update detection cycle.

     

    4. After the update finished, open the new created file 'WindowsUpdate.log' and search the string "evaluated to 0". Please post the corresponding contents here.

     

    5. If any files or registry entries are recorded, check the permissions on them and see if the SYSTEM account is denied any permissions.

     

    6. You can also download FileMon and RegMon to monitor the background file and registry actions when reproduce the error message. We can check whether there are any Access is denied error from the result logs. 

     

    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Filemon.mspx
    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Regmon.mspx

     

    Hope it helps.


                                                     

    Sincerely,

    Yog Li

    Microsoft Online Community Support

    Friday, January 18, 2008 8:27 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Tom,

     

    If the update was re-offered, it seems that the update has not been installed successfully. To troubleshoot this issue, please follow these steps:

     

    1. Enable Windows Update debug logging

     

      a. Open regedit and navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
      b. Create a New Key called Trace
      c. In Trace, create a new DWORD value called Flags with a Data of 7
      d. In Trace, create a new DWORD value called Level with a Data of 4
      e. Close regedit

     

    2. Navigate to %windir%, find the file named 'WindowsUpdate.log', rename it to 'WindowsUpdate.old'.

     

    3. Restart the Automatic Updates server and run the “wuauclt /detectnow” command to force an update detection cycle.

     

    4. After the update finished, open the new created file 'WindowsUpdate.log' and search the string "evaluated to 0". Please post the corresponding contents here.

     

    5. If any files or registry entries are recorded, check the permissions on them and see if the SYSTEM account is denied any permissions.

     

    6. You can also download FileMon and RegMon to monitor the background file and registry actions when reproduce the error message. We can check whether there are any Access is denied error from the result logs. 

     

    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Filemon.mspx
    http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Regmon.mspx

     

    Hope it helps.


                                                     

    Sincerely,

    Yog Li

    Microsoft Online Community Support

    Friday, January 18, 2008 8:27 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yog,

    Many thanks for your feedback. I will go through your recommended troubleshooting steps today and post the results.

    Thanks,

    Tom

     

    Monday, January 21, 2008 11:04 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yog,

    here is a sample of the content from the client's windowsupdate log file that contains the string 'evaluated to 0' I haven't include everything as these entries repeat themselves throughout the log:

     

    2008-01-23 10:28:57:492  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:28:57:492  412 e84 EEHndlr   EE: RegValueExists evaluated to 0, return hr=0
    2008-01-23 10:28:57:492  412 e84 EEHndlr   EE: MuiInstalled expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:705  412 e84 EEHndlr   EE: RegKeyExists evaluated to 0, return hr=0
    2008-01-23 10:29:00:705  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:825  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:825  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:825  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:825  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:825  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:00:855  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:00:855  412 e84 EEHndlr   EE: RegSz evaluated to 0, return hr=0
    2008-01-23 10:29:01:095  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:04:518  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:04:518  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:05:869  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:05:869  412 e84 EEHndlr   EE: FileExists evaluated to 0, return hr=0
    2008-01-23 10:29:07:491  412 e84 EEHndlr   EE: WindowsLanguage expression evaluated to 0, return hr=0
    2008-01-23 10:29:08:121  412 e84 EEHndlr   EE: Processor expression evaluated to 0, return hr=0
    2008-01-23 10:29:08:482  412 e84 EEHndlr   EE: WmiQuery for query SELECT Manufacturer FROM Win32_ComputerSystem WHERE Manufacturer LIKE 'HEWLETT%' or Manufacturer LIKE 'HP%'or Manufacturer LIKE 'Compaq%' evaluated to 0
    2008-01-23 10:29:08:482  412 e84 EEHndlr   EE: FileExists evaluated to 0, return hr=0
    2008-01-23 10:29:08:692  412 e84 EEHndlr   EE: RegDword evaluated to 0, return hr=0
    2008-01-23 10:29:08:692  412 e84 EEHndlr   EE: RegKeyLoop evaluated to 0, return hr=0
    2008-01-23 10:29:08:692  412 e84 EEHndlr   EE: WindowsVersion expression evaluated to 0, return hr=0
    2008-01-23 10:29:08:782  412 e84 EEHndlr   EE: RegKeyExists evaluated to 0, return hr=0
    2008-01-23 10:29:08:887  412 e84 EEHndlr   EE: MuiInstalled expression evaluated to 0, return hr=0
    2008-01-23 10:29:09:638  412 e84 EEHndlr   EE: WmiQuery for query select domain from Win32_ComputerSystem WHERE domain = 'ntdev.corp.microsoft.com' evaluated to 0
    2008-01-23 10:29:09:863  412 e84 EEHndlr   EE: WmiQuery for query select domain from Win32_ComputerSystem WHERE domain = 'segroup.winse.corp.microsoft.com' evaluated to 0
    2008-01-23 10:29:09:983  412 e84 EEHndlr   EE: WmiQuery for query SELECT domain from Win32_ComputerSystem WHERE domain = 'wingroup.windeploy.ntdev.microsoft.com' evaluated to 0
    2008-01-23 10:29:09:983  412 e84 EEHndlr   EE: RegSz evaluated to 0, return hr=0
    2008-01-23 10:29:11:665  412 e84 EEHndlr   EE: WmiQuery for query Select Manufacturer From Win32_ComputerSystem where Manufacturer = 'LG Electronics' evaluated to 0
    2008-01-23 10:29:11:665  412 e84 EEHndlr   EE: FileVersion evaluated to 0, return hr=0
    2008-01-23 10:29:12:190  412 e84 EEHndlr   EE: RegDword evaluated to 0, return hr=0
    2008-01-23 12:19:38:048  412 d6c EEHndlr   EE: Processor expression evaluated to 0, return hr=0

     

    Thanks,

    Tom

     

    Wednesday, January 23, 2008 12:33 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Tom,

     

    Could you also finish the FileMon and RegMon log? And please send all the log files, including the full version of WindowsUpdate.log, to scedata@microsoft.com, with the following three lines in the E-mail. I hope that would be helpful.

     

    Client reporting of required updates
    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2690696&SiteID=17
    For Yog Li - MSFT

     

    Thanks.

     

                                                    
    Sincerely,

    Yog Li

    Microsoft Online Community Support

    Thursday, January 24, 2008 6:57 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Yog, this is great info. Wanted to give you a heads up that you can now use ProcessMon from the Sysinternals guys, which is an updated tool that includes filemon and regmon data into a single tool.

    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
    Tuesday, January 29, 2008 2:48 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Pete,

     

    Thaks for sharing the information. It's really great.

     

                                                    
    Sincerely,

    Yog Li

    Microsoft Online Community Support

    Wednesday, January 30, 2008 7:23 AM