Security patches failing - been trying for a month


  • Hello - I have 25+ Dell 7010 computers. I have 3 of them that will not install patches 493108 and 4093118 (Security Monthly quality rollup and Security only update).  In looking back, these started failing in October of last year.  I have searched and tried many things over the last 2 weeks with no luck.   UPDATE - tried the newly released patches today and no luck.

    The patches apply fine.  The computer reboots.  It comes to the windows screen and flashes the windows icon for a longer than normal amount of time. The screen briefly flashes black.  It comes to the blue windows screen and says "please wait ... " for a few seconds and then it reboots.  It will say it shut down wrong and will continue this cycle until I boot in safe mode with networking.  Then it will come up, revert the patches and boot just fine.

    Is there a log or something that will tell me what it is failing on?  I have looked. Below is a list of just some of the things I have tried.

    I downloaded the full patches from Microsoft site instead of our wsus server and between each of these tried to install 108 only.

    Downloaded and updated the bios on the computer.

    Ran the diag_wu - it says it fixed things

    Turned on windows defender and updated (it has mcafee on it with the same version and update as all the other machines that are working)

    Downloaded .net framework 4.6.2 from webinstaller and installed

    Downloaded .net framework 4.7.1 from web installer

    Ran SFC scan - no error

    Disabled windows media player network startup

    Ran windows update troubleshooter

    Clean boot state - msconfig and turned off the startup of all non micrsooft services.

    Cleared the windows update cache by deleting all the files in SoftwareDistribution\Download.

    I would really appreciate any help in figuring this out.  These 3 machines are set up very similar so I imagine it is a driver or something not loading.   I would of thought the clean boot state might resolve that.  There is a 4th machine with similar software that is patching fine.  

    Reinstalling or rebuilding is not really an option right now since 2 of the machines with the issues are in a critical position.  The 3rd is in my office for testing because I think/hope what is causing it will be the cause on all 3.


    Thursday, May 10, 2018 12:25 PM

All replies

  • So these listed updates are security updates that require previous patches in order to install.. 

    On one of the machines that has all the updates installed, open a command prompt, 

    type in Systeminfo 

    What is the total installed updates? 

    Now on one of the systems that is not currently getting updates, do the same.. 

    how many total installed updates? 

    Is the number off by more than 2? 

    It sounds like you have other issues here, like you are missing the prerequisite to install the updates. 

    To correct this; 

    1. Make a new OU and change the WSUS settings to allow updates from the internet.. move the two PC's into that OU. 

    2. Copy this script into a text file and save as a Batch file, run as administrator if you still have UAC enabled.. 

    net stop bits
    net stop wuauserv
    net stop appidsvc
    net stop cryptsvc

    Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
    Ren %systemroot%\SoftwareDistribution SoftwareDistribution.bak
    Ren %systemroot%\system32\catroot2 catroot2.bak
    cd /d %windir%\system32
    regsvr32.exe atl.dll
    regsvr32.exe urlmon.dll
    regsvr32.exe mshtml.dll
    regsvr32.exe shdocvw.dll
    regsvr32.exe browseui.dll
    regsvr32.exe jscript.dll
    regsvr32.exe vbscript.dll
    regsvr32.exe scrrun.dll
    regsvr32.exe msxml.dll
    regsvr32.exe msxml3.dll
    regsvr32.exe msxml6.dll
    regsvr32.exe actxprxy.dll
    regsvr32.exe softpub.dll
    regsvr32.exe wintrust.dll
    regsvr32.exe dssenh.dll
    regsvr32.exe rsaenh.dll
    regsvr32.exe gpkcsp.dll
    regsvr32.exe sccbase.dll
    regsvr32.exe slbcsp.dll
    regsvr32.exe cryptdlg.dll
    regsvr32.exe oleaut32.dll
    regsvr32.exe ole32.dll
    regsvr32.exe shell32.dll
    regsvr32.exe initpki.dll
    regsvr32.exe wuapi.dll
    regsvr32.exe wuaueng.dll
    regsvr32.exe wuaueng1.dll
    regsvr32.exe wucltui.dll
    regsvr32.exe wups.dll
    regsvr32.exe wups2.dll
    regsvr32.exe wuweb.dll
    regsvr32.exe qmgr.dll
    regsvr32.exe qmgrprxy.dll
    regsvr32.exe wucltux.dll
    regsvr32.exe muweb.dll
    regsvr32.exe wuwebv.dll

    netsh winsock reset

    netsh winhttp reset proxy

    net start bits
    net start wuauserv
    net start appidsvc
    net start cryptsvc

    3. Reboot the machine.. 

    4. Gpupdate /force the new policy location. 

    5. Run updates from windows Online update site.. 

    Once it has completed, you can move the PC back into it's original WSUS policy update location. 

    Unless there is a catastrophic issue on the desktop this should resolve the update issues.. 

    NOTE: while you can run the script remote, need to be RDP'd at minimal into the machine to OK the prompts.. 

    EDIT: MORE NOTE: If this machine has never gotten updates from the internet you will need to run these KB's first.. or it will lag and lag.. and lag.. on the update installation..




    Additional.. These must be installed in order, and you only have to reboot between the second and third one.. 


    Thursday, May 10, 2018 4:39 PM
  • Hi,

    Is there any error code or error message?

    Here are some ways may help you solve the problem.

    1. Please refer the following link and run the Windows Update troubleshooter.

        Fix Windows Update issues: 

    2. Please try to download the most recent Servicing Stack Update (SSU)

        2.1 Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.

        2.2 In the left pane, click Change settings, select Never check for updates, and then select OK.

        2.3Restart the computer.

    2.4 After the computer restarts, download KB3177467 using the following links.

        2.5 Restart the computer, then turn Automatic Updates back on. Open Windows Update, select Change Settings. Under Important Updates, click the dropdown and select Install updates automatically (recommended). Click OK to save your changes, and then select Check for updates to download and install any remaining updates.

    If all methods can't work, please check the cbs.log (%SYSTEMROOT%\Logs\CBS\CBS.log) , windowsupdate.log (%windir%\windowsupdate.log) , CheckSUR.log (%SYSTEMROOT%\Logs\CBS\CheckSUR.log).

    And you could also post them onto OneDrive and share the link here, which can help us do more research.

    Note: If you have any concern about this, please send the logs to through email with the post link, but it may cause reply delay.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    • Proposed as answer by Vera Hu Tuesday, May 15, 2018 5:53 AM
    Friday, May 11, 2018 5:52 AM