80070BC9 Windows Update Error Installing Windows Updates on WS 2012 R2 Domain Controller RRS feed

  • Question

  • Hi all, we have 16 domain controllers across 10 sites. On one of the two identical 2012 R2 DCs located at one of the sites I was

    getting 80070BC9 errors while installing updates from WSUS. I was getting the same errors while installing these updates

    manually or directly from Microsoft. Before this error I was able to install successfully 30-40 updates.

    Run DISM image health restore and at the end got a message that said "successfully

    fixed corruption in windows update store" or something along those lines. Tried installing updates again and still was getting same

    errors while installing updates. McAfee Anti-Virus and Carbon Black Defence agents were disabled during the installation. Please

    see some screenshots below. If someone knows a fix for this please share. Thank you!

    • Edited by Etoya Wednesday, December 4, 2019 11:41 PM
    Wednesday, December 4, 2019 11:39 PM

All replies

  • Hello!

    Please navigate to C:\Windows\Logs find the CBS folder, copy it to your Desktop and zip it up.

    Upload it somewhere and paste the link in your next reply.

    Thank you.

    Thursday, December 5, 2019 12:04 AM
  • Thursday, December 5, 2019 12:28 AM
  • Thank you.

    This will require a reboot of the Server, so please do not attempt to do this until you can reboot.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Highlight the contents of the below code box and press Ctrl + C on your keyboard:

    cmd: sc config trustedinstaller start= auto
    cmd: net start trustedinstaller
    cmd: fsutil resource setautoreset true %SystemDrive%\
    cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
    function Move-LockedFile
        param($path, $destination)
        $path = (Resolve-Path $path).Path
        $destination = $executionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($destination)
        $MOVEFILE_DELAY_UNTIL_REBOOT = 0x00000004
        $memberDefinition = @'
        [DllImport("kernel32.dll", SetLastError=true, CharSet=CharSet.Auto)]
        public static extern bool MoveFileEx(string lpExistingFileName, string lpNewFileName,
           int dwFlags);
        $type = Add-Type -Name MoveFileUtils -MemberDefinition $memberDefinition -PassThru  
        $type::MoveFileEx($path, $destination, $MOVEFILE_DELAY_UNTIL_REBOOT + $MOVEFILE_REPLACE_EXISTING)
    Get-ChildItem -path "$env:SystemRoot\system32\Config\TxR\." |
    Foreach-Object {
      write-output $_.fullname
      Move-LockedFile -path $_.fullname "$env:SystemRoot\Temp\junk"
    cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
    cmd: del /f /q %SystemRoot%\System32\SMI\Store\Machine\*.tm*
    cmd: del /f /q %SystemRoot%\System32\SMI\Store\Machine\*.blf
    cmd: del /f /q %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

        Double-click FRST64.exe to run it.
        Press the Fix button just once and wait.
        Restart the computer if prompted.
        When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
        Please copy and paste its contents into your reply.

    Afterwards, completely uninstall McAfee and retry updates. If they happen to fail, provide CBS.log again.

    Thursday, December 5, 2019 1:18 AM
  • I'm back in business, the server just needed another reboot to finalise the repair process. So what I did earlier I ran DISM.exe /Online /Cleanup-image /Restorehealth 

    which reported at the end that some corruptions were fixed in the windows update store. I still wasn't able to install updates. Then I ran windowsupdate.diagcab tool which 

    also reported that it fixed windows update errors. I swear I must have rebooted this DC at least 2-3 times after the last tool, yet when I tried running sfc /scannow it said 

    that the scan process cannot be completed because there were some repair operations pending. So I rebooted the DC again just now, then ran sfc /scannow now which 

    did not find any violations, checked for updates again, it picked up three new ones, hit install and voila, all updates installed without any issues. Thank you all!

    Thursday, December 5, 2019 4:40 AM
  • Excellent!

    Thanks for letting us know.

    Thursday, December 5, 2019 4:54 AM
  • Hi Etoya,

    It's nice to see that the failure has been resolved.
    You can also consider using the "Fix Windows Update errors" wizard to troubleshoot some basic Windows Update errors. For Windows Server 2012 R2, you can choose a troubleshooting scheme for Windows 8.1.

    In addition, please consider marking helpful replys in this thread as the answer. End this thread and help more members quickly locate the answer. 
    Thank you very much for your cooperation!


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 5, 2019 6:10 AM