none
KB3033395 installs but AU client doesn't recognize it RRS feed

  • Question

  • Has anyone encountered a problem with KB3033395?

    I'm testing this month's Patch Tuesday release, and my test Server 2003 machine has 11 updates to install. 10 of them install just fine, actually all 11 install just fine.  

    #11 is KB3033395. This appears in the control panel and its files are correct.

    But the AU client still regards KB3033395 as "needed", and of course it reports that back to the WSUS server.  

    I've tried:

    1. Just let it install again. 
    2. I reverted to a previous snapshot and the behavior repeats itself. 
    3. Fixit 50123 does not resolve the issue. 
    4. Restarts do not resolve the issue.

    The closest thing to an abnormal message is in WindowsUpdate.log, which says at the first successful installation that the update requires a restart, but with subsequent installations it says a restart is not needed.  

    (Update, March 17: We certainly have enough "me too"s, everyone, and since the issue doesn't affect WSUS directly, more of them won't help.  Suggestions for making the update stick would be welcome, but I think that we just have to wait for Microsoft to replace the update or migrate away from Server 2003).

    Wednesday, March 11, 2015 4:06 PM

Answers

  • - Title: Vulnerabilities in Windows Kernel Could Allow Elevation of

       Privilege (3038680)

     - https://technet.microsoft.com/library/security/ms15-025

     - Reason for Revision: V2.0 (March 16, 2015): To address a packaging

       issue for customers who are repeatedly reoffered security update

       3033395 when installed on systems running supported editions of

       Windows Server 2003, Microsoft released update 3033395-v2 for all

       supported editions of Windows Server 2003. Customers who have not

       already installed the 3033395 update should install update

       3033395-v2 to be fully protected from this vulnerability. To

       avoid the possibility of future detection logic problems, Microsoft

       recommends that customers running Windows Server 2003 who have

       already successfully installed the 3033395 update also apply update

       3033395-v2 even though they are already protected from this

       vulnerability. Customers running other Microsoft operating systems

       are not affected by this rerelease and do not need to take any

       action. See Microsoft Knowledge Base Article 3033395 for more

       information.

     - Originally posted: March 10, 2015

     - Updated: March 16, 2015

     - Bulletin Severity Rating: Important

     - Version: 2.0

    Tuesday, March 17, 2015 12:25 PM

All replies

  • I have the same issue, 2003 R2 server and no WSUS but symptoms are the same, KB3033395 asks to be installed over and over again, WU finds it although it is installed.
    Wednesday, March 11, 2015 5:04 PM
  • Same problem, nothing helpful from my troubleshooting, either. I've applied it multiple times, removed it and reinstalled, and a few other items which were all unsuccessful. Would appreciate any advice from somebody's who's managed to solve the reoccurring prompting to install this patch...
    Wednesday, March 11, 2015 6:22 PM
  • Same issue on Win 2003 R2 SP2, KB3033395 installs fine but then immediately identifies for install again, which succeeds, then ...

    This server is Win 2003 R2 SP2 x86, part of a client demo domain running on Client Hyper-V. Updates are manual from Microsoft Update, not WSUS. Looks like the issue is with the update itself as noted by those who have investigated more closely.

    As it's the only 2003 server I have out there right now, I don't really have time to troubleshoot. Thanks to others who have posted here and are actively looking for a solution.

    Thursday, March 12, 2015 12:54 AM
  • We have the same issue on server 2003. KB3033395 asks to be installed over and over again.
    Thursday, March 12, 2015 12:56 AM
  • Same issue.  Applying from the download center .exe outside of AU also does not solve the issue.
    Thursday, March 12, 2015 2:55 AM
  • THIS WILL FIX YOUR PROBLEM

    Do the following on the client

    stop windows update service

    Rename the folder c:\winnt\softwaredistribution to softwaredistribution.old

    start the windows update service

    apply the patch and it should say installed

    Post the follow into a text file. rename it to .cmd and run if you want to fix the issue

    net stop wuauserv


    cd "c:\winnt"

    rename SoftwareDistribution SoftwareDistribution.old


    net start wuauserv


    • Edited by FredrikGh Thursday, March 12, 2015 7:17 AM update
    Thursday, March 12, 2015 7:13 AM
  • Sorry Fredrik, but this does not solve it - the Update itself must have an issue, or is related to another Issue with another Update.
    Thursday, March 12, 2015 7:41 AM
  • Same here, for W2003 x64 . W2003 x86 is fine. This is true for both offline scans wsusscn2.cab and online WSUS scans. Looks like they have a metadata problem in both cab and WSUS.
    Thursday, March 12, 2015 10:11 AM
  • I have this issue with 2003 R2 on an x86 patching via WSUS.  I am looking to see if I can get around it.  I see the KB was installed so I removed it which said I would need to restart.  Went along with that and the restart never happened.  Conducted a manual restart.  I am going to see where this goes.
    • Edited by migtin Thursday, March 12, 2015 1:20 PM
    Thursday, March 12, 2015 1:19 PM
  • Same here,

    uninstall and restart - update does not solve it.

    No Wsus 4 servers with 2003 all got the same problem

    Thursday, March 12, 2015 1:46 PM
  • This is what the log file for kb3033395 says after manual installation of this

    [KB3033395.log]

    0.406: ================================================================================

    0.406: 2015/03/13 07:48:41.877 (local)

    0.406: c:\16fcd18f02f16ad15ad4d58777788f\update\update.exe (version 6.3.4.1)

    0.406: Hotfix started with following command line:

    0.406: In Function GetBuildType, line 1170, RegQueryValueEx failed with error 0x2

    0.750: In Function TestVolatileFlag, line 12013, RegOpenKeyEx failed with error 0x2

    0.750: In Function TestVolatileFlag, line 12045, RegOpenKeyEx failed with error 0x2

    0.750: DoInstallation: CleanPFR failed: 0x2

    0.750: In Function GetBuildType, line 1170, RegQueryValueEx failed with error 0x2

    0.750: SetProductTypes: InfProductBuildType=BuildType.Sel

    0.750: SetAltOsLoaderPath: No section uses DirId 65701; done.

    0.765: DoInstallation: FetchSourceURL for c:\16fcd18f02f16ad15ad4d58777788f\update\update_SP2QFE.inf failed

    0.765: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102

    0.765: BuildCabinetManifest: update.url absent

    0.765: Starting AnalyzeComponents

    0.765: AnalyzePhaseZero used 0 ticks

    0.765: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102

    0.765: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102

    0.765: Enumerating Devices of computer, GUID {4d36e966-e325-11ce-bfc1-08002be10318}

    0.859: OEM file scan used 94 ticks

    0.937: AnalyzePhaseOne: used 172 ticks

    0.937: AnalyzeComponents: Hotpatch analysis disabled; skipping.

    0.937: AnalyzeComponents: Hotpatching is disabled.

    0.937: FindFirstFile c:\windows\$hf_mig$\*.*

    0.953: KB3033395 Setup encountered an error:  The  update.ver file is not correct.

    1.093: AnalyzeForBranching used 0 ticks.

    1.093: AnalyzePhaseTwo used 0 ticks

    1.093: AnalyzePhaseThree used 0 ticks

    1.093: AnalyzePhaseFive used 0 ticks

    1.093: AnalyzePhaseSix used 0 ticks

    2.546: AnalyzeComponents used 1781 ticks

    2.546: Downloading 0 files

    2.546: bPatchMode = FALSE

    2.546: Inventory complete: ReturnStatus=0, 1781 ticks

    7.531: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB3033395$

    7.531: Num Ticks for invent : 6766

    7.531: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX13.tmp

    7.531: Copied file:  c:\windows\inf\branches.inf

    7.796: Allocation size of drive C: is 4096 bytes, free space = 12821553152 bytes

    7.796: Drive C: free 12227MB req: 5MB w/uninstall 0MB

    7.796: CabinetBuild complete

    7.796: Num Ticks for Cabinet build : 265

    7.796: DynamicStrings section not defined or empty.

    7.796: FileInUse:: Detection disabled.

    8.796: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102

    8.828: PFE2: Not avoiding Per File Exceptions.

    8.921: DoInstallation: Installing assemblies with source root path: c:\16fcd18f02f16ad15ad4d58777788f\

    8.921: Num Ticks for Copying files : 1125

    8.921:  ;%systemroot%\system32\ws03res.dll;%systemroot%\system32\w03a2409.dll found in EventMessageFile of Product.Append.Reg.IA

    8.921: Num Ticks for Reg update and deleting 0 size files : 0                          

    8.921: DoInstallation: ApplyAdminSystemAclsRecursive for c:\windows\$hf_mig$\KB3033395 failed; error=0x00000003

    8.937: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.

    12.687: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0

    Friday, March 13, 2015 7:00 AM
  • I have the the same Problem with my WSUS and a W2003/32 Server.

    Friday, March 13, 2015 9:58 AM
  • Deleted
    Friday, March 13, 2015 11:01 AM
  • Windows 2003 SP2 Russian x86, same problem
    Friday, March 13, 2015 12:34 PM
  • in our company in Costa Rica the same problem no one has a solution to this.
    Friday, March 13, 2015 1:33 PM
  • Same with us. Showing as missing/failed in SCCM even though it's installed.

    We tried uninstalling/reinstalling. Restarting. Nothing works.


    Brandon Justice Paychex


    Friday, March 13, 2015 1:59 PM
  • THIS WILL FIX YOUR PROBLEM

    Do the following on the client

    stop windows update service

    Rename the folder c:\winnt\softwaredistribution to softwaredistribution.old

    start the windows update service

    apply the patch and it should say installed

    Post the follow into a text file. rename it to .cmd and run if you want to fix the issue

    net stop wuauserv


    cd "c:\winnt"

    rename SoftwareDistribution SoftwareDistribution.old


    net start wuauserv


    Agree with the above. It's likely to be a problem on the client. This morning after a week of failed update attempts I followed the above process. In addition, sometimes 1 update fails or in my case get stuck installing,  and this has a knock on effect on other installs. In my case I had to go to the softwaredistribution / Download directory, this is where your actual update files are kept. Open up each folder, extract the files and then run the installs manually. After you manually install what you can the rest should then install as normal on the next reboot.

    If a previous update is stuck you may need to kill that process before being allowed to run manual installs on the others, in which case kill the msiexec process in task manager before attempting to install the other updates manually.

    My problem did not relate to this update specifically but this is a process I have followed many times previously when updates appear to fail to install. My case related to a Visio update which prevented all the other office updates from installing.

    Friday, March 13, 2015 5:13 PM
  • I tried this, and it didn't work. It's very constant. SCCM is reporting "failed to install update" on every 2003 server we have. It's installed correctly on the server, but not reporting as installed. There is definitely something going on.

    Brandon Justice Paychex

    Friday, March 13, 2015 6:18 PM
  • Same issue here using SCCM on 2003 R2 Servers. I have not been able to get it to report installed and was hoping someone here had a work around. Guess Ill check back later!
    Saturday, March 14, 2015 5:24 AM
  • I use SCCM 2012 R2

    This fixed it for my 400 2003 servers

    Saturday, March 14, 2015 7:14 AM
  • We push via SCCM 2012 R2 and we are seeing the same issue.  We have tried to install the patch manually with the same results.  The patch is installing but cannot be properly verified.  We are finding this in setupapi.log:

    #I443 No installed Authenticode(tm) catalogs matching catalog name "oem20.CAT" were found that validated file "c:\windows\softwaredistribution\download\3905899386c27da90e2a8d3bd0379e3b\update\update_SP2QFE.inf" (key "update_SP2QFE.inf"). Error 1168: Element not found.

    The SCCM client error:

    Error code 0x87D00668 "Software update still detected as actionable after being applied".  

    I have deleted the Software Distribution folder. Manually downloaded and installed and still we are seeing this error. 

    Saturday, March 14, 2015 5:26 PM
  • Seeing this on one Windows Server 2003 R2 x86 VM; following the process of stopping the AU client/removing softwaredistribution folder/manually installing update does NOT work for me.
    Update: We have 14 of these 2003 R2 servers, and I have yet to find one that this update works on. This is going to get the best of my OCD this month.

    Update 2: I found two systems where this update was installed successfully...not sure what the magic is. I think it's time to accelerate the migration of our 2003 systems.

    • Edited by _Jim_ Monday, March 16, 2015 6:15 PM
    Sunday, March 15, 2015 8:03 PM
  • this solution in our company to windows 2003 r2 sp2 does not work continue with the same problem
    Monday, March 16, 2015 9:16 AM
  • We see the same here with all 2003 servers.

    Would like to have that sorted out.


    Gustav Brock

    Monday, March 16, 2015 4:31 PM
  • I think that Microsoft got the detection logic mixed up for the x86 patch... and it's looking for the x64 files.

    Take a look at the MSKB article:

    http://support.microsoft.com/en-us/kb/3033395

    Note in the "Windows Server 2003 file information" section that the heading for the x86 files says "x64-based" and vice-versa.

    If they made that mistake in the KB article, what's the bet they made the exact same mistake in the coded detection logic?

    Monday, March 16, 2015 9:01 PM
  • Well MS must have changed something this afternoon, as now my systems are no longer showing pending in WSUS. And on a standalone system, Microsoft Update offered up KB3002657 as well as KB3033395...after installing both and rebooting, no new updates were detected.

    Jim


    • Edited by _Jim_ Tuesday, March 17, 2015 12:10 AM
    • Proposed as answer by Radik Gens Tuesday, March 17, 2015 4:56 AM
    Tuesday, March 17, 2015 12:04 AM
  • Yes, this fixed the problem!
    Tuesday, March 17, 2015 4:56 AM
  • - Title: Vulnerabilities in Windows Kernel Could Allow Elevation of

       Privilege (3038680)

     - https://technet.microsoft.com/library/security/ms15-025

     - Reason for Revision: V2.0 (March 16, 2015): To address a packaging

       issue for customers who are repeatedly reoffered security update

       3033395 when installed on systems running supported editions of

       Windows Server 2003, Microsoft released update 3033395-v2 for all

       supported editions of Windows Server 2003. Customers who have not

       already installed the 3033395 update should install update

       3033395-v2 to be fully protected from this vulnerability. To

       avoid the possibility of future detection logic problems, Microsoft

       recommends that customers running Windows Server 2003 who have

       already successfully installed the 3033395 update also apply update

       3033395-v2 even though they are already protected from this

       vulnerability. Customers running other Microsoft operating systems

       are not affected by this rerelease and do not need to take any

       action. See Microsoft Knowledge Base Article 3033395 for more

       information.

     - Originally posted: March 10, 2015

     - Updated: March 16, 2015

     - Bulletin Severity Rating: Important

     - Version: 2.0

    Tuesday, March 17, 2015 12:25 PM