At this Article, we are going to describe how you can handle Azure update management troubleshooting in Windows VMs and probably for any other Windows OS.

Windows Update Service & Windows Temp Folder

The first step is to restart the Windows Update service from the Windows Services panel as shown in the image below.


We can also delete the Windows Temp folder files, by using the following command in elevated CMD.

del %windir%\Temp\

If these steps don’t solve the problem follow the next move to the next step.

Windows Update Offline Installation

If the issue didn’t solve with the previous step then, we can quickly download the package for offline installation from the MS Update Catalog as the image below shows.

offline installation

But if problem yet not resolved, you must perform bit advance troubleshooting steps. lets’ try.

System File Checker (SFC) command

The SFC command is used to verify and replace Windows system files in windows OS.

To run SFC Scan follow the next steps:

  • Open elevated CMD  as Administrator
  • Type sfc /scannow and press Enter
sfc scan

Once sfc scan completed, try to install windows updates and restart the VM.

Deployment Image Servicing and Management (DISM) Tool

The DISM is a command line utility tool which can be used to check the system files and try to restore them.

To run the DISM tool we must follow the next steps:

  • Open elevated CMD as Administrator
  • Type the following commands as the examples show below
Dism /Online /Cleanup-Image /ScanHealth
scan health

Now Scan and Repair the Windows image from any corruption

DISM.exe /Online /Cleanup-image /Restorehealth
restore health

Scan and Repair On-Line Image with your own source files

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
Restore health

Note– Above these actions might be delay we MUST wait until finished. Do not Cancel it.

If the problem is yet not solved and the issue persists, then we can manually reset the Windows Update Components and run the Windows Update process.

Windows Update Components Reset

Before we start, before we must know what are these Components and Services which we deal with.


  • The Windows Update service (wuauserv), enables detection, download, installation of windows updates.
  • The Cryptographic service (cryptsvc), makes use of the %windir%\System32\catroot2\edb.log file for the updating process.
  • The Background Intelligent Transfer (bits) service, transfer files between a server and a client.
  • The Windows Installer service (msiserver), provides the Windows Installer (*.msi) package, to add , modify and remove apps.


  • Software Distribution folder where windows keep the Windows Updates history logs.
  • Catroot folder contains system files that are important for the Windows Update process that store the signature of the Windows Update package.

To reset Windows Update Components we must follow the next steps:

  • Open a Command Prompt window as Administrator
  • And start to execute the following commands:
net stop wuauserv
net stop cryptsvc
net stop bits
net stop msiserver

By executing the following commands the services BITS, MSI Installer, Windows Update, and Cryptographic service will stop.

Then we must rename the Software Distribution and Catroot2 folders from the elevated command prompt console.

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old

Finally, start the stopped services again, by executing the following commands:

net start wuauserv
net start cryptsvc
net start bits
net start msiserver

Now steps, try to install windows updates and restart the computer.

Component-Based Service (CBS) Logs

The CBS Log is a file which includes logs for the components that are installed or uninstalled during Windows Updates. The CBS file is located in the Windows directory.

You can find CBS definitions in Windows Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\<packagename>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\<packagename>

Delete The CBS log

You can delete this file by following the next steps:

First stop the Windows Update Service, delete the log and start the Windows Update Service.

net stop wuauserv
del %windir%\Logs\CBS\*.*
net start wuauserv

Cleaning CBS update pending records

Now Open the Regedit key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
,and then delete PackagesPending.

If you don’t have the required permissions to do, you must give by following the next directive.
Right-click the key PackagesPending and open Permissions. Click on
Advanced and change owner to Administrator.
After deleting the key, you must restart the VM.

Azure Update Management

Azure gives users the option to enable Windows Update Management from the Azure portal.

To do this, you need to apply the following steps:

In the primary VM blade on the left, select Operations – Update Management
and press enable.

enable update management

Until the solution enabled you must wait for a few minutes.

update Management Message

Once the solution is enabled in the Azure Portal, wait up to 15′ minutes for the VM configuration.

update Management Message
update management assessment

Now you can schedule patch deployment from linked automation and see, patch should push and installed successfully after doing all these deep insight troubleshooting of update management in windows VMs.

Leave a Reply

Your email address will not be published. Required fields are marked *