At this Article, we are going to describe how you can handle Azure update management troubleshooting in Windows VMs and probably for any other Windows OS.
Windows Update Service & Windows Temp Folder
The first step is to restart the Windows Update service from the Windows Services panel as shown in the image below.
We can also delete the Windows Temp folder files, by using the following command in elevated CMD.
If these steps don’t solve the problem follow the next move to the next step.
Windows Update Offline Installation
If the issue didn’t solve with the previous step then, we can quickly download the package for offline installation from the MS Update Catalog as the image below shows.
But if problem yet not resolved, you must perform bit advance troubleshooting steps. lets’ try.
System File Checker (SFC) command
The SFC command is used to verify and replace Windows system files in windows OS.
To run SFC Scan follow the next steps:
- Open elevated CMD as Administrator
sfc /scannowand press Enter
Once sfc scan completed, try to install windows updates and restart the VM.
Deployment Image Servicing and Management (DISM) Tool
The DISM is a command line utility tool which can be used to check the system files and try to restore them.
To run the DISM tool we must follow the next steps:
- Open elevated CMD as Administrator
- Type the following commands as the examples show below
Dism /Online /Cleanup-Image /ScanHealth
Now Scan and Repair the Windows image from any corruption
DISM.exe /Online /Cleanup-image /Restorehealth
Scan and Repair On-Line Image with your own source files
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
Note– Above these actions might be delay we MUST wait until finished. Do not Cancel it.
If the problem is yet not solved and the issue persists, then we can manually reset the Windows Update Components and run the Windows Update process.
Windows Update Components Reset
Before we start, before we must know what are these Components and Services which we deal with.
- The Windows Update service (wuauserv), enables detection, download, installation of windows updates.
- The Cryptographic service (cryptsvc), makes use of the %windir%\System32\catroot2\edb.log file for the updating process.
- The Background Intelligent Transfer (bits) service, transfer files between a server and a client.
- The Windows Installer service (msiserver), provides the Windows Installer (*.msi) package, to add , modify and remove apps.
- Software Distribution folder where windows keep the Windows Updates history logs.
- Catroot folder contains system files that are important for the Windows Update process that store the signature of the Windows Update package.
To reset Windows Update Components we must follow the next steps:
- Open a Command Prompt window as Administrator
- And start to execute the following commands:
net stop wuauserv net stop cryptsvc net stop bits net stop msiserver
By executing the following commands the services BITS, MSI Installer, Windows Update, and Cryptographic service will stop.
Then we must rename the Software Distribution and Catroot2 folders from the elevated command prompt console.
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old ren C:\Windows\System32\catroot2 Catroot2.old
Finally, start the stopped services again, by executing the following commands:
net start wuauserv net start cryptsvc net start bits net start msiserver
Now steps, try to install windows updates and restart the computer.
Component-Based Service (CBS) Logs
The CBS Log is a file which includes logs for the components that are installed or uninstalled during Windows Updates. The CBS file is located in the Windows directory.
You can find CBS definitions in Windows Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\<packagename>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\<packagename>
Delete The CBS log
You can delete this file by following the next steps:
First stop the Windows Update Service, delete the log and start the Windows Update Service.
net stop wuauserv del %windir%\Logs\CBS\*.* net start wuauserv
Cleaning CBS update pending records
Now Open the Regedit key,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing,and then delete PackagesPending.
If you don’t have the required permissions to do, you must give by following the next directive.
Right-click the key PackagesPending and open Permissions. Click on
Advanced and change owner to Administrator.
After deleting the key, you must restart the VM.
Azure Update Management
Azure gives users the option to enable Windows Update Management from the Azure portal.
To do this, you need to apply the following steps:
In the primary VM blade on the left, select Operations – Update Management
and press enable.
Until the solution enabled you must wait for a few minutes.
Once the solution is enabled in the Azure Portal, wait up to 15′ minutes for the VM configuration.
Now you can schedule patch deployment from linked automation and see, patch should push and installed successfully after doing all these deep insight troubleshooting of update management in windows VMs.