I am trying to create a custom definition for a patch (and product) and can only get the detection to work if I specify the full path to the executable I am detecting. It may not always be the case that the application is installed in the same location so I need to be able to detect using wildcards or just the executable name. Is this possible?
Thanks
Alastair
Hi got this question, if a server are missing, say from MS14-018, to MS18-03-SO81, is it then required to install all MSXX-XX-XX in between ? or is it enough to just install ms18-03.SO81
/Niels
Issue
When attempting to patch there are a large about of detections of vulnerabilities that are not applicable to the client machine. When scanning, these definitions are flagged as detected for reason "Pre-req Check failed." This can cause numerous failures, bloated detected definition results, and incorrect logging.
Symptoms
To know whether or not you are getting a Pre-req check failure there are a few symptoms you can look for in order to know if this is the cause of your patch failures. This issue only occurs with Next Gen vulnerabilities.
1. Scan Failed returns
One of the first symptoms most customers notice is an abundance of "Scan Failed, Failed to start scan" returns in their clients patching history. These returns are an indication that the core server received a failure to start the scan during Vulcan. This is due to important files not being in the proper location during the scan, more on that later.
2. Bloated "All Detected" patches list
The second symptom that can point to a Pre-req check failed is the bloated "All Detected" folder in the Patch and Security. This is normally filled with a large amount of detection of either previously undetected or not applicable vulnerabilities. Since there was a failure during the scan for these vulnerabilities they will be flagged as detected and will show up in this folder. When selecting one of your definitions you will see the reason for detection as "Pre-Req Check Failed."
3. Ivanti folders on the root of C:\
The final Symptom of this issue is the presence of two Ivanti folders that are being placed in the root of C:\. "vulScan" and "LANDesk" will appear in the root of C:\ instead of the locations "ProgramData" and "Program Files(x86)" respectively. This is caused by them not being properly configured to the proper locations.
Resolution
This issue can be easily resolved by correcting the registry key where the vulScan folder should be properly located. Open Regedit and locate the following key
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
Here you will find the CommonAppData key. If you are experiencing this issue it is caused by this key being blank. Simply add "C:\ProgramData" without the quotes then run a scan. This should allow for a proper scan and the vulScan and LANDesk folders will properly update in their designated locations. You are free to delete the folders on the C:\ root without any impact on the product.
It is recommended that you restart the client after changing this key to ensure it is properly changed.
Wed, 02 May 2018 10:49:41 SendRequest: SOAPAction: "http://tempuri.org/SetPatchInstallStatus2"
Wed, 02 May 2018 10:49:42 Success
Wed, 02 May 2018 10:49:44 TimberHlpr DLL_THREAD_DETACH called
Wed, 02 May 2018 10:49:45 DoDownloadFromSourceSteps: DOWNLOAD_ERROR_GENERAL_FAILURE
Wed, 02 May 2018 10:49:45 Failed to download \\IBS-FS4\PPS\Patch\windows6.1-kb4093108-x86_tw1211060.msu. Error code 1
Wed, 02 May 2018 10:49:45 \\IBS-FS4\PPS\Patch\windows6.1-kb4093108-x86_tw1211060.msu Failed
Wed, 02 May 2018 10:49:45 TimberHlpr DLL_THREAD_DETACH called
Wed, 02 May 2018 10:49:46 TimberHlpr DLL_THREAD_DETACH called
Wed, 02 May 2018 10:49:46 TimberHlpr DLL_THREAD_DETACH called
Wed, 02 May 2018 10:49:47 TimberHlpr DLL_THREAD_DETACH called
Wed, 02 May 2018 10:49:47 Download Failure: Error 80004005 downloading \\IBS-FS4\PPS\Patch\windows6.1-kb4093108-x86_tw1211060.msu
Wed, 02 May 2018 10:49:47 Last status: Failed: Could not download \\IBS-FS4\PPS\Patch\windows6.1-kb4093108-x86_tw1211060.msu
Client machine unable to download patch after we removed patch location to other storage (before this when it worked, the patch folder is in core server). Client machine able to access the
path \\IBS-FS4\PPS\Patch\Patch\windows6.1-kb4093108-x86_tw1211060.msu from their machine but not able to download the file during the patch deploy task.
Share permission to everyone has been set as Full Control on folder Patch.
We are attempting to install Windows 10 1709 release. I have followed both steps to install using patching and provisioning, not having any luck. Both tasks fail. I have gone over these instructions multiple times and can not figure out what I am missing. All help is appreciated.
Re: anyone been able to push 1709 update to windows 10 in LANDesk?
2016.3 SU5 - I have 3 devices stuck in the Active queue of a scheduled task that was auto-generated by a rollout project. The devices failed because the core couldn't detect an agent. I did a "retry selected failed devices" when they went to the failed queue, which placed them back in the Active queue, but now they're stuck there and I can't find a way to retry them again? I found some of the LANDesk services were disabled on these, so after enabling them I can't find a way to retry them against the task? If I remove them from the task, and then drop them back in, they just sit in the Pending queue, even if I right-click the task and do any of the Start options, the devices just remain in Pending?
2016.3 SU5: Why do some patches appear with the word "DETECT" in the name and why aren't they downloadable?
Hello,
I have three issues with the new next gen patching system.
Landesk version = 2016.3 10.1.0.168
Wondering if anyone else has these two issues before I open a case with Support.
Thanks,
Andrew
EMP 2017.X
I can't find the W10V1803 under our detected patches.
Is it listed under a different number?
Best.
We are pushing these 2 repair tasks for these definitions and we get back Patch already installed, repair no longer needed. We check the servers and the patches are NOT there.
Hello all,
I have a large number of PHYSICAL machines on network with VMWare Tools installed -- The VMWare Tools update through LANDesk does not work (actually, it can't work at all since VMWare Tools executables simply throw an error on physical machines)
So I tried to uninstall VMWare Tools via VMware Tools "setup.exe" /s /c on a test machine. As far as I can tell, VMWare Tools is removed completely -- I've run several inventory scans since, and Inventory doesnt show VMWare Tools under Add/Remove Programs or Software Products.
Nevertheless, VMWare Tools seems to be detected by vulscan, and it still attempts (and fails) to run the fix.
Can anyone provide any insight as to why it's still detecting?
| vulscan.log |
|---|
Thu, 10 May 2018 09:11:59 Patch is NOT installed Thu, 10 May 2018 09:11:59 Checking vulnerability VMWT-023_INTL, rule index 1 ('VMware-tools-10.2.5-8068406-x86_64_tw1206360.exe') Thu, 10 May 2018 09:11:59 Running product detection script Thu, 10 May 2018 09:11:59 Checking pre-requisite... Thu, 10 May 2018 09:11:59 filesDownloaded: True Thu, 10 May 2018 09:11:59 AlreadyScanned: True Thu, 10 May 2018 09:11:59 Detecting product... (ProductId 0: 16173, SP UID 6842: {00001aba-0001-0000-0000-000000000000}) Thu, 10 May 2018 09:11:59 Clearing status... Thu, 10 May 2018 09:11:59 Converted ProductId 16173 -> 16173 (int), SP UID {00001aba-0001-0000-0000-000000000000} Thu, 10 May 2018 09:11:59 Product NOT DETECTED: ProductId 0: 16173, SPUid 6842: {00001aba-0001-0000-0000-000000000000} Thu, 10 May 2018 09:11:59 Detected: False Thu, 10 May 2018 09:11:59 Running product detection script Thu, 10 May 2018 09:11:59 Checking pre-requisite... Thu, 10 May 2018 09:11:59 filesDownloaded: True Thu, 10 May 2018 09:11:59 AlreadyScanned: True Thu, 10 May 2018 09:11:59 Detecting product... (ProductId 0: 13820, SP UID 6378: {000018ea-0001-0000-0000-000000000000}) Thu, 10 May 2018 09:11:59 Clearing status... Thu, 10 May 2018 09:11:59 Converted ProductId 13820 -> 13820 (int), SP UID {000018ea-0001-0000-0000-000000000000} Thu, 10 May 2018 09:11:59 Product DETECTED: ProductId 0: 13820, SPUid 6378: {000018ea-0001-0000-0000-000000000000} Thu, 10 May 2018 09:11:59 Detected: True Thu, 10 May 2018 09:11:59 Running detection script Thu, 10 May 2018 09:11:59 Checking pre-requisite... Thu, 10 May 2018 09:11:59 filesDownloaded: True Thu, 10 May 2018 09:11:59 AlreadyScanned: True Thu, 10 May 2018 09:11:59 Checking detection... (PatchGuid: {0001d73c-0000-0000-0000-000000000000}, Lang: INTL) Thu, 10 May 2018 09:11:59 Clearing status... Thu, 10 May 2018 09:11:59 GetLanguageId: 'INTL' ==> Language Id: 0 Thu, 10 May 2018 09:11:59 Patch found 120636: {0001D73C-0000-0000-0000-000000000000} Thu, 10 May 2018 09:11:59 RegionId '0' belongs to Lang: INTL Thu, 10 May 2018 09:11:59 Missing patch found: BulletinName: VMWT-023, PatchId 120636: {0001D73C-0000-0000-0000-000000000000}, Lang: INTL, regionId: 0 Thu, 10 May 2018 09:11:59 ----------------- DETECTION RESULT ---------------------------- Thu, 10 May 2018 09:11:59 FileTestResult: Thu, 10 May 2018 09:11:59 C:\Program Files\VMware\VMware Tools\vmtools.dll Thu, 10 May 2018 09:11:59 [File version expected]: 10.2.5.3619 Thu, 10 May 2018 09:11:59 [File version found]: 10.0.5.520 Thu, 10 May 2018 09:11:59 [File test action]: [5]: Check existence - patch installed if the file exists Thu, 10 May 2018 09:11:59 m_Reason: 'C:\Program Files\VMware\VMware Tools\vmtools.dll' does not exist. Thu, 10 May 2018 09:11:59 [Patch file error]: 284035128 Thu, 10 May 2018 09:11:59 IsRegistryTestResultUsable: true Thu, 10 May 2018 09:11:59 --------------------------------------------------------------- Thu, 10 May 2018 09:11:59 Reason: 'C:\Program Files\VMware\VMware Tools\vmtools.dll' does not exist., Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D158FDD-2E20-4C54-A271-4D2CE2C39905}' does not exist, Expected: 10.2.5.3619, Found: 10.0.5.520 Thu, 10 May 2018 09:11:59 Detected: True Thu, 10 May 2018 09:11:59 VMWT-023_INTL detected, removing it from scan filter Thu, 10 May 2018 09:11:59 VMWT-023_INTL detected Thu, 10 May 2018 09:11:59 VUL: 'VMWT-023_INTL' (VMware-tools-10.2.5-8068406-x86_64_tw1206360.exe) DETECTED. Reason ''C:\Program Files\VMware\VMware Tools\vmtools.dll' does not exist., Registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D158FDD-2E20-4C54-A271-4D2CE2C39905}' does not exist'. Expected '10.2.5.3619'. Found '10.0.5.520'. Patch required 'VMware-tools-10.2.5-8068406-x86_64_tw1206360.exe'.
Thu, 10 May 2018 09:11:59 Patch is NOT installed
|
I am currently doing an LDMS implementation at my company for a little under 3k endpoints. I have years of experience with the product, but have never had or implemented Patch Manager. We currently use WSUS and will be replacing it entirely with LDMS. We are not up to the patch phase of project, but I spent a lot of time evaluating different areas of patch when I did the proof of concept. I have a number of questions that I'm hoping some of you can point me in the right direction on.
1.) Moving from WSUS to Patch Manager what is usually the practice here? Do people usually start from where WSUS left off when it comes to approving patches for autofix? Do you try to match up all WSUS approvals with Patch Manager?
2.) How are people using download definition settings? They are very limited where you only have vendor/product and contains/equals. Initially I was hoping to use this for automation in getting patches into a roll-out project for a more hands-off approach, but that doesn't seem possible with the limited options.
3.) For workstations we will probably be implementing a three-phase patch cycle where pilot 1 would get approved patches the weekend following patch Thursday, pilot 2 the following weekend, and the rest of the environment. I'm weary of using the 'Disable any rules this definition replace' setting in the download definition settings for this reason... If a patch is still in play for the general population and a newer version of the patch comes out that will go to pilot this setting would stop the previous version from getting fully deployed to the general population. How are people using this setting with this issue? If you are not using it, how are you retiring old patches?
4.) How are people using groups and tags to maintain phases/rollouts/etc?
5.) With autofix one of my fears is that a patch will fail a number of times and stop installing where WSUS would just keep trying with the regular schedule. How are people protecting themselves against this issue?
6.) For autofix to work I assume you'd have to configure the reboot agent settings assigned to the agents to allow reboots during a time that overlaps with the patch/distribution agent settings maintenance window?
Where can i get the Office365Util.exe? Trying to patch office 365 C2R.
Hello,
I am tying to install BIOS updates for the Spectre/Meltdown vulnerabilities, and so far the console says the client is processing the request but in reality the client is just sitting idle and not processing anything.
I've built Distribution packages using the extracted EXE from the Patch supplied by HP and all I get is dead air.
Has anyone else deployed BIOS Patches? Any suggestions?
Thanks,
Matt
We have suddenly come across an issue where Patch Management is detecting a patch as being required by a number of servers but is not actually required by the server.
We are running LDMS 2016.3 currently.
The patch is showing as required on a number of servers but if I logon to any of the servers and run the patch manually it says T'he update is not applicable to your computer'.
Obviously the detection logic is looking for something that indicates the update is required but if it is not applicable why is this happening?
I have searched tinernet for any help with this patch but cannot find a resolution. There are a lot of articles about failed patches but nothing I can find specific to this one and how to fix the problem.
Is this a Patch Management issue or a Microsoft Update issue?
If anyone is interested the update in question is 2973351 which is quite an old patch but is suddenly showing as required by quite a few servers.
I could remove the patch from the scanning process so that it is not detected but wonder if there is a deeper issue here.
Note: Clicking on a photo will enlarge it.
This document will go over what to look for and do if you think you have a patch that is detecting incorrectly on your devices. Incorrect detections can happen if the detection logic is incorrect and still reports as needed but the patch has already been installed, is not applicable to the system or other issues. In this document, you’ll learn what to look for in the vulscan logs which are required to submit the incorrect patch detection for review.
This document assumes you know how to find individual patches, create a patch group and move patches to it in the console and create a repair task on a specific patch or group of patches in the console. It also assumes you have an understanding of repair tasks and how to add target devices to them and run the task.
Prep the Client
As of January 2018 all new content created uses the new patching engine. Additional logs are needed as well as the vulscan log to troubleshoot the false detection.
Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.
To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace logselected.
To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:
vulscan /enableDpdTrace=true /showui
The showui switch is optional.
This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:
PatchManifestSyncSDK.log
PatchScanSDKDpdTrace.log
Note: Running the above command will start a vulscan on the device. You will need to wait until it finishes before moving onto the "Run a Repair Task" step. Usually waiting 30 mins is good for it to finish.
Run a Repair Task
Running a repair task for the specific patch(es) gives supports the best information. The vulscan logs only showing one patch or two processing will show them detecting and installing and are more concise and easier to look over to find details. General vulscan logs are not Ideal as many only show the patch detecting but not installing and have a lot of unneeded information. Running a specific repair task with patches having the issue will provide the best logs.
You can create a repair task by going to Tools > Security and Compliance > Patch and Compliance. Click the Scan folder and find your patch. When you find the patch having the issue right click it and from the menu that appears click Repair. If you have a patch group or several patches you can do the same and create a repair task for several patches at the same time.
The Repair task dialog will open. Most settings you can leave as a defaults. You can add a target device at this time as well. If you have a maintenance window on your clients, be sure to check Ignore Maintenance Window if specified so the patch tries to install as well as scan in this repair task.
Once you have a target in your task run it and wait for it to complete.
When the repair job finishes you will need the following files to give to support in a zip file:
C:\Programdata\landesk\log\Vulscan.log (Make sure it is the correct one, see below)
C:\Programdata\landesk\log\stdeploy.log
C:\Programdata\landesk\log\stdeployercore.log
C:\Programdata\Landesk\DebugLog\PatchManifestSyncSDK.log (sometimes doesn't get created)
C:\Programdata\Landesk\DebugLog\PatchScanSDKDpdTrace.log
Vulscan Log
The full vulscan log, created as a result of running the task, is needed for us to determine the issue of the false detection. This log is located on the target devices in the C:\programdata\Landesk\Log folder. They are named vulscan.log. Older logs have a number in the name. The correct log file will have a line at the top with the task ID in the name as shown in the example. This information changes with each task.
Thu, 26 Oct 2017 14:59:37 Command line: /policyfile="C:\ProgramData\LANDesk\Policies\CP.2353.RunNow._iOiXj4cedTDGǚFOGYMztt+mWNQ=.xml" Thu, 26 Oct 2017 14:59:37 client policy file: C:\ProgramData\LANDesk\Policies\CP.2353.RunNow._iOiXj4cedTDGǚFOGYMztt+mWNQ=.xml Thu, 26 Oct 2017 14:59:37 Reading policy parameters Thu, 26 Oct 2017 14:59:37 scan=0 Thu, 26 Oct 2017 14:59:37 scanFilter=INTL_4049179_MSU;INTL_3089023_MSU Thu, 26 Oct 2017 14:59:37 fixnow=True Thu, 26 Oct 2017 14:59:37 maintEnable=False
Once you have found the correct vulscan log. Doing a search in the log file for the all capitals case sensitive “DETECTED” will yield the detection of the patch and the reason. In our example case it show the file version is out dated and that is the reason the patch is needed.
Thu, 26 Oct 2017 14:59:45 VUL: '3089023_MSU' (windows8.1-kb3089023-x64.msu) DETECTED. Reason 'File C:\Windows\System32\flashplayerapp.exe version is less than the minimum version specified.'. Expected '18.0.0.232'. Found '11.3.300.265'. Patch required 'windows8.1-kb3089023-x64.msu'. Thu, 26 Oct 2017 14:59:45 Patch is NOT installed
You can see in the example the patch was detected as needed due to a file being at a lower version than in the patch. Now scroll down to the bottom of the log file. You’ll see a “Patch Installation” header and below that you will find details of what happened when the device attempted to install the patch. In our example the patch returned the error code 2149842967 converted to a hex value that gives a result of 0x80240017 Looking on the list of WUSA codes the patch returned a “Not Applicable”.
Thu, 26 Oct 2017 15:03:21 Command Interpreter running Thu, 26 Oct 2017 15:03:21 Setting current directory: C:\Program Files (x86)\LANDesk\LDClient\ Thu, 26 Oct 2017 15:03:21 Executing C:\Windows\system32\wusa.exe "C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows8.1-kb3089023-x64.msu" /quiet /norestart Thu, 26 Oct 2017 15:03:23 Exit Code: -2145124329 (0x80240017) Thu, 26 Oct 2017 15:03:23 Error: "C:\Windows\system32\wusa.exe" returned failure exit code (2149842967) Thu, 26 Oct 2017 15:03:23 ERROR(EXECUTEFILE) Failed to run command - 80004005 Thu, 26 Oct 2017 15:03:23 DownloadPatch ERROR: Failed to run commands (80004005). Thu, 26 Oct 2017 15:03:23 Last status: Failed Thu, 26 Oct 2017 15:03:23 Stopping wuauserv service. Thu, 26 Oct 2017 15:03:23 Stop service wuauserv Thu, 26 Oct 2017 15:03:25 Successfully controlled the service. Thu, 26 Oct 2017 15:03:25 DeferredReportAction: name 'windows8.1-kb3089023-x64.msu', code '1', type '-1', status 'Error: "C:\Windows\system32\wusa.exe" returned failure exit code (2149842967)' Thu, 26 Oct 2017 15:03:25 Running post-install/uninstall script Thu, 26 Oct 2017 15:03:25 RunPatches completed. 1 processed. 0 installed. 1 failures. Thu, 26 Oct 2017 15:03:25 Sending previous action history to core
STdeployercore.log
In addition the STdeployercore.log will also show the patch being installed and the error code for the Next Gen definitions:
2018-01-26T21:15:53.2279239Z 134c I DeploymentPackageReader.cpp:783 Deploy package 'C:\ProgramData\LANDesk\timber\sandboxes\InstallationSandbox#2018-01-26-T-21-15-15\0001c460-0000-0000-0000-000000000000.zip' successfully opened unsigned for package IO 2018-01-26T21:15:53.2279239Z 134c I Authenticode.cpp:134 Verifying signature of C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows6.1-kb4056894-x64_tw1158080.msu with CWinTrustVerifier 2018-01-26T21:15:54.2534266Z 134c V UnScriptedInstallation.cpp:30 Executing (C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows6.1-kb4056894-x64_tw1158080.msu /quiet /norestart), nShow: true. 2018-01-26T21:19:19.4406288Z 134c V ChildProcess.cpp:140 Process handle 00000408 returned '3010'.
Windows Update(WUSA) Error Codes
| Result Code | Result String | Description |
|---|---|---|
| 0x80240001 | WU_E_NO_SERVICE | Windows Update Agent was unable to provide the service. |
| 0x80240002 | WU_E_MAX_CAPACITY_REACHED | The maximum capacity of the service was exceeded. |
| 0x80240003 | WU_E_UNKNOWN_ID | An ID cannot be found. |
| 0x80240004 | WU_E_NOT_INITIALIZED | The object could not be initialized. |
| 0x80240005 | WU_E_RANGEOVERLAP | The update handler requested a byte range that overlaps a previously requested range. |
| 0x80240006 | WU_E_TOOMANYRANGES | The requested number of byte ranges exceeds the maximum number (2^31 - 1). |
| 0x80240007 | WU_E_INVALIDINDEX | The index to a collection was invalid. |
| 0x80240008 | WU_E_ITEMNOTFOUND | The key for the item queried could not be found. |
| 0x80240009 | WU_E_OPERATIONINPROGRESS | A conflicting operation was in progress. Some operations (such as installation) cannot be performed simultaneously. |
| 0x8024000A | WU_E_COULDNOTCANCEL | Cancellation of the operation was not allowed. |
| 0x8024000B | WU_E_CALL_CANCELLED | Operation was cancelled. |
| 0x8024000C | WU_E_NOOP | No operation was required. |
| 0x8024000D | WU_E_XML_MISSINGDATA | Windows Update Agent could not find the required information in the update's XML data. |
| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. |
| 0x8024000F | WU_E_CYCLE_DETECTED | Circular update relationships were detected in the metadata. |
| 0x80240010 | WU_E_TOO_DEEP_RELATION | Update relationships that are too deep were evaluated. |
| 0x80240011 | WU_E_INVALID_RELATIONSHIP | An invalid update relationship was detected. |
| 0x80240012 | WU_E_REG_VALUE_INVALID | An invalid registry value was read. |
| 0x80240013 | WU_E_DUPLICATE_ITEM | Operation tried to add a duplicate item to a list. |
| 0x80240016 | WU_E_INSTALL_NOT_ALLOWED | Operation tried to install while another installation was in progress or the system was pending a mandatory restart. |
| 0x80240017 | WU_E_NOT_APPLICABLE | Operation was not performed because there are no applicable updates. |
| 0x80240018 | WU_E_NO_USERTOKEN | Operation failed because a required user token is missing. |
| 0x80240019 | WU_E_EXCLUSIVE_INSTALL_CONFLICT | An exclusive update cannot be installed with other updates at the same time. |
| 0x8024001A | WU_E_POLICY_NOT_SET | A policy value was not set. |
| 0x8024001B | WU_E_SELFUPDATE_IN_PROGRESS | The operation could not be performed because the Windows Update Agent is self-updating. |
| 0x8024001D | WU_E_INVALID_UPDATE | An update contains invalid metadata. |
| 0x8024001E | WU_E_SERVICE_STOP | Operation did not complete because the service or system was being shut down. |
| 0x8024001F | WU_E_NO_CONNECTION | Operation did not complete because the network connection was unavailable. |
| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. |
| 0x80240021 | WU_E_TIME_OUT | Operation did not complete because it timed out. |
| 0x80240022 | WU_E_ALL_UPDATES_FAILED | Operation failed for all the updates. |
| 0x80240023 | WU_E_EULAS_DECLINED | The license terms for all updates were declined. |
| 0x80240024 | WU_E_NO_UPDATE | There are no updates. |
| 0x80240025 | WU_E_USER_ACCESS_DISABLED | Group Policy settings prevented access to Windows Update. |
| 0x80240026 | WU_E_INVALID_UPDATE_TYPE | The type of update is invalid. |
| 0x80240027 | WU_E_URL_TOO_LONG | The URL exceeded the maximum length. |
| 0x80240028 | WU_E_UNINSTALL_NOT_ALLOWED | The update could not be uninstalled because the request did not originate from a WSUS server. |
| 0x80240029 | WU_E_INVALID_PRODUCT_LICENSE | Search may have missed some updates before there is an unlicensed application on the system. |
| 0x8024002A | WU_E_MISSING_HANDLER | A component that is required to detect applicable updates was missing. |
| 0x8024002B | WU_E_LEGACYSERVER | An operation did not complete because it requires a newer version of server software. |
| 0x8024002C | WU_E_BIN_SOURCE_ABSENT | A delta-compressed update could not be installed because it required the source. |
| 0x8024002D | WU_E_SOURCE_ABSENT | A full-file update could not be installed because it required the source. |
| 0x8024002E | WU_E_WU_DISABLED | Access to an unmanaged server is not allowed. |
| 0x8024002F | WU_E_CALL_CANCELLED_BY_POLICY | Operation did not complete because the DisableWindowsUpdateAccess policy was set. |
| 0x80240030 | WU_E_INVALID_PROXY_SERVER | The format of the proxy list was invalid. |
| 0x80240031 | WU_E_INVALID_FILE | The file is in the wrong format. |
| 0x80240032 | WU_E_INVALID_CRITERIA | The search criteria string was invalid. |
| 0x80240033 | WU_E_EULA_UNAVAILABLE | License terms could not be downloaded. |
| 0x80240034 | WU_E_DOWNLOAD_FAILED | Update failed to download. |
| 0x80240035 | WU_E_UPDATE_NOT_PROCESSED | The update was not processed. |
| 0x80240036 | WU_E_INVALID_OPERATION | The object's current state did not allow the operation. |
| 0x80240037 | WU_E_NOT_SUPPORTED | The functionality for the operation is not supported. |
| 0x80240038 | WU_E_WINHTTP_INVALID_FILE | The downloaded file has an unexpected content type. |
| 0x80240039 | WU_E_TOO_MANY_RESYNC | The agent was asked by server to synchronize too many times. |
| 0x80240040 | WU_E_NO_SERVER_CORE_SUPPORT | WUA API method does not run on a Server Core installation option of the Windows 2008 R2 operating system. |
| 0x80240041 | WU_E_SYSPREP_IN_PROGRESS | Service is not available when sysprep is running. |
| 0x80240042 | WU_E_UNKNOWN_SERVICE | The update service is no longer registered with Automatic Updates. |
| 0x80240FFF | WU_E_UNEXPECTED | An operation failed due to reasons not covered by another error code. |
| 0x80241001 | WU_E_MSI_WRONG_VERSION | Search may have missed some updates because Windows Installer is less than version 3.1. |
| 0x80241002 | WU_E_MSI_NOT_CONFIGURED | Search may have missed some updates because Windows Installer is not configured. |
| 0x80241003 | WU_E_MSP_DISABLED | Search may have missed some updates because a policy setting disabled Windows Installer patching. |
| 0x80241004 | WU_E_MSI_WRONG_APP_CONTEXT | An update could not be applied because the application is installed per-user. |
| 0x80241FFF | WU_E_MSP_UNEXPECTED | Search may have missed some updates because there was a failure of Windows Installer. |
| 0x80242000 | WU_E_UH_REMOTEUNAVAILABLE | A request for a remote update handler could not be completed because no remote process is available. |
| 0x80242001 | WU_E_UH_LOCALONLY | A request for a remote update handler could not be completed because the handler is local only. |
| 0x80242002 | WU_E_UH_UNKNOWNHANDLER | A request for an update handler could not be completed because the handler could not be recognized. |
| 0x80242003 | WU_E_UH_REMOTEALREADYACTIVE | A remote update handler could not be created because one already exists. |
| 0x80242004 | WU_E_UH_DOESNOTSUPPORTACTION | A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). |
| 0x80242005 | WU_E_UH_WRONGHANDLER | An operation did not complete because the wrong handler was specified. |
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. |
| 0x80242007 | WU_E_UH_INSTALLERHUNG | An operation could not be completed because the installer exceeded the time limit. |
| 0x80242008 | WU_E_UH_OPERATIONCANCELLED | An operation being done by the update handler was cancelled. |
| 0x80242009 | WU_E_UH_BADHANDLERXML | An operation could not be completed because the handler-specific metadata is invalid. |
| 0x8024200A | WU_E_UH_CANREQUIREINPUT | A request to the handler to install an update could not be completed because the update requires user input. |
| 0x8024200B | WU_E_UH_INSTALLERFAILURE | The installer failed to install (uninstall) one or more updates. |
| 0x8024200C | WU_E_UH_FALLBACKTOSELFCONTAINED | The update handler should download self-contained content rather than delta-compressed content for the update. |
| 0x8024200D | WU_E_UH_NEEDANOTHERDOWNLOAD | The update handler did not install the update because the update needs to be downloaded again. |
| 0x8024200E | WU_E_UH_NOTIFYFAILURE | The update handler failed to send notification of the status of the install (uninstall) operation. |
| 0x8024200F | WU_E_UH_INCONSISTENT_FILE_NAMES | The file names in the update metadata are inconsistent with the file names in the update package. |
| 0x80242010 | WU_E_UH_FALLBACKERROR | The update handler failed to fall back to the self-contained content. |
| 0x80242011 | WU_E_UH_TOOMANYDOWNLOADREQUESTS | The update handler has exceeded the maximum number of download requests. |
| 0x80242012 | WU_E_UH_UNEXPECTEDCBSRESPONSE | The update handler has received an unexpected response from CBS. |
| 0x80242013 | WU_E_UH_BADCBSPACKAGEID | The update metadata contains an invalid CBS package identifier. |
| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-reboot operation for the update is still in progress. |
| 0x80242015 | WU_E_UH_POSTREBOOTRESULTUNKNOWN | The result of the post-reboot operation for the update could not be determined. |
| 0x80242016 | WU_E_UH_POSTREBOOTUNEXPECTEDSTATE | The state of the update after its post-reboot operation has completed is unexpectedly. |
| 0x80242017 | WU_E_UH_NEW_SERVICING_STACK_REQUIRED | The operating system servicing stack must be updated before this update is downloaded or installed. |
| 0x80242FFF | WU_E_UH_UNEXPECTED | This update handler error is not covered by another WU_E_UH_* code. |
| 0x80243001 | WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION | The results of the download and installation could not be read in the registry due to an unrecognized data format version. |
| 0x80243002 | WU_E_INSTALLATION_RESULTS_INVALID_DATA | The results of download and installation could not be read in the registry due to an invalid data format. |
| 0x80243003 | WU_E_INSTALLATION_RESULTS_NOT_FOUND | The results of download and installation are not available; the operation may have failed to start. |
| 0x80243004 | WU_E_TRAYICON_FAILURE | A failure occurred when trying to create an icon in the notification area. |
| 0x80243FFD | WU_E_NON_UI_MODE | Unable to show the user interface (UI) when in a non-UI mode; Windows Update (WU) client UI modules may not be installed. |
| 0x80243FFE | WU_E_WUCLTUI_UNSUPPORTED_VERSION | Unsupported version of WU client UI exported functions. |
| 0x80243FFF | WU_E_AUCLIENT_UNEXPECTED | There was a user interface error not covered by another WU_E_AUCLIENT_* error code. |
| 0x80244000 | WU_E_PT_SOAPCLIENT_BASE | WU_E_PT_SOAPCLIENT_* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library. |
| 0x80244001 | WU_E_PT_SOAPCLIENT_INITIALIZE | Initialization of the SOAP client failed, possibly because of an MSXML installation failure. |
| 0x80244002 | WU_E_PT_SOAPCLIENT_OUTOFMEMORY | SOAP client failed because it ran out of memory. |
| 0x80244003 | WU_E_PT_SOAPCLIENT_GENERATE | SOAP client failed to generate the request. |
| 0x80244004 | WU_E_PT_SOAPCLIENT_CONNECT | SOAP client failed to connect to the server. |
| 0x80244005 | WU_E_PT_SOAPCLIENT_SEND | SOAP client failed to send a message due to WU_E_WINHTTP_* error codes. |
| 0x80244006 | WU_E_PT_SOAPCLIENT_SERVER | SOAP client failed because there was a server error. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault due to WU_E_PT_SOAP_* error codes. |
| 0x80244008 | WU_E_PT_SOAPCLIENT_PARSEFAULT | SOAP client failed to parse a SOAP fault. |
| 0x80244009 | WU_E_PT_SOAPCLIENT_READ | SOAP client failed while reading the response from the server. |
| 0x8024400A | WU_E_PT_SOAPCLIENT_PARSE | SOAP client failed to parse the response from the server. |
| 0x8024400B | WU_E_PT_SOAP_VERSION | SOAP client found an unrecognizable namespace for the SOAP envelope. |
| 0x8024400C | WU_E_PT_SOAP_MUST_UNDERSTAND | SOAP client was unable to understand a header. |
| 0x8024400D | WU_E_PT_SOAP_CLIENT | SOAP client found the message was malformed (fix before resending). |
| 0x8024400E | WU_E_PT_SOAP_SERVER | The SOAP message could not be processed due to a server error (resend later). |
| 0x8024400F | WU_E_PT_WMI_ERROR | There was an unspecified Windows Management Instrumentation (WMI) error. |
| 0x80244010 | WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS | The number of round trips to the server exceeded the maximum limit. |
| 0x80244011 | WU_E_PT_SUS_SERVER_NOT_SET | WUServer policy value is missing in the registry. |
| 0x80244012 | WU_E_PT_DOUBLE_INITIALIZATION | Initialization failed because the object was already initialized. |
| 0x80244013 | WU_E_PT_INVALID_COMPUTER_NAME | The computer name could not be determined. |
| 0x80244015 | WU_E_PT_REFRESH_CACHE_REQUIRED | The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry. |
| 0x80244016 | WU_E_PT_HTTP_STATUS_BAD_REQUEST | HTTP 400 - the server could not process the request due to invalid syntax. |
| 0x80244017 | WU_E_PT_HTTP_STATUS_DENIED | HTTP 401 - the requested resource requires user authentication. |
| 0x80244018 | WU_E_PT_HTTP_STATUS_FORBIDDEN | HTTP 403 - server understood the request, but declined to fulfill it. |
| 0x80244019 | WU_E_PT_HTTP_STATUS_NOT_FOUND | HTTP 404 - the server cannot find the requested Uniform Resource Identifier (URI). |
| 0x8024401A | WU_E_PT_HTTP_STATUS_BAD_METHOD | HTTP 405 - the HTTP method is not allowed. |
| 0x8024401B | WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ | HTTP 407 - proxy authentication is required. |
| 0x8024401C | WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT | HTTP 408 - the server timed out waiting for the request. |
| 0x8024401D | WU_E_PT_HTTP_STATUS_CONFLICT | HTTP 409 - the request was not completed due to a conflict with the current state of the resource. |
| 0x8024401E | WU_E_PT_HTTP_STATUS_GONE | HTTP 410 - the requested resource is no longer available at the server. |
| 0x8024401F | WU_E_PT_HTTP_STATUS_SERVER_ERROR | HTTP 500 - an error internal to the server prevented fulfilling the request. |
| 0x80244020 | WU_E_PT_HTTP_STATUS_NOT_SUPPORTED | HTTP 501 - server does not support the functionality that is required to fulfill the request. |
| 0x80244021 | WU_E_PT_HTTP_STATUS_BAD_GATEWAY | HTTP 502 - the server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed when attempting to fulfill the request. |
| 0x80244022 | WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL | HTTP 503 - the service is temporarily overloaded. |
| 0x80244023 | WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT | HTTP 504 - the request was timed out waiting for a gateway. |
| 0x80244024 | WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP | HTTP 505 - the server does not support the HTTP protocol version used for the request. |
| 0x80244025 | WU_E_PT_FILE_LOCATIONS_CHANGED | Operation failed due to a changed file location; refresh internal state and resend. |
| 0x80244026 | WU_E_PT_REGISTRATION_NOT_SUPPORTED | Operation failed because Windows Update Agent does not support registration with a non-WSUS server. |
| 0x80244027 | WU_E_PT_NO_AUTH_PLUGINS_REQUESTED | The server returned an empty authentication information list. |
| 0x80244028 | WU_E_PT_NO_AUTH_COOKIES_CREATED | Windows Update Agent was unable to create any valid authentication cookies. |
| 0x80244029 | WU_E_PT_INVALID_CONFIG_PROP | A configuration property value was wrong. |
| 0x8024402A | WU_E_PT_CONFIG_PROP_MISSING | A configuration property value was missing. |
| 0x8024402B | WU_E_PT_HTTP_STATUS_NOT_MAPPED | The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_* error codes. |
| 0x8024402C | WU_E_PT_WINHTTP_NAME_NOT_RESOLVED | The proxy server or target server name cannot be resolved. |
| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors. |
| 0x80244030 | WU_E_PT_ECP_INIT_FAILED | The external .cab file processor initialization did not complete. |
| 0x80244031 | WU_E_PT_ECP_INVALID_FILE_FORMAT | The format of a metadata file was invalid. |
| 0x80244032 | WU_E_PT_ECP_INVALID_METADATA | External .cab file processor found invalid metadata. |
| 0x80244033 | WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST | The file digest could not be extracted from an external .cab file. |
| 0x80244034 | WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE | An external .cab file could not be decompressed. |
| 0x80244035 | WU_E_PT_ECP_FILE_LOCATION_ERROR | External .cab processor was unable to get file locations. |
| 0x80244FFF | WU_E_PT_UNEXPECTED | There was a communication error not covered by another WU_E_PT_* error code |
| 0x80245001 | WU_E_REDIRECTOR_LOAD_XML | The redirector XML document could not be loaded into the Document Object Model (DOM) class. |
| 0x80245002 | WU_E_REDIRECTOR_S_FALSE | The redirector XML document is missing some required information. |
| 0x80245003 | WU_E_REDIRECTOR_ID_SMALLER | The redirector ID in the downloaded redirector .cab file is less than in the cached .cab file. |
| 0x8024502D | WU_E_PT_SAME_REDIR_ID | Windows Update Agent failed to download a redirector .cab file with a new redirector ID value from the server during the recovery. |
| 0x8024502E | WU_E_PT_NO_MANAGED_RECOVER | A redirector recovery action did not complete because the server is managed. |
| 0x80245FFF | WU_E_REDIRECTOR_UNEXPECTED | The redirector failed for reasons not covered by another WU_E_REDIRECTOR_* error code. |
| 0x80246001 | WU_E_DM_URLNOTAVAILABLE | A download manager operation could not be completed because the requested file does not have a URL. |
| 0x80246002 | WU_E_DM_INCORRECTFILEHASH | A download manager operation could not be completed because the file digest was not recognized. |
| 0x80246003 | WU_E_DM_UNKNOWNALGORITHM | A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm. |
| 0x80246004 | WU_E_DM_NEEDDOWNLOADREQUEST | An operation could not be completed because a download request is required from the download handler. |
| 0x80246005 | WU_E_DM_NONETWORK | A download manager operation could not be completed because the network connection was unavailable. |
| 0x80246006 | WU_E_DM_WRONGBITSVERSION | A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
| 0x80246007 | WU_E_DM_NOTDOWNLOADED | The update has not been downloaded. |
| 0x80246008 | WU_E_DM_FAILTOCONNECTTOBITS | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
| 0x80246009 | WU_E_DM_BITSTRANSFERERROR | A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error. |
| 0x8024600a | WU_E_DM_DOWNLOADLOCATIONCHANGED | A download must be restarted because the location of the source of the download has changed. |
| 0x8024600B | WU_E_DM_CONTENTCHANGED | A download must be restarted because the update content changed in a new revision. |
| 0x80246FFF | WU_E_DM_UNEXPECTED | There was a download manager error not covered by another WU_E_DM_* error code. |
| 0x80247001 | WU_E_OL_INVALID_SCANFILE | An operation could not be completed because the scan package was invalid. |
| 0x80247002 | WU_E_OL_NEWCLIENT_REQUIRED | An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. |
| 0x80247FFF | WU_E_OL_UNEXPECTED | Search using the scan package failed. |
| 0x80248000 | WU_E_DS_SHUTDOWN | An operation failed because Windows Update Agent is shutting down. |
| 0x80248001 | WU_E_DS_INUSE | An operation failed because the data store was in use. |
| 0x80248002 | WU_E_DS_INVALID | The current and expected states of the data store do not match. |
| 0x80248003 | WU_E_DS_TABLEMISSING | The data store is missing a table. |
| 0x80248004 | WU_E_DS_TABLEINCORRECT | The data store contains a table with unexpected columns. |
| 0x80248005 | WU_E_DS_INVALIDTABLENAME | A table could not be opened because the table is not in the data store. |
| 0x80248006 | WU_E_DS_BADVERSION | The current and expected versions of the data store do not match. |
| 0x80248007 | WU_E_DS_NODATA | The information requested is not in the data store. |
| 0x80248008 | WU_E_DS_MISSINGDATA | The data store is missing required information or has a null value in a table column that requires a non-null value. |
| 0x80248009 | WU_E_DS_MISSINGREF | The data store is missing required information or has a reference to missing license terms, a file, a localized property, or a linked row. |
| 0x8024800A | WU_E_DS_UNKNOWNHANDLER | The update was not processed because its update handler could not be recognized. |
| 0x8024800B | WU_E_DS_CANTDELETE | The update was not deleted because it is still referenced by one or more services. |
| 0x8024800C | WU_E_DS_LOCKTIMEOUTEXPIRED | The data store section could not be locked within the allotted time. |
| 0x8024800D | WU_E_DS_NOCATEGORIES | The category was not added because it contains no parent categories, and it is not a top-level category. |
| 0x8024800E | WU_E_DS_ROWEXISTS | The row was not added because an existing row has the same primary key. |
| 0x8024800F | WU_E_DS_STOREFILELOCKED | The data store could not be initialized because it was locked by another process. |
| 0x80248010 | WU_E_DS_CANNOTREGISTER | The data store is not allowed to be registered with COM in the current process. |
| 0x80248011 | WU_E_DS_UNABLETOSTART | Could not create a data store object in another process. |
| 0x80248013 | WU_E_DS_DUPLICATEUPDATEID | The server sent the same update to the client computer, with two different revision IDs. |
| 0x80248014 | WU_E_DS_UNKNOWNSERVICE | An operation did not complete because the service is not in the data store. |
| 0x80248015 | WU_E_DS_SERVICEEXPIRED | An operation did not complete because the registration of the service has expired. |
| 0x80248016 | WU_E_DS_DECLINENOTALLOWED | A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline. |
| 0x80248017 | WU_E_DS_TABLESESSIONMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248018 | WU_E_DS_SESSIONLOCKMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248019 | WU_E_DS_NEEDWINDOWSSERVICE | A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and Automatic Updates cannot fall back to another service. |
| 0x8024801A | WU_E_DS_INVALIDOPERATION | A request was declined because the operation is not allowed. |
| 0x8024801B | WU_E_DS_SCHEMAMISMATCH | The schema of the current data store and the schema of a table in a backup XML document do not match. |
| 0x8024801C | WU_E_DS_RESETREQUIRED | The data store requires a session reset; release the session and retry with a new session. |
| 0x8024801D | WU_E_DS_IMPERSONATED | A data store operation did not complete because it was requested with an impersonated identity. |
| 0x80248FFF | WU_E_DS_UNEXPECTED | There was a data store error not covered by another WU_E_DS_* code. |
| 0x80249001 | WU_E_INVENTORY_PARSEFAILED | Parsing of the rule file failed. |
| 0x80249002 | WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED | Failed to get the requested inventory type from the server. |
| 0x80249003 | WU_E_INVENTORY_RESULT_UPLOAD_FAILED | Failed to upload inventory result to the server. |
| 0x80249004 | WU_E_INVENTORY_UNEXPECTED | There was an inventory error not covered by another error code. |
| 0x80249005 | WU_E_INVENTORY_WMI_ERROR | A WMI error occurred when enumerating the instances for a particular class. |
| 0x8024A000 | WU_E_AU_NOSERVICE | Automatic Updates was unable to service incoming requests. |
| 0x8024A002 | WU_E_AU_NONLEGACYSERVER | The old version of Automatic Updates has stopped because the WSUS server has been upgraded. |
| 0x8024A003 | WU_E_AU_LEGACYCLIENTDISABLED | The old version of Automatic Updates was disabled. |
| 0x8024A004 | WU_E_AU_PAUSED | Automatic Updates was unable to process incoming requests because it was paused. |
| 0x8024A005 | WU_E_AU_NO_REGISTERED_SERVICE | No unmanaged service is registered with AU. |
| 0x8024AFFF | WU_E_AU_UNEXPECTED | There was an Automatic Updates error not covered by another WU_E_AU * code. |
| 0x8024C001 | WU_E_DRV_PRUNED | A driver was skipped. |
| 0x8024C002 | WU_E_DRV_NOPROP_OR_LEGACY | A property for the driver could not be found. It may not conform with required specifications. |
| 0x8024C003 | WU_E_DRV_REG_MISMATCH | The registry type read for the driver does not match the expected type. |
| 0x8024C004 | WU_E_DRV_NO_METADATA | The driver update is missing metadata. |
| 0x8024C005 | WU_E_DRV_MISSING_ATTRIBUTE | The driver update is missing a required attribute. |
| 0x8024C006 | WU_E_DRV_SYNC_FAILED | Driver synchronization failed. |
| 0x8024C007 | WU_E_DRV_NO_PRINTER_CONTENT | Information required for the synchronization of applicable printers is missing. |
| 0x8024CFFF | WU_E_DRV_UNEXPECTED | There was a driver error not covered by another WU_E_DRV_* code. |
| 0x8024D001 | WU_E_SETUP_INVALID_INFDATA | Windows Update Agent could not be updated because an .inf file contains invalid information. |
| 0x8024D002 | WU_E_SETUP_INVALID_IDENTDATA | Windows Update Agent could not be updated because the wuident.cab file contains invalid information. |
| 0x8024D003 | WU_E_SETUP_ALREADY_INITIALIZED | Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice. |
| 0x8024D004 | WU_E_SETUP_NOT_INITIALIZED | Windows Update Agent could not be updated because setup initialization never completed successfully. |
| 0x8024D005 | WU_E_SETUP_SOURCE_VERSION_MISMATCH | Windows Update Agent could not be updated because the versions specified in the .inf file do not match the actual source file versions. |
| 0x8024D006 | WU_E_SETUP_TARGET_VERSION_GREATER | Windows Update Agent could not be updated because a Windows Update Agent file on the target system is newer than the corresponding source file. |
| 0x8024D007 | WU_E_SETUP_REGISTRATION_FAILED | Windows Update Agent could not be updated because regsvr32.exe returned an error. |
| 0x8024D008 | WU_E_SELFUPDATE_SKIP_ON_FAILURE | An update to the Windows Update Agent was skipped because previous attempts to update failed. |
| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |
| 0x8024D00A | WU_E_SETUP_UNSUPPORTED_CONFIGURATION | Windows Update Agent could not be updated because the current system configuration is not supported. |
| 0x8024D00B | WU_E_SETUP_BLOCKED_CONFIGURATION | Windows Update Agent could not be updated because the system is configured to block the update. |
| 0x8024D00C | WU_E_SETUP_REBOOT_TO_FIX | Windows Update Agent could not be updated because a restart of the system is required. |
| 0x8024D00D | WU_E_SETUP_ALREADYRUNNING | Windows Update Agent setup is already running. |
| 0x8024D00E | WU_E_SETUP_REBOOTREQUIRED | Windows Update Agent setup package requires a reboot to complete installation. |
| 0x8024D00F | WU_E_SETUP_HANDLER_EXEC_FAILURE | Windows Update Agent could not be updated because the setup handler failed when it was run. |
| 0x8024D010 | WU_E_SETUP_INVALID_REGISTRY_DATA | Windows Update Agent could not be updated because the registry contains invalid information. |
| 0x8024D011 | WU_E_SELFUPDATE_REQUIRED | Windows Update Agent must be updated before search can continue. |
| 0x8024D012 | WU_E_SELFUPDATE_REQUIRED_ADMIN | Windows Update Agent must be updated before search can continue. An administrator is required to perform the operation. |
| 0x8024D013 | WU_E_SETUP_WRONG_SERVER_VERSION | Windows Update Agent could not be updated because the server does not contain update information for this version. |
| 0x8024DFFF | WU_E_SETUP_UNEXPECTED | Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code. |
| 0x8024E001 | WU_E_EE_UNKNOWN_EXPRESSION | An expression evaluator operation could not be completed because an expression was unrecognized. |
| 0x8024E002 | WU_E_EE_INVALID_EXPRESSION | An expression evaluator operation could not be completed because an expression was invalid. |
| 0x8024E003 | WU_E_EE_MISSING_METADATA | An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. |
| 0x8024E004 | WU_E_EE_INVALID_VERSION | An expression evaluator operation could not be completed because the version of the serialized expression data is invalid. |
| 0x8024E005 | WU_E_EE_NOT_INITIALIZED | The expression evaluator could not be initialized. |
| 0x8024E006 | WU_E_EE_INVALID_ATTRIBUTEDATA | An expression evaluator operation could not be completed because there was an invalid attribute. |
| 0x8024E007 | WU_E_EE_CLUSTER_ERROR | An expression evaluator operation could not be completed because the cluster state of the computer could not be determined. |
| 0x8024EFFF | WU_E_EE_UNEXPECTED | There was an expression evaluator error not covered by another WU_E_EE_* error code. |
| 0x8024F001 | WU_E_REPORTER_EVENTCACHECORRUPT | The event cache file was defective. |
| 0x8024F002 | WU_E_REPORTER_ EVENTNAMESPACEPARSEFAILED | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F003 | WU_E_INVALID_EVENT | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F004 | WU_E_SERVER_BUSY | The server rejected an event because the server was too busy. |
| 0x8024FFFF | WU_E_REPORTER_UNEXPECTED | There was a reporter error not covered by another error code. |
Windows Update Agent Result Codes
Manually Testing the Patch
It is best practice that you download the patch to the device and manually run in in the GUI. The patch should display a message giving the same reason for not installing in a dialog. Once you have verified why the patch will not install manually, contact support and be sure to upload the vulscan log from the repair task to the case.
Detection Issues That Support Likely Will Not be able to Resolve
Certain false detection issues can occur that support will likely be unable to troubleshoot or resolve. The most likely of these is with our powershell scripts running on Windows 7 devices. The example from another vulscan log below shows a script error when trying to run on a device.
Mon, 23 Oct 2017 14:58:48 File OSVERSION version within specified Mon, 23 Oct 2017 14:58:48 Prod Windows 7 Service Pack 1 (ID:WIN7SP1) verified OSVERSION, found: 6.1.7601.1 Mon, 23 Oct 2017 14:58:48 Prod Windows 7 Service Pack 1 (ID:WIN7SP1) verified C:\Windows\explorer.exe, found: C:\Windows\explorer.exe Mon, 23 Oct 2017 14:58:48 Running detection script Mon, 23 Oct 2017 14:58:48 Content filename: 'RollupFixB201710.ps1' Mon, 23 Oct 2017 14:58:48 Writing script content to file 'C:\Windows\TEMP\RollupFixB201710.ps1' starting at line 5 Mon, 23 Oct 2017 14:58:48 Launching external script processor: <powershell.exe> Mon, 23 Oct 2017 14:58:48 args: <-executionpolicy bypass C:\Windows\TEMP\RollupFixB201710.ps1> Mon, 23 Oct 2017 14:58:48 External timeout: 60 Mon, 23 Oct 2017 14:58:48 Called CreateProcess: "powershell.exe" Mon, 23 Oct 2017 14:58:48 Error 2 launching application <powershell.exe> Mon, 23 Oct 2017 14:58:48 4041681_MSU detected Mon, 23 Oct 2017 14:58:48 VUL: '4041681_MSU' (windows6.1-kb4041681-x86.msu) DETECTED. Reason 'Unexpected error in custom script source. See agent log for details'. Expected ''. Found ''. Patch required 'windows6.1-kb4041681-x86.msu'. Mon, 23 Oct 2017 14:58:48 Patch is NOT installed Mon, 23 Oct 2017 14:58:48 Last status: Done
You can see from the log that the script attempted to run but got a 'Unexpected error in custom script source. See agent log for details' error. In all cases where we cannot get a proper detection from our scripts Ivanti errs on the side of caution and will throw a DETECTED and will try and install the patch just to be safe.
Issues that arise from script errors are difficult to impossible for us to troubleshoot. The likely cause is a security setting or Antivirus/Malware program that prevents the script from running. GPOs and powershell policies can also interfere if they are enabled in the customers environment. Since issues like this are impossible to replicate in our teat labs and are unique to the customers environment, the customer is advised to do some troubleshooting and see if security settings and restrictions can be lowered on a test device to try and get the script to run properly before contacting support.
Error when downloading content "Hash for patch (Patch Name) does not match with host. Discarding."
You can also be getting the following errors:
For security purposes, each patch file referenced within a vulnerability definition contains a hash value to ensure that the file referenced is the authentic patch file.
After downloading the patch, if the patch does not match, Patch Manager will discard the file.
There are various causes that can contribute to this issue.
This issue occurs because the update contains a static URL for the vendor file. This means that the vendor uses the same URL for thier files and they only make the latest patch available to download.
Often this is seen with Adobe and Google Crome updates.
This is especially when getting the "Invalid XML file TOC_Product.xml" error.
In many environments, web caching appliances are in place. When Ivanti Patch and Compliance Manager attempts to download the file, the Internet caching appliance intercepts the request and incorrectly delivers an older version of the file. Once the file is downloaded on the Ivanti Core Server, the hash check fails.
In this instance, the cache for the particular failed file can be cleared on the Internet caching appliance, the entire cache can be cleared, or the Internet caching appliance can be configured to allow the core server to bypass caching.
Manually copying the file to the patch storage directory from a computer that bypasses the Internet caching appliance can verify that this is the issue.
It is VERY important to make SURE there is nothing blocking full internet access to the internet from the core server. We often have someone INSIST that the Proxy or Firewall is configured correctly only to find out later that something was still wrong. As soon as this is resolved the downloads work correctly.
If the Ivanti Patch Content has been changed since the last time patch content has been downloaded this error can occur.
Download patch content again. If the error still occurs, try downloading from a different patch content server (US West Coast, US East Coast, or Europe)
If the latest patch content is downloaded, there are no caching appliance is in the environment, the locally downloaded patch file has been deleted from the storage directory, and there is still a failure, the following SQL query can be run to force the content to download again.
This query changes the LANDESKRevision number to "0". When the core server compares revision numbers with the revision on the Ivanti patch content servers the version on the Ivanti patch content server will be higher, thus the content will download again:
UPDATE Vulnerability SET LANDESKrevision = 0 WHERE vul_id = 'definition name'
A more advanced variation on this is:
select * from VULNERABILITY where VUL_ID IN ('<vul_no1>', '<vul_no2>')
Update VULNERABILITY
set LANDESKREVISION=0 where vul_id in ('<vul_no1>', '<vul_no2>')
Parameters vul_no1 and vul_no2 can be set to the name of the definitions that are causing the issue or needs to be reset. You can create a list of definitions that have this issue
Examples of vul_no1: MS06-066 or MS07-050v2
It is recommended that you run the select statement first to ensure that the definition is present in the database.
If other steps fail, it is possible that the file has changed, and it is necessary for Ivanti to update the patch content.
It is possible that the vendor changed the contents of the file but kept the same filename, and Ivanti has not updated the related vulnerability definition yet. At times a vendor will make a change to a file but does not publish information regarding the change.
If this is the case, this download should fail regardless of the Core server attempting the download. This would be a global issue.
In this instance, contact Ivanti Support and request that the patch content be updated. An Ivanti technician can also verify the file download failure internally.
It can be difficult to determine if the hash does not match for patches that must be manually downloaded from the vendor. Typically these require going to the vendor web site, finding the correct file and version, renaming it to the unique filename specified in the rule for the definition, and placing it into the patch download folder.
Vulnerability scanner (vulscan) is hanging with the message "Checking for other instances of scanner or software distribution agent".
The vulnerability scanner cannot run while another instance of the vulnerability scanner is running.
The vulnerability scanner cannot run while another instance of the software distribution agent (SDCLIENT) is running.
Check to see if the running Vulnerability scan is stuck, or if it is currently doing something.
You can check the log files in C:\ProgramData\LANDESK\Log to see what is currently occurring. Sort by date and time so that the newest is on top and look at the latest logs.
Vulscan is responsible for several activities. A currently running log will typically be called vulscan.PID_XXXX.log (Where the PID stands for the Process ID of the running Vulscan process)
In addition if an SDCLIENT process is running the vulnerability scanner will wait for it to finish or eventually it will time out waiting for it. Check if there is an SDCLIENT process running.
Verify that the SDCLIENT process is doing something, if it is not you can likely End Task in task manager to allow Vulscan to proceed.
I've got patches piling up.
the repairs are failing due to "Status marked as detected because pre-req check failed."
not sure how to go about troubleshooting this. its started with the new patching process this year.
I do have the MS registry key set on the computer I am using to try and get patched first.
example:
Hi
I am very new to the forums and Landesk in general
I have a problem upgrading windows 10 from 1511 to 1709 using patch and compliance.
Here is what I've done so far
I followed the below guide, downloaded the ISO from our Microsoft portal, we have both Enterprise and Pro in our environment so I created a file for both of them and Landesk accepts them both as downloaded
How to upgrade to Windows 10 Creators Edition using Ivanti Patch Manager
Then I distributed the ISO's to our preferred server and created a repair job
this job I sent to a specific machine and within 2 minutes it showed Success
now for my stress factor..
Noting happened on the machine itself, I cannot see the package on the machine and it does not patch.
I have created several software packages and set up PXE booting for the environment but this one I cannot solve
I sent a package to the machine to check if I could install to it, and that works as it should
I hope you guys can point me in the right direction