Note: Clicking on a photo will enlarge it.
This document will go over what to look for and do if you think you have a patch that is detecting incorrectly on your devices. Incorrect detections can happen if the detection logic is incorrect and still reports as needed but the patch has already been installed, is not applicable to the system or other issues. In this document, you’ll learn what to look for in the vulscan logs which are required to submit the incorrect patch detection for review.
This document assumes you know how to find individual patches, create a patch group and move patches to it in the console and create a repair task on a specific patch or group of patches in the console. It also assumes you have an understanding of repair tasks and how to add target devices to them and run the task.
Prep the Client
As of January 2018 all new content created uses the new patching engine. Additional logs are needed as well as the vulscan log to troubleshoot the false detection.
Diagnostic Tool
Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.
To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace logselected.
To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:
vulscan /enableDpdTrace=true /showui
The showui switch is optional.
This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:
PatchManifestSyncSDK.log
PatchScanSDKDpdTrace.log
Note: Running the above command will start a vulscan on the device. You will need to wait until it finishes before moving onto the "Run a Repair Task" step. Usually waiting 30 mins is good for it to finish.
Run a Repair Task
Running a repair task for the specific patch(es) gives supports the best information. The vulscan logs only showing one patch or two processing will show them detecting and installing and are more concise and easier to look over to find details. General vulscan logs are not Ideal as many only show the patch detecting but not installing and have a lot of unneeded information. Running a specific repair task with patches having the issue will provide the best logs.
You can create a repair task by going to Tools > Security and Compliance > Patch and Compliance. Click the Scan folder and find your patch. When you find the patch having the issue right click it and from the menu that appears click Repair. If you have a patch group or several patches you can do the same and create a repair task for several patches at the same time.
The Repair task dialog will open. Most settings you can leave as a defaults. You can add a target device at this time as well. If you have a maintenance window on your clients, be sure to check Ignore Maintenance Window if specified so the patch tries to install as well as scan in this repair task.
Once you have a target in your task run it and wait for it to complete.
When the repair job finishes you will need the following files to give to support in a zip file:
C:\Programdata\landesk\log\Vulscan.log (Make sure it is the correct one, see below)
C:\Programdata\landesk\log\stdeploy.log
C:\Programdata\landesk\log\stdeployercore.log
C:\Programdata\Landesk\DebugLog\PatchManifestSyncSDK.log (sometimes doesn't get created)
C:\Programdata\Landesk\DebugLog\PatchScanSDKDpdTrace.log
Vulscan Log
The full vulscan log, created as a result of running the task, is needed for us to determine the issue of the false detection. This log is located on the target devices in the C:\programdata\Landesk\Log folder. They are named vulscan.log. Older logs have a number in the name. The correct log file will have a line at the top with the task ID in the name as shown in the example. This information changes with each task.
Thu, 26 Oct 2017 14:59:37 Command line: /policyfile="C:\ProgramData\LANDesk\Policies\CP.2353.RunNow._iOiXj4cedTDGǚFOGYMztt+mWNQ=.xml" Thu, 26 Oct 2017 14:59:37 client policy file: C:\ProgramData\LANDesk\Policies\CP.2353.RunNow._iOiXj4cedTDGǚFOGYMztt+mWNQ=.xml Thu, 26 Oct 2017 14:59:37 Reading policy parameters Thu, 26 Oct 2017 14:59:37 scan=0 Thu, 26 Oct 2017 14:59:37 scanFilter=INTL_4049179_MSU;INTL_3089023_MSU Thu, 26 Oct 2017 14:59:37 fixnow=True Thu, 26 Oct 2017 14:59:37 maintEnable=False
Once you have found the correct vulscan log. Doing a search in the log file for the all capitals case sensitive “DETECTED” will yield the detection of the patch and the reason. In our example case it show the file version is out dated and that is the reason the patch is needed.
Thu, 26 Oct 2017 14:59:45 VUL: '3089023_MSU' (windows8.1-kb3089023-x64.msu) DETECTED. Reason 'File C:\Windows\System32\flashplayerapp.exe version is less than the minimum version specified.'. Expected '18.0.0.232'. Found '11.3.300.265'. Patch required 'windows8.1-kb3089023-x64.msu'. Thu, 26 Oct 2017 14:59:45 Patch is NOT installed
You can see in the example the patch was detected as needed due to a file being at a lower version than in the patch. Now scroll down to the bottom of the log file. You’ll see a “Patch Installation” header and below that you will find details of what happened when the device attempted to install the patch. In our example the patch returned the error code 2149842967 converted to a hex value that gives a result of 0x80240017 Looking on the list of WUSA codes the patch returned a “Not Applicable”.
Thu, 26 Oct 2017 15:03:21 Command Interpreter running Thu, 26 Oct 2017 15:03:21 Setting current directory: C:\Program Files (x86)\LANDesk\LDClient\ Thu, 26 Oct 2017 15:03:21 Executing C:\Windows\system32\wusa.exe "C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows8.1-kb3089023-x64.msu" /quiet /norestart Thu, 26 Oct 2017 15:03:23 Exit Code: -2145124329 (0x80240017) Thu, 26 Oct 2017 15:03:23 Error: "C:\Windows\system32\wusa.exe" returned failure exit code (2149842967) Thu, 26 Oct 2017 15:03:23 ERROR(EXECUTEFILE) Failed to run command - 80004005 Thu, 26 Oct 2017 15:03:23 DownloadPatch ERROR: Failed to run commands (80004005). Thu, 26 Oct 2017 15:03:23 Last status: Failed Thu, 26 Oct 2017 15:03:23 Stopping wuauserv service. Thu, 26 Oct 2017 15:03:23 Stop service wuauserv Thu, 26 Oct 2017 15:03:25 Successfully controlled the service. Thu, 26 Oct 2017 15:03:25 DeferredReportAction: name 'windows8.1-kb3089023-x64.msu', code '1', type '-1', status 'Error: "C:\Windows\system32\wusa.exe" returned failure exit code (2149842967)' Thu, 26 Oct 2017 15:03:25 Running post-install/uninstall script Thu, 26 Oct 2017 15:03:25 RunPatches completed. 1 processed. 0 installed. 1 failures. Thu, 26 Oct 2017 15:03:25 Sending previous action history to core
STdeployercore.log
In addition the STdeployercore.log will also show the patch being installed and the error code for the Next Gen definitions:
2018-01-26T21:15:53.2279239Z 134c I DeploymentPackageReader.cpp:783 Deploy package 'C:\ProgramData\LANDesk\timber\sandboxes\InstallationSandbox#2018-01-26-T-21-15-15\0001c460-0000-0000-0000-000000000000.zip' successfully opened unsigned for package IO 2018-01-26T21:15:53.2279239Z 134c I Authenticode.cpp:134 Verifying signature of C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows6.1-kb4056894-x64_tw1158080.msu with CWinTrustVerifier 2018-01-26T21:15:54.2534266Z 134c V UnScriptedInstallation.cpp:30 Executing (C:\Program Files (x86)\LANDesk\LDClient\sdmcache\windows6.1-kb4056894-x64_tw1158080.msu /quiet /norestart), nShow: true. 2018-01-26T21:19:19.4406288Z 134c V ChildProcess.cpp:140 Process handle 00000408 returned '3010'.
Windows Update(WUSA) Error Codes
| Result Code | Result String | Description |
|---|---|---|
| 0x80240001 | WU_E_NO_SERVICE | Windows Update Agent was unable to provide the service. |
| 0x80240002 | WU_E_MAX_CAPACITY_REACHED | The maximum capacity of the service was exceeded. |
| 0x80240003 | WU_E_UNKNOWN_ID | An ID cannot be found. |
| 0x80240004 | WU_E_NOT_INITIALIZED | The object could not be initialized. |
| 0x80240005 | WU_E_RANGEOVERLAP | The update handler requested a byte range that overlaps a previously requested range. |
| 0x80240006 | WU_E_TOOMANYRANGES | The requested number of byte ranges exceeds the maximum number (2^31 - 1). |
| 0x80240007 | WU_E_INVALIDINDEX | The index to a collection was invalid. |
| 0x80240008 | WU_E_ITEMNOTFOUND | The key for the item queried could not be found. |
| 0x80240009 | WU_E_OPERATIONINPROGRESS | A conflicting operation was in progress. Some operations (such as installation) cannot be performed simultaneously. |
| 0x8024000A | WU_E_COULDNOTCANCEL | Cancellation of the operation was not allowed. |
| 0x8024000B | WU_E_CALL_CANCELLED | Operation was cancelled. |
| 0x8024000C | WU_E_NOOP | No operation was required. |
| 0x8024000D | WU_E_XML_MISSINGDATA | Windows Update Agent could not find the required information in the update's XML data. |
| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. |
| 0x8024000F | WU_E_CYCLE_DETECTED | Circular update relationships were detected in the metadata. |
| 0x80240010 | WU_E_TOO_DEEP_RELATION | Update relationships that are too deep were evaluated. |
| 0x80240011 | WU_E_INVALID_RELATIONSHIP | An invalid update relationship was detected. |
| 0x80240012 | WU_E_REG_VALUE_INVALID | An invalid registry value was read. |
| 0x80240013 | WU_E_DUPLICATE_ITEM | Operation tried to add a duplicate item to a list. |
| 0x80240016 | WU_E_INSTALL_NOT_ALLOWED | Operation tried to install while another installation was in progress or the system was pending a mandatory restart. |
| 0x80240017 | WU_E_NOT_APPLICABLE | Operation was not performed because there are no applicable updates. |
| 0x80240018 | WU_E_NO_USERTOKEN | Operation failed because a required user token is missing. |
| 0x80240019 | WU_E_EXCLUSIVE_INSTALL_CONFLICT | An exclusive update cannot be installed with other updates at the same time. |
| 0x8024001A | WU_E_POLICY_NOT_SET | A policy value was not set. |
| 0x8024001B | WU_E_SELFUPDATE_IN_PROGRESS | The operation could not be performed because the Windows Update Agent is self-updating. |
| 0x8024001D | WU_E_INVALID_UPDATE | An update contains invalid metadata. |
| 0x8024001E | WU_E_SERVICE_STOP | Operation did not complete because the service or system was being shut down. |
| 0x8024001F | WU_E_NO_CONNECTION | Operation did not complete because the network connection was unavailable. |
| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. |
| 0x80240021 | WU_E_TIME_OUT | Operation did not complete because it timed out. |
| 0x80240022 | WU_E_ALL_UPDATES_FAILED | Operation failed for all the updates. |
| 0x80240023 | WU_E_EULAS_DECLINED | The license terms for all updates were declined. |
| 0x80240024 | WU_E_NO_UPDATE | There are no updates. |
| 0x80240025 | WU_E_USER_ACCESS_DISABLED | Group Policy settings prevented access to Windows Update. |
| 0x80240026 | WU_E_INVALID_UPDATE_TYPE | The type of update is invalid. |
| 0x80240027 | WU_E_URL_TOO_LONG | The URL exceeded the maximum length. |
| 0x80240028 | WU_E_UNINSTALL_NOT_ALLOWED | The update could not be uninstalled because the request did not originate from a WSUS server. |
| 0x80240029 | WU_E_INVALID_PRODUCT_LICENSE | Search may have missed some updates before there is an unlicensed application on the system. |
| 0x8024002A | WU_E_MISSING_HANDLER | A component that is required to detect applicable updates was missing. |
| 0x8024002B | WU_E_LEGACYSERVER | An operation did not complete because it requires a newer version of server software. |
| 0x8024002C | WU_E_BIN_SOURCE_ABSENT | A delta-compressed update could not be installed because it required the source. |
| 0x8024002D | WU_E_SOURCE_ABSENT | A full-file update could not be installed because it required the source. |
| 0x8024002E | WU_E_WU_DISABLED | Access to an unmanaged server is not allowed. |
| 0x8024002F | WU_E_CALL_CANCELLED_BY_POLICY | Operation did not complete because the DisableWindowsUpdateAccess policy was set. |
| 0x80240030 | WU_E_INVALID_PROXY_SERVER | The format of the proxy list was invalid. |
| 0x80240031 | WU_E_INVALID_FILE | The file is in the wrong format. |
| 0x80240032 | WU_E_INVALID_CRITERIA | The search criteria string was invalid. |
| 0x80240033 | WU_E_EULA_UNAVAILABLE | License terms could not be downloaded. |
| 0x80240034 | WU_E_DOWNLOAD_FAILED | Update failed to download. |
| 0x80240035 | WU_E_UPDATE_NOT_PROCESSED | The update was not processed. |
| 0x80240036 | WU_E_INVALID_OPERATION | The object's current state did not allow the operation. |
| 0x80240037 | WU_E_NOT_SUPPORTED | The functionality for the operation is not supported. |
| 0x80240038 | WU_E_WINHTTP_INVALID_FILE | The downloaded file has an unexpected content type. |
| 0x80240039 | WU_E_TOO_MANY_RESYNC | The agent was asked by server to synchronize too many times. |
| 0x80240040 | WU_E_NO_SERVER_CORE_SUPPORT | WUA API method does not run on a Server Core installation option of the Windows 2008 R2 operating system. |
| 0x80240041 | WU_E_SYSPREP_IN_PROGRESS | Service is not available when sysprep is running. |
| 0x80240042 | WU_E_UNKNOWN_SERVICE | The update service is no longer registered with Automatic Updates. |
| 0x80240FFF | WU_E_UNEXPECTED | An operation failed due to reasons not covered by another error code. |
| 0x80241001 | WU_E_MSI_WRONG_VERSION | Search may have missed some updates because Windows Installer is less than version 3.1. |
| 0x80241002 | WU_E_MSI_NOT_CONFIGURED | Search may have missed some updates because Windows Installer is not configured. |
| 0x80241003 | WU_E_MSP_DISABLED | Search may have missed some updates because a policy setting disabled Windows Installer patching. |
| 0x80241004 | WU_E_MSI_WRONG_APP_CONTEXT | An update could not be applied because the application is installed per-user. |
| 0x80241FFF | WU_E_MSP_UNEXPECTED | Search may have missed some updates because there was a failure of Windows Installer. |
| 0x80242000 | WU_E_UH_REMOTEUNAVAILABLE | A request for a remote update handler could not be completed because no remote process is available. |
| 0x80242001 | WU_E_UH_LOCALONLY | A request for a remote update handler could not be completed because the handler is local only. |
| 0x80242002 | WU_E_UH_UNKNOWNHANDLER | A request for an update handler could not be completed because the handler could not be recognized. |
| 0x80242003 | WU_E_UH_REMOTEALREADYACTIVE | A remote update handler could not be created because one already exists. |
| 0x80242004 | WU_E_UH_DOESNOTSUPPORTACTION | A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). |
| 0x80242005 | WU_E_UH_WRONGHANDLER | An operation did not complete because the wrong handler was specified. |
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. |
| 0x80242007 | WU_E_UH_INSTALLERHUNG | An operation could not be completed because the installer exceeded the time limit. |
| 0x80242008 | WU_E_UH_OPERATIONCANCELLED | An operation being done by the update handler was cancelled. |
| 0x80242009 | WU_E_UH_BADHANDLERXML | An operation could not be completed because the handler-specific metadata is invalid. |
| 0x8024200A | WU_E_UH_CANREQUIREINPUT | A request to the handler to install an update could not be completed because the update requires user input. |
| 0x8024200B | WU_E_UH_INSTALLERFAILURE | The installer failed to install (uninstall) one or more updates. |
| 0x8024200C | WU_E_UH_FALLBACKTOSELFCONTAINED | The update handler should download self-contained content rather than delta-compressed content for the update. |
| 0x8024200D | WU_E_UH_NEEDANOTHERDOWNLOAD | The update handler did not install the update because the update needs to be downloaded again. |
| 0x8024200E | WU_E_UH_NOTIFYFAILURE | The update handler failed to send notification of the status of the install (uninstall) operation. |
| 0x8024200F | WU_E_UH_INCONSISTENT_FILE_NAMES | The file names in the update metadata are inconsistent with the file names in the update package. |
| 0x80242010 | WU_E_UH_FALLBACKERROR | The update handler failed to fall back to the self-contained content. |
| 0x80242011 | WU_E_UH_TOOMANYDOWNLOADREQUESTS | The update handler has exceeded the maximum number of download requests. |
| 0x80242012 | WU_E_UH_UNEXPECTEDCBSRESPONSE | The update handler has received an unexpected response from CBS. |
| 0x80242013 | WU_E_UH_BADCBSPACKAGEID | The update metadata contains an invalid CBS package identifier. |
| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-reboot operation for the update is still in progress. |
| 0x80242015 | WU_E_UH_POSTREBOOTRESULTUNKNOWN | The result of the post-reboot operation for the update could not be determined. |
| 0x80242016 | WU_E_UH_POSTREBOOTUNEXPECTEDSTATE | The state of the update after its post-reboot operation has completed is unexpectedly. |
| 0x80242017 | WU_E_UH_NEW_SERVICING_STACK_REQUIRED | The operating system servicing stack must be updated before this update is downloaded or installed. |
| 0x80242FFF | WU_E_UH_UNEXPECTED | This update handler error is not covered by another WU_E_UH_* code. |
| 0x80243001 | WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION | The results of the download and installation could not be read in the registry due to an unrecognized data format version. |
| 0x80243002 | WU_E_INSTALLATION_RESULTS_INVALID_DATA | The results of download and installation could not be read in the registry due to an invalid data format. |
| 0x80243003 | WU_E_INSTALLATION_RESULTS_NOT_FOUND | The results of download and installation are not available; the operation may have failed to start. |
| 0x80243004 | WU_E_TRAYICON_FAILURE | A failure occurred when trying to create an icon in the notification area. |
| 0x80243FFD | WU_E_NON_UI_MODE | Unable to show the user interface (UI) when in a non-UI mode; Windows Update (WU) client UI modules may not be installed. |
| 0x80243FFE | WU_E_WUCLTUI_UNSUPPORTED_VERSION | Unsupported version of WU client UI exported functions. |
| 0x80243FFF | WU_E_AUCLIENT_UNEXPECTED | There was a user interface error not covered by another WU_E_AUCLIENT_* error code. |
| 0x80244000 | WU_E_PT_SOAPCLIENT_BASE | WU_E_PT_SOAPCLIENT_* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library. |
| 0x80244001 | WU_E_PT_SOAPCLIENT_INITIALIZE | Initialization of the SOAP client failed, possibly because of an MSXML installation failure. |
| 0x80244002 | WU_E_PT_SOAPCLIENT_OUTOFMEMORY | SOAP client failed because it ran out of memory. |
| 0x80244003 | WU_E_PT_SOAPCLIENT_GENERATE | SOAP client failed to generate the request. |
| 0x80244004 | WU_E_PT_SOAPCLIENT_CONNECT | SOAP client failed to connect to the server. |
| 0x80244005 | WU_E_PT_SOAPCLIENT_SEND | SOAP client failed to send a message due to WU_E_WINHTTP_* error codes. |
| 0x80244006 | WU_E_PT_SOAPCLIENT_SERVER | SOAP client failed because there was a server error. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault due to WU_E_PT_SOAP_* error codes. |
| 0x80244008 | WU_E_PT_SOAPCLIENT_PARSEFAULT | SOAP client failed to parse a SOAP fault. |
| 0x80244009 | WU_E_PT_SOAPCLIENT_READ | SOAP client failed while reading the response from the server. |
| 0x8024400A | WU_E_PT_SOAPCLIENT_PARSE | SOAP client failed to parse the response from the server. |
| 0x8024400B | WU_E_PT_SOAP_VERSION | SOAP client found an unrecognizable namespace for the SOAP envelope. |
| 0x8024400C | WU_E_PT_SOAP_MUST_UNDERSTAND | SOAP client was unable to understand a header. |
| 0x8024400D | WU_E_PT_SOAP_CLIENT | SOAP client found the message was malformed (fix before resending). |
| 0x8024400E | WU_E_PT_SOAP_SERVER | The SOAP message could not be processed due to a server error (resend later). |
| 0x8024400F | WU_E_PT_WMI_ERROR | There was an unspecified Windows Management Instrumentation (WMI) error. |
| 0x80244010 | WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS | The number of round trips to the server exceeded the maximum limit. |
| 0x80244011 | WU_E_PT_SUS_SERVER_NOT_SET | WUServer policy value is missing in the registry. |
| 0x80244012 | WU_E_PT_DOUBLE_INITIALIZATION | Initialization failed because the object was already initialized. |
| 0x80244013 | WU_E_PT_INVALID_COMPUTER_NAME | The computer name could not be determined. |
| 0x80244015 | WU_E_PT_REFRESH_CACHE_REQUIRED | The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry. |
| 0x80244016 | WU_E_PT_HTTP_STATUS_BAD_REQUEST | HTTP 400 - the server could not process the request due to invalid syntax. |
| 0x80244017 | WU_E_PT_HTTP_STATUS_DENIED | HTTP 401 - the requested resource requires user authentication. |
| 0x80244018 | WU_E_PT_HTTP_STATUS_FORBIDDEN | HTTP 403 - server understood the request, but declined to fulfill it. |
| 0x80244019 | WU_E_PT_HTTP_STATUS_NOT_FOUND | HTTP 404 - the server cannot find the requested Uniform Resource Identifier (URI). |
| 0x8024401A | WU_E_PT_HTTP_STATUS_BAD_METHOD | HTTP 405 - the HTTP method is not allowed. |
| 0x8024401B | WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ | HTTP 407 - proxy authentication is required. |
| 0x8024401C | WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT | HTTP 408 - the server timed out waiting for the request. |
| 0x8024401D | WU_E_PT_HTTP_STATUS_CONFLICT | HTTP 409 - the request was not completed due to a conflict with the current state of the resource. |
| 0x8024401E | WU_E_PT_HTTP_STATUS_GONE | HTTP 410 - the requested resource is no longer available at the server. |
| 0x8024401F | WU_E_PT_HTTP_STATUS_SERVER_ERROR | HTTP 500 - an error internal to the server prevented fulfilling the request. |
| 0x80244020 | WU_E_PT_HTTP_STATUS_NOT_SUPPORTED | HTTP 501 - server does not support the functionality that is required to fulfill the request. |
| 0x80244021 | WU_E_PT_HTTP_STATUS_BAD_GATEWAY | HTTP 502 - the server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed when attempting to fulfill the request. |
| 0x80244022 | WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL | HTTP 503 - the service is temporarily overloaded. |
| 0x80244023 | WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT | HTTP 504 - the request was timed out waiting for a gateway. |
| 0x80244024 | WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP | HTTP 505 - the server does not support the HTTP protocol version used for the request. |
| 0x80244025 | WU_E_PT_FILE_LOCATIONS_CHANGED | Operation failed due to a changed file location; refresh internal state and resend. |
| 0x80244026 | WU_E_PT_REGISTRATION_NOT_SUPPORTED | Operation failed because Windows Update Agent does not support registration with a non-WSUS server. |
| 0x80244027 | WU_E_PT_NO_AUTH_PLUGINS_REQUESTED | The server returned an empty authentication information list. |
| 0x80244028 | WU_E_PT_NO_AUTH_COOKIES_CREATED | Windows Update Agent was unable to create any valid authentication cookies. |
| 0x80244029 | WU_E_PT_INVALID_CONFIG_PROP | A configuration property value was wrong. |
| 0x8024402A | WU_E_PT_CONFIG_PROP_MISSING | A configuration property value was missing. |
| 0x8024402B | WU_E_PT_HTTP_STATUS_NOT_MAPPED | The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_* error codes. |
| 0x8024402C | WU_E_PT_WINHTTP_NAME_NOT_RESOLVED | The proxy server or target server name cannot be resolved. |
| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors. |
| 0x80244030 | WU_E_PT_ECP_INIT_FAILED | The external .cab file processor initialization did not complete. |
| 0x80244031 | WU_E_PT_ECP_INVALID_FILE_FORMAT | The format of a metadata file was invalid. |
| 0x80244032 | WU_E_PT_ECP_INVALID_METADATA | External .cab file processor found invalid metadata. |
| 0x80244033 | WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST | The file digest could not be extracted from an external .cab file. |
| 0x80244034 | WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE | An external .cab file could not be decompressed. |
| 0x80244035 | WU_E_PT_ECP_FILE_LOCATION_ERROR | External .cab processor was unable to get file locations. |
| 0x80244FFF | WU_E_PT_UNEXPECTED | There was a communication error not covered by another WU_E_PT_* error code |
| 0x80245001 | WU_E_REDIRECTOR_LOAD_XML | The redirector XML document could not be loaded into the Document Object Model (DOM) class. |
| 0x80245002 | WU_E_REDIRECTOR_S_FALSE | The redirector XML document is missing some required information. |
| 0x80245003 | WU_E_REDIRECTOR_ID_SMALLER | The redirector ID in the downloaded redirector .cab file is less than in the cached .cab file. |
| 0x8024502D | WU_E_PT_SAME_REDIR_ID | Windows Update Agent failed to download a redirector .cab file with a new redirector ID value from the server during the recovery. |
| 0x8024502E | WU_E_PT_NO_MANAGED_RECOVER | A redirector recovery action did not complete because the server is managed. |
| 0x80245FFF | WU_E_REDIRECTOR_UNEXPECTED | The redirector failed for reasons not covered by another WU_E_REDIRECTOR_* error code. |
| 0x80246001 | WU_E_DM_URLNOTAVAILABLE | A download manager operation could not be completed because the requested file does not have a URL. |
| 0x80246002 | WU_E_DM_INCORRECTFILEHASH | A download manager operation could not be completed because the file digest was not recognized. |
| 0x80246003 | WU_E_DM_UNKNOWNALGORITHM | A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm. |
| 0x80246004 | WU_E_DM_NEEDDOWNLOADREQUEST | An operation could not be completed because a download request is required from the download handler. |
| 0x80246005 | WU_E_DM_NONETWORK | A download manager operation could not be completed because the network connection was unavailable. |
| 0x80246006 | WU_E_DM_WRONGBITSVERSION | A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
| 0x80246007 | WU_E_DM_NOTDOWNLOADED | The update has not been downloaded. |
| 0x80246008 | WU_E_DM_FAILTOCONNECTTOBITS | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
| 0x80246009 | WU_E_DM_BITSTRANSFERERROR | A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error. |
| 0x8024600a | WU_E_DM_DOWNLOADLOCATIONCHANGED | A download must be restarted because the location of the source of the download has changed. |
| 0x8024600B | WU_E_DM_CONTENTCHANGED | A download must be restarted because the update content changed in a new revision. |
| 0x80246FFF | WU_E_DM_UNEXPECTED | There was a download manager error not covered by another WU_E_DM_* error code. |
| 0x80247001 | WU_E_OL_INVALID_SCANFILE | An operation could not be completed because the scan package was invalid. |
| 0x80247002 | WU_E_OL_NEWCLIENT_REQUIRED | An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. |
| 0x80247FFF | WU_E_OL_UNEXPECTED | Search using the scan package failed. |
| 0x80248000 | WU_E_DS_SHUTDOWN | An operation failed because Windows Update Agent is shutting down. |
| 0x80248001 | WU_E_DS_INUSE | An operation failed because the data store was in use. |
| 0x80248002 | WU_E_DS_INVALID | The current and expected states of the data store do not match. |
| 0x80248003 | WU_E_DS_TABLEMISSING | The data store is missing a table. |
| 0x80248004 | WU_E_DS_TABLEINCORRECT | The data store contains a table with unexpected columns. |
| 0x80248005 | WU_E_DS_INVALIDTABLENAME | A table could not be opened because the table is not in the data store. |
| 0x80248006 | WU_E_DS_BADVERSION | The current and expected versions of the data store do not match. |
| 0x80248007 | WU_E_DS_NODATA | The information requested is not in the data store. |
| 0x80248008 | WU_E_DS_MISSINGDATA | The data store is missing required information or has a null value in a table column that requires a non-null value. |
| 0x80248009 | WU_E_DS_MISSINGREF | The data store is missing required information or has a reference to missing license terms, a file, a localized property, or a linked row. |
| 0x8024800A | WU_E_DS_UNKNOWNHANDLER | The update was not processed because its update handler could not be recognized. |
| 0x8024800B | WU_E_DS_CANTDELETE | The update was not deleted because it is still referenced by one or more services. |
| 0x8024800C | WU_E_DS_LOCKTIMEOUTEXPIRED | The data store section could not be locked within the allotted time. |
| 0x8024800D | WU_E_DS_NOCATEGORIES | The category was not added because it contains no parent categories, and it is not a top-level category. |
| 0x8024800E | WU_E_DS_ROWEXISTS | The row was not added because an existing row has the same primary key. |
| 0x8024800F | WU_E_DS_STOREFILELOCKED | The data store could not be initialized because it was locked by another process. |
| 0x80248010 | WU_E_DS_CANNOTREGISTER | The data store is not allowed to be registered with COM in the current process. |
| 0x80248011 | WU_E_DS_UNABLETOSTART | Could not create a data store object in another process. |
| 0x80248013 | WU_E_DS_DUPLICATEUPDATEID | The server sent the same update to the client computer, with two different revision IDs. |
| 0x80248014 | WU_E_DS_UNKNOWNSERVICE | An operation did not complete because the service is not in the data store. |
| 0x80248015 | WU_E_DS_SERVICEEXPIRED | An operation did not complete because the registration of the service has expired. |
| 0x80248016 | WU_E_DS_DECLINENOTALLOWED | A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline. |
| 0x80248017 | WU_E_DS_TABLESESSIONMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248018 | WU_E_DS_SESSIONLOCKMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248019 | WU_E_DS_NEEDWINDOWSSERVICE | A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and Automatic Updates cannot fall back to another service. |
| 0x8024801A | WU_E_DS_INVALIDOPERATION | A request was declined because the operation is not allowed. |
| 0x8024801B | WU_E_DS_SCHEMAMISMATCH | The schema of the current data store and the schema of a table in a backup XML document do not match. |
| 0x8024801C | WU_E_DS_RESETREQUIRED | The data store requires a session reset; release the session and retry with a new session. |
| 0x8024801D | WU_E_DS_IMPERSONATED | A data store operation did not complete because it was requested with an impersonated identity. |
| 0x80248FFF | WU_E_DS_UNEXPECTED | There was a data store error not covered by another WU_E_DS_* code. |
| 0x80249001 | WU_E_INVENTORY_PARSEFAILED | Parsing of the rule file failed. |
| 0x80249002 | WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED | Failed to get the requested inventory type from the server. |
| 0x80249003 | WU_E_INVENTORY_RESULT_UPLOAD_FAILED | Failed to upload inventory result to the server. |
| 0x80249004 | WU_E_INVENTORY_UNEXPECTED | There was an inventory error not covered by another error code. |
| 0x80249005 | WU_E_INVENTORY_WMI_ERROR | A WMI error occurred when enumerating the instances for a particular class. |
| 0x8024A000 | WU_E_AU_NOSERVICE | Automatic Updates was unable to service incoming requests. |
| 0x8024A002 | WU_E_AU_NONLEGACYSERVER | The old version of Automatic Updates has stopped because the WSUS server has been upgraded. |
| 0x8024A003 | WU_E_AU_LEGACYCLIENTDISABLED | The old version of Automatic Updates was disabled. |
| 0x8024A004 | WU_E_AU_PAUSED | Automatic Updates was unable to process incoming requests because it was paused. |
| 0x8024A005 | WU_E_AU_NO_REGISTERED_SERVICE | No unmanaged service is registered with AU. |
| 0x8024AFFF | WU_E_AU_UNEXPECTED | There was an Automatic Updates error not covered by another WU_E_AU * code. |
| 0x8024C001 | WU_E_DRV_PRUNED | A driver was skipped. |
| 0x8024C002 | WU_E_DRV_NOPROP_OR_LEGACY | A property for the driver could not be found. It may not conform with required specifications. |
| 0x8024C003 | WU_E_DRV_REG_MISMATCH | The registry type read for the driver does not match the expected type. |
| 0x8024C004 | WU_E_DRV_NO_METADATA | The driver update is missing metadata. |
| 0x8024C005 | WU_E_DRV_MISSING_ATTRIBUTE | The driver update is missing a required attribute. |
| 0x8024C006 | WU_E_DRV_SYNC_FAILED | Driver synchronization failed. |
| 0x8024C007 | WU_E_DRV_NO_PRINTER_CONTENT | Information required for the synchronization of applicable printers is missing. |
| 0x8024CFFF | WU_E_DRV_UNEXPECTED | There was a driver error not covered by another WU_E_DRV_* code. |
| 0x8024D001 | WU_E_SETUP_INVALID_INFDATA | Windows Update Agent could not be updated because an .inf file contains invalid information. |
| 0x8024D002 | WU_E_SETUP_INVALID_IDENTDATA | Windows Update Agent could not be updated because the wuident.cab file contains invalid information. |
| 0x8024D003 | WU_E_SETUP_ALREADY_INITIALIZED | Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice. |
| 0x8024D004 | WU_E_SETUP_NOT_INITIALIZED | Windows Update Agent could not be updated because setup initialization never completed successfully. |
| 0x8024D005 | WU_E_SETUP_SOURCE_VERSION_MISMATCH | Windows Update Agent could not be updated because the versions specified in the .inf file do not match the actual source file versions. |
| 0x8024D006 | WU_E_SETUP_TARGET_VERSION_GREATER | Windows Update Agent could not be updated because a Windows Update Agent file on the target system is newer than the corresponding source file. |
| 0x8024D007 | WU_E_SETUP_REGISTRATION_FAILED | Windows Update Agent could not be updated because regsvr32.exe returned an error. |
| 0x8024D008 | WU_E_SELFUPDATE_SKIP_ON_FAILURE | An update to the Windows Update Agent was skipped because previous attempts to update failed. |
| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |
| 0x8024D00A | WU_E_SETUP_UNSUPPORTED_CONFIGURATION | Windows Update Agent could not be updated because the current system configuration is not supported. |
| 0x8024D00B | WU_E_SETUP_BLOCKED_CONFIGURATION | Windows Update Agent could not be updated because the system is configured to block the update. |
| 0x8024D00C | WU_E_SETUP_REBOOT_TO_FIX | Windows Update Agent could not be updated because a restart of the system is required. |
| 0x8024D00D | WU_E_SETUP_ALREADYRUNNING | Windows Update Agent setup is already running. |
| 0x8024D00E | WU_E_SETUP_REBOOTREQUIRED | Windows Update Agent setup package requires a reboot to complete installation. |
| 0x8024D00F | WU_E_SETUP_HANDLER_EXEC_FAILURE | Windows Update Agent could not be updated because the setup handler failed when it was run. |
| 0x8024D010 | WU_E_SETUP_INVALID_REGISTRY_DATA | Windows Update Agent could not be updated because the registry contains invalid information. |
| 0x8024D011 | WU_E_SELFUPDATE_REQUIRED | Windows Update Agent must be updated before search can continue. |
| 0x8024D012 | WU_E_SELFUPDATE_REQUIRED_ADMIN | Windows Update Agent must be updated before search can continue. An administrator is required to perform the operation. |
| 0x8024D013 | WU_E_SETUP_WRONG_SERVER_VERSION | Windows Update Agent could not be updated because the server does not contain update information for this version. |
| 0x8024DFFF | WU_E_SETUP_UNEXPECTED | Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code. |
| 0x8024E001 | WU_E_EE_UNKNOWN_EXPRESSION | An expression evaluator operation could not be completed because an expression was unrecognized. |
| 0x8024E002 | WU_E_EE_INVALID_EXPRESSION | An expression evaluator operation could not be completed because an expression was invalid. |
| 0x8024E003 | WU_E_EE_MISSING_METADATA | An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. |
| 0x8024E004 | WU_E_EE_INVALID_VERSION | An expression evaluator operation could not be completed because the version of the serialized expression data is invalid. |
| 0x8024E005 | WU_E_EE_NOT_INITIALIZED | The expression evaluator could not be initialized. |
| 0x8024E006 | WU_E_EE_INVALID_ATTRIBUTEDATA | An expression evaluator operation could not be completed because there was an invalid attribute. |
| 0x8024E007 | WU_E_EE_CLUSTER_ERROR | An expression evaluator operation could not be completed because the cluster state of the computer could not be determined. |
| 0x8024EFFF | WU_E_EE_UNEXPECTED | There was an expression evaluator error not covered by another WU_E_EE_* error code. |
| 0x8024F001 | WU_E_REPORTER_EVENTCACHECORRUPT | The event cache file was defective. |
| 0x8024F002 | WU_E_REPORTER_ EVENTNAMESPACEPARSEFAILED | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F003 | WU_E_INVALID_EVENT | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F004 | WU_E_SERVER_BUSY | The server rejected an event because the server was too busy. |
| 0x8024FFFF | WU_E_REPORTER_UNEXPECTED | There was a reporter error not covered by another error code. |
Windows Update Agent Result Codes
Manually Testing the Patch
It is best practice that you download the patch to the device and manually run in in the GUI. The patch should display a message giving the same reason for not installing in a dialog. Once you have verified why the patch will not install manually, contact support and be sure to upload the vulscan log from the repair task to the case.
Detection Issues That Support Likely Will Not be able to Resolve
Certain false detection issues can occur that support will likely be unable to troubleshoot or resolve. The most likely of these is with our powershell scripts running on Windows 7 devices. The example from another vulscan log below shows a script error when trying to run on a device.
Mon, 23 Oct 2017 14:58:48 File OSVERSION version within specified Mon, 23 Oct 2017 14:58:48 Prod Windows 7 Service Pack 1 (ID:WIN7SP1) verified OSVERSION, found: 6.1.7601.1 Mon, 23 Oct 2017 14:58:48 Prod Windows 7 Service Pack 1 (ID:WIN7SP1) verified C:\Windows\explorer.exe, found: C:\Windows\explorer.exe Mon, 23 Oct 2017 14:58:48 Running detection script Mon, 23 Oct 2017 14:58:48 Content filename: 'RollupFixB201710.ps1' Mon, 23 Oct 2017 14:58:48 Writing script content to file 'C:\Windows\TEMP\RollupFixB201710.ps1' starting at line 5 Mon, 23 Oct 2017 14:58:48 Launching external script processor: <powershell.exe> Mon, 23 Oct 2017 14:58:48 args: <-executionpolicy bypass C:\Windows\TEMP\RollupFixB201710.ps1> Mon, 23 Oct 2017 14:58:48 External timeout: 60 Mon, 23 Oct 2017 14:58:48 Called CreateProcess: "powershell.exe" Mon, 23 Oct 2017 14:58:48 Error 2 launching application <powershell.exe> Mon, 23 Oct 2017 14:58:48 4041681_MSU detected Mon, 23 Oct 2017 14:58:48 VUL: '4041681_MSU' (windows6.1-kb4041681-x86.msu) DETECTED. Reason 'Unexpected error in custom script source. See agent log for details'. Expected ''. Found ''. Patch required 'windows6.1-kb4041681-x86.msu'. Mon, 23 Oct 2017 14:58:48 Patch is NOT installed Mon, 23 Oct 2017 14:58:48 Last status: Done
You can see from the log that the script attempted to run but got a 'Unexpected error in custom script source. See agent log for details' error. In all cases where we cannot get a proper detection from our scripts Ivanti errs on the side of caution and will throw a DETECTED and will try and install the patch just to be safe.
Issues that arise from script errors are difficult to impossible for us to troubleshoot. The likely cause is a security setting or Antivirus/Malware program that prevents the script from running. GPOs and powershell policies can also interfere if they are enabled in the customers environment. Since issues like this are impossible to replicate in our teat labs and are unique to the customers environment, the customer is advised to do some troubleshooting and see if security settings and restrictions can be lowered on a test device to try and get the script to run properly before contacting support.