Server 2019 not applying July & August patches
Posted by trevdelder78@reddit | sysadmin | View on Reddit | 10 comments
I have one file server that Iwill not patch. It is an air gapped system, I use wsus for updating , tried manual update, I have used recommended clearing updates, sfc, and DISM. I am looking for anything else to fix this before we decided to just rebuild stupid thing.
OurWhoresAreClean@reddit
What happens when you run "Repair-WindowsImage -Online -CheckHealth" from a powershell prompt?
I've been seeing a lot of corrupted component stores preventing machines from patching in my environment lately and I'm curious if I'm the only one.
jeranis@reddit
I have a Win10 LTSC system that wont finish updates, BSOD on reboot with 0cx000021a. All the repair tactics I have tried wont bring it back to life.
Comunisto@reddit
I see the same problem by April i think. The cause was an energy breack during the update.
Rollback 2 patches, clean update cache and let windows verify/install all again.
OR, you can just never reboot that machine till the end of times hahah.
jeranis@reddit
If June was the last update to complete it would make sense that the corruption occurred during that installation. I will give that a shot.
OurWhoresAreClean@reddit
Huh, that sounds like a different issue than mine.
What I'm seeing is multiple machines (desktops, laptops, servers, they're all affected) failing to install their monthly cumulative updates. Other updates install without issue--.NET, O365, etc.--it's just the big ones that fail. No BSOD, the machines work fine otherwise, they just can't install that one type of update, and the one commonality is that running the command I mentioned above reports that the component store is corrupted but repairable.
It can usually be fixed by opening up access to MS update (we use SCCM so our machines, by default, can't reach it) and running "repair-windowsimage -online -restorehealth", but it's a tedious and time-consuming process, and I'd really like to know why it's happening.
Probably going to have to open a ticket with MS. Ugh.
TaiGlobal@reddit
Same has been happening in 2 different environments I’ve been in over the last 2 years. I just do an in place upgrade with an iso and call it a day. It’s just been annoying because I’ve got to email and hassle end users to schedule a time to do it if the automated deployment from sccm isn’t hitting their machine.
jeranis@reddit
As a correction to my previous, I can get the machine back up and running by doing the DISM revertpending actions from recovery console. Updates are disabled on it till I figure out how to fix. It controls a critical CNC machine so options are limited.
trevdelder78@reddit (OP)
I will check Monday.
SpiceIslander2001@reddit
Wow. Ran into the exact same thing with a W2019 server very recently. One of the few we have that cannot communicate directly with Internet sites. Updates pushed by SCCM. The updates simply would not install, failing with the same error code - 0x80240034. SFC /SCANNOW always failing after 99%, reporting 18 errors that it could not fix. DISM /restorehealth failing as well.
What "solved" it? Well, just before doing a planned rebuild of the entire thing, I configured the edge firewall to allow the server to ONLY connect to MS sites and selected the "Check online for updates from Microsoft Updates" option. It downloaded and installed the updates with no issues. Well, WTF ??? It worked, but I have no idea why.
upsurper@reddit
Server 2019 iso that is patched newer, in place upgrade to same OS from the live OS.