L lenzc Member Joined Mar 26, 2024 Posts 6 May 6, 2024 #1 This appliance was provided by one of our vendors to run their software and store the system's data. Normally I patch using MECM, which reported this server as compliant, but vulnerability scanning flagged it as missing patches. Manual checking confirms that no updates have been installed since deployment. Any attempts at installing updates automatically show that no updates are necessary. Any attempts at installing updates manually, from the next SSU to the latest SSU, and from the next cumulative update to the latest cumulative update, all result in the message, "The update is not applicable to your computer." SFC shows no issues. DISM says it completed successfully, but there were no changes. Component scanner reported no issues. Due to the nature of the system this server runs, reimaging wouldn't be viable until a spare could be purchased and this server taken out of service. Attachments dism.log 37.2 KB · Views: 0 CBS.zip 4.7 MB · Views: 3 ComponentsScanner.txt 738 bytes · Views: 3
This appliance was provided by one of our vendors to run their software and store the system's data. Normally I patch using MECM, which reported this server as compliant, but vulnerability scanning flagged it as missing patches. Manual checking confirms that no updates have been installed since deployment. Any attempts at installing updates automatically show that no updates are necessary. Any attempts at installing updates manually, from the next SSU to the latest SSU, and from the next cumulative update to the latest cumulative update, all result in the message, "The update is not applicable to your computer." SFC shows no issues. DISM says it completed successfully, but there were no changes. Component scanner reported no issues. Due to the nature of the system this server runs, reimaging wouldn't be viable until a spare could be purchased and this server taken out of service.
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,886 Location The Netherlands May 8, 2024 #2 Hi and welcome to Sysnative, Export CBS (Component Based Servicing) hive Click on the Start button and type regedit When you see regedit on the list, right-click on it and select Run as administrator. When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once. Code: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing Once selected, click File > Export.... Change the Save as type: to Registry Hive Files (*.*). Name this file ComponentBasedServicing (with no file extension) and save it to your Desktop. Right-click on the saved file and choose Send > Compressed (zipped) Folder. Attach the .ZIP file to your next post. If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.
Hi and welcome to Sysnative, Export CBS (Component Based Servicing) hive Click on the Start button and type regedit When you see regedit on the list, right-click on it and select Run as administrator. When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once. Code: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing Once selected, click File > Export.... Change the Save as type: to Registry Hive Files (*.*). Name this file ComponentBasedServicing (with no file extension) and save it to your Desktop. Right-click on the saved file and choose Send > Compressed (zipped) Folder. Attach the .ZIP file to your next post. If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.
L lenzc Member Joined Mar 26, 2024 Posts 6 May 8, 2024 #3 Attached. Thanks! Attachments ComponentBasedServicing.zip 21.9 KB · Views: 1
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,886 Location The Netherlands May 8, 2024 #4 Do you have recent backups of this server? The CBS hive is only 130kB and damaged beyond repair.
L lenzc Member Joined Mar 26, 2024 Posts 6 May 8, 2024 #5 There are no backups of this system unfortunately. The only backup-like data I have is the recovery partition, but I don't expect much out of that. Is there an effective difference between Storage Server 2016 and Server 2016? I assume not and that updates that apply to Server 2016 should apply to Storage Server 2016. Just trying to eliminate my possible operator error.
There are no backups of this system unfortunately. The only backup-like data I have is the recovery partition, but I don't expect much out of that. Is there an effective difference between Storage Server 2016 and Server 2016? I assume not and that updates that apply to Server 2016 should apply to Storage Server 2016. Just trying to eliminate my possible operator error.
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,886 Location The Netherlands May 9, 2024 #6 Hi, lenzc said: I assume not and that updates that apply to Server 2016 should apply to Storage Server 2016 Click to expand... Basically seen yes, but the difference is the patch level, installed features / roles, language packs etc. In some cases it is possible to replace a corrupt COMPONENTS hive with a very similar hive and to perform a repair install to resolve the remaining issues. However, the CBS subkey is loaded under the SOFTWARE hive and when this hive is corrupted beyond repair it is impossible to rebuild or replace. This because it also involves another key under de SOFTWARE hive (the SideBySide) subkey. Knowing this a rebuild from scratch is the only solution left to get this server up and running again.
Hi, lenzc said: I assume not and that updates that apply to Server 2016 should apply to Storage Server 2016 Click to expand... Basically seen yes, but the difference is the patch level, installed features / roles, language packs etc. In some cases it is possible to replace a corrupt COMPONENTS hive with a very similar hive and to perform a repair install to resolve the remaining issues. However, the CBS subkey is loaded under the SOFTWARE hive and when this hive is corrupted beyond repair it is impossible to rebuild or replace. This because it also involves another key under de SOFTWARE hive (the SideBySide) subkey. Knowing this a rebuild from scratch is the only solution left to get this server up and running again.
L lenzc Member Joined Mar 26, 2024 Posts 6 May 9, 2024 #7 I was suspicious that we would have to rebuild from scratch. I did just try a DISM repair with a wim from the recovery drive. DISM says it would be able to apply some repairs, but it requires a slightly newer SSU to do so which of course I still can't install. So back around in a loop to rebuilding from scratch, which effectively means leaving an unpatched system in use until we can replace the physical appliance. I appreciate the time you spent helping me out!
I was suspicious that we would have to rebuild from scratch. I did just try a DISM repair with a wim from the recovery drive. DISM says it would be able to apply some repairs, but it requires a slightly newer SSU to do so which of course I still can't install. So back around in a loop to rebuilding from scratch, which effectively means leaving an unpatched system in use until we can replace the physical appliance. I appreciate the time you spent helping me out!
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,886 Location The Netherlands May 9, 2024 #8 Unfortunately, there is no other way to get this server stable again when the CBS is completely empty, and when you don't have recent backups.
Unfortunately, there is no other way to get this server stable again when the CBS is completely empty, and when you don't have recent backups.
L lenzc Member Joined Mar 26, 2024 Posts 6 May 9, 2024 #9 Yes, the lack of backups is a big mistake on the server owner's part unfortunately. Nothing to do about it now.
Yes, the lack of backups is a big mistake on the server owner's part unfortunately. Nothing to do about it now.
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,886 Location The Netherlands May 9, 2024 #10 Yeah! This is a common mistake, especially with servers which are not maintained for a long time...
L lenzc Member Joined Mar 26, 2024 Posts 6 May 9, 2024 #11 I wouldn't have seen it without Nessus flagging the missing patches, considering MECM reported that it was compliant. As far as the OS was concerned, it was compliant because none of the patches were applicable/required.
I wouldn't have seen it without Nessus flagging the missing patches, considering MECM reported that it was compliant. As far as the OS was concerned, it was compliant because none of the patches were applicable/required.