[SOLVED] Server 2016 - unable to Add Windows Feature, DISM errors with "CBS Catalog Missing"

plustech · Jul 27, 2023

Hi all,
on Windows Server 2016, I'm unable to add any Feature - I want to install the Windows Defender Feature. Error code is 0x800f0831 - CBS_E_STORE_CORRUPTION.

When I read CBS, i ran DISM. And yes, "DISM /online /cleanup-image /restorehealth" also reports errors regarding CBS, with cbs.log complaining about "CBS Catalog Missing". See attached CBS folder.

I am stuck and don't know how to resolve this - Please help!

Maxstar · Aug 1, 2023

Hi and welcome to Sysnative,

Follow these instructions to remove an update.

Open the Start menu of Windows and type the command CMD
When you see Command Prompt on the list, right-click on it and select Run as administrator.
When command prompt opens, copy and paste the following command into it, then press enter.

Code:

wusa /uninstall /KB:4524152

Let me know if it says it was successful or you get the message: The update KB4524152 is not installed on this computer.

plustech · Aug 1, 2023

Hi, I get "The update KB4524152 is not installed on this computer."

Maxstar · Aug 1, 2023

Download the

Farbar Recovery Scan Tool and save it to your Desktop:

Download the 64 bit version: - Farbar Recovery Scan Tool Link

Open the startmenu and type the command cmd.
After you find the Command Prompt, right click on it and select Run as Administrator.
Copy and paste the following into the Command Prompt and press enter.

Code:

reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

Right-click on the file FRST64.exe and choose Run as administrator.

Copy and paste the following (code) into the Search box and click the Search Registry button.

Code:

KB4524152

When the scan is complete, a message will display that SearchReg.txt is saved in the same folder FRST was started from.
Post the logfile SearchReg.txt as attachment in your next reply.

plustech · Aug 1, 2023

Hi, it ran fine, took around 5 minutes. See attachment :)

Maxstar · Aug 1, 2023

Start the

Farbar Recovery Scan Tool again.

Warning: This script was written specifically for this system. Do not run this script on another system.

Download the attachment fixlist.txt and save it to your desktop.
Right-click on FRST.exe and select "Run as administrator".
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
Post the logfile Fixlog.txt as attachment in your next reply.

plustech · Aug 1, 2023

"Fix" finished, here's the fixlog

Maxstar · Aug 1, 2023

Please attempt to install the Windows Defender Feature. If it fails attach a new copy of the CBS logs.

plustech · Aug 1, 2023

Hi, feature installation of Windows Defender failed again with 0x800f0831. See new CBS.zip attached

Maxstar · Aug 1, 2023

Please reboot the server and then provide the following hive files:

Upload your COMPONENTS hive.

Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
Right-click on this file on your desktop and select Send To > Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.

Export CBS (Component Based Servicing) hive

Click on the Start button and type regedit
When you see regedit on the list, right-click on it and select Run as administrator.
When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.
Code:
```
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
```
Once selected, click File > Export....
Change the Save as type: to Registry Hive Files (*.*).
Name this file ComponentBasedServicing (with no file extension) and save it to your Desktop.
Right-click on the saved file and choose Send > Compressed (zipped) Folder.
Attach the .ZIP file to your next post.
If the file is too large to upload here, upload the file to www.wetransfer.com and post the link in your next reply.

plustech · Aug 1, 2023

Hi, thank you for your swift reply! Here's the two ZIP files you requested.

COMPONENTS.zip
and the other file is attached :)

Maxstar · Aug 2, 2023

Hi,

Please open an elevated command prompt, run the following command and copy and paste the result in your next post.

Code:

certutil -hashfile C:\Windows\WinSxS\amd64_windows-defender-service-datalayer_31bf3856ad364e35_10.0.14393.1198_none_787a21774b1409fa\DataLayer.dll SHA256

And provide a list of the installed updates:

Code:

wmic qfe list brief /format:texttablewsys > "%userprofile%\Desktop\UpdateList.txt"

plustech · Aug 2, 2023

Code:

C:\>certutil -hashfile C:\Windows\WinSxS\amd64_windows-defender-service-datalayer_31bf3856ad364e35_10.0.14393.1198_none_787a21774b1409fa\DataLayer.dll SHA256
SHA256-Hash der Datei C:\Windows\WinSxS\amd64_windows-defender-service-datalayer_31bf3856ad364e35_10.0.14393.1198_none_787a21774b1409fa\DataLayer.dll:
5ad7f4860c81daf1f6d254d6b5d557a8fdae57d20e696e4a70c0a2cb9594e4a3
CertUtil: -hashfile-Befehl wurde erfolgreich ausgeführt.

Code:

Description      FixComments  HotFixID   InstallDate  InstalledBy              InstalledOn  Name  ServicePackInEffect  Status 
Update                        KB5028854               NT-AUTORITÄT\SYSTEM      7/12/2023                                       
Update                        KB3192137               NT-AUTORITÄT\SYSTEM      9/12/2016                                       
Update                        KB4033393               SCHNEIDER\winadmin       10/15/2018                                     
Update                        KB4033399               SCHNEIDER\winadmin       10/15/2018                                     
Update                        KB4054590               SCHNEIDER\winadmin       10/7/2019                                       
Update                        KB4054596               SCHNEIDER\winadmin       10/7/2019                                       
Update                        KB4132216               NT-AUTORITÄT\SYSTEM      9/19/2018                                       
Security Update               KB4485447               NT-AUTORITÄT\SYSTEM      4/26/2019                                       
Update                        KB4486129               SCHNEIDER\winadmin       10/4/2020                                       
Update                        KB4486135               SCHNEIDER\winadmin       10/4/2020                                       
Security Update               KB4503537               NT-AUTORITÄT\SYSTEM      6/15/2019                                       
Security Update               KB4509091               NT-AUTORITÄT\SYSTEM      7/9/2019                                       
Security Update               KB4512574               NT-AUTORITÄT\SYSTEM      10/4/2019                                       
Security Update               KB4520724               NT-AUTORITÄT\SYSTEM      11/12/2019                                     
Security Update               KB4521858               NT-AUTORITÄT\SYSTEM      11/3/2019                                       
Security Update               KB4535680               NT-AUTORITÄT\SYSTEM      1/17/2021                                       
Security Update               KB4540723               NT-AUTORITÄT\SYSTEM      3/21/2020                                       
Security Update               KB4550994               NT-AUTORITÄT\SYSTEM      5/3/2020                                       
Security Update               KB4562561               NT-AUTORITÄT\SYSTEM      6/11/2020                                       
Security Update               KB4565912               NT-AUTORITÄT\SYSTEM      7/26/2020                                       
Security Update               KB4576750               NT-AUTORITÄT\SYSTEM      9/25/2020                                       
Update                        KB4577586               NT-AUTORITÄT\SYSTEM      3/20/2021                                       
Update                        KB4589210               NT-AUTORITÄT\SYSTEM      3/10/2021                                       
Security Update               KB4601392               NT-AUTORITÄT\SYSTEM      2/10/2021                                       
Security Update               KB5001078               NT-AUTORITÄT\SYSTEM      2/13/2021                                       
Security Update               KB5001402               NT-AUTORITÄT\SYSTEM      4/16/2021                                       
Security Update               KB5005698               NT-AUTORITÄT\SYSTEM      9/25/2021                                       
Security Update               KB5011570               NT-AUTORITÄT\SYSTEM      3/22/2022                                       
Security Update               KB5014026               NT-AUTORITÄT\SYSTEM      5/27/2022                                       
Security Update               KB5016058               NT-AUTORITÄT\SYSTEM      8/4/2022                                       
Security Update               KB5017095               NT-AUTORITÄT\SYSTEM      8/22/2022                                       
Security Update               KB5017396               NT-AUTORITÄT\SYSTEM      9/14/2022                                       
Update                        KB5023325               SCHNEIDER\Administrator  2/19/2023                                       
Security Update               KB5023788               NT-AUTORITÄT\SYSTEM      3/16/2023                                       
Security Update               KB5028169               NT-AUTORITÄT\SYSTEM      7/12/2023

Maxstar · Aug 2, 2023

Follow these instructions to remove an update.

Open the Start menu of Windows and type the command CMD
When you see Command Prompt on the list, right-click on it and select Run as administrator.
When command prompt opens, copy and paste the following command into it, then press enter.

Code:

wusa /uninstall /KB:5023697

Let me know if it says it was successful or you get the message: The update KB5023697 is not installed on this computer.

plustech · Aug 2, 2023

It says update KB5023697 is not installed on this computer

Maxstar · Aug 2, 2023

1. Start the

Command Prompt as administrator.

Open the startmenu and type the command cmd.
After you find the Command Prompt, right click on it and select Run as Administrator.
Copy and paste the following into the Command Prompt and press enter.

Code:

reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

2.Right-click on the file

FRST.exe and choose Run as administrator.

Copy and paste the following (code) into the Search box and click the Search Registry button.

Code:

KB5023697

When the scan is complete, a message will display that SearchReg.txt is saved in the same folder FRST was started from.
Post the logfile SearchReg.txt as attachment in your next reply.

plustech · Aug 2, 2023

Hi, see attachment for FRST results of KB5023697

Maxstar · Aug 2, 2023

Start the

Farbar Recovery Scan Tool again.

Warning: This script was written specifically for this system. Do not run this script on another system.

Download the attachment fixlist.txt and save it to your desktop.
Right-click on FRST.exe and select "Run as administrator".
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
Post the logfile Fixlog.txt as attachment in your next reply.

plustech · Aug 2, 2023

Hi, fixlog is attached.

I tried a feature install afterwards, now I get the new 0x80073701, if that's relevant

Maxstar · Aug 2, 2023

Yes, please post the latest CBS logs, it seems more updates are causing this issue.

[SOLVED] Server 2016 - unable to Add Windows Feature, DISM errors with "CBS Catalog Missing"

Contributor

Attachments

Windows Update Moderator, Security Analyst

Contributor

Windows Update Moderator, Security Analyst

Contributor

Attachments

Windows Update Moderator, Security Analyst

Attachments

Contributor

Attachments

Windows Update Moderator, Security Analyst

Contributor

Attachments

Windows Update Moderator, Security Analyst

Contributor

Attachments

Windows Update Moderator, Security Analyst

Contributor

Windows Update Moderator, Security Analyst

Contributor

Windows Update Moderator, Security Analyst

Contributor

Attachments

Windows Update Moderator, Security Analyst

Attachments

Contributor

Attachments

Windows Update Moderator, Security Analyst