[SOLVED] Windows Cumulative Updates Fail Server 2016

BrandonW934

BrandonW934

Member
Joined
Sep 17, 2023
Posts
12
Ok, seems like you guys are the wizards getting these to work. I believe I have narrowed it down to the drivers below. Thanks in advanced

Doqe: [Forward] Installing driver updates, Count 2
2023-09-15 23:40:33, Info CBS INSTALL index: 83, phase: 1, result 0, inf: machine.inf
2023-09-15 23:40:33, Info CBS INSTALL index: 107, phase: 1, result 0, inf: mshdc.inf
2023-09-15 23:40:37, Info CBS INSTALL index: 162, phase: 2, result 0, inf: machine.inf
2023-09-15 23:40:37, Info CBS INSTALL index: 107, phase: 2, result 13, inf: mshdc.inf
2023-09-15 23:40:37, Info CBS Doqe: Recording result: 0x8007000d, for Inf: mshdc.inf
2023-09-15 23:40:37, Info CBS DriverUpdateInstallUpdates failed [HRESULT = 0x8007000d - ERROR_INVALID_DATA]
2023-09-15 23:40:37, Info CBS Doqe: Failed installing driver updates [HRESULT = 0x8007000d - ERROR_INVALID_DATA]
2023-09-15 23:40:37, Info CBS Perf: Doqe: Critical install ended.
2023-09-15 23:40:37, Info CBS Failed installing driver updates [HRESULT = 0x8007000d - ERROR_INVALID_DATA]
2023-09-15 23:40:37, Error CBS Startup: Failed executing critical driver operations queue [HRESULT = 0x8007000d - ERROR_INVALID_DATA]
2023-09-15 23:40:37, Info CBS Startup: Rolling back KTM, because drivers failed.
 

Attachments

Hi and welcome to Sysnative,

Upload the setupapi.dev.log file
  • Open Windows Explorer and browse to the C:\Windows\INF folder.
  • Right-click on the file setupapi.dev.log and choose Send to > Compressed (zipped) folder.
  • Now the message will appear, "Windows cannot create the Compressed (zipped) Folder here. Do you want it to be placed on the desktop instead?"
  • Click on the Yes button here.
618e949e09fef-CBS-Folder.png

  • Attach the file setupapi.dev.zip in your next reply.
 
Rich (BB code): 
!!!  inf:                Failed to query service configuration. Error = 0x0000000D

Hi,

Export registry key as hive file.
  • Open the Start menu of Windows and type CMD.
  • When you see Command Prompt on the list, select the option Run as administrator.
  • Copy and paste the following command into the command prompt and press enter.
Code: 
reg save "HKLM\SYSTEM\CurrentControlSet\Services" "%userprofile%\Desktop\Services.hiv"
  • Once done, a file will appear on your desktop, called Services.hiv.
  • ZIP this file and attach it to your next reply.
 
Do you have a similar server in your network to export the above key to compare with the following result?

Code: 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
"ImagePath"=hex:53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
  00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,74,00,61,00,70,00,69,00,2e,00,\
  73,00,79,00,73,00,00,00
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Tag"=dword:00000019
"DisplayName"="Standard IDE/ESDI Hard Disk Controller"
"Owners"=hex(7):6d,00,73,00,68,00,64,00,63,00,2e,00,69,00,6e,00,66,00,00,00,00,\
  00
 
Yes, below. This is Windows 2016 Server also, but on a different Hyper V Server. This one is updating fine.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,61,00,70,00,69,00,2e,\
00,73,00,79,00,73,00,00,00
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000003
"Group"="SCSI Miniport"
"Tag"=dword:0000001a
"DisplayName"="@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel"
"Owners"=hex(7):6d,00,73,00,68,00,64,00,63,00,2e,00,69,00,6e,00,66,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\StartOverride]
"0"=dword:00000003
 
Thanks, here's the next fix to correct the "ImagePath" value.

Please follow these instructions to run the
577bf0efb8088-FRST.png
Farbar Recovery Scan Tool with system privileges.

Download the 64 bit version: - Farbar Recovery Scan Tool Link

Warning: This script was written specifically for this system. Do not run this script on another system.
  • Download PsExec from Microsoft Sysinternals to your desktop.
  • Unzip PsTools.zip to its own directory on the system drive, for example: C:\Tools\PsTools
  • Navigate in an elevated command prompt to the PsTools directory: cd C:\Tools\PsTools.
  • Now copy and paste the following command into the command prompt and press enter. Click on the Agree button when the licence agreement of PsExec appears.
  • Note: Ensure that both FRST64.exe and the Fixlist.txt file are on your desktop! Otherwise you'll need to ammend the command to the right location.
    Code: 
    psexec -i -d -s "%userprofile%\desktop\FRST64.exe"
  • FRST will make a new backup of the registry first, please wait until this process is completed.
  • Ensure the provided Fixlist.txt is in the same location as FRST64.exe and then press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.
  • When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  • Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

Last edited:
Ok, thanks. This is a production server so I will have to wait until this weekend if you think it will reboot?
 
FRST will not ask for a restart in this case, but after the fix completed successfully it is recommended to restart the server and then attempt to update again.
If it fails attach a new copy of the CBS logs and a copy of the setupapi.dev.log.
 
This looks good, please reboot the server when this server is not in use and please attempt to update again...
 
Will do Thanks for the help also,

Looks like Crowdstrike blocked the following when FRST64.exe was executed, so not sure if that is going to affect anything.

ACTION TAKEN

  • Operation blocked
SEVERITY

Medium
OBJECTIVE
Follow Through
TACTIC & TECHNIQUE
Impact via Inhibit System Recovery
TECHNIQUE ID
T1490
IOA NAME
VolumeShadowSnapshotDeleted
IOA DESCRIPTION
A process attempted to delete a Volume Shadow Snapshot.
 
All good. I wasn't questioning the software. I was just seeing if Crowdstike blocking the deletion of the Volume Shadow Snapshot would create an issue. I wouldn't think so, but just double checking.
 
I'm not familair with the security software of Crowdstrike! But the fix of FRST completed successfully, so I think we can ignore the VSS message...
 
Hi,

Here's the next fix, this time it is an another component to fix.

Please follow these instructions to run the
577bf0efb8088-FRST.png
Farbar Recovery Scan Tool with system privileges.

Warning: This script was written specifically for this system. Do not run this script on another system.
  • Download PsExec from Microsoft Sysinternals to your desktop.
  • Unzip PsTools.zip to its own directory on the system drive, for example: C:\Tools\PsTools
  • Navigate in an elevated command prompt to the PsTools directory: cd C:\Tools\PsTools.
  • Now copy and paste the following command into the command prompt and press enter. Click on the Agree button when the licence agreement of PsExec appears.
  • Note: Ensure that both FRST64.exe and the Fixlist.txt file are on your desktop! Otherwise you'll need to ammend the command to the right location.
    Code: 
    psexec -i -d -s "%userprofile%\desktop\FRST64.exe"
  • FRST will make a new backup of the registry first, please wait until this process is completed.
  • Ensure the provided Fixlist.txt is in the same location as FRST64.exe and then press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.
  • When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  • Post the logfile Fixlog.txt as attachment in your next reply.

Afterwards reboot the server and attempt to update. If it fails attach a new copy of the CBS logs and a copy of the setupapi.dev.log.
 

Attachments

You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top