Windows Server 2016 x64 - unable to enable Defender Missing KB's

S

stinger007

Well-known member
Joined
May 16, 2024
Posts
169
Location
UK
Hi All,

I've stumbled across this forum and SFC.exe after a full week of being unable to enable Defender. It's looks as though this has been removed from the server. I've tried all the classic DISM fixes including pointing to a WIM, restore health ect with no luck. I've looked at the CBS logs and can see it seems to be KB4048953 & KB5010359 that are the issue. I've run SFC.exe tried again without any luck. I've attached the following logs CBS & SFC

Thanks very much in advance.

I have over 150 servers to onboard to Microsoft Endpoint Defender and most seem to have this issue so If I can work out a way to fix the issue on this server with the SFC tool I'll be over the moon
 

Attachments

Hi and welcome to Sysnative,

Please provide also the previous CBS logs.

Upload a copy of the CBS folder
  • Open Windows Explorer and browse to the C:\Windows\Logs folder.
  • Right-click on the CBS folder and choose Send to > Compressed (zipped) folder.
  • Now the message will appear, "Windows cannot create the Compressed (zipped) Folder here. Do you want it to be placed on the desktop instead?"
  • Click on the Yes button here.
653a64385d891-618e949e09fef-CBS-Folder.png

  • Attach the file CBS.zip to your next reply. If the file is too large to attach, upload the CBS.zip file to www.wetransfer.com and post the link in your next reply.
 
Hi,

Thanks so much for getting back to me, just spotted the response above today. Please find attached CBS.zip
 

Attachments

Hi,

Follow these instructions to remove an update.
  • Open the Start menu of Windows and type the command CMD
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • When command prompt opens, copy and paste the following command into it, then press enter.
Code: 
wusa /uninstall /KB:4048953
  • Let me know if it says it was successful or you get the message: The update KB4048953 is not installed on this computer.
 
After running the command I got the message on screen "The Update KB4048953 is not installed on this computer"

Thanks
 
Download the
577bf0efb8088-FRST.png
Farbar Recovery Scan Tool and save it to your Desktop:

Download the 64 bit version: - Farbar Recovery Scan Tool Link
  • Open the startmenu and type the command cmd.
  • After you find the Command Prompt, right click on it and select Run as Administrator.
  • Copy and paste the following into the Command Prompt and press enter.
Code: 
reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
Right-click on the file FRST64.exe and choose Run as administrator.
  • Copy and paste the following (code) into the Search box and click the Search Registry button.
Code: 
KB4048953
  • When the scan is complete, a message will display that SearchReg.txt is saved in the same folder FRST was started from.
  • Post the logfile SearchReg.txt as attachment in your next reply.
 
Start the
577bf0efb8088-FRST.png
Farbar Recovery Scan Tool again.

Warning: This script was written specifically for this system. Do not run this script on another system.
  • Download the attachment fixlist.txt and save it to your desktop.
  • Right-click on FRST.exe and select "Run as administrator".
  • Press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.
  • When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
  • Post the logfile Fixlog.txt as attachment in your next reply.
 

Attachments

Please try to install the Windows Defender feature, if it fails attach a new copy of the CBS logs.
 
It looked like it was going to work as it took a lot longer to error this time, however unfortunately it did error (shown below)

Defender.PNG

I've attached the CBS logs again

Will check back tomorrow, Thanks for you help so far. Very much appreciated have a good evening.
 

Attachments

Follow these instructions to remove an update.
  • Open the Start menu of Windows and type the command CMD
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • When command prompt opens, copy and paste the following command into it, then press enter.
Code: 
wusa /uninstall /KB:5010359
  • Let me know if it says it was successful or you get the message: The update KB5010359 is not installed on this computer.
 
Hello again,

After running the command wusa /uninstall /KB:5010359 the Windows Update Standalone Installer did try to uninstall the KB. However the window below popped up with an error

KB5010359 Error.PNG
 
This doesn't look good at all.

Export CBS (Component Based Servicing) ans SBS (Side By Side) hive through the command line
  • Open the Start menu of Windows and type CMD.
  • When you see Command Prompt on the list, select the option Run as administrator.
  • Copy and paste the following commands one at a time into the command prompt and press enter after each.
Code: 
REG Save "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" "%userprofile%\Desktop\CBS.hiv"
REG Save "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" "%userprofile%\Desktop\SBS.hiv"
  • ZIP both *.hiv files and attach this file as attachment to your next reply.
 
Oh no :(

I've literally been going round in circles with this problem on different 2016 servers for weeks.

I've attached both CBS.Hiv and SBS.hiv in the zip file, Thanks again
 

Attachments

Please run the following DISM command first and post the result. If it fails attach a new copy of the CBS log.
Code: 
DISM /online /cleanup-image /RestoreHealth
 
Please retry to enable the Windows Defender feature using the Server Manager and post the result. If it fails attach a new copy of the CBS logs.
 
You must log in or register to reply here.
Back
Top