Link to home
Start Free TrialLog in
Avatar of JB Blanco
JB BlancoFlag for United States of America

asked on

Windows Update Failure on Server 2012 R2

I have a WIndows Server 2012 R2 that is failing to install Windows Updates.  We pull updates from a WSUS server on our network

Getting an Error 0x80090352

Please see Pics below:

User generated image
User generated image

I have tried the following:

stoped windows update service

removed windows update.log and software distribution folder.

restarted Windws Update Services.

Ran wuauclt /resetauthorization /detectnow

Made sure by looking at the log that the server is communicating with the Update Server.

Having a hard time finding any info on the internet about this error code
Avatar of JB Blanco
JB Blanco
Flag of United States of America image

ASKER

I should add that windows will download the updates no problem.

Its when it starts to install them, that I receive this error.  

Also it seems to look like its installing all the updates as the progress bar completely fills up.  But when it gets to the end, it says all 105 updates failed to install.
Avatar of Sajid Shaik M
Try this:

Resetting Windows Update Components will fix corrupt Windows Update Components and help you to install the Windows Updates. Please follow the below steps to reset the Windows Updates Components manually:
1. Press Windows Key + X on the keyboard and then select “Command Prompt (Admin)” from the menu.
2. Stop the BITS, Cryptographic, MSI Installer and the Windows Update Services. To do this, type the following commands at a command prompt. Press the “ENTER” key after you type each command.
•net stop wuauserv
•net stop cryptSvc
•net stop bits
•net stop msiserver
3. Now rename the SoftwareDistribution and Catroot2 folder. You can do this by typing the following commands in the Command Prompt. Press the “ENTER” key after you type each command.
•ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
•ren C:\Windows\System32\catroot2 Catroot2.old
4. Now, let’s restart the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt for this. Press the ENTER key after you type each command.
•net start wuauserv
•net start cryptSvc
•net start bits
•net start msiserver

http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_update/unable-to-install-latest-windows-updates-for-x64/24888975-9612-4749-ad84-cfa9ee50f12b?page=2

Let me know how it goes.
Avatar of Hector2016
Hector2016

According to this the error has to do with certificates and certification authorities.

SEC_E_ISSUING_CA_UNTRUSTED
0x80090352

An untrusted certificate authority was detected While processing the smartcard certificate used for authentication. Please contact your system administrator.
Thanks gonna give each of these a try
In response to Hector2016

I found that too,  but I checked and I cant find any certificate issue on the server.  I am looking at the Certification store on the local computer and I don't see any expired certs that would be causing this.

do you have any suggestions?  Is there a particular place else I can look?
To Nik

I just now tried everything you instructed and now when I check for updates I get Error Code 80096005 immediately
If you receive error “0x80096005”, the error occurs because the URL cache on the destination computer does not contain an up to date certificate revocation list (CRL) for the timestamp countersignature that is used to sign the update.

For error "0x80096005":
If you receive error “0x80096005”, follow these steps to resolve the issue:
Download and install signtool command-line tool from Windows SDK under following links: http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764.aspx
Start the Windows SDK Command Prompt as the same account that is used to install the Microsoft .NET Framework update.
Run following signtool command on the Windows SDK Command Prompt. It will verify the signature and help populate the CRL cache to the latest.

Signtool.exe verify /pa <Path Of the .NET Framework 4.0 Update>
If the computer cannot retrieve the CRL because of a disconnected network or a firewall block, the signtool may report the same error “0x80096005” (TRUST_E_TIME_STAMP).  To work around this issue, you can run following command on the Windows SDK Command Prompt.  It will disable the check to the revocation list on the time stamp signer.
setreg.exe 9 false
going to try this Nik,

just an FYI though this is on a Windows Server 2012 R2
also do I install this on the Server 2012 R2 in question? or do I install this on the WSUS server????
on Windows Server 2012 r2 in question.
It wont install

User generated image
This article helped on several cases with windows update issues.

http://www.wincert.net/microsoft-windows/windows-update-not-working/

Could you please try to follow the steps and see if it helps.

If this is a newly installed server and above won't help, I would suggest do to a fresh install.
ASKER CERTIFIED SOLUTION
Avatar of JB Blanco
JB Blanco
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i accepted my own comment above as an accepted solution since it ultimately fixed the issue
it is what utlimately fixed the issue