Windows 2008 Failing to install updates from Internet or WSUS

Windows 2008 R2 Server Failing to install updates
Windows 2012 R2 Server running WSUS 4.0
Other servers updating fine.

One update fails to apply this is after we lost power to the data center all machines came backup up with now errors
This is a physical box running Exchange Server 2010

The update is KB915597  Defender update

The server continues to report to the WSUS server every 6 hours per GPO policy in place

I ran this process on the server

Please try the following steps on your client:

1. Stop the Automatic Updates service and BITS service.

net stop wuauserv

net stop bits

2. Delete “%windir%\softwaredistribution” directory.

3. Start the Automatic Updates service and BITS service. When these two services
have been started, they will auto-create “softwaredistribution” and its subfolder
at system directory.

net start wuauserv

net start bits

4. After the “%windir%\softwaredistribution” directory has been generated, please
let the client contact the WSUS server immediately.

wuauclt.exe /resetauthorization /detectnow

If the problem still exists, please check %windir%\windowsupdate.log
and post the error message in this thread

In the Windowsupdate.log I see this

2018-03-09      21:46:29:060      2040      40e8      Handler      :::::::::::::
2018-03-09      21:46:29:060      2040      40e8      Handler      :: START ::  Handler: Command Line Install
2018-03-09      21:46:29:060      2040      40e8      Handler      :::::::::
2018-03-09      21:46:29:060      2040      40e8      Handler        : Updates to install = 1
2018-03-09      21:46:33:600       872      44f8      Report      REPORT EVENT: {DB7183EE-B929-45D2-A94A-B20CF5111AEB}      2018-03-09 21:46:28:748-0500      1      189      102      {00000000-0000-0000-0000-000000000000}      0      0      AutomaticUpdates      Success      Content Install      Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:  - Definition Update for Windows Defender - KB915597 (Definition 1.263.332.0)
2018-03-09      21:46:33:600       872      44f8      Report      REPORT EVENT: {71FAD36B-6DBD-42A9-B5CF-B6BAD95320C6}      2018-03-09 21:46:28:842-0500      1      181      101      {3ADA6092-11BA-4C56-8EDE-4B5B2184A306}      200      0      AutomaticUpdates      Success      Content Install      Installation Started: Windows successfully started the following update: Definition Update for Windows Defender - KB915597 (Definition 1.263.332.0)
2018-03-09      21:46:33:974      2040      40e8      Handler        : WARNING: Command line install completed. Return code = 0x8050a005, Result = Failed, Reboot required = false
2018-03-09      21:46:33:974       872      42c8      AU      >>##  RESUMED  ## AU: Installing update [UpdateId = {3ADA6092-11BA-4C56-8EDE-4B5B2184A306}]
2018-03-09      21:46:33:974      2040      40e8      Handler        : WARNING: Exit code = 0x8024200B
2018-03-09      21:46:33:974       872      42c8      AU        # WARNING: Install failed, error = 0x80070643 / 0x8050A005
2018-03-09      21:46:33:974      2040      40e8      Handler      :::::::::
2018-03-09      21:46:33:974      2040      40e8      Handler      ::  END  ::  Handler: Command Line Install
2018-03-09      21:46:33:974      2040      40e8      Handler      :::::::::::::

Any one have any ideas on what else I can try.?
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


try to update the system directly from MS, by targetting MS instead of the WSUS. The downloaded updates may no longer be valid i.e. they expired......
stop bits, windows updates. delete all the content from c:\windwos\softwaredistribution\downloads, though you may have gone the extra by deleting the entire folder.
another option, is run the cleanup wizard (options) on the wsus to remove expired/superseded updates.

and try again...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:


The article point to desktop OS's this is Windows 2008 Server

As you can see in my post I already removed the windows\softwaredistribution folder in the steps I provided above.

I run a Weekly script that cleans the wsus updates I am currently running a manual one

This is my exchange server so removing it from wsus will take sometime because it is using the gpo provided  I would have to restart the server to pick up a new gpo

Or I am thinking I can just change the registry settings

What you think?
Get the Windows update troubleshooter from Microsoft and run it to diagnose/repair the situation.

You do MIT need to remove it from gpo, unless your gpo disabled access to ms.
Go through updates, and see if the option to check with Microsoft, the option is below the line where it says your system is managed by your administrator ir sonething like that.

Instead of rebooting, change the gpo, unblocking the allow admin to check with NS or sonething like that. Let the gpo refresh cycle to get the change.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Thomas GrassiSystems AdministratorAuthor Commented:
I found this information nd I get the same error trying to update defender signatures,

It is not a WSUS issue it is a defender issue

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\>cd %ProgramFiles%\Windows Defender

C:\Program Files\Windows Defender>MpCmdRun.exe -removedefinitions -dynamicsignat

Service Version: 6.1.7601.18170
Engine Version: 1.1.14500.5
AntiSpyware Signature Version: 1.261.1644.0

Starting engine and signature rollback to last known good...Done!

Service Version: 6.1.7601.18170
Engine Version: 1.1.14500.5
AntiSpyware Signature Version: 1.261.1518.0

C:\Program Files\Windows Defender>MpCmdRun.exe -SignatureUpdate
Signature update started . . .
ERROR: Signature Update failed with hr=8050A005

C:\Program Files\Windows Defender>

Trying to update via the defender interface get same error
Check the windows update and the available updates offered directly from Microsoft.
T could be an optional updated that your wsus is not setup to pull, offer.
Thomas GrassiSystems AdministratorAuthor Commented:
pointed to the internet for updates and still same error

It is a defender problem not an update from wsus issue.

see my previous post
Thomas GrassiSystems AdministratorAuthor Commented:
After restarting the server and removing it from wsus the problem continues.
This is not a WSUS problem.

Defender refuses to update

What else can we do?
Trying to manually download the defender updates from MS and applying them...

option to .....

The cause of this error seems to lead to a single update, in your case, KB915597 decline this update and see whether the subsequent updates for defender will load without an issue...
Thomas GrassiSystems AdministratorAuthor Commented:
Declined the updates and the next batch that came in failed.

WATF is wrong with defender on Windows 2008 Server not being able to update.

My other Windows 2008 server updates no problem.
Compare the defender updates on each.
Thomas GrassiSystems AdministratorAuthor Commented:
Defender on Working 2008 Server

Client Version 6.1.7600.16385
Engine Version 1.1.14600.4
Antispyware definitions 1.263.585.0

Defender on Failing Windows 2008 Server

Client Version 6.1.7600.16385
Engine Version 1.1.14500.5
Antispyware definitions 1.261.518.0

Defender is not updating
All other microsoft updates are working

Defender is failing everyday to update

Any way to uninstall defender? remove it totally and then reinstall it?

How do we fix a corrupt defender ????
Thomas GrassiSystems AdministratorAuthor Commented:
I uninstalled defender on the server with the problem
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.