Issues Installing Cumulative Updates on Windows Server 2016
Hello,
I am having issues installing Cumulative Updates on my Windows Server 2016 server. It downloads and begins installing the update fine but then after it reboots and is Configuring Update, at about 90% it changes to "We couldn't complete the updates undoing changes"
I "think" this started after I installed Veeam and noticed some really bad performance degradation so I uninstalled it and recently uninstalled the SQL Server 2016 that it used. Before uninstalling SQL Server 2016, I have tried the following but hasn't changed my results unfortunately:
- SFC / scannow
- SFCFix tool
- Dism /Online /Cleanup-Image /RestoreHealth
- Rename "SoftwareDistribution" and "System32\catroot2"
- Dism /Online /Cleanup-Image /CheckHealth
- Dism /Online /Cleanup-Image /ScanHealth
- Dism /Online /Cleanup-Image /startComponentCleanup
- Dism /Online /Cleanup-Image /restoreHealth
I tried to look through some logs but didn't see anything glaring to me so would be happy to upload them here, just let me know which ones and where to grab them if needed.
I am having issues installing Cumulative Updates on my Windows Server 2016 server. It downloads and begins installing the update fine but then after it reboots and is Configuring Update, at about 90% it changes to "We couldn't complete the updates undoing changes"
I "think" this started after I installed Veeam and noticed some really bad performance degradation so I uninstalled it and recently uninstalled the SQL Server 2016 that it used. Before uninstalling SQL Server 2016, I have tried the following but hasn't changed my results unfortunately:
- SFC / scannow
- SFCFix tool
- Dism /Online /Cleanup-Image /RestoreHealth
- Rename "SoftwareDistribution" and "System32\catroot2"
- Dism /Online /Cleanup-Image /CheckHealth
- Dism /Online /Cleanup-Image /ScanHealth
- Dism /Online /Cleanup-Image /startComponentCleanup
- Dism /Online /Cleanup-Image /restoreHealth
I tried to look through some logs but didn't see anything glaring to me so would be happy to upload them here, just let me know which ones and where to grab them if needed.
ASKER
This server happens to be for a small business so it runs as their DC and Application Server.
ASKER
Looking online at these steps for what I believe you are referring to:
I recall doing this exact thing a few weeks ago but I don't believe I ran sfc /scannow again afterwards. Are the above steps the appropriate order to perform that task?
- Run dism /online /cleanup-image /scanhealth
- Run dism /online /cleanup-image /checkhealth
- Run dism /online /cleanup-image /restorehealth
- Mount the Windows Server 2016 ISO as a drive (E: in this case)
- Run dism /online /cleanup-image /restorehealth
/source:WIM:E:\sources\install.wim:1 /limitaccess - Run sfc /scannow
- Run Windows Update
I recall doing this exact thing a few weeks ago but I don't believe I ran sfc /scannow again afterwards. Are the above steps the appropriate order to perform that task?
Ok. The reason I don't recommend it for DCs is because I have never tried it on a DC. I have tried it on numerous other servers (all kind of types) and it worked 100%, all servers could install updates afterwards.
So you could ask a related question (or google) in order to find people who have repaired a DC that way and ask whether they saw any problems doing so.
So you could ask a related question (or google) in order to find people who have repaired a DC that way and ask whether they saw any problems doing so.
"Looking online at these steps for what I believe you are referring to" - no, that is not what I am referring to. I have written down what to do: start server 2016 setup within your running windows.
ASKER
I understand, I gotcha. I will give that a try during off hours and send an update.
Thank you.
Thank you.
Sorry, I don't think you should "give this a try" on a DC.
Please do your research about what has happened for others before you do (or setup a test domain).
Please do your research about what has happened for others before you do (or setup a test domain).
ASKER
If I created a virtual VM as a temporary DC and transferred the FSMO roles over to it, would it then be safe to run it on this particular server? Or would you suggest doing a full demotion?
What you should try before that, is using dism /restorehealth but with a different source. Take an updated ISO that will have the same patch level as your DC has now as source. Either you find such an ISO using VLSC, or you build one yourself.
I have had a lot of success with that, too.
I have had a lot of success with that, too.
ASKER
Sounds good, I will do that.
Before testing the WinUpdate again, would you recommend renaming "SoftwareDistribution" and "System32\catroot2" folders again for good measure or should be good without them?
Before testing the WinUpdate again, would you recommend renaming "SoftwareDistribution" and "System32\catroot2" folders again for good measure or should be good without them?
ASKER
Also, I just ran
I believe this is better results than I recieved before when I ran /restorehealth. It's been since the beginning of the month since I was working on this issue but I recall it found issues that it couldn't resolve before so I ran /restorehealth and pointed it to an ISO I placed on the server. However, with these results, should I still run the /restorehealth?
- dism /online /cleanup-image /scanhealth
- dism /online /cleanup-image /checkhealth
I believe this is better results than I recieved before when I ran /restorehealth. It's been since the beginning of the month since I was working on this issue but I recall it found issues that it couldn't resolve before so I ran /restorehealth and pointed it to an ISO I placed on the server. However, with these results, should I still run the /restorehealth?
The restore health is never bad, so try it with an updated ISO (same updates that your server has now).
Never deleted catroot2. Rarely need to delete softwaredistribution.
Cleanest way out would be a new DC, as you considered before so if you're experienced with a DC switch, why not.
You could of course also take a backup now and just do the Inplace Upgrade afterwards.
Do what you feel able to do.
Never deleted catroot2. Rarely need to delete softwaredistribution.
Cleanest way out would be a new DC, as you considered before so if you're experienced with a DC switch, why not.
You could of course also take a backup now and just do the Inplace Upgrade afterwards.
Do what you feel able to do.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This keeps apps, files and most settings but will reset security settings to defaults.
It's an easy fix, but I would only recommend it on servers that don't run as domain controller.