Главная » Linux

Troubleshooting windows update log

Содержание
  1. Windows Update log files
  2. Generating WindowsUpdate.log
  3. Windows Update log components
  4. Windows Update log structure
  5. Time stamps
  6. Process ID and thread ID
  7. Component name
  8. Update identifiers
  9. Windows Setup log files analysis using SetupDiag tool
  10. How to Enable Microsoft Installer logging and Verbose logging to gather additional troubleshooting Information
  11. Symptoms
  12. Cause
  13. Resolution
  14. Step 1: Enable Microsoft Installer logging and Windows Update verbose logging
  15. Here’s an easy fix
  16. For Windows 8, Windows 7
  17. For Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003

Windows Update log files

The following table describes the log files created by Windows Update.

Log file Location Description When to use
windowsupdate.log C:\Windows\Logs\WindowsUpdate Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs. If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.
UpdateSessionOrchestration.etl C:\ProgramData\USOShared\Logs Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files. When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered.
NotificationUxBroker.etl C:\ProgramData\USOShared\Logs Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. When you want to check whether the notification was triggered or not.
CBS.log %systemroot%\Logs\CBS This log provides insight on the update installation part in the servicing stack. To troubleshoot the issues related to Windows Update installation.

Generating WindowsUpdate.log

To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see Get-WindowsUpdateLog.

When you run the Get-WindowsUpdateLog cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run Get-WindowsUpdateLog again.

Windows Update log components

The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:

  • AGENT- Windows Update agent
  • AU — Automatic Updates is performing this task
  • AUCLNT- Interaction between AU and the logged-on user
  • CDM- Device Manager
  • CMPRESS- Compression agent
  • COMAPI- Windows Update API
  • DRIVER- Device driver information
  • DTASTOR- Handles database transactions
  • EEHNDLER- Expression handler that’s used to evaluate update applicability
  • HANDLER- Manages the update installers
  • MISC- General service information
  • OFFLSNC- Detects available updates without network connection
  • PARSER- Parses expression information
  • PT- Synchronizes updates information to the local datastore
  • REPORT- Collects reporting information
  • SERVICE- Startup/shutdown of the Automatic Updates service
  • SETUP- Installs new versions of the Windows Update client when it is available
  • SHUTDWN- Install at shutdown feature
  • WUREDIR- The Windows Update redirector files
  • WUWEB- The Windows Update ActiveX control
  • ProtocolTalker — Client-server sync
  • DownloadManager — Creates and monitors payload downloads
  • Handler, Setup — Installer handlers (CBS, and so on)
  • EEHandler — Evaluating update applicability rules
  • DataStore — Caching update data locally
  • IdleTimer — Tracking active calls, stopping a service

Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don’t filter to exclude irrelevant components so that you can focus on what’s important.

Windows Update log structure

The Windows update log structure is separated into four main identities:

  • Time Stamps
  • Process ID and Thread ID
  • Component Name
  • Update Identifiers
    • Update ID and Revision Number
    • Revision ID
    • Local ID
    • Inconsistent terminology

The WindowsUpdate.log structure is discussed in the following sections.

Time stamps

The time stamp indicates the time at which the logging occurs.

  • Messages are usually in chronological order, but there may be exceptions.
  • A pause during a sync can indicate a network problem, even if the scan succeeds.
  • A long pause near the end of a scan can indicate a supersedence chain issue.

Process ID and thread ID

The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.

  • The first four hex digits are the process ID.
  • The next four hex digits are the thread ID.
  • Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.

Component name

Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:

  • ProtocolTalker — Client-server sync
  • DownloadManager — Creates and monitors payload downloads
  • Handler, Setup — Installer handlers (CBS, etc.)
  • EEHandler — Evaluating update applicability rules
  • DataStore — Caching update data locally
  • IdleTimer — Tracking active calls, stopping service

Update identifiers

Update ID and revision number

There are different identifiers for the same update in different contexts. It’s important to know the identifier schemes.

  • Update ID: A GUID (indicated in the previous screenshot) that’s assigned to a given update at publication time
  • Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
  • Revision numbers are reused from one update to another (not a unique identifier).
  • The update ID and revision number are often shown together as «.revision.»
Revision ID
  • A Revision ID (don’t confuse this value with «revision number») is a serial number that’s issued when an update is initially published or revised on a given service.
  • An existing update that’s revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
  • Revision IDs are unique on a given update source, but not across multiple sources.
  • The same update revision might have different revision IDs on Windows Update and WSUS.
  • The same revision ID might represent different updates on Windows Update and WSUS.
Local ID
  • Local ID is a serial number issued when an update is received from a service by a given Windows Update client
  • Typically seen in debug logs, especially involving the local cache for update info (Datastore)
  • Different client PCs will assign different Local IDs to the same update
  • You can find the local IDs that a client is using by getting the client’s %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
Inconsistent terminology

Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.

Recognize IDs by form and context:

  • GUIDs are update IDs
  • Small integers that appear alongside an update ID are revision numbers
  • Large integers are typically revision IDs
  • Small integers (especially in Datastore) can be local IDs

Windows Setup log files analysis using SetupDiag tool

SetupDiag is a diagnostic tool that can be used for analysis of logs related to installation of Windows Updates. For detailed information, see SetupDiag.

How to Enable Microsoft Installer logging and Verbose logging to gather additional troubleshooting Information

Symptoms

Windows Installer uses logging to help you troubleshoot issues that may occur when you install software packages. After you enable logging, you can try the unsuccessful installation again. Windows Installer tracks the progress and records the data in a log file. These logs can then be reviewed by support professionals to help determine the issue.

Cause

Microsoft Installer issues can be caused by data corruption, corrupted installations and many other different issues.

Resolution

To troubleshoot these issues, you have to enable logging for two processes, and then try to install the updates again. When you enable logging, the actual error codes that are generated by Windows Installer are captured. As soon as the error codes are captured, you can determine the actual issue and the resolution for that issue. These errors will require you to contact Microsoft Support to resolve the issue. However, you have to do several things before you contact Microsoft Support.

To enable and collect the Windows Installer logs, follow the steps for your operating system.

Step 1: Enable Microsoft Installer logging and Windows Update verbose logging

To have us enable logging for you, go to the «Here’s an easy fix» section. If you prefer to fix this problem manually, go to the «Let me fix it myself» section.

Here’s an easy fix

To fix this problem automatically, click the Download button. In the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.

This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.

If you’re not on the computer that has the problem, save the easy fix solution to a flash drive or a CD, and then run it on the computer that has the problem.

For Windows 8, Windows 7

For Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003

For computers that are running Windows 2000, Windows XP, or Windows Server 2003

Click Start, click Run, type Notepad, and then click OK.

Type the following commands in Notepad.

On the File menu, click Save As.

In the Save in list, click Desktop.

In the File name box, type LoggingOn.reg, click All Files in the Save as type list, and then click Save.

On the desktop, double-click the LoggingOn.reg file to add the registry keys to the Windows registry.

Click OK in the message box.

Try to install the update again to capture the additional error information in the Windows Installer .log file.

For computers that are running Windows Vista and Windows Server 2008

Click Start
, and then in the Start Search box, type Notepad.

In the Programs list, click Notepad.

Type the following commands in Notepad.

On the File menu, click Save As.

In the Save in list, click Desktop.

In the File name box, type LoggingOn.reg, click All Files in the Save as type list, and then click Save.

On the desktop, double-click the LoggingOn.reg file to add the registry values to the Windows registry.


If you are prompted for an administrator password or confirmation, type the password or click Continue.

Click Yes, and then click OK.

Try to install the update again to capture the additional error information in the Windows Installer .log file.

Step 2: Try to install updates again to create the log filesTo try to install the updates again, visit the following Microsoft Update Web site:

http://update.microsoft.comNote It can take several minutes to collect these logs, and the update process may not seem to be functioning correctly. Allow for the necessary time for the process to finish.

Step 3: Disable Microsoft Installer logging and Windows Update verbose loggingImportant As soon as Windows Update or Microsoft Update has finished, disable Windows Installer logging. Having logging enabled can require too much time every time that you install updates, can slow down your computer, and can create large log files that require large amounts of disk space.

To have us disable logging for you, go to the «Here’s an easy fix» section. If you prefer to fix this problem manually, go to the «Let me fix it myself» section.

Here’s an easy fix To fix this problem automatically, click the Download button. In the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.

This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.

If you’re not on the computer that has the problem, save the easy fix solution to a flash drive or a CD, and then run it on the computer that has the problem.

For Windows 8, Windows 7

For Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003

To disable Windows Installer logging, follow the steps for your operating system.

For computers that are running Windows 2000, Windows XP, or Windows Server 2003

Click Start, click Run, type Notepad, and then click OK.

Type the following commands in Notepad.

On the File menu, click Save As.

In the Save in list, click Desktop.

In the File name box, type LoggingOff.reg, click All Files in the Save as type list, and then click Save.

On the desktop, double-click the LoggingOff.reg file to remove the registry values from the Windows registry.

Click OK in the message box.

Delete the LoggingOn.reg and LoggingOff.reg files from the desktop

Contact Microsoft Support for help, and reference this Microsoft Knowledge Base article when you speak to the support agent. For more information about how to contact Microsoft Support, visit the following Microsoft Web site:

For computers that are running Windows Vista and Windows Server 2008

Click Start
, and then type Notepad in the Start Search box.

In the Programs list, click Notepad.

Type the following commands in Notepad.

In Notepad, click Save As on the File menu.

In the Save in list, click Desktop.

In the File name box, type LoggingOff.reg, click All Files in the Save as type list, and then click Save.

On the desktop, double-click the LoggingOff.reg file to remove the registry values from the Windows registry.


If you are prompted for an administrator password or confirmation, type the password or click Continue.

Click Yes, and then click OK.

Delete the LoggingOn.reg and LoggingOff.reg files from the desktop.

Contact Microsoft Support for help, and reference this Microsoft Knowledge Base article when you speak to the support agent. For more information about how to contact Microsoft Support, visit the following Microsoft Web site:

In most cases, the Windows Installer log starts with msi, ends with a .log extension, and includes a group of characters. For example, the Windows Installer log will have a file name that resembles the following:

msib3a6g.log On computers that are running Windows 2000, Windows XP, or Windows Server 2003, the installer log is located in the following directory:

C:\Documents and Settings\ \Local Settings\Temp\ To open this directory, click Start, click Run, type %temp%, and then click OK.

Note This information assumes that Windows is installed to the default drive C. If this is not the case, adjust the drive letter for the folder path to match the installation drive.

On computers that are running Windows Vista or Windows Server 2008, the installer log is located in the following directory:

C:\Users\, type %temp% in the Start Search box, and then press ENTER.

Note This information assumes that Windows is installed to the default drive C. If this is not the case, adjust the drive letter for the folder path to match the installation drive.

For more information about how to enable Windows Installer logging, click the following article number to view the article in the Microsoft Knowledge Base:

314852 How to enable Windows Installer logging in Windows XP

Читайте также:  Sis191 ethernet controller драйвер windows 10
Оцените статью
© 2024 Советы по настройке компьютера