question

EMR-7475 avatar image
2 Votes"
EMR-7475 asked marcolopes answered

Windows Server KB4535680 Stuck

I am running Windows Server 2019 Standard Edition but Windows Update is stuck on KB4535680. It always fails to install, and I can't get past it to check for new updates. I ran the Windows Update Troubleshooter, cleared the Windows Softwware Distribution folder to no avail. How can I fix this? Thanks.

windows-server
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Have you tried to download the Patch-file manually from the MS Update Catalog and the install the patch by running the file manually (double clicking on it to run)? Try That.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4535680

1 Vote 1 ·

I have run across this type of issue in the past when I tried to enable .NET 3.5. The error messages indicated missing files but I could not figure out exactly what was missing or how I was going to restore them. Strangely, I was able to enable .NET 3.5 on our other servers without issue. I tried various DISM commands, clearing update history, resetting update caches, manual update installs, etc.

What I ended up doing was copying the Windows\SxS directory from a known good fully patched server. Then I retried installing the updates and they installed without a problem. This was a last resort but I figured it was worth a shot since I really didn't want to set up another server. If you decide to try this, I would make a copy of your current SxS directory first.

1 Vote 1 ·

Anyone found a way of REMOVING this update?

I need to install OTHER updates, and this one if interfering with with (i had to install one update manually, but now i'm stuck again with other updates ready to install, including THIS ONE, that is giving me problems)

0 Votes 0 ·
DSPatrick avatar image
1 Vote"
DSPatrick answered

Might want to check the known issues here.
https://support.microsoft.com/en-us/topic/security-update-for-secure-boot-dbx-january-12-2021-f08c6b00-a850-e595-6147-d0c32ead81e2

and check with the hardware manufacturer to confirm its supported.


--please don't forget to Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JennyFeng-MSFT avatar image
1 Vote"
JennyFeng-MSFT answered marcolopes commented

@EMR-7475
Hi,
Some original equipment manufacturer (OEM) firmware might not allow for the installation of this update.
Try the following steps:
Stop the BITS and the Windows Update Services
Delete or rename the SoftwareDistribution folder
-NOTE: If deleting, it would be a good idea to copy or backup this folder first
Start the BITS and Windows Update Services.
-NOTE: You should now see the SoftwareDistribution folder is recreated
For your reference:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/unsticking-windows-updates-that-are-stuck-in-their-tracks/ba-p/570743
Hope above information can help you.

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

And that will do exactly what? The update is going to be downloaded again and again!

0 Votes 0 ·
EMR-7475 avatar image
1 Vote"
EMR-7475 answered marcolopes edited

I was on the phone with Dell for over 2 hours today. They are not preventing the update from installing but are helping me to troubleshoot the issue. According to their tech support person, the problem is that I have older files in the C:\Windows\System32\SecureBootUpdates folder (picture enclosed). At this point they suggested I open up a Microsoft support case but I am hoping someone here can help.

60782-image.png



image.png (67.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

To be honest, for your demand, open a support ticket with Microsoft should be a more effective way than ask in Q&A.
https://support.microsoft.com/en-us/help/4341255/support-for-business

0 Votes 0 ·

Any follow up on this specific reason for the update failure?

0 Votes 0 ·
JuanSobrado-3258 avatar image
1 Vote"
JuanSobrado-3258 answered

Hello @EMR-7475

Make sure you have latest SSU installed: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4598480

If problem persists you need to check at CBS.log in C:\windows\logs\cbs

Regards,

Juan S.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EMR-7475 avatar image
0 Votes"
EMR-7475 answered

Thanks, I already had that update installed but KB4535680 still won't install. What should I be looking for in the logs?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JuanSobrado-3258 avatar image
0 Votes"
JuanSobrado-3258 answered marcolopes edited

Hello @EMR-7475

Look for keywords:

"failed to", ", warn" ", err".

Depending on the type of error the repair can be fixed manually or via Dism.

You need to isolate if error is during scan or download. If you try to install the KB4535680 from https://www.catalog.update.microsoft.com/Home.aspx , do you get an installation error too? If yes, you will need to generate a WindowsUpdate.log and check for errors during the download.

Thanks,

Juan S.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Manual installation fails. Tried several times.

Had to install OHTER updates manually to avoid being rolled back because THIS one fails!

Now i have other updates that will certainly fail because this one is going to be installed after reboot!

What to do?

0 Votes 0 ·

Part of the LOG

 2021-05-29 06:47:13, Error                 CSI    0000005d@2021/5/29:05:47:13.857 (F) onecore\base\secureboot\servicing\advancedinstaller\securebootai.cpp(277): Error HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED) originated in function Windows::WCP::SecureBoot::BasicInstaller::Install expression: ApplySecureBootUpdate( dwAvailableUpdates)
 [gle=0x80004005]
    
    
 2021-05-29 06:47:13, Error      [0x018059] CSI    0000005f (F) Failed execution of queue item Installer: Secure Boot Installer ({3a4bacaa-c2db-4cf6-8a6b-7d9dfd5155f1}) with HRESULT HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED).  Failure will be ignored: The failure was encountered during rollback; installer is reliable[gle=0x80004005]
0 Votes 0 ·
FelixHinze-2530 avatar image
0 Votes"
FelixHinze-2530 answered FelixHinze-2530 edited

Sometimes MS Patches may fail to install or just "hang" indefinitely during the install process. One way around this issue is to, stop the "Windows Update" Service, clear the C:\Windows\SoftwareDistribution\Downloads folder. Start the "Windows Update" Service. But DON'T run the Update Wizard again as the same patch is likely to 'hang' itself again. Instead, browse to the Microsoft Update Catalogue (https://www.catalog.update.microsoft.com) and search for the patch by KB number. Download the patch for your particular Operating System. After Download completes, run the patch (by double clicking on the downloaded file) and follow the prompts! Once the patch is installed and the server rebooted (if required), this patch will no longer need to be installed using the 'normal' method, clearing up the patch installation issue. This has worked for me on a few occasions now, especially during the October\November 2020 period, where I had a few patches that 'hung' themselves. I had to manually download and install about 3 or 4 patches. After that period, the issue seems to have resolved itself again and everything is good, for now! Hope this will help someone else.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EMR-7475 avatar image
1 Vote"
EMR-7475 answered

I have downloaded the patch directly from the Microsoft Catalog Update site but the patch still won't install. It goes to about 97% and fails. Since we are now in February, I am wondering if this patch will be included in February 2021's cumulative update for Windows Server 2019 LTSC. Perhaps I am better off waiting a week?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EbertMichael-6091 avatar image
1 Vote"
EbertMichael-6091 answered EbertMichael-6091 edited

we have exactly the same problem

del SW distribution, or scannow.... note from this helps...

next patchday same problem... all other patche er installed except the KB4535680

btw, Install from windows update catalog same error

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EbertMichael-6091 avatar image
0 Votes"
EbertMichael-6091 answered

CBS Log Error:

2021-02-18 08:16:04, Error CSI 00000032 (F) Installer: Secure Boot Installer Binary Name: securebootai.dll ErrorCode: 800b0100 Phase: 40 Mode: Install (upgrade) Component: Microsoft-Windows-SecureBoot-FirmwareUpdate, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS[gle=0x80004005]

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.