Troubleshooting: Reset Windows Update, Pending Updates, and DISM Repair
Log In or Register to download the BES file, and more.

1 Votes

Description

USE WITH CAUTION

 

This Task performs several cleanup operations to attempt to resolve failing Windows Updates.  This should be used with care, and only on systems that are failing to install updates after all other troubleshooting steps have been taken, consider this a last effort before reimaging the problem machine.  Making system changes, especially to an already-broken system, may further corrupt the system.  Backup any important data before running this task!

 

This Task

 

The Second action allows specifying a path to a trusted set of Windows installation files to be used to perform a repair, if original Windows installation files are required, for example 'C:\Windows-Media-Source'.  The path should be accessible to the LocalSystem WIndows account (network UNC shares are generally not accessible and the media should be copied to a client path before running the action).

  


Property Details

ID27344
StatusAlpha - Code that was just developed
TitleTroubleshooting: Reset Windows Update, Pending Updates, and DISM Repair
DomainBESC
SourceInternal
Source Release Date10/4/2023 12:00:00 AM
KeywordsDISM, cleanup, restorehealth, Windows Update, repair, corrupt
Is TaskTrue
Added by on 5/14/2024 10:13:02 AM
Last Modified by on 5/14/2024 10:13:02 AM
Counters 317 Views / 81 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 20 fixlets and 16 analyses   * Results in a true/false
Show indented relevance
windows of operating system AND (if exists property "in proxy agent context" then not in proxy agent context else true)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
version of operating system >= version "6.2"

Actions

Action 1 (default)

Action Link Click here to attempt repair without specifying an Installation Source.
Script Type BigFix Action Script
action uses wow64 redirection {not x64 of operating system}

parameter "LogFolder"="{pathname of windows folder}\temp"
folder create "{parameter "LogFolder"}"

// Windows Update Store Cleanup & Windows Update Components Reset
delete __createfile
createfile until _EOF_EOF_EOF

taskkill /im wusa.exe /f
net stop bits
net stop wuauserv
net stop cryptsvc

_EOF_EOF_EOF
delete precleanup.cmd
move __createfile precleanup.cmd
waithidden cmd.exe /c precleanup.cmd


// Check that everything *actually* stopped. Disable service and kill processes if necessary

if {exists pids of services "wuauserv"}
waithidden sc.exe config wuauserv start= disabled
waithidden taskkill.exe /pid {pids of services "wuauserv"} /F
endif

if {exists pids of services "bits"}
waithidden sc.exe config bits start= disabled
waithidden taskkill.exe /pid {pids of services "bits"} /F
endif

if {exists pids of services "cryptsvc"}
waithidden sc.exe config cryptsvc start= disabled
waithidden taskkill.exe /pid {pids of services "cryptsvc"} /F
endif

delete __createfile
createfile until _EOF_EOF_EOF

Del /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"

rd /s /q %Systemroot%\SoftwareDistribution\DataStore.bak
rd /s /q %Systemroot%\SoftwareDistribution\Download.bak
rd /s /q %Systemroot%\system32\catroot2.bak

Ren %Systemroot%\SoftwareDistribution\DataStore DataStore.bak
Ren %Systemroot%\SoftwareDistribution\Download Download.bak
Ren %Systemroot%\System32\catroot2 catroot2.bak

sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


cd /d %windir%\system32
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
regsvr32.exe /s shdocvw.dll
regsvr32.exe /s browseui.dll
regsvr32.exe /s jscript.dll
regsvr32.exe /s vbscript.dll
regsvr32.exe /s scrrun.dll
regsvr32.exe /s msxml.dll
regsvr32.exe /s msxml3.dll
regsvr32.exe /s msxml6.dll
regsvr32.exe /s actxprxy.dll
regsvr32.exe /s softpub.dll
regsvr32.exe /s wintrust.dll
regsvr32.exe /s dssenh.dll
regsvr32.exe /s rsaenh.dll
regsvr32.exe /s gpkcsp.dll
regsvr32.exe /s sccbase.dll
regsvr32.exe /s slbcsp.dll
regsvr32.exe /s cryptdlg.dll
regsvr32.exe /s oleaut32.dll
regsvr32.exe /s ole32.dll
regsvr32.exe /s shell32.dll
regsvr32.exe /s initpki.dll
regsvr32.exe /s wuapi.dll
regsvr32.exe /s wuaueng.dll
regsvr32.exe /s wuaueng1.dll
regsvr32.exe /s wucltui.dll
regsvr32.exe /s wups.dll
regsvr32.exe /s wups2.dll
regsvr32.exe /s wuweb.dll
regsvr32.exe /s qmgr.dll
regsvr32.exe /s qmgrprxy.dll
regsvr32.exe /s wucltux.dll
regsvr32.exe /s muweb.dll
regsvr32.exe /s wuwebv.dll

sc config bits start= demand
net start bits

sc config wuauserv start= demand
net start wuauserv

sc config cryptsvc start= auto
net start cryptsvc
_EOF_EOF_EOF

delete cleanup.cmd
move __createfile cleanup.cmd

waithidden cmd.exe /c "cleanup.cmd > "{parameter "LogFolder"}\windows-update-cleanup.txt" 2>&1"

// DISM Pending Component Updates Reset
delete __createfile
createfile until EOF_EOF_EOF
@echo DISM repair running %DATE% %TIME%

@echo Kill any running WUSA update
taskkill.exe /im wusa.exe /f

@echo Package list before servicing:
dism /online /get-packages /format:table

@echo Removing any Pending Package installations via DISM
for /f %%i in ('dism /online /get-packages /format:table ^|findstr " Pending ^|"') do dism.exe /online /remove-package /PackageName:%%i /NoRestart
@echo DISM command ended with result code %ERRORLEVEL%

@echo Package list after servicing:
dism /online /get-packages /format:table



@echo DISM repair completed %DATE% %TIME%

EOF_EOF_EOF

delete DISM-repair.cmd
move __createfile DISM-repair.cmd

delete "{parameter "LogFolder"}\DISM-RemovePending.log"
waithidden cmd.exe /c "DISM-repair.cmd >> "{parameter "LogFolder"}\DISM-RemovePending.log" 2>&1"



delete "{parameter "LogFolder"}\DISM-RestoreHealth.log"
delete "{parameter "LogFolder"}\DISM-RestoreHealth.out"

waithidden cmd /C "DISM.EXE /LogPath:"{parameter "LogFolder"}\DISM-RestoreHealth.log" /LogLevel:4 /NoRestart /Online /Cleanup-Image /RestoreHealth > "{parameter "LogFolder"}\DISM-RestoreHealth.out" 2>&1"


action requires restart "windows_update_reset"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to attempt repair with a specific Windows Installation Source.
Script Type BigFix Action Script
action uses wow64 redirection {not x64 of operating system}

action parameter query "RepairSource" with description "Enter the path of trusted Windows files to be used for repair" and with default value "C:\Windows-Media-Source"

parameter "LogFolder"="{pathname of windows folder}\temp"
folder create "{parameter "LogFolder"}"

// Windows Update Store Cleanup & Windows Update Components Reset
delete __createfile
createfile until _EOF_EOF_EOF

taskkill /im wusa.exe /f
net stop bits
net stop wuauserv
net stop cryptsvc

_EOF_EOF_EOF
delete precleanup.cmd
move __createfile precleanup.cmd
waithidden cmd.exe /c precleanup.cmd


// Check that everything *actually* stopped. Disable service and kill processes if necessary

if {exists pids of services "wuauserv"}
waithidden sc.exe config wuauserv start= disabled
waithidden taskkill.exe /pid {pids of services "wuauserv"} /F
endif

if {exists pids of services "bits"}
waithidden sc.exe config bits start= disabled
waithidden taskkill.exe /pid {pids of services "bits"} /F
endif

if {exists pids of services "cryptsvc"}
waithidden sc.exe config cryptsvc start= disabled
waithidden taskkill.exe /pid {pids of services "cryptsvc"} /F
endif

delete __createfile
createfile until _EOF_EOF_EOF

Del /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"

rd /s /q %Systemroot%\SoftwareDistribution\DataStore.bak
rd /s /q %Systemroot%\SoftwareDistribution\Download.bak
rd /s /q %Systemroot%\system32\catroot2.bak

Ren %Systemroot%\SoftwareDistribution\DataStore DataStore.bak
Ren %Systemroot%\SoftwareDistribution\Download Download.bak
Ren %Systemroot%\System32\catroot2 catroot2.bak

sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


cd /d %windir%\system32
regsvr32.exe /s atl.dll
regsvr32.exe /s urlmon.dll
regsvr32.exe /s mshtml.dll
regsvr32.exe /s shdocvw.dll
regsvr32.exe /s browseui.dll
regsvr32.exe /s jscript.dll
regsvr32.exe /s vbscript.dll
regsvr32.exe /s scrrun.dll
regsvr32.exe /s msxml.dll
regsvr32.exe /s msxml3.dll
regsvr32.exe /s msxml6.dll
regsvr32.exe /s actxprxy.dll
regsvr32.exe /s softpub.dll
regsvr32.exe /s wintrust.dll
regsvr32.exe /s dssenh.dll
regsvr32.exe /s rsaenh.dll
regsvr32.exe /s gpkcsp.dll
regsvr32.exe /s sccbase.dll
regsvr32.exe /s slbcsp.dll
regsvr32.exe /s cryptdlg.dll
regsvr32.exe /s oleaut32.dll
regsvr32.exe /s ole32.dll
regsvr32.exe /s shell32.dll
regsvr32.exe /s initpki.dll
regsvr32.exe /s wuapi.dll
regsvr32.exe /s wuaueng.dll
regsvr32.exe /s wuaueng1.dll
regsvr32.exe /s wucltui.dll
regsvr32.exe /s wups.dll
regsvr32.exe /s wups2.dll
regsvr32.exe /s wuweb.dll
regsvr32.exe /s qmgr.dll
regsvr32.exe /s qmgrprxy.dll
regsvr32.exe /s wucltux.dll
regsvr32.exe /s muweb.dll
regsvr32.exe /s wuwebv.dll

sc config bits start= demand
net start bits

sc config wuauserv start= demand
net start wuauserv

sc config cryptsvc start= auto
net start cryptsvc
_EOF_EOF_EOF

delete cleanup.cmd
move __createfile cleanup.cmd

waithidden cmd.exe /c "cleanup.cmd > "{parameter "LogFolder"}\windows-update-cleanup.txt" 2>&1"

// DISM Pending Component Updates Reset
delete __createfile
createfile until EOF_EOF_EOF
@echo DISM repair running %DATE% %TIME%

@echo Kill any running WUSA update
taskkill.exe /im wusa.exe /f

@echo Package list before servicing:
dism /online /get-packages /format:table

@echo Removing any Pending Package installations via DISM
for /f %%i in ('dism /online /get-packages /format:table ^|findstr " Pending ^|"') do dism.exe /online /remove-package /PackageName:%%i /NoRestart
@echo DISM command ended with result code %ERRORLEVEL%

@echo Package list after servicing:
dism /online /get-packages /format:table



@echo DISM repair completed %DATE% %TIME%

EOF_EOF_EOF

delete DISM-repair.cmd
move __createfile DISM-repair.cmd

delete "{parameter "LogFolder"}\DISM-RemovePending.log"
waithidden cmd.exe /c "DISM-repair.cmd >> "{parameter "LogFolder"}\DISM-RemovePending.log" 2>&1"



delete "{parameter "LogFolder"}\DISM-RestoreHealth.log"
delete "{parameter "LogFolder"}\DISM-RestoreHealth.out"

waithidden cmd /C "DISM.EXE /LogPath:"{parameter "LogFolder"}\DISM-RestoreHealth.log" /LogLevel:4 /NoRestart /Online /Cleanup-Image /RestoreHealth /Source:"{parameter "RepairSource" of action}" /LimitAccess > "{parameter "LogFolder"}\DISM-RestoreHealth.out" 2>&1"

action requires restart "windows_update_reset"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
MarkMacherey -
in your second action when your removing the "Pending" packages, I found that they can be either "Pending" or "Staged"