Windows Update not working again

[cars11]

I don't know how to reopen this ticket?

#2118

Windows Update is failing for me. Just ran an install of MicroWin and can't update now.

[Nigel1992]

Did you try resetting Updates to default ?
WinUtil> Updates> Default Settings.

If that didn't work, try running this script to fix Windows Update.

<#
.SYNOPSIS
    Fixes Windows Update after MicroWin image installation
.DESCRIPTION
    Restores critical Windows Update services and components that may have been
    affected during MicroWin image creation, particularly when services were
    set to manual start.
#>

function Write-Log {
    param([string]$Message)
    Write-Host "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] $Message"
}

# Check for admin privileges
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "Please run this script as Administrator" -ForegroundColor Red
    exit 1
}

Write-Log "Starting Windows Update service repair..."

# Critical services that need to be running for Windows Update
$criticalServices = @(
    'wuauserv',          # Windows Update
    'bits',              # Background Intelligent Transfer
    'cryptsvc',          # Cryptographic Services
    'trustedinstaller',  # Windows Modules Installer
    'appidsvc',          # Application Identity
    'gpsvc',            # Group Policy Client
    'DcomLaunch',       # DCOM Server Process Launcher
    'RpcSs',            # Remote Procedure Call
    'LanmanServer',     # Server
    'LanmanWorkstation', # Workstation
    'EventLog',         # Windows Event Log
    'mpssvc',           # Windows Defender Firewall
    'WinDefend'         # Windows Defender Service
)

try {
    # Reset services to their default startup type
    Write-Log "Resetting service startup types..."
    foreach ($service in $criticalServices) {
        Write-Log "Processing service: $service"
        try {
            # Set service to Automatic start
            Set-Service -Name $service -StartupType Automatic -ErrorAction Stop
            Start-Service -Name $service -ErrorAction Stop
            Write-Log "Successfully configured $service"
        }
        catch {
            Write-Log "Warning: Could not configure $service - $($_.Exception.Message)"
        }
    }

    # Fix registry entries that MicroWin might have modified
    Write-Log "Fixing registry entries..."
    $registryPaths = @(
        "HKLM:\SYSTEM\CurrentControlSet\Services",
        "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate",
        "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
    )

    foreach ($path in $registryPaths) {
        if (Test-Path $path) {
            Write-Log "Processing registry path: $path"
            if ($path -like "*CurrentControlSet\Services") {
                # Reset Windows Update service specific registry values
                Set-ItemProperty -Path "$path\wuauserv" -Name "Start" -Value 2 -Type DWord -ErrorAction SilentlyContinue
                Set-ItemProperty -Path "$path\bits" -Name "Start" -Value 2 -Type DWord -ErrorAction SilentlyContinue
                Set-ItemProperty -Path "$path\TrustedInstaller" -Name "Start" -Value 3 -Type DWord -ErrorAction SilentlyContinue
            }
        }
    }

    # Reset Windows Update components
    Write-Log "Resetting Windows Update components..."
    $commands = @(
        "net stop wuauserv",
        "net stop cryptSvc",
        "net stop bits",
        "net stop msiserver",
        "ren C:\Windows\SoftwareDistribution SoftwareDistribution.old",
        "ren C:\Windows\System32\catroot2 catroot2.old",
        "net start wuauserv",
        "net start cryptSvc",
        "net start bits",
        "net start msiserver"
    )

    foreach ($cmd in $commands) {
        Write-Log "Executing: $cmd"
        Start-Process "cmd.exe" -ArgumentList "/c $cmd" -Wait -WindowStyle Hidden -ErrorAction SilentlyContinue
    }

    # Run DISM and SFC
    Write-Log "Running system file checks..."
    Start-Process "DISM.exe" -ArgumentList "/Online /Cleanup-Image /RestoreHealth" -Wait -NoNewWindow
    Start-Process "sfc.exe" -ArgumentList "/scannow" -Wait -NoNewWindow

    Write-Log "Repair completed successfully"
    Write-Host "`nRepair process completed. Please restart your computer for changes to take effect." -ForegroundColor Green
    
    $restart = Read-Host "Would you like to restart now? (y/n)"
    if ($restart -eq 'y') {
        Restart-Computer -Force
    }
}
catch {
    Write-Log "Error occurred: $($_.Exception.Message)"
    Write-Host "`nAn error occurred during the repair process. Please check the logs above." -ForegroundColor Red
}

[cars11]

Tried Winutil>Default Settings already to no avail (it did say "Warnings occurred for some attributes during this operation. It's okay to ignore the warning") and after peeking in the log file it seems to want to reset services that are not installed, i.e: Error 1060: The specified service does not exist as an installed service.
Error opening ntmssvc.

I also tried Winutil > Config > Reset Windows Update
but that does not seem to have any effect at all (no output in the console)

And sorry, not technically competent enough to know how/where to run that script you provided. Can you assist?
It doesn't look like a windows batch file?

[edamamet]

It doesn't look like a windows batch file?

It looks like a PowerShell script (the same filetype as winutil)

Just name it with the .ps1 extension, then right click > Run with Powershell

[cars11]

Script hangs at "Executing: net stop cryptSvc" and doesn't continue

Also had a lot of erors before that such as "Group Policy Client (gpsvc)' cannot be configured due to the following error: Access is denied"

[edamamet]

You'll most likely need to run PowerShell as an admin.

Open PowerShell as admin and simply type the location of the script

./script.ps1

[cars11]

Yes, I did. I ran it as admin via a shortcut

[Nigel1992]

@cars11

Try this one?

<#
.SYNOPSIS
    Advanced Windows Update Repair Script (AIO)
.DESCRIPTION
    Comprehensive Windows Update repair script that fixes issues caused by 
    system modifications, MicroWin installations, and general Windows Update problems.
    Version: 1.0.0
    Author: Nigel1992
#>

function Write-Log {
    param(
        [string]$Message,
        [string]$Type = "INFO"  # INFO, ERROR, WARNING, SUCCESS
    )
    $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
    switch ($Type) {
        "ERROR"   { $color = "Red" }
        "WARNING" { $color = "Yellow" }
        "SUCCESS" { $color = "Green" }
        default   { $color = "White" }
    }
    Write-Host "[$timestamp] $Type : $Message" -ForegroundColor $color
}

function Test-AdminPrivileges {
    $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
    $principal = New-Object Security.Principal.WindowsPrincipal($identity)
    return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}

function Stop-ServiceSafely {
    param([string]$ServiceName)
    
    try {
        $service = Get-Service -Name $ServiceName -ErrorAction Stop
        if ($service.Status -eq "Running") {
            Write-Log "Stopping service: $ServiceName" 
            Stop-Service -Name $ServiceName -Force -ErrorAction Stop
            Start-Sleep -Seconds 2
            Write-Log "Successfully stopped $ServiceName" "SUCCESS"
            return $true
        }
        return $true
    }
    catch [Microsoft.PowerShell.Commands.ServiceCommandException] {
        Write-Log "Service $ServiceName does not exist - skipping" "WARNING"
        return $true
    }
    catch {
        Write-Log "Could not stop $ServiceName : $($_.Exception.Message)" "ERROR"
        return $false
    }
}

function Start-ServiceSafely {
    param([string]$ServiceName)
    
    try {
        $service = Get-Service -Name $ServiceName -ErrorAction Stop
        if ($service.Status -ne "Running") {
            Write-Log "Starting service: $ServiceName"
            Set-Service -Name $service -StartupType Automatic -ErrorAction SilentlyContinue
            Start-Service -Name $ServiceName -ErrorAction Stop
            Start-Sleep -Seconds 2
            Write-Log "Successfully started $ServiceName" "SUCCESS"
        }
        return $true
    }
    catch [Microsoft.PowerShell.Commands.ServiceCommandException] {
        Write-Log "Service $ServiceName does not exist - skipping" "WARNING"
        return $true
    }
    catch {
        Write-Log "Could not start $ServiceName : $($_.Exception.Message)" "ERROR"
        return $false
    }
}

function Reset-WindowsUpdateComponents {
    Write-Log "Resetting Windows Update components..." "INFO"

    # Reset Windows Update folder permissions
    $paths = @(
        "$env:SystemRoot\SoftwareDistribution",
        "$env:SystemRoot\System32\catroot2"
    )

    foreach ($path in $paths) {
        if (Test-Path $path) {
            Write-Log "Resetting permissions for $path"
            takeown /f $path /r /d y | Out-Null
            icacls $path /grant:r Administrators:F /t | Out-Null
            if ($path -like "*SoftwareDistribution*") {
                Get-ChildItem -Path $path -Recurse | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue
            }
            Write-Log "Reset permissions for $path" "SUCCESS"
        }
    }

    # Reset Windows Update registry keys
    Write-Log "Resetting Windows Update registry keys..."
    $regPaths = @(
        "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate",
        "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate",
        "HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv"
    )

    foreach ($regPath in $regPaths) {
        if (Test-Path $regPath) {
            try {
                Set-ItemProperty -Path $regPath -Name "WUServer" -Value "" -ErrorAction SilentlyContinue
                Set-ItemProperty -Path $regPath -Name "WUStatusServer" -Value "" -ErrorAction SilentlyContinue
                Write-Log "Reset registry keys in $regPath" "SUCCESS"
            }
            catch {
                Write-Log "Could not reset registry keys in $regPath" "WARNING"
            }
        }
    }

    # Reset network components
    Write-Log "Resetting network components..."
    $commands = @(
        "netsh winsock reset",
        "netsh winhttp reset proxy",
        "bitsadmin.exe /reset /allusers"
    )

    foreach ($cmd in $commands) {
        try {
            $result = Invoke-Expression $cmd
            Write-Log "Successfully executed: $cmd" "SUCCESS"
        }
        catch {
            Write-Log "Failed to execute: $cmd" "ERROR"
        }
    }
}

# Check for admin privileges
if (-not (Test-AdminPrivileges)) {
    Write-Log "This script requires administrator privileges. Please run as administrator." "ERROR"
    exit 1
}

Write-Log "Starting comprehensive Windows Update repair process..."

# Critical services that need to be managed
$criticalServices = @(
    'wuauserv',          # Windows Update
    'bits',              # Background Intelligent Transfer
    'cryptsvc',          # Cryptographic Services
    'trustedinstaller',  # Windows Modules Installer
    'appidsvc',          # Application Identity
    'gpsvc',            # Group Policy Client
    'DcomLaunch',       # DCOM Server Process Launcher
    'RpcSs',            # Remote Procedure Call
    'LanmanServer',     # Server
    'LanmanWorkstation', # Workstation
    'EventLog',         # Windows Event Log
    'mpssvc',           # Windows Defender Firewall
    'WinDefend',        # Windows Defender Service
    'msiserver'         # Windows Installer
)

try {
    # Create restore point
    Write-Log "Creating system restore point..."
    Checkpoint-Computer -Description "Before Windows Update Repair" -RestorePointType "MODIFY_SETTINGS" -ErrorAction SilentlyContinue

    # Stop critical services first
    Write-Log "Stopping critical services..."
    foreach ($service in $criticalServices) {
        Stop-ServiceSafely -ServiceName $service
    }
    
    # Reset services to their default startup type
    Write-Log "Resetting service startup types..."
    foreach ($service in $criticalServices) {
        try {
            Set-Service -Name $service -StartupType Automatic -ErrorAction SilentlyContinue
            Write-Log "Set $service to Automatic startup" "SUCCESS"
        }
        catch {
            Write-Log "Could not set startup type for $service - $($_.Exception.Message)" "WARNING"
        }
    }

    # Reset Windows Update Components
    Reset-WindowsUpdateComponents

    # Rename Windows Update folders with error handling
    Write-Log "Renaming Windows Update folders..."
    $foldersToRename = @{
        "C:\Windows\SoftwareDistribution" = "C:\Windows\SoftwareDistribution.old"
        "C:\Windows\System32\catroot2" = "C:\Windows\System32\catroot2.old"
    }

    foreach ($folder in $foldersToRename.GetEnumerator()) {
        if (Test-Path $folder.Key) {
            try {
                # Remove old backup if it exists
                if (Test-Path $folder.Value) {
                    Remove-Item -Path $folder.Value -Recurse -Force
                }
                Rename-Item -Path $folder.Key -NewName ($folder.Value.Split('\')[-1]) -Force
                Write-Log "Successfully renamed $($folder.Key)" "SUCCESS"
            }
            catch {
                Write-Log "Could not rename $($folder.Key): $($_.Exception.Message)" "ERROR"
            }
        }
    }

    # Start services again
    Write-Log "Starting critical services..."
    foreach ($service in $criticalServices) {
        Start-ServiceSafely -ServiceName $service
    }

    # Run system file checks
    Write-Log "Running system file checks (this may take a while)..."
    
    $dismResult = Start-Process "DISM.exe" -ArgumentList "/Online /Cleanup-Image /RestoreHealth" -Wait -NoNewWindow -PassThru
    if ($dismResult.ExitCode -eq 0) {
        Write-Log "DISM repair completed successfully" "SUCCESS"
    } else {
        Write-Log "DISM repair completed with errors" "WARNING"
    }

    $sfcResult = Start-Process "sfc.exe" -ArgumentList "/scannow" -Wait -NoNewWindow -PassThru
    if ($sfcResult.ExitCode -eq 0) {
        Write-Log "SFC scan completed successfully" "SUCCESS"
    } else {
        Write-Log "SFC scan completed with errors" "WARNING"
    }

    # Force Windows Update detection
    Write-Log "Forcing Windows Update detection..."
    wuauclt /resetauthorization /detectnow

    Write-Log "Repair process completed" "SUCCESS"
    Write-Host "`nA system restart is required for changes to take effect." -ForegroundColor Yellow
    
    $restart = Read-Host "Would you like to restart now? (y/n)"
    if ($restart -eq 'y') {
        Restart-Computer -Force
    }
}
catch {
    Write-Log "Critical error occurred: $($_.Exception.Message)" "ERROR"
    Write-Host "`nThe repair process encountered errors. Please check the logs above." -ForegroundColor Red
}

[cars11]

Now it is running (I wonder if there is a difference to running it from a shortcut vs in powershell directly?)
Errors were: 5 services that are not installed (gpsvc, dcomlaunch, rpcss, mpssc, windefend).
I now get a new error in Windows update: Download error - 0x80248007. I tried clicking download anyway a few min later and then it worked, but still failed with the install error 0x800f081f

[cars11]

I'm starting to think it might not be related to MicroWin but some sort of error related to my specific system. As one Windows Update did manage to get through, it's only one that does not install (KB5051987). I decided to check in the Update history and noticed that there was a successful installation of another update.
I thought my latest win11 iso had all the updates and this was the first and immediately problematic.
But I am not sure