Server 2016 Std | unable to install CUs after 2022-02 CU | error 0x800F0922

Max R 1 Reputation point


new customer of mine has 10 domain controllers (2 physical and 8 virtual). These domain controllers were on a very old state "2019-05 Cumulative Update" or "2019-12 Cumulative Update". I wanted to update these domain controllers to the current state "2023-05 Cumulative Update".

But on each server I always got the error 0x800F0922 no matter if I tried to install the update from WSUS or manually downloaded from MS Update Catalog. Then I tried to install previous Cumulative Update 2023-04, 2022-08, 2022-06, 2022-04 and I always got the error 0x800F0922. After that I went forward instead of backward and was able to install 2019-12, 2021-08 and 2022-02 successfully.

Starting with 2022-02, I get the 0x800F0922 error message again for all future Cumulative Updates (i.e. 2022-03, 2022-04, ...).

I have tried some things I found as solutions on the web.

  • ren C:\Windows\SoftwareDistribution & ren C:\Windows\System32\catroot2
  • empty %temp% and C:\Windows\Temp
  • DISM /Online /Cleanup-Image /RestoreHealth & SFC /ScanNow
  • manual install Edge Browser
  • installation via sconfig
  • disabled Antivires & Firewall

It looks to me like with the 2022-03 version (KB5011495) there must be a prerequisite that I don't have. I can't find any sign of an error in EventViewer. Do you have any suggestions what I can check or test? Now that I have all domain controllers all up to 2022-02, I can test many things at the same time.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,431 questions
0 comments No comments
{count} votes

7 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Anonymous

    Yes, the SSU is a prerequisite for KB5011495

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Max R 1 Reputation point

    I have also the CBS-Logs if the can help. Link

    0 comments No comments

  4. Anonymous

    I have also the CBS-Logs if the can help

    debugging log files is beyond the scope of forums support.

    new customer of mine has 10 domain controllers (2 physical and 8 virtual)

    You'll want to troubleshoot them on an individual basis. For the ones that cannot be repaired the simplest / safest method would be to stand up a new one for replacement.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2016, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  5. Max R 1 Reputation point

    I maybe found the error.
    The Update rollback because;

    00000270 (F) Error E_INVALIDARG in eventsXml: <events><provider guid="{3663a992-84be-40ea-bba9-90c7ed544222}" message="$(string.eventProviderName)" messageFileName="%SystemRoot%\system32\efscore.dll" name="Microsoft-Windows-EFS" resourceFileName="%SystemRoot%\system32\efscore.dll" symbol="EFS_PUBLISHER"><channels xmlns="">

    In EventViewer (Applications and Service Logs -> Microsoft-Windows-EFS/Debug) i can see the following Messages:
    The description for Event ID 4406 from source Microsoft-Windows-EFS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:


    0 comments No comments