Unable to install Security Monthly Quality Rollups on Server 2012

Derek Phillips 1 Reputation point
2021-01-13T15:09:14.157+00:00

Running into an issue where a Windows 2012 AD Server of ours is failing to install any Security Monthly Rollup Updates for the past few years. Even attempting to install Powershell 5.1 on the server causes the same issue where it gets to 9% installing the update and performs a rollback. Event logs shows Installation Failure: Windows failed to install the following update with error 0x8007000D when performing the update.

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,607 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Anonymous
    2021-01-13T15:14:13.577+00:00

    Some things to try;
    sfc /scannow
    dism /online /cleanup-image /restorehealth
    or the manual steps here https://learn.microsoft.com/en-us/windows/deployment/update/windows-update-resources#reset-windows-update-components-manually

    but the simpler / safer method may be to stand up a new one for replacement.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over, transfer pdc emulator role, use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to Accept as answer if the reply is helpful--

    2 people found this answer helpful.
    0 comments No comments

  2. Anonymous
    2021-02-03T23:25:34.003+00:00

    with DC, File Server, and Production Database running in it

    As you now well know this creates an infinitely complex situation when things go wrong. A better option would be to install hyper-v role (as only role) on host, then stand up three virtual machines for the mentioned roles.

    --please don't forget to Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments No comments

  3. AliceYang-MSFT 2,091 Reputation points
    2021-01-14T06:29:00.253+00:00

    Hi,

    If you don’t want to stand up a new one, you can also try Enable Windows Update using Group Policy Editor after trying DSPatrick’s solutions.

    Hope the issue could be resolved.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. Derek Phillips 1 Reputation point
    2021-02-03T23:21:02.813+00:00

    Thanks for the replies,

    Sorry for the late response. Forgot to mention, I ran DISM and SFC in a repair environment and issue is still present. It had failed to run the online and offline DISM repair prior to successfully running it in the repair environment. Normally would rebuild a DC if I could but server was setup against best practice with DC, File Server, and Production Database running in it and the rebuild would be a long process. Thus far, attempted the windows update reset procedure after the DISM repair and have no such luck yet. Still it appears Monthly quality updates always fail to install, regardless of how far back I attempt to update them from.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.