Server 2019 Cumulative Updates failing every month

Chris Laird 6 Reputation points
2021-03-15T17:36:55.777+00:00

Hi all

A client is running Exchange 2019 on Server 2019 in a Hyper-V VM. Since the 2020-10 Cumulative Update (for Windows Server 2019), all CUs have failed to install via Windows Update. They have another Server 2019 VM which runs Active Directory and File Sharing and does not have this problem.

The latest CU "2021-03 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB5000822)" fails with error 0x800f0985 (some previous months CU have failed with error 0x80246007).

Things I've tried so far:
Download the CUs and install manually - CU installations fail with same error
Run sfc /scannow - no errors found
Reset Windows Update - CU installations fail with same error

Other relevant details:

Versions:
Server 2019 v1809 build 17763.1518
Exchange Version 15.2 (Build 595.3)

WindowsUpdate Log: 77912-ytw-exch-windowsupdate.log

Installed Hotfixes:

PS> (Get-HotFix | Sort-Object -Property InstalledOn)  
  
Source        Description      HotFixID      InstalledBy          InstalledOn  
------        -----------      --------      -----------          -----------  
EXCHANGE      Security Update  KB4512577                          07/09/2019 00:00:00  
EXCHANGE      Security Update  KB4539571     NT AUTHORITY\SYSTEM  30/03/2020 00:00:00  
EXCHANGE      Update           KB4486153     EXCHANGE\Administ... 30/03/2020 00:00:00  
EXCHANGE      Security Update  KB4549947     NT AUTHORITY\SYSTEM  17/04/2020 00:00:00  
EXCHANGE      Update           KB4494174     NT AUTHORITY\SYSTEM  20/05/2020 00:00:00  
EXCHANGE      Security Update  KB4562562     NT AUTHORITY\SYSTEM  15/06/2020 00:00:00  
EXCHANGE      Security Update  KB4558997     NT AUTHORITY\SYSTEM  04/08/2020 00:00:00  
EXCHANGE      Security Update  KB4566424     NT AUTHORITY\SYSTEM  21/08/2020 00:00:00  
EXCHANGE      Security Update  KB4570332     NT AUTHORITY\SYSTEM  11/09/2020 00:00:00  
EXCHANGE      Security Update  KB4577667     NT AUTHORITY\SYSTEM  14/10/2020 00:00:00  
EXCHANGE      Security Update  KB4580325     NT AUTHORITY\SYSTEM  14/10/2020 00:00:00  
EXCHANGE      Security Update  KB4577668     NT AUTHORITY\SYSTEM  14/10/2020 00:00:00  
EXCHANGE      Security Update  KB4587735     NT AUTHORITY\SYSTEM  16/11/2020 00:00:00  
EXCHANGE      Security Update  KB4512937     YTW\Roxxxxx             11/01/2021 00:00:00  
EXCHANGE      Security Update  KB4598480     NT AUTHORITY\SYSTEM  31/01/2021 00:00:00  
EXCHANGE      Security Update  KB4535680     NT AUTHORITY\SYSTEM  31/01/2021 00:00:00  
EXCHANGE      Security Update  KB4601393     NT AUTHORITY\SYSTEM  17/02/2021 00:00:00  
EXCHANGE      Update           KB4577586     NT AUTHORITY\SYSTEM  17/02/2021 00:00:00  
EXCHANGE      Update           KB4601555     NT AUTHORITY\SYSTEM  17/02/2021 00:00:00  
EXCHANGE      Update           KB4589208     NT AUTHORITY\SYSTEM  11/03/2021 00:00:00  
EXCHANGE      Security Update  KB5000859     NT AUTHORITY\SYSTEM  11/03/2021 00:00:00  
  
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,603 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,496 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Teemo Tang 11,371 Reputation points
    2021-03-16T01:57:07.22+00:00

    Reset Windows update components by the method here:
    https://learn.microsoft.com/en-us/windows/deployment/update/windows-update-resources

    After reset Windows update components, install the latest SSU (KB5000859)
    https://support.microsoft.com/en-us/topic/kb5000859-servicing-stack-update-for-windows-10-version-1809-march-9-2021-131d7ec3-a212-4d10-9679-e97395197bac

    Next, restart server 2019 and manually the latest CU KB5001568 from Microsoft update catalog, this update fix the known which might cause a blue screen when you attempt to print to certain printers using some apps.
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001568

    -------------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Chris Laird 6 Reputation points
    2021-03-16T16:21:41.743+00:00

    Many thanks for your suggestions.

    I reset the Windows Update components which went without error.

    The machine told me KB5000859 is already installed (which is true).

    After a restart, I tried a manual install of KB5001568 but the install failed again - I've attached the WindowsUpdate log.
    78308-ytw-exch-windowsupdate.log


  3. MJScott 1 Reputation point
    2021-04-21T12:38:32.577+00:00

    I'm seeing the same issue on a slew of VDI gold images all cut from the same 2019 ISO. Originally the 2021-03 was failing and now the 2021-04 is also failing. It hangs at Status: Getting things ready - 0% for a long time and eventually fails. I too have tried all the tricks in the book mentioned above and then some. I also built a fresh 2019 image from ISO and the same problem still exists. Oddly, we have 1 out of 6 gold images that don't have this issue, so it doesn't make much sense.


  4. David McKinnon 1 Reputation point
    2021-04-26T14:00:43.07+00:00

    At my location, (using WSUS), this is happening on all the CU updates with our 2019 servers - we have to manually reboot the server then install the update each time, does Microsoft have a solution for this, this is definitely a bug... Dave

    0 comments No comments

  5. MJScott 1 Reputation point
    2021-04-26T14:34:14.463+00:00

    I found the solution in my environment. One thing that led me to this was running a Get-WindowsUpdateLog via powershell. In the log I was seeing "407 - Proxy Authentication Required" errors. It turns out that our firewall engineers had created a rule to require proxy authentication. So, basically the CU initialization was timing out. They removed the rule and the CU's began downloading/installing properly. The odd part is that only the CU's were failing where other non-CU updates would succeed. I guess it's something with the CU's and the particular Windows Update URL's used for them.

    0 comments No comments