Jump to content
phearaphex

Labtech Patching - HRESULT: 0x8024001E

Recommended Posts

Hello,

 

I am reaching out for help on this as I have been banging my head against the wall with this issue for weeks (going on months) now. We currently have about 1050 computers spread out over 77 locations and are using Labtech to do our windows patch management to approve and pushing updates to our client computers which is failing terribly. The error we are getting is:

 

Result: Windows Update Version 7.6.7601.19161

Error Occurred Durring Install: Exception from HRESULT: 0x8024001E

 

This appears to be a major issues as the forums are littered with people who are experiencing the same thing with no viable solution.

 

Steps we have taken to try to resolve this issue:

Update MOST clients to the latest March 2016 Windows Update Client.

Increased patch time windows and patch time reboot windows

A) Patch windows run Midnight to 3AM per Labtech's suggestion

B) Patch reboot windows run Midnight to 3:30AM per Labtech's suggestion.

C) Computers update on the 8th day of the month through the 14th day of the month

Reset Windows Update Components

 

 

All of this has done nothing to resolve the HRESULT: 0x8024001E errors and even during our monthly patch window maybe a handful of computers (OUT OF A 1050) actually update (in the course of a full week) IF we are lucky.

 

I have attached a picture of the hell I am currently trying to fix and would greatly appreciate any help or insight as to how to get this system working.

Capture.JPG.b420c565ba8aaa6614e797517f45b8d8.JPG

Share this post


Link to post
Share on other sites

That alert is related to more than one instance of WIndows Update trying to kick off at a time. It is a really annoying one and LabTech unfortunately sees the error and treats it as a hard stop and doesn't resume on its own. We watch all our patching cycles so when we see this error a repush generally works, sometimes we have to wait for a few minutes but it goes ok.

 

One thing I was playing with a while back was having a monitor watch for that error in the event logs and if it does do an auto fix for it. I had the monitor working but the issue when I was testing it was with LT 10 and they had the bug about an alert getting triggered multiple times if it was an eventlog alert. That should be fixed in 10.5 but I haven't got around to playing with the monitor again.

 

Check to make sure nothing else is trying to scan for or do updates at the same time you are. Don't do a hotfix scan as you are trying to install for example as that will generally crash it.

Share this post


Link to post
Share on other sites

I'm having the same exact issue.. What is the best way to kill all the scheduled and pending tasks? reboot? what type of autofix worked for you? i'm going insane as well!

Share this post


Link to post
Share on other sites

I haven't played a lot with an autofix. One way to kill the running jobs is to stop the WUAUServ service on the computer. Depending on the state of it though it might be hung and then you would have to reboot to resolve that. As far as Windows update errors go, this is the most annoying one because it happens so often but it is the easiest to get around as it doesn't mean there is an issue, you just have to push again.

 

I can work on the monitor I had before to see if I can get it working again. Basically it watched the Windows Update log for that error and if it finds it, it just pushes patches again. I stopped playing with it due toe the alerting bugs in LT 10 and haven't had a chance to revisit it. It was alerting me then, just constantly though due to the bug with the alerts.

 

We patch differently than most though which is why this isn't an issue as much for us and our patching setup is very custom. We patch servers quarterly and pretty much all the service desk guys work that weekend making sure clients get patched. We watch the dataviews for errors and I have written a document on how to fix most of them and with this one it just says to push again. Because we watch everything so closely all our servers are patched to pretty much 100%.

Share this post


Link to post
Share on other sites

if it helps; i had too many 'check for windows updates' commands in the queue on the system itself and i guess it finally gave up and threw those errors at me... something to be said for patience... i left it overnight, rebooted the system in the morning; low and behold - it said i had a few updates to apply and it kept on chugging. eventually it resolved itself after a couple hours and i decided to cut down on my coffee intake to help my patience levels...

Share this post


Link to post
Share on other sites

I noticed the same issue on my system. What i did to remedy this is i implemented my own version of the following thread from here.

 

viewtopic.php?f=7&t=2123

 

Basically i setup my system to install patches on machines during the day at 8am,10:30am,3pm, and 8pm. For some reason the machines giving this error seem to never have a problem installing patches at this time. Then the machines wait for there patch window and usually fail and reboot. It's not the best solution but over the past 3 weeks i've seen a dramatic decrease in poorly patched machines across all my customers and no one has called to complain that we install patches during the day.

Share this post


Link to post
Share on other sites

I am having the same issue, though from what I can see it is only on Windows 7 Workstations at this point, but it is wide spread. I have updated to the new patch manager in LT 11 and the issue persists.

 

The WUA is up-to-date, and I have tried rebooting the workstations. Then I re-push, with same results. I can do this multiple times per day, I can do it after a fresh restart, or after restarting WUA services. I have also opened tickets with LT to no avail. They would look at the one example machine and tell me that the machine needs rebuilt? WTH? I tried to explain that it is widespread and rebuilding every windows7 machine would be ridiculous.

 

Any more assistance or ideas would be great

Share this post


Link to post
Share on other sites

What is the version number of the WUA. Lets make sure it is the most current that fixes the issue. Also have you checked to make sure that the pre-requisite servicing stack update was done on these computers? It is KB3020369 and it must be on installed on the computer for WUA to function properly.

 

Also, if that KB is installed and you are showing a WUA version of 7.6.7601.23453 then you may need to do the usual 'reset windows update defaults' command in LT.

Share this post


Link to post
Share on other sites

I've found that installing KB3172605 by itself resolves many issues with Windows Updates as well. Stopping the Windows Update Service prior to installing the patch seems to help it install more successfully.

Share this post


Link to post
Share on other sites

To get past the HRESULT: 0X8024001E we created a script that updates WUA to 7.6.7601.23453. After we deployed that he have had 0 issues installing updates.

 

Stop wuauserv service

rename c:\windows\SoftwareDistribution folder

start service

download standalone installer for KB3172605

run quiet with no restart

then let LT reboot the PC.

 

 

I was able to push out this update during the day and let the clients choose when to reboot.

Share this post


Link to post
Share on other sites
To get past the HRESULT: 0X8024001E we created a script that updates WUA to 7.6.7601.23453. After we deployed that he have had 0 issues installing updates.

 

Stop wuauserv service

rename c:\windows\SoftwareDistribution folder

start service

download standalone installer for KB3172605

run quiet with no restart

then let LT reboot the PC.

 

 

I was able to push out this update during the day and let the clients choose when to reboot.

 

Would you mind sharing your script with us?

Share this post


Link to post
Share on other sites

It is an issue with Windows Update and how Microsoft broke it.

 

Every time LT does an patch deployment it does a check for updates, the check for updates takes hours, therefore it goes outside the LT patch window and KB3172605 deployment is skipped.

 

 

Not much LT can do, other than provide a script that would assist deploying KB3172605.

Share this post


Link to post
Share on other sites

I think my issue with patching is that if it's not possible to accomplish it reliably, then LT should advertise it as one of the core functions of it's product. I understand that Microsoft is constantly changing / breaking things but a little proactive communication from LT would go a long way. I'd really like to see them come out with something along the lines of:

 

We've received many reports of patching failing after MS did X and you can to Y to remedy it.

 

I'm thrilled that there are resources like LT Geek to help, but I really feel that there shouldn't need to be third party solutions for problems this wide spread. Another example of this is Patch Remedy. I don't want to take business from anyone - but should it be necessary to purchase a third party solution to "remedy" a core part of the product?

Share this post


Link to post
Share on other sites
It is an issue with Windows Update and how Microsoft broke it.

 

Every time LT does an patch deployment it does a check for updates, the check for updates takes hours, therefore it goes outside the LT patch window and KB3172605 deployment is skipped.

 

 

Not much LT can do, other than provide a script that would assist deploying KB3172605.

 

You're right, they could do that, and they don't. Or they could send emails to the people that use their products saying "hey, MS did this thing that makes labtech patching not work across the board, if you see this you need to install KB3172605 manually." Or they could allow patching to begin without checking for new updates first if they are already missing a certain number of patches/had not installed new patches in the last patch window. Or they could provide a way to set up a monitor identifying devices that never got past the checking for updates stage during the last patch window.

 

I like labtech, but there's no reason to pretend that one of their core functions is not often broken and not well maintained. There are a lot of things they could do as the providers and developers of a commercial product, but they choose not to and instead we have forums. Thank goodness, for our sake, they are very good forums.

Share this post


Link to post
Share on other sites

I contacted LabTech support about this, and thought their answer might be of benefit to everyone:

 

Thanks for contacting Labtech Support.

 

I see that the errors you are getting is the 8024001E error that is for a drop in communications between the agent and Windows Updates. This is usually an intermittent error as the agent will from time to time be able to install patches OK. However, there is also the "Insufficient Memory" error that is much more serious as it will stop the agent from installing patches completely or only one at a time.

 

I recommend the following steps.

 

For any Windows 7 PC that is not patching via Labtech but you are able to do so via Windows Update directly see below.

 

First an overview:

Labtech when issuing the Scanning Patches or Install Patches command to the agent interfaces to the local Windows Update engine, the WUAUSERV service, through the Microsoft WUAPI.DLL communication API path. Through that LabTech requests Searches, Downloads, and directed Installs of Microsoft Hotfixes. This Windows API is actually what is failing on the agent as it is a part of the agents Windows Update Client. Since it is not a direct link to Windows as is when you manually run the Control Panel > Windows Update on the agent it is more prune to these errors. That is why you can manually run Windows Updates on the agent as it is a direct connection to Windows Updates and thus bypasses all the internal processes (Windows API) that Labtech uses.

 

So essentially, that agent is not communicating with Windows Update via its Windows API (WUAPI.DLL) and thus cannot install patches via a Labtech command to "Install Patch". This is basically caused by issues environmental to the agent itself and is not a Labtech issue.

 

Note: Labtech is only responsible for issuing the "Install Patch" and / or the "Resend Hotfixes" command to the agent. It is up to that agent to use its Windows API (wuapi.dll) to communicate with Windows Update and complete the process. Everything between the Labtech command to the agent and the agent replying back to Labtech, are Microsoft commands and functions (Windows API) running directly on the PC to do a Microsoft task (Install patch or Scanning for patches). So if the process is failing in Microsoft it is basically a Microsoft issue.

 

Issue 1:

Make sure none of the patches on that PCs Patching tab (sort for Missing) is set as Missing Pushed. Any patch set to Missing Pushed will never get reattempted until they are reset in the database. You can create and scheduled a script to run everyday at 12:30am to reset those patches in the database just before patching starts (see attached). You can also if needed, manually do this as well by following the KB Article linked below.

 

https://docs.labtechsoftware.com/knowledgebase/article/7285

 

Issue 2:

Microsoft has been having issues with a decent percentage of their Windows 7 PCs and a few Windows 8.1 PCs 'Windows Update Client' since early last year and has been pushing patches every month since June 2015 trying to fix it.

 

You must install KB3172605 which replaces KB3161608 on all of your Windows 7 PCs. This newly released patch from Microsoft fixes their Windows Update Client which is the main cause of your patching issues with these Windows 7 PCs. Once installed you should see a dramatic increase in your PCs patching efficiency and scores. (agent may also need to be on Internet Explorer 11 as a prerequisite).

 

2a - I also suggest that you install the update rollup for Windows 7 SP1 linked below as it will bring the OS current on the agent. (Note: This patch below may have to be installed on the agent before it will allow you to install KB3172605).

 

Install these KBs first on the PC:

https://support.microsoft.com/en-us/kb/3020369

https://support.microsoft.com/en-us/kb/3126587

https://support.microsoft.com/en-us/kb/3179573

 

Issue 3:

Your PCs may also need to have their Windows Update Components reset. See link below and the document attached that I created to show you how to create a script to run those commands on the PCs. I recommend running that script on all the Windows 7 PCs.

 

https://support.microsoft.com/en-us/kb/971058

 

Also make sure that the firewall for the client is set to allow Windows Updates to pass through.

https://technet.microsoft.com/en-us/library/bb693717.aspx

 

Run the Microsoft troubleshooter directly on the agent:

https://support.microsoft.com/en-us/instantanswers/512a5183-ffab-40c5-8a68-021e32467565/windows-update-troubleshooter

 

All together, the above will greatly improve the patching for your clients PCs.

 

Troubleshooting Agents that did not patch: https://docs.labtechsoftware.com/knowledgebase/article/12175

https://support.microsoft.com/en-us/kb/2509997

 

If these steps do not resolve the issue you may need to contact Microsoft Support for assistance as the issue you are having is environmental to the agent itself and not an issue cause by Labtech. We are very limited in our scope of support with regard to these issues which is why I am giving you all the troubleshooting steps I can above.

 

Thank you for contacting Labtech Support.

Share this post


Link to post
Share on other sites

Here's my breakdown of the email, as far as I can see it.

 

- Intermittent? It's happening across almost all Win7 machines that I'm trying to patch automatically as far as I can see.

- Last I checked, 8024001E was "cannot run multiple instances of WUA simultaneously", not a connection error. But whatever.

- I already knew that LabTech just used the API, but some neat background knowledge.

- Anyone that's read through BGags' awesome article on patching knows about the "Missing/Pushed" situation. viewtopic.php?f=7&t=2123#p13147

Site note: I had over 25,000 "pushed" patches over the course of 7 days because so many agents get this error. If you're affected by the 8024001E error, you will want to reset the pushed status after you get updates working for sure.

- I noticed that one of the “prerequisites” of the July 2016 rollup (KB3172605) is to have the August 2016 rollup (KB3179573) installed. Not sure how a future update can be considered a prerequisite, but I'll go ahead and interpret this as "Install these four updates".

- The Windows Update Components, firewall, and troubleshooter all seem to be grasping at straws. I'm sure resetting WU components can be scripted, but this issue is across hundreds of machines I manage, so I'm fairly sure it's not feasible to run the troubleshooter on each one...

 

So it sounds like the official word is to install the update we already knew about, plus a few more, and then possibly reset WU components. Otherwise, support seems to be indicating it's an issue with Windows Update, which we more or less knew anyway.

I'll be sure to update here if our testing indicates that any of these steps seem to work.

Share this post


Link to post
Share on other sites

In my experience, you must first have the April 2016 servicing stack installed (KB3020369) then apply the WUA update from June (KB3161608) and then things start to work properly. We have a few Win7 computers that even with these still have issues but I believe that most of these issues are from spotty internet so that the updates can't download properly.

Share this post


Link to post
Share on other sites
Here's my breakdown of the email, as far as I can see it.

- I noticed that one of the “prerequisites” of the July 2016 rollup (KB3172605) is to have the August 2016 rollup (KB3179573) installed. Not sure how a future update can be considered a prerequisite, but I'll go ahead and interpret this as "Install these four updates".

 

I can report that KB3172605 works wonders... Regarding the prerequisite update weirdness, I believe that the July 2016 patch was re-issued. I believe it kept the name but was actually updated in September. The updated one of course is the one you want.

 

http://wu.krelay.de/en/ has handy explanations and links to the best updates for different Windows Platforms to get patching stable and current.

Share this post


Link to post
Share on other sites

This may be a little off topic, but I am struggling with patching on newly shipped Dell computers with Windows 7 installed. I have to keep most of my clients at Windows 7 due to the nature of the 3rd party Software they use. Does anyone have a simple list of which KB patches and in which order to install them to get up to the latest revision of the WUA? What I currently try is this:

KB3020369 first

KB3173424 second

KB3172605 last

 

Is this the correct process? I ask because it's hit or miss for me.

 

Thanks in advance.

Share this post


Link to post
Share on other sites
This may be a little off topic, but I am struggling with patching on newly shipped Dell computers with Windows 7 installed. I have to keep most of my clients at Windows 7 due to the nature of the 3rd party Software they use. Does anyone have a simple list of which KB patches and in which order to install them to get up to the latest revision of the WUA? What I currently try is this:

KB3020369 first

KB3173424 second

KB3172605 last

 

Is this the correct process? I ask because it's hit or miss for me.

 

Thanks in advance.

 

I found this on a Microsoft support board a few days ago and it seems to have solved the exact problem you described for me on a new PC. (This is also useful if you have to deal with a fresh Windows 7 install when replacing a HDD, etc.)

 

Install these patches MANUALLY on the workstation, then reboot and attempt to redetect missing updates:

 

KB3078601

KB3164033

KB3172605 (if this one doesn't successfully install the first time, ignore it, install all of the others, then reboot)

KB3185911

KB3185330 (Oct 2016 security quality rollup)

 

Hope that helps!

Share this post


Link to post
Share on other sites

I have lots of Windows 7 Not able to scan patches. What is the best solution we can do with a scipt to solve this iisue ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×