CM12 Client Logging and Windows Update (WUAHandler)

0

We have a particular Windows Update failure being experienced on some of the Windows 10 machines within our environment. The overall impact is small, but the error code - 0x80073701 (Missing Assembly File), doesn't appear to report in what I'd expect to be normal places. I cannot find entries in the System Event log or in the Microsoft-Windows-WindowsUpdateClient/Operational log. I also cannot find entries within the Win32_NTLogEvent WMI class using PowerShell.

The error does appear in the following locations:

  • C:\Windows\Logs\CBS\CBS.log
  • C:\Windows\System32\CCM\logs\WUAHandler.log

One important thing to note, I feel, is that the Windows Update Agent is used during the installation of the updates in our environment; However, as our environment uses SCCM, the update agent is called to by the local CM12 client (CCMEXEC), not Windows itself. I imagine this is why the occurrence doesn't appear in the Event logs like other Windows Update failures.

To provide some background as to why I am seeking this information: We have created a solution for the missing assembly file issue that essentially uninstalls the latest roll-up fix on the asset and reboots the machine. Once the machine comes online, the machine downloads the latest updates and can install them without failing. However, the deployment process is very manual and I'd like to automate the detection of the failure by targetting it via SCUP 2011. The problem I'm running into is that most of the really good SCUP applicability logic uses WMI calls, but I can't find this failure anywhere in WMI when CCMEXEC is calling to the Windows Update Agent. I haven't tested it yet, but I'm certain that if the Windows Update Agent itself initiated the evaluation, download, and install of the update, it would record the failure in the Microsoft-Windows-WindowsUpdateClient/Operational log.

If anyone knows of a way to have SCCM log the events of the WUAHandler in this way, I'd greatly appreciate it. Additionally, if the logging could be placed in a specific Event log (preferably the System log) or logged by the Windows Update Agent itself, that would be even better.

I suppose I'd even settle for a method that uses SCUP 2011 to parse the WUAHandler.log file for the string and determine whether or not the failure has been reported (and therefore whether or not to initiate the repair sequence). The only requirement would be that the detection logic be executed via the SCUP applicability rules, not within the package itself.

Thank you!

windows-10
powershell
windows-update
wmi
sccm
asked on Super User Oct 20, 2017 by WKJ • edited Oct 20, 2017 by WKJ

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0