Woody Leonhard's no-bull news, tips and help for Windows and Office
RSS icon Email icon Home icon
  • A solution – I think – to the KB 2518864, KB 2572073, KB 2633880 persistent patching problems

    Posted on May 23rd, 2012 at 13:09 woody 8 comments

    I think there’s a solution to the problem. (Thanks again, SB!)

    To recap:

    If you’re running XP (or Server 2003) and .NET Framework 2.0 SP2 or 3.5 SP1, and Automatic Updates is turned on, then after these three patches are pushed onto your machine, you get the notification (with a yellow alert icon) that “Some updates could not be installed”. If you then go to Automatic Updates, it tells you that KB 2572073, 2633880, and 2518864 could not be installed.

    Here are the solutions I’ve heard about. I’ll list them in increasing order of difficulty.

    Alternative 1: Some people report that simply re-booting the computer may make the problem go away

    Alternative 2: Some people report that they can manually install the updates. The installation fails, but the yellow alert icon goes away. Then everything is OK.

    Alternative 3: One commenter says he was able to get the yellow update notification to go away by using the FixIt in KB 910339 under the heading “Reset Windows Update components and then try updating your computer.” It isn’t clear if he used the Default or Aggressive mode.

    Alternative 4: Susan Bradley offers this scorched-earth approach:

    1.    On XP, click Start, click Run, type services.msc, and then click OK.

        On Vista or Win7, click Start, type services.msc in the Start Search box, right-click services.msc, and then click Run as administrator.

    2.    In the Services (Local) pane, right-click Automatic Updates, and then click Stop.

    3.    Minimize the Services (local) window.

    4.    Select all of the contents of the c:\Windows\SoftwareDistribution folder, and then delete them. (Note that at least one Microsoft MVP hates deleting the SoftwareDistribution folder, so if you have a better idea, I’m all ears.)

    5.    Maximize the Services (Local) window.

    6.    In the Services (Local) pane, right-click Automatic Updates, and then click Start.

    7.    Restart the computer, and then run Windows Update again.

    Alternative 5: Commenter Amar offers this approach, which came from Microsoft just a few hours ago:

    Follow the below steps to rename Catroot2 and SoftwareDistribution folders

    1. Click Start, Run, on the Run box type services.msc and then click on OK.

    2. Double click on Background Intelligence Transfer Service. On the Service status click on Stop button and then click on Apply and then OK. Do the same steps with Cryptographic Services and Automatic Updates Services.

    3. Open C:\windows folder, and then rename the SoftwareDistribution folder as SoftwareDistribution.old. (See the note in Step 4 above about the MVP who really has a fit if you blast away the SoftwareDistribution folder.)

    4. Go to C:\windows\System32\ and rename Catroot2 to Catroot2.old.

    5. After renaming the folders, go to the services console again and restart the services that were stopped

    6. Restart the computer and check for updates

    If you’re having problems with these patches, I suggest you try those alternatives in order.

    It looks like the problems stem from three patches that were re-pushed down the Automatic Update chute on or about May 22.

    As best I can tell, Microsoft, in its inimitable way, hasn’t acknowledged the problem or offered a solution. Yet I’ll bet there are hundreds of thousands of XP users who have had that “Some updates could not be installed” icon on their desktops for the past 12 hours or longer.

    .NET patches are a massive pain in the neck. Microsoft keeps blowing them, over and over again. In this case, we have three re-issued .NET patches (MS11-100, MS12-034, MS12-035) that cause problems the second time around. Each of them is a “critical” security patch that arrived on the second patch Tuesday of the month.

    Folks, there’s a reason why I recommend you turn off Automatic Updates! Let’s see how long it takes Microsoft to (1) acknowledge and then (2) fix this very widespread problem.

     

    8 responses to “A solution – I think – to the KB 2518864, KB 2572073, KB 2633880 persistent patching problems”

    1. Thanks for the update – alternative 3 (fix-it) worked for me in default mode. It reported something about the location of the updates had changed but I’m not sure what that means. You would think MS would be able to do updates without this sort of problem by now!! Thanks again.

    2. “Alternative 3: One commenter says he was able to get the yellow update notification to go away by using the FixIt in KB 910339 under the heading “Reset Windows Update components and then try updating your computer.” It isn’t clear if he used the Default or Aggressive mode.”

      Glad to hear it worked for you, Mark. I used default also.

      MS is not noted for their forthrightness.

    3. The easiest alternative: Do nothing.

      The errant updates just ‘went away’ over the course of the past 24 hours for me…

    4. @Kager -

      Yep, Microsoft yanked them.

    5. So now the big question that many of us want to know: if we installed the MS recommended errant updates (and were reoffered them no matter how many times we installed them), are our systems properly patched now or are they not?

      Some people have said that these problematic patches are ones that were actually superseded by one or more patches that were offered by Windows Update (and thus installed) weeks ago. So did we just install old patches that overwrote the newer patches that we already installed weeks ago?

      What a mess MS has created! And no clear word from them on the situation or how to rectify it. Par for the course. At least they are consistent on their poor communication and lack of transparency.

    6. @Brian -

      Yes, they’re properly patched. The problem isn’t with the patch (as far as I can tell). It’s with the detection logic and installer.

      See my InfoWorld Tech Watch article, just posted.

    7. Woody,

      Thank you for your reply. I’m not sure exactly what is the situation at this point.

      When a patch installs correctly, it generates a correlating KB text file in the Windows subdir. No such files were generated for these patches, which makes me wonder if they were really installed or not.

      Also, the day after this MS Triple-Patch Catastrophe, another update with a DIFFERENT KB number (I didn’t write down the KB number, sorry) was offered for .Net via Windows Update.

      Given the problems of the few days before, I chose not to install it and recommended people pass on it. I did wonder if it might fix everything, however. So I decided I would install it the following day. I rebooted before installing it (always a good idea), and suddenly Windows Update no longer had it listed.

      So I have no idea what is going on. I’m hoping MS wasn’t counting on everyone who installed (or tried to install) the previous 3 problematic .Net patches install the followup patch #4 to fix the problems (and then pulled it when they figured everyone had installed it?). After the first 3 problematic .Net patches (KB 2518864, KB 2572073, KB 2633880), I told people not to install the next one, and now it is no longer being offered by Windows Update.

      I have no idea if that was good advice. And now #4 is gone, so it’s hard to know what the heck state all these systems are really in.

      When you can’t trust the reliability of the company responsible for the patches, there is no way to know anything for sure regarding system state. What a catastrophe.

      I’m hoping MS releases an update that actually works that will ensure all versions of .Net are up to date in every way.

    8. @Brian -

      You’re falling victim to something known as “dependencies”.

      When one patch depends on another patch, and a patch in the middle gets yanked – as we saw with this debacle – suddenly other patches appear out of the woodwork. That’s the root cause of the three patches that repeatedly reported they couldn’t be installed.

      Microsoft has corrected the problem, I’m assured, and I’m about to lower the MS-DEFCON rating to 4. It looks like everything’s OK to patch.

    Leave a reply