I used to avoid Windows Update issues. One look at the CBS.log file and I was sprinting in the other direction. A few months back I decided it had been long enough, so I settled in for a weekend and found every piece of content I could on anything Windows Update. If it covered Side-By-Side, WinSxS, Windows Update, CheckSUR, or similar, I was reading it.

Now, I find Windows Update issues fun :)

I’ve been able to use the understanding I built here to do some cool stuff! I’m excited to get posts up that show pratical examples. In the meantime, I wanted to share my notes from that weekend. What follows is half quotes, half regurgitation, and a lot of citations. I hope it can help you as much as it helped me!


The High-Level Overview: Servicing Windows broken down

Joseph Conway, the “Windows Servicing Guy”, is a former Windows support engineer that runs an awesome blog on TechNet. He’s amazing. Many of the quotes I’ve pulled below are from posts on his site or posts written by him elsewhere. In particular, he authored two posts that describe how servicing windows works. The first covers the basic terminology. The second steps through how packages and manifests are read for a given feature of Windows. They’re wonderful overviews to jumpstart an understanding of component based servicing. Check them out here:


Vista and it’s Component Store – Quotes

Reference: TechNet AskCore Blog


Directories that make up the WinSxS component store – Quotes


Breaking Down the Naming Convention in WinSxS

If you ever wanted to know how the folder names in WinSxS came to be, a Microsoft employee has a great blog post that breaks down how components are named. Check it out here.


On SFC – Quotes

>fsutil.exe hardlink list C:\Windows\System32\drivers\ntfs.sys

\Windows\System32\drivers\ntfs.sys
\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys

Reference: TechNet Joscon Blog Reference: TechNet Joscon Blog


The CBS Log File: Structure, Terms, and Errors

The file C:\Windows\logs\CBS\CBS.log is the primary log for all things Component Based Servicing, which is whole a lot. There’s some great documentation of how the log is structured as well as what the various installation states are and some common errors. Check it out on the TechNet Library here.


Enabling Verbose CBS logging – Quotes

1. NET STOP TRUSTEDINSTALLER
2. Add the following system environment variable: WINDOWS_TRACING_FLAGS with a value of 10000.  *NOTE: This does not require a reboot to take affect.
3. NET START TRUSTEDINSTALLER

Reference: TechNet Joscon Blog


Windows Update Error Codes

There’s a great list of Windows Update error codes provided by a Microsoft employee that trumps what MSDN covers. Check it out here on mvps.org.


Microsoft Instructions on Reacting to CheckSur Errors

Microsoft has an MSDN article that documents how to respond to various checksur errors. It includes instructions on where to place files so that CheckSur will find and use them. Check it out here on the TechNet Library.


On the Speed of CheckSur – Quotes from Joseph Conway

In the comments, he is quickly attacked for that time. He defends it saying that’s been his experience over hundreds of machines.

Reference: TechNet Joscon Blog


Windows Component Platform Interface API

I’m not sure how helpful this may be, but Microsoft has Component Platform Interface API that’s designed to be used up at the imaging / WIM level. But it defines a whole bunch of information that’s still applicable. For example, it defines all of the package actions, the package types, the varies levels of installation, etc. Check it out here on systemscenter.ru.


Installing a Side by Side Component

At one point, I was trying to figure out how to install something into WinSxS myself. I wanted to know how to build the manifest, .cat file, etc. Microsoft has pretty terrible documentation on it, and no quality walkthroughs. But I did find a CodeProject page that explains what you need to do! It involves using a few binaries that ship with Visual Studio and then, to actually do the install, using Windows Installer. I found it pretty informative, check it out here on codeproject.


Activation Contexts and how Side by Side works for Programmers

There’s a blogger on the internet who got really annoyed with WinSxS and created a blog just to document how it works for programmers. It’s an informative read and links out to many resources.. I would caution that this isn’t really tied to Windows Update at all; it’s more of a light into another side of WinSxS. Check it out here from omnicognate.

There’s also a shorter article on the same subject by a Microsoft employee that has some super basic info on how it’s used at runtime. Not as informative as the first article, but here it is regardless.


Dism and Rolling Back Changes with Pending.xml – Quotes

DISM.exe /Image:C:\test\offline /Cleanup-Image /RevertPendingActions

Package Manager (PkgMgr) vs. Dism – Windows 7+, pkgmgr was deprecated and DISM is what is used – Quotes


On MSU Files – Quotes


On the ‘searching’ stage during MSU installation – Quotes


On reboots to resolve pending update installation – Quotes


On the C:\Windows\servicing\sessions\sessions.xml log file – Quotes


On Uninstalling Updates – Quotes


On Fixing CSI Errors – Quotes

Reference: TechNet Joscon Blog


On the In-Box Repair Functionality in DISM in Windows 8 – Quotes

Reference: TechNet Joscon Blog


On Installing Service Packs – They’re Pretty Different – Quotes


Windows Update Process

For Windows XP, the \Windows\WindowsUpdate.log tracks the Windows Update agent as it goes to install things. Public documentation of the log and its stages is only ok; the best I could find is this KB article.

Vista+ changed the update architecture and again there is only poor public documentation. There was once an Understand and Troubleshoot guide for servicing written by Joseph Conway, but it was pulled from Microsoft’s Download Center temporarily yet never replaced. The content was awesome though. Someone uploaded a copy of the guide here, TBD on if it gets pulled later.