Windows 2000 SP4 Update Rollup "Sticking"

I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
It appeared to install correctly, but Windows Update is still telling me that
it needs to be installed! I installed it twice using Windows Update, and then
again using the downloaded standalone installation file, but the problem
still persists. The registry value at the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
Rollup 1\ is "1" which I would have thought was correct. In another thread,
is was suggested that this value should be "2". I've tried changing it to "2"
but the update still won't disappear from the Windows Update Critical Updates
list! Does this mean that it isn't actually installing correctly?

I too am having this problem on multiple machines, and have tried all the
steps you did as well, but WU still prompts to install this update every
time. Have you found any solution?

"Dave Hawley" wrote:

> I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
> It appeared to install correctly, but Windows Update is still telling me that
> it needs to be installed! I installed it twice using Windows Update, and then
> again using the downloaded standalone installation file, but the problem
> still persists. The registry value at the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
> Rollup 1\ is "1" which I would have thought was correct. In another thread,
> is was suggested that this value should be "2". I've tried changing it to "2"
> but the update still won't disappear from the Windows Update Critical Updates
> list! Does this mean that it isn't actually installing correctly?
>

Thanks Mike, no I haven't found any solution as yet.
I don't think we're the only ones having the problem either!
The MS MVPs seem to be very silent about this. I wonder why?

"Mike Sheaffer" wrote:

> I too am having this problem on multiple machines, and have tried all the
> steps you did as well, but WU still prompts to install this update every
> time. Have you found any solution?
>
> "Dave Hawley" wrote:
>
> > I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
> > It appeared to install correctly, but Windows Update is still telling me that
> > it needs to be installed! I installed it twice using Windows Update, and then
> > again using the downloaded standalone installation file, but the problem
> > still persists. The registry value at the key
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
> > Rollup 1\ is "1" which I would have thought was correct. In another thread,
> > is was suggested that this value should be "2". I've tried changing it to "2"
> > but the update still won't disappear from the Windows Update Critical Updates
> > list! Does this mean that it isn't actually installing correctly?
> >

"Dave Hawley" <> wrote in message
news:0F6673B6-7FA7-4B5B-9CB4-...
> I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
> It appeared to install correctly, but Windows Update is still telling me that
> it needs to be installed! I installed it twice using Windows Update, and then
> again using the downloaded standalone installation file, but the problem
> still persists. The registry value at the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
> Rollup 1\ is "1" which I would have thought was correct. In another thread,
> is was suggested that this value should be "2". I've tried changing it to "2"
> but the update still won't disappear from the Windows Update Critical Updates
> list! Does this mean that it isn't actually installing correctly?


It may mean that the final deferred copy step was not completed.
Did you leave security programs enabled which could have interfered
with this step? You could check the log to see which modules were
involved in the update and the current versions of those modules.
Check with the file manifest of the associated TechNet Bulletin
if the log doesn't make the updating versions clear.
Or you could use the MBSA to see what it thinks about the situation.
If the MBSA doesn't report module discrepancies automatically
you may still need to use the mbsacli.exe with its HfNetChk switches.

<title>Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available</title>
http://support.microsoft.com/default.aspx?kbid=320454


Hmm... it looks as if there is no separate bulletin for this update
and hence no file manifest. There is a list of separate security
updates which do have their individual bulletins and file manifests
so that suggests that MBSA could still be used if only to tell you
what it thinks in terms of that list.

http://support.microsoft.com/kb/891861

(MSN search for
sp4 rollup
)


Note that doing that will just get you a better symptom description.
E.g. identify which modules are regressed, etc.


Another approach would be to try uninstalling the whole rollup
and then try to reinstall it under more controlled conditions.
The idea there would be that the uninstall would reinstall
all the old versions of the modules which were present before
the first time you installed the rollup package. Then the reinstall
attempt would actually do some updating, hopefully more cleanly
this time.


HTH

Robert Aldwinckle
---

Hi Robert,
Thanks for that.
I have just tried again uninstalling and reinstalling the Rollup (using the
standalone installer), with all my virus scanners, firewalls, and webtraps
all switched off.
Exactly the same result as before, an apparently successful install, but
Windows Update still says I need to install it!
I have also downloaded and installed the MBSA tool.
That also tells me that the Rollup is missing, and I need to install it!
Any other ideas?
Thanks, Dave.
>
"Robert Aldwinckle" wrote:

> "Dave Hawley" <> wrote in message
> news:0F6673B6-7FA7-4B5B-9CB4-...
> > I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
> > It appeared to install correctly, but Windows Update is still telling me that
> > it needs to be installed! I installed it twice using Windows Update, and then
> > again using the downloaded standalone installation file, but the problem
> > still persists. The registry value at the key
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
> > Rollup 1\ is "1" which I would have thought was correct. In another thread,
> > is was suggested that this value should be "2". I've tried changing it to "2"
> > but the update still won't disappear from the Windows Update Critical Updates
> > list! Does this mean that it isn't actually installing correctly?
>
>
> It may mean that the final deferred copy step was not completed.
> Did you leave security programs enabled which could have interfered
> with this step? You could check the log to see which modules were
> involved in the update and the current versions of those modules.
> Check with the file manifest of the associated TechNet Bulletin
> if the log doesn't make the updating versions clear.
> Or you could use the MBSA to see what it thinks about the situation.
> If the MBSA doesn't report module discrepancies automatically
> you may still need to use the mbsacli.exe with its HfNetChk switches.
>
> <title>Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available</title>
> http://support.microsoft.com/default.aspx?kbid=320454
>
>
> Hmm... it looks as if there is no separate bulletin for this update
> and hence no file manifest. There is a list of separate security
> updates which do have their individual bulletins and file manifests
> so that suggests that MBSA could still be used if only to tell you
> what it thinks in terms of that list.
>
> http://support.microsoft.com/kb/891861
>
> (MSN search for
> sp4 rollup
> )
>
>
> Note that doing that will just get you a better symptom description.
> E.g. identify which modules are regressed, etc.
>
>
> Another approach would be to try uninstalling the whole rollup
> and then try to reinstall it under more controlled conditions.
> The idea there would be that the uninstall would reinstall
> all the old versions of the modules which were present before
> the first time you installed the rollup package. Then the reinstall
> attempt would actually do some updating, hopefully more cleanly
> this time.
>
>
> HTH
>
> Robert Aldwinckle
> ---
>
>
>

"Dave Hawley" <> wrote in message
news:748079A9-60E0-43FD-BD5C-...
> Hi Robert,
> Thanks for that.
> I have just tried again uninstalling and reinstalling the Rollup (using the
> standalone installer), with all my virus scanners, firewalls, and webtraps
> all switched off.
> Exactly the same result as before, an apparently successful install, but
> Windows Update still says I need to install it!
> I have also downloaded and installed the MBSA tool.
> That also tells me that the Rollup is missing, and I need to install it!
> Any other ideas?

If you need more help you are going to have to be more forthcoming
with the details I mentioned that you can find. If the uninstall-reinstall
idea didn't work, as I indicated I think you need to be able to express
your symptom in terms of regressed modules or incomplete
updates in order to be able to devise a repair procedure.

Did you find a log for the update? What was it called?
Is that how you determined that the update was "apparently successful"?
Did it show you a list of the modules which were copied? In particular
did it show you a list of modules which had to be "copied" by a reboot?
Did it show you any version information for those modules?
Have you verified that those modules still have that version?

I found that there *is* a TechNet Security Bulletin associated
with this update which hints that some of those modules may
have versions greater than the versions implied by the list of
patches it was composed of:

http://www.microsoft.com/technet/sec...ry/891861.mspx

(MSN search for
(891861 OR KB891861) site:microsoft.com
)

<quote>
Should I install Update Rollup 1 even if I have kept my
Windows 2000 SP4 systems up to date?
Yes. Update Rollup 1 contains additional important fixes
in files that have not previously been part of individual security updates,
as described in the Knowledge Base Article.
In addition, the Update Rollup 1 contains additional enhancements
that increase system security, reliability, reduce support costs,
and support the current generation of PC hardware.
In some cases, the individual binary files released
in previous individual security updates may have been updated
via individual hotfixes to address minor compatibility issues introduced
in those prior security updates that affected individual customers.
The latest versions of those files are included in the Update Rollup.
</quote>

So even though there is no manifest it should be possible
to create a list of modules which have greater version than
they would have if you had just installed each update separately.

Presumbably those modules will be what MBSA isn't finding
and which makes it think that your update is not installed.

Perhaps the MBSA mssecure.xml file can provide some insight
on this question. At one time the HfNetChk tool could do this type
of analysis on the installed modules (e.g. using switches such
as -v -z) I indicated that I wasn't sure if the latest MBSA
would give you that kind of detail report in its GUI mode
and mentioned the mbsacli.exe command-line alternative.
Perhaps you will have to resort to using it after all.

What exactly have you done with the MBSA so far
and what exactly did it show you?


HTH

Robert
---


> Thanks, Dave.
>>
> "Robert Aldwinckle" wrote:
>
>> "Dave Hawley" <> wrote in message
>> news:0F6673B6-7FA7-4B5B-9CB4-...
>> > I've just installed the Windows 2000 SP4 Update Rollup from Windows Update.
>> > It appeared to install correctly, but Windows Update is still telling me that
>> > it needs to be installed! I installed it twice using Windows Update, and then
>> > again using the downloaded standalone installation file, but the problem
>> > still persists. The registry value at the key
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Update
>> > Rollup 1\ is "1" which I would have thought was correct. In another thread,
>> > is was suggested that this value should be "2". I've tried changing it to "2"
>> > but the update still won't disappear from the Windows Update Critical Updates
>> > list! Does this mean that it isn't actually installing correctly?
>>
>>
>> It may mean that the final deferred copy step was not completed.
>> Did you leave security programs enabled which could have interfered
>> with this step? You could check the log to see which modules were
>> involved in the update and the current versions of those modules.
>> Check with the file manifest of the associated TechNet Bulletin
>> if the log doesn't make the updating versions clear.
>> Or you could use the MBSA to see what it thinks about the situation.
>> If the MBSA doesn't report module discrepancies automatically
>> you may still need to use the mbsacli.exe with its HfNetChk switches.
>>
>> <title>Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 is available</title>
>> http://support.microsoft.com/default.aspx?kbid=320454
>>
>>
>> Hmm... it looks as if there is no separate bulletin for this update
>> and hence no file manifest. There is a list of separate security
>> updates which do have their individual bulletins and file manifests
>> so that suggests that MBSA could still be used if only to tell you
>> what it thinks in terms of that list.
>>
>> http://support.microsoft.com/kb/891861
>>
>> (MSN search for
>> sp4 rollup
>> )
>>
>>
>> Note that doing that will just get you a better symptom description.
>> E.g. identify which modules are regressed, etc.
>>
>>
>> Another approach would be to try uninstalling the whole rollup
>> and then try to reinstall it under more controlled conditions.
>> The idea there would be that the uninstall would reinstall
>> all the old versions of the modules which were present before
>> the first time you installed the rollup package. Then the reinstall
>> attempt would actually do some updating, hopefully more cleanly
>> this time.
>>
>>
>> HTH
>>
>> Robert Aldwinckle
>> ---
>>
>>
>>

Thanks again Robert.
I have looked at the Rollup install log, (which is called
UpdateRollupPack.log.)
I can see no obvious errors recorded other than an apparent failure to open
some registry keys, which may be the source of the problem of course!
I am just printing it out (18 pages!)
I use the Windows 98 System File Checker program to check for version
changes on system files, even on Windows 2000 (I have a dual boot system) and
always run it to check whenever I install an update, to see what files have
been changed.
The log from that will tell me what files were changed when the Rollup was
installed, and what the previous and new versions were.
I will crosscheck that with the Rollup installation log, and make sure that
all the files mentioned in that as having been changed were in fact changed
correctly.
This will take me a while, so I will come back to you when I have a result!
Thanks again for your help with this.
Cheers, Dave.
>
"Robert Aldwinckle" wrote:

> "Dave Hawley" <> wrote in message
> news:748079A9-60E0-43FD-BD5C-...
> > Hi Robert,
> > Thanks for that.
> > I have just tried again uninstalling and reinstalling the Rollup (using the
> > standalone installer), with all my virus scanners, firewalls, and webtraps
> > all switched off.
> > Exactly the same result as before, an apparently successful install, but
> > Windows Update still says I need to install it!
> > I have also downloaded and installed the MBSA tool.
> > That also tells me that the Rollup is missing, and I need to install it!
> > Any other ideas?
>
> If you need more help you are going to have to be more forthcoming
> with the details I mentioned that you can find. If the uninstall-reinstall
> idea didn't work, as I indicated I think you need to be able to express
> your symptom in terms of regressed modules or incomplete
> updates in order to be able to devise a repair procedure.
>
> Did you find a log for the update? What was it called?
> Is that how you determined that the update was "apparently successful"?
> Did it show you a list of the modules which were copied? In particular
> did it show you a list of modules which had to be "copied" by a reboot?
> Did it show you any version information for those modules?
> Have you verified that those modules still have that version?
>
> I found that there *is* a TechNet Security Bulletin associated
> with this update which hints that some of those modules may
> have versions greater than the versions implied by the list of
> patches it was composed of:
>
> http://www.microsoft.com/technet/sec...ry/891861.mspx
>
> (MSN search for
> (891861 OR KB891861) site:microsoft.com
> )
>
> <quote>
> Should I install Update Rollup 1 even if I have kept my
> Windows 2000 SP4 systems up to date?
> Yes. Update Rollup 1 contains additional important fixes
> in files that have not previously been part of individual security updates,
> as described in the Knowledge Base Article.
> In addition, the Update Rollup 1 contains additional enhancements
> that increase system security, reliability, reduce support costs,
> and support the current generation of PC hardware.
> In some cases, the individual binary files released
> in previous individual security updates may have been updated
> via individual hotfixes to address minor compatibility issues introduced
> in those prior security updates that affected individual customers.
> The latest versions of those files are included in the Update Rollup.
> </quote>
>
> So even though there is no manifest it should be possible
> to create a list of modules which have greater version than
> they would have if you had just installed each update separately.
>
> Presumbably those modules will be what MBSA isn't finding
> and which makes it think that your update is not installed.
>
> Perhaps the MBSA mssecure.xml file can provide some insight
> on this question. At one time the HfNetChk tool could do this type
> of analysis on the installed modules (e.g. using switches such
> as -v -z) I indicated that I wasn't sure if the latest MBSA
> would give you that kind of detail report in its GUI mode
> and mentioned the mbsacli.exe command-line alternative.
> Perhaps you will have to resort to using it after all.
>
> What exactly have you done with the MBSA so far
> and what exactly did it show you?
>
>
> HTH
>
> Robert

"Dave Hawley" <> wrote in message
news:C7568C32-E704-43E1-9BEF-...
> Thanks again Robert.
> I have looked at the Rollup install log, (which is called
> UpdateRollupPack.log.)
> I can see no obvious errors recorded other than an apparent failure to open
> some registry keys, which may be the source of the problem of course!

You could give us those extracts to work with.


> I am just printing it out (18 pages!)
> I use the Windows 98 System File Checker program to check for version
> changes on system files, even on Windows 2000 (I have a dual boot system) and
> always run it to check whenever I install an update, to see what files have
> been changed.

Could you explain your procedure? There may be some NTx tools
you could use which would do just as good a job and be better understood
by others here.

For example, in XP there's msinfo32 which allows you to get full
version information on *loaded* modules. Does W2K have that too?
Or from the XP Support Tools I have command line tool filever
which would also be an improvement over manual checking.


> The log from that will tell me what files were changed when the Rollup was
> installed, and what the previous and new versions were.
> I will crosscheck that with the Rollup installation log, and make sure that
> all the files mentioned in that as having been changed were in fact changed
> correctly.
> This will take me a while, so I will come back to you when I have a result!
> Thanks again for your help with this.


You're welcome but let me repeat my last question because I still think
that using the MBSA or its command line tool might be the most
expeditious tack.

>> > I have also downloaded and installed the MBSA tool.
>> > That also tells me that the Rollup is missing, and I need to install it!
....
>> What exactly have you done with the MBSA so far
>> and what exactly did it show you?



Good luck

Robert
---

Hi Robert,
You're welcome to have the logs from the Rollup install and from the System
File Checker, but how would I get them to you?
I can't just copy and paste them into a message here as they are both huge!

I have been running the MBSA tool just using its graphical interface, and
after the first scan it told me that two critical installs were missing. One
was the Malicious Software Removal Tool (KB890830), and the other was the
Update Rollup of course.
I downloaded and ran the tool (the system was clean) and then did another
scan with MBSA. Only the Rollup was reported missing on the second scan, as I
expected.

I do have msinfo32, and have looked and found nothing unexpected.
I will only show modules that are actually loaded though won't it?
Any other dlls/exes which were part of the update but are not actually being
used by the system at that time will presumably not appear in the msinfo
listing.

I also have the filever utility.
The trouble is that we're not talking about a few files being changed here,
we're talking about hundreds!
I still think that my printout of the SFC log will give me the best chance
of making sure that the versions are what they now should be.
It is in an easy to read format, and gives the before and after file
versions and dates. I can always check the files individually if there is any
doubt about any of them.
I don't think that any of the command line utilities that you mention are
going to give me any more or any clearer information than what I already have.

I will let you know how I get on.............
Thanks again,
Dave.
>
"Robert Aldwinckle" wrote:

> "Dave Hawley" <> wrote in message
> news:C7568C32-E704-43E1-9BEF-...
> > Thanks again Robert.
> > I have looked at the Rollup install log, (which is called
> > UpdateRollupPack.log.)
> > I can see no obvious errors recorded other than an apparent failure to open
> > some registry keys, which may be the source of the problem of course!
>
> You could give us those extracts to work with.
>
>
> > I am just printing it out (18 pages!)
> > I use the Windows 98 System File Checker program to check for version
> > changes on system files, even on Windows 2000 (I have a dual boot system) and
> > always run it to check whenever I install an update, to see what files have
> > been changed.
>
> Could you explain your procedure? There may be some NTx tools
> you could use which would do just as good a job and be better understood
> by others here.
>
> For example, in XP there's msinfo32 which allows you to get full
> version information on *loaded* modules. Does W2K have that too?
> Or from the XP Support Tools I have command line tool filever
> which would also be an improvement over manual checking.
>
>
> > The log from that will tell me what files were changed when the Rollup was
> > installed, and what the previous and new versions were.
> > I will crosscheck that with the Rollup installation log, and make sure that
> > all the files mentioned in that as having been changed were in fact changed
> > correctly.
> > This will take me a while, so I will come back to you when I have a result!
> > Thanks again for your help with this.
>
>
> You're welcome but let me repeat my last question because I still think
> that using the MBSA or its command line tool might be the most
> expeditious tack.
>
> >> > I have also downloaded and installed the MBSA tool.
> >> > That also tells me that the Rollup is missing, and I need to install it!
> ....
> >> What exactly have you done with the MBSA so far
> >> and what exactly did it show you?
>
>
>
> Good luck
>
> Robert
> ---
>
>
>

Hi again Robert,
Sorry for the long delay in getting back to you.
I have spent several happy hours going through several hundred files which
should have been replaced by the Rollup, and as far as I can determine from
the logs they were all successfully replaced. Whether they were replaced by
the correct versions I cannot tell, as I don't know what the correct version
now is! All those files recorded as having been replaced in the Rollup's
install log do seem to have been replaced on the system, either with a
different later version, or with the same version as before but with a
different time stamp.
I have tried un-installing and re-installing the Rollup a few more times for
good measure. Every time it apparently installs correctly and is recorded
correctly in the Windows Event Log and appears correctly in the Add/Remove
program window.
And still every time I go back to Windows Update (or now Microsoft Update)
there it is staring me in the face telling me that it needs to be installed
again!
I'm running out of ideas now.
If I can get the install log to you somehow, do you think that it would give
you the answer? If so, I could e-mail it to you if I could have an address.
Thanks in anticipation. Dave.

"Dave Hawley" wrote:

> Hi Robert,
> You're welcome to have the logs from the Rollup install and from the System
> File Checker, but how would I get them to you?
> I can't just copy and paste them into a message here as they are both huge!
>
> I have been running the MBSA tool just using its graphical interface, and
> after the first scan it told me that two critical installs were missing. One
> was the Malicious Software Removal Tool (KB890830), and the other was the
> Update Rollup of course.
> I downloaded and ran the tool (the system was clean) and then did another
> scan with MBSA. Only the Rollup was reported missing on the second scan, as I
> expected.
>
> I do have msinfo32, and have looked and found nothing unexpected.
> I will only show modules that are actually loaded though won't it?
> Any other dlls/exes which were part of the update but are not actually being
> used by the system at that time will presumably not appear in the msinfo
> listing.
>
> I also have the filever utility.
> The trouble is that we're not talking about a few files being changed here,
> we're talking about hundreds!
> I still think that my printout of the SFC log will give me the best chance
> of making sure that the versions are what they now should be.
> It is in an easy to read format, and gives the before and after file
> versions and dates. I can always check the files individually if there is any
> doubt about any of them.
> I don't think that any of the command line utilities that you mention are
> going to give me any more or any clearer information than what I already have.
>
> I will let you know how I get on.............
> Thanks again,
> Dave.
> >
> "Robert Aldwinckle" wrote:
>
> > "Dave Hawley" <> wrote in message
> > news:C7568C32-E704-43E1-9BEF-...
> > > Thanks again Robert.
> > > I have looked at the Rollup install log, (which is called
> > > UpdateRollupPack.log.)
> > > I can see no obvious errors recorded other than an apparent failure to open
> > > some registry keys, which may be the source of the problem of course!
> >
> > You could give us those extracts to work with.
> >
> >
> > > I am just printing it out (18 pages!)
> > > I use the Windows 98 System File Checker program to check for version
> > > changes on system files, even on Windows 2000 (I have a dual boot system) and
> > > always run it to check whenever I install an update, to see what files have
> > > been changed.
> >
> > Could you explain your procedure? There may be some NTx tools
> > you could use which would do just as good a job and be better understood
> > by others here.
> >
> > For example, in XP there's msinfo32 which allows you to get full
> > version information on *loaded* modules. Does W2K have that too?
> > Or from the XP Support Tools I have command line tool filever
> > which would also be an improvement over manual checking.
> >
> >
> > > The log from that will tell me what files were changed when the Rollup was
> > > installed, and what the previous and new versions were.
> > > I will crosscheck that with the Rollup installation log, and make sure that
> > > all the files mentioned in that as having been changed were in fact changed
> > > correctly.
> > > This will take me a while, so I will come back to you when I have a result!
> > > Thanks again for your help with this.
> >
> >
> > You're welcome but let me repeat my last question because I still think
> > that using the MBSA or its command line tool might be the most
> > expeditious tack.
> >
> > >> > I have also downloaded and installed the MBSA tool.
> > >> > That also tells me that the Rollup is missing, and I need to install it!
> > ....
> > >> What exactly have you done with the MBSA so far
> > >> and what exactly did it show you?
> >
> >
> >
> > Good luck
> >
> > Robert
> > ---
> >
> >
> >