KB977816 fails to apply to 2000 server

Discussion in 'Windows Update' started by azentech2, May 17, 2010.

  1. azentech2

    azentech2 Guest

    KB977816 fails to apply to 2000 server. After server reboots, update
    reappears and asks to be installed. I have noted that tech support has asked
    for the windowsupdate.log and the updateshandler.log in other incidents. The
    windows update.log is below, however I did not find an updateshandler.log (or
    anything close) on the server. I did find the KB977816.log and that also
    follows.



    The following errors are in the system log:

    ______________________________________



    4/26 16:01

    Event Type: Error

    Event Source: Windows Update Agent

    Event Category: Installation

    Event ID: 20

    Date: 4/26/2010

    Time: 4:01:04 PM

    User: N/A

    Computer: server1

    Description:

    Installation Failure: Windows failed to install the following update with
    error 0x80242007: Security Update for Windows 2000 (KB977816).

    Data:

    0000: 57 69 6e 33 32 48 52 65 Win32HRe

    0008: 73 75 6c 74 3d 30 78 38 sult=0x8

    0010: 30 32 34 32 30 30 37 20 0242007

    0018: 55 70 64 61 74 65 49 44 UpdateID

    0020: 3d 7b 31 44 37 37 37 34 ={1D7774

    0028: 36 31 2d 42 35 37 41 2d 61-B57A-

    0030: 34 33 31 35 2d 39 39 41 4315-99A

    0038: 35 2d 33 35 32 44 38 31 5-352D81

    0040: 34 30 44 42 44 46 7d 20 40DBDF}

    0048: 52 65 76 69 73 69 6f 6e Revision

    0050: 4e 75 6d 62 65 72 3d 31 Number=1

    0058: 30 31 20 00 01 .





    Event Type: Error

    Event Source: Windows Update Agent

    Event Category: Installation

    Event ID: 20

    Date: 5/3/2010

    Time: 4:00:17 PM

    User: N/A

    Computer: server1

    Description:

    Installation Failure: Windows failed to install the following update with
    error 0x80242007: Security Update for Windows 2000 (KB977816).

    Data:

    0000: 57 69 6e 33 32 48 52 65 Win32HRe

    0008: 73 75 6c 74 3d 30 78 38 sult=0x8

    0010: 30 32 34 32 30 30 37 20 0242007

    0018: 55 70 64 61 74 65 49 44 UpdateID

    0020: 3d 7b 31 44 37 37 37 34 ={1D7774

    0028: 36 31 2d 42 35 37 41 2d 61-B57A-

    0030: 34 33 31 35 2d 39 39 41 4315-99A

    0038: 35 2d 33 35 32 44 38 31 5-352D81

    0040: 34 30 44 42 44 46 7d 20 40DBDF}

    0048: 52 65 76 69 73 69 6f 6e Revision

    0050: 4e 75 6d 62 65 72 3d 31 Number=1

    0058: 30 31 20 00 01 .



    Event Type: Error

    Event Source: Windows Update Agent

    Event Category: Installation

    Event ID: 20

    Date: 5/10/2010

    Time: 4:00:15 PM

    User: N/A

    Computer: server1

    Description:

    Installation Failure: Windows failed to install the following update with
    error 0x80242007: Security Update for Windows 2000 (KB977816).

    Data:

    0000: 57 69 6e 33 32 48 52 65 Win32HRe

    0008: 73 75 6c 74 3d 30 78 38 sult=0x8

    0010: 30 32 34 32 30 30 37 20 0242007

    0018: 55 70 64 61 74 65 49 44 UpdateID

    0020: 3d 7b 31 44 37 37 37 34 ={1D7774

    0028: 36 31 2d 42 35 37 41 2d 61-B57A-

    0030: 34 33 31 35 2d 39 39 41 4315-99A

    0038: 35 2d 33 35 32 44 38 31 5-352D81

    0040: 34 30 44 42 44 46 7d 20 40DBDF}

    0048: 52 65 76 69 73 69 6f 6e Revision

    0050: 4e 75 6d 62 65 72 3d 31 Number=1

    0058: 30 31 20 00 01 .



    __________________________________________________________________________



    Following is from the kb977816.log

    [KB977816.log]



    0.062:
    ================================================================================

    0.062: 2010/05/01 22:00:11.654 (local)

    0.062:



    C:\WINNT\SoftwareDistribution\Download\586671b6e88709181e116629645af021\update\update.exe



    (version 6.3.13.0)

    0.062: Failed To Enable SE_SHUTDOWN_PRIVILEGE

    0.062: Hotfix started with following command line: -q -z -er



    /ParentInfo:29aeabc414be3642a2395dea1597b201

    0.062: 1339 GetBuildType: noop for OS 5.0

    0.062: C:\WINNT\system32\l3codecx.ax is Present

    0.062: First Condition in Test.Exist.WM.Section.wm Succeeded

    0.062: Condition succeeded for section Test.Exist.WM.Section.wm in Line 1 of
    PreRequisite

    0.562: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with
    error 0x2

    0.562: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with
    error 0x2

    0.562: DoInstallation: CleanPFR failed: 0x2

    0.562: 1339 GetBuildType: noop for OS 5.0

    0.562: SetProductTypes: InfProductBuildType=BuildType.IS

    0.578: SetAltOsLoaderPath: No section uses DirId 65701; done.

    0.578: C:\WINNT\system32\l3codecx.ax is Present

    0.578: Condition succeeded for section Test.Exist.WM64.Section.1 in Line 1 of



    Condition.WM64.Section

    0.578: FileVersion of C:\WINNT\system32\l3codecx.ax is Greater or Equal To
    1.5.0.00

    0.578: Condition succeeded for section Test.Exist.WM64.Section.2 in Line 2 of



    Condition.WM64.Section

    0.578: FileVersion of C:\WINNT\system32\l3codecx.ax is Less Or Equal To
    1.6.0.99

    0.578: Condition succeeded for section Test.UpperVersionCheck.WM64.Section.1
    in Line 3 of



    Condition.WM64.Section

    0.578: C:\WINNT\system32\l3codeca.acm is Not Present

    0.578: Condition Check for Line 1 of Condition.WM9.Section returned FALSE

    0.578: DoInstallation: FetchSourceURL for



    c:\winnt\softwaredistribution\download\586671b6e88709181e116629645af021\update\update.inf



    failed

    0.578: CreateUninstall = 1,Directory = C:\WINNT\$NtUninstallKB977816_WM9$

    0.578: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed:
    0xe0000102

    0.578: BuildCabinetManifest: update.url absent

    0.578: Starting AnalyzeComponents

    0.578: AnalyzePhaseZero used 0 ticks

    0.594: OEM file scan used 0 ticks

    0.594: AnalyzePhaseOne: used 16 ticks

    0.594: AnalyzeComponents: Hotpatch analysis disabled; skipping.

    0.594: AnalyzeComponents: Hotpatching is disabled.

    0.609: AnalyzePhaseTwo used 15 ticks

    0.609: AnalyzePhaseThree used 0 ticks

    0.609: AnalyzePhaseFive used 0 ticks

    0.609: AnalyzePhaseSix used 0 ticks

    0.609: AnalyzeComponents used 31 ticks

    0.609: Downloading 0 files

    0.609: bPatchMode = FALSE

    0.609: Inventory complete: ReturnStatus=0, 31 ticks

    0.609: Num Ticks for invent : 31

    0.609: Allocation size of drive C: is 512 bytes, free space = 9349340160 bytes

    0.609: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.

    0.609: Drive C: free 8916MB req: 6MB w/uninstall: NOT CALCULATED.

    0.609: CabinetBuild complete

    0.609: Num Ticks for Cabinet build : 0

    0.609: DynamicStrings section not defined or empty.

    0.609: FileInUse:: Added to Filelist: c:\winnt\kb977816.cat

    0.609: FileInUse:: Added to Filelist: c:\winnt\system32\l3codecx.ax

    0.609: FileInUse:: Added to Filelist: c:\winnt\system32\dllcache\l3codecx.ax



    The following is from the windowsupdate.log :







    2010-04-21 03:07:11:866 1156 488 AU
    #############

    2010-04-21 03:07:11:866 1156 488 AU ##
    START ## AU: Search for updates

    2010-04-21 03:07:11:866 1156 488 AU
    #########

    2010-04-21 03:07:11:866 1156 488 AU
    <<## SUBMITTED ## AU: Search for updates [CallId =
    {6A365DDD-AF2C-49DD-BC75-F6DFEC761467}]

    2010-04-21 03:07:11:866 1156 6e4 Agent
    *************

    2010-04-21 03:07:11:866 1156 6e4 Agent **
    START ** Agent: Finding updates [CallerId = AutomaticUpdates]

    2010-04-21 03:07:11:866 1156 6e4 Agent
    *********

    2010-04-21 03:07:11:866 1156 6e4 Agent *
    Online = Yes; Ignore download priority = No

    2010-04-21 03:07:11:866 1156 6e4 Agent *
    Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation'
    and IsAssigned=1 or IsHidden=0 and IsPresent=1 and



    DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and
    IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and
    RebootRequired=1 or IsHidden=0 and IsInstalled=0 and



    DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"

    2010-04-21 03:07:11:866 1156 6e4 Agent *
    ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed

    2010-04-21 03:07:11:866 1156 6e4 Agent *
    Search Scope = {Machine}

    2010-04-21 03:07:13:288 1156 6e4 Misc
    Validating signature for
    C:\WINNT\SoftwareDistribution\SelfUpdate\Default\wuident.cab:

    2010-04-21 03:07:13:288 1156 6e4 Misc
    Microsoft signed: Yes

    2010-04-21 03:07:20:101 1156 6e4 Misc
    Validating signature for
    C:\WINNT\SoftwareDistribution\SelfUpdate\Default\wuident.cab:

    2010-04-21 03:07:20:101 1156 6e4 Misc
    Microsoft signed: Yes

    2010-04-21 03:07:20:179 1156 6e4 Misc
    Validating signature for
    C:\WINNT\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:

    2010-04-21 03:07:20:179 1156 6e4 Misc
    Microsoft signed: Yes

    2010-04-21 03:07:20:194 1156 6e4 Setup
    *********** Setup: Checking whether self-update is required ***********

    2010-04-21 03:07:20:194 1156 6e4 Setup *
    Inf file: C:\WINNT\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\cdm.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuapi.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuapi.dll.mui: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuauclt.exe: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuaucpl.cpl: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuaucpl.cpl.mui: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuaueng.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuaueng.dll.mui: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wucltui.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wucltui.dll.mui: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wups.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wups2.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup
    Update NOT required for C:\WINNT\system32\wuweb.dll: target version =
    7.4.7600.226, required version = 7.4.7600.226

    2010-04-21 03:07:20:194 1156 6e4 Setup *
    IsUpdateRequired = No
     
    azentech2, May 17, 2010
    #1
    1. Advertisements

  2. See the "How to obtain help" section of
    http://support.microsoft.com/kb/977816

    For home users, no-charge support is available by calling 1-866-PCSAFETY
    (1-866-727-2338; and/or 1-866-234-6020 and/or 1-800-936-5700) in the United
    States and in Canada or by contacting your local Microsoft subsidiary.
    There is no-charge for support calls that are associated with security
    updates. When you call, clearly state that your problem is related to a
    Security Update and cite the update's KB number (e.g., KB977816).

    Or you can...

    Start a free Windows Update support incident email request:
    https://support.microsoft.com/oas/default.aspx?gprid=6527

    Customers who experience issues installing Microsoft security updates also
    can visit the following page for assistance:
    https://consumersecuritysupport.microsoft.com/

    For more information about how to contact your local Microsoft subsidiary
    for security update support issues, visit the International Support Web
    site: http://support.microsoft.com/common/international.aspx

    For enterprise customers, support for security updates is available through
    your usual support contacts.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002

    <SNIP>
     
    PA Bear [MS MVP], May 17, 2010
    #2
    1. Advertisements

  3. azentech2

    Peter Foldes Guest

    This has been reported many times in different newsgroups. The Update or any Update
    for Windows 2000 will not install since the install file has been pulled.It still
    shows but it is an empty file .You can see this yourself if you try and download
    that file manually. It will not download. Windows 2000 and all updates for it in
    essence is dead. Microsoft pulled it from their sites according to the agreement
    between Sun and the DOJ

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    http://www.microsoft.com/protect

     
    Peter Foldes, May 18, 2010
    #3
  4. azentech2

    John Guest

    I just downloaded it from here:
    http://www.microsoft.com/downloads/...C2-B9D0-46CF-9265-A0D4AEB1448F&displaylang=en

    Apparently the update is still available. I'm having the same problem as OP
    but mine is a Win2000 Pro machine.
    What agreement?
     
    John, May 18, 2010
    #4
  5. azentech2

    Peter Foldes Guest

    Then you have the same issue and the same answer from me.

    Microsoft lost the case which was brought against them by Sun Microsystems for using
    their technology. The agreement was that MS will discontinue Support (which was done
    at a very early stage ) and stop all aspects of Windows 2000 including updates. This
    was completed at some point last year by MS. In essence Windows 2000 in all flavors
    is dead as far as updating among others

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    http://www.microsoft.com/protect
     
    Peter Foldes, May 18, 2010
    #5
  6. azentech2

    azntch Guest

    That doesn't seem to make sense as this kb977816 is listed as a security
    update by Microsoft yet see:
    http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx. It says its
    related to codecs:
    This security update resolves a privately reported vulnerability in
    Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote
    code execution if a user opened a specially crafted AVI file containing an
    MPEG Layer-3 audio stream. If a user is logged on with administrative user
    rights, an attacker who successfully exploited this vulnerability could take
    complete control of an affected system. An attacker could then install
    programs; view, change, or delete data; or create new accounts with full user
    rights. Users whose accounts are configured to have fewer user rights on the
    system could be less impacted than users who operate with administrative user
    rights.

    This security update is rated Critical for all supported editions of
    Microsoft Windows 2000, Windows XP, Windows Server 2003 (except Itanium-based
    editions), and Windows Server 2008 (except Itanium-based editions). For all
    supported editions of Windows Vista, this security update is rated Important.
    Itanium-based editions of Windows Server 2003 and Windows Server 2008, and
    all supported editions of Windows 7 and Windows Server 2008 R2, are not
    affected by the vulnerability. For more information, see the subsection,
    Affected and Non-Affected Software, in this section.

    The security update addresses the vulnerability by correcting the way that
    the Microsoft MPEG Layer-3 audio codecs decode the MPEG Layer-3 audio stream
    in specially crafted AVI files. For more information about the vulnerability,
    see the Frequently Asked Questions (FAQ) subsection for the specific
    vulnerability entry under the next section, Vulnerability Information.
     
    azntch, May 18, 2010
    #6
  7. azentech2

    John Guest

    Try this:
    Search for L3codeca.acm file in C:\WINNT folder. There should be one
    L3codeca.acm file in the following location:

    C:\WINNT\SoftwareDistribution\Download\<maybe some random numbers>\wm9

    Copy the L3codeca.acm file to C:\WINNT\System32 folder. File size is about
    301KB, with a date stamp of 1/21/2010.

    I just did the above. Now Windows 2000 Pro stops telling me there's a new
    update (KB977816) to install. I'm going to wait for several days to be sure
    that this crap doesn't come back as needed.
     
    John, May 18, 2010
    #7

  8. Did you try opening a support case for this yet? (PA Bear's advice.)

    Otherwise, I don't think there is enough information in these logs. FWIW
    what I would do is run ProcMon to supplement whatever diagnostics you can
    force the install to give you, e.g. add a /verbose switch (if there is one)
    and do a manual install.

    http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx

    There is one. Expand.
    [-] Security Update Deployment
    [-] Windows 2000 (all editions)
    [-] Deployment Information

    A small puzzle is why all these switches are so different from the ones
    which are documented? ; )

    http://support.microsoft.com/kb/262841

    -z would imply /norestart so why were you getting a reboot?


    Clearly from the wrong end. ; ) Hint: if you do a manual install you
    won't need to consider this log.

    Tip: before you do the reboot check what it is going to do for you. E.g.
    check the install log, the Event log (e.g. using Event Viewer) and the
    registry value PendingFileRenameOperations. Check the versions of all of
    the files implied by those diagnostics and confirm that they make sense.
    After the reboot check again using the same information to confirm that the
    update has completed.


    Good luck

    Robert Aldwinckle
    ---
     
    Robert Aldwinckle, May 18, 2010
    #8
  9. I think you're thinking of a different update.

    Harry.
     
    Harry Johnston [MVP], May 20, 2010
    #9
  10. azentech2

    azntch Guest

    What is odd is all the switches etc - were just from the sus client doing the
    automatic update. We didn't tell it to do anything in particular. Just to do
    the downloads and reboots at a certain time each week.
    I have opened a support case but have not received much in response yet.
    Will post when I do. The problem I run into is that these are vital servers,
    so I need to schedule the work well in advance, So probably will be trying
    something this coming week - judy not exactly sure what yet. Am hoping I will
    get a response from support - if so I will post the relevant detail here.
    thank you


     
    azntch, May 21, 2010
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.