Infamous "svchost" Automatic Updates horrors continue
CogX
Windows XP/2000 systems since July, 2006 - and not the same systems, month
to month, either. The October MSI.DLL update (KB916089) seemed like it fix
it, but since there is apparently no way to know from monthly patch day to
monthly patch day what computer is going to have problems updating itself,
I can't say for sure. Subsequently, I installed the January MSI.DLL update
(KB927891) on those systems, since it supercedes the prior MSI.DLL hotfix.
Well, I am now not getting the svchost application errors, BUT automatic
updates, or even manual Windows/Microsoft Updates, is causing near 100% CPU
utilization for, well... on my own laptop (1200MHz Pentium M), which has
yet to have had this updates problem thus far, got hit this month (April
2007). The rogue svchost.exe process used 14 minutes of CPU time just to
show me what updates I had ready to install. Of course, during that time,
basically Windows was useless, clicking any application would take anywhere
from 20 seconds to a couple minutes to launch, so I just had to sit it down
and walk away from throw it against the wall. I'm actually even surprised
it eventually did figure itself out, I'd have never guessed it would have
taken 14 minutes for something that normally should only take about 1
minute, at most 2 minutes.
Yes, yes, I've done all the re-registering wua*.dll files, deleting the
%windir%\system32\catroot2 folder, re-installing Windows Installer 3.1 to
let catroot2 re-create itself, and whatnot, and my laptop has the KB927891
MSI.DLL hotfix and I ** STILL ** got hit again by this Microsoft updating
nightmare on a computer that had never had this happen before now, even
though it has been a known issue for going on a year across the large
number of computers I support.
Obviously, this is a problem Microsoft has lost control of and they don't
know what the root cause is. Sure, the application crashing appears to have
been fixed with the January MSI.DLL hotfix, but not the underlying cause
for the 100% CPU utilization and abnormally long updates processing
problem. :(
PA Bear
Update to Windows Update?
[Go to Microsoft Update > Click on Change Settings in left pane > Scroll to
bottom of page > To Stop Using Microsoft Update > Disable Microsoft Update
software and let me use Windows Update only (check).]
Try deleting the contents of this folder (or the folder itself) & reboot:
C:\WINDOWS\SoftwareDistribution\DataStore
If no joy, try deleting the contents of this folder (or the folder itself) &
reboot:
C:\WINDOWS\SoftwareDistribution
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org
MowGreen [MVP]
DataStor.edb file will provide a temp resolution when the size or
integrity of the file is out of whack.
Doing so *will* also delete the history of updating that is viewed on
the WU or MU site.
To mitigate the size/integrity issue of the contents of
SoftwareDistribution it is suggested that this folder by excluded from
scans by the installed AV. As of today, there is no known malware that
has used it as an attack vector.
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
TaurArian
I've had a few problems with corruption ever since about January. As that is
about the time I installed Trend, it may be worth excluding that folder from
the scans just to see if it makes a difference. Trend seems to go off on it's
own little merry way regardless of what I try to tell it. LOL.
K
PA Bear
TaurArian
Really quite annoying sometimes when it just pops up while you're reading
something then it does it's own thing then disappears. (Must figure out how
to program it not to pop up - perhaps I'll read the instructions, nah - I'll
just play with it until I break it)
<laughing>
K
TaurArian [MS-MVP]
K
--
====================================
TaurArian [MS-MVP] 2005-2007 - Australia
====================================
How to make a good post: http://www.dts-l.org/goodpost.htm
Backup and data recovery: http://www.acronis.com.sg/
Enhancing file system performance: http://www.diskeeper.com/defrag.asp
"TaurArian" <Taur...@discussions.microsoft.com> wrote in message
news:C8C2375A-9D82-4C9C...@microsoft.com...
MowGreen [MVP]
If it's the 'security suite' then suggest you disable the firewall and
switch back to the native Windows firewall. I found that the Trend
firewall was finicky, at best.
MG
Kelly
I found that I had a svchost running at 99% I tracked it down to automatic
updates set to automatic. When I turned off auto update the computer came
back. How can we fix this problem? Also I noticed that when I went to
microsoft update and asked it to scan for updates the svchost at 99% cpu
usage came back and it never finishes the scan. I was able to end tree and
get the computer back. Hope someone can help. Kelly
PA Bear
CogX
evidence over the months appears to be that having Office 2003 installed is
a requirement for this updating problem/ I don't know if when we sitch en
masse to Office 2007 if these the monthly security updates will actually
all install in an orderly fashion or not.
In any case, like I said, I just let the MU scan run at ~100% CPU and had
to walk away. I came back and it had eventually figured out what I needed
to download and install, but the CPU time the process ate up was 14
minutes. Did you wait that long, before giving up?
MowGreen [MVP]
in front of you, yet you keep missing it.
To see the other posts please read this:
Using Web-based Newsreaders
http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc#usenewsweb
Using NNTP Newsreaders
http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc#usenewsnntp
You are posting about an issue that has already had a temporary fix
posted for it. Twice in this thread; numerous times in this newsgroup.
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
bkoe...@gmail.com
that have been downloaded but not installed?
JB Miha
Miha
PA Bear
--
~PAÞ
MowGreen [MVP] wrote:
> Do any of you see the other posts in this thread ? The answer is right
> in front of you, yet you keep missing it.
> To see the other posts please read this:
>
> Using Web-based Newsreaders
> http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc#usenewsweb
>
> Using NNTP Newsreaders
> http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc#usenewsnntp
>
> You are posting about an issue that has already had a temporary fix
> posted for it. Twice in this thread; numerous times in this newsgroup.
>
CogX
hotfix (KB927891), since the original problems starting hindering about 8%
of the Windows computers I support. Yes, the application error is gone,
but the ~100% CPU utilization for >15 minutes is NOT normal behavior for
AU/WU/MU, so Microsoft hasn't solved it all yet. Telling people to just
download KB927891 and their problems will go away isn't going to be the
correct answer every time, I truly wish it was the case. Up until Apri 10,
2007, I also didn't have any reason to doubt KB927891 was the silver
bullet... but, it's not.
"MowGreen [MVP]" <mowg...@nowandzen.com> wrote in
news:#9Anr7if...@TK2MSFTNGP05.phx.gbl:
> Do any of you see the other posts in this thread ? The answer is right
> in front of you, yet you keep missing it.
> To see the other posts please read this:
>
>
alle...@gmail.com
folders and still does it.
I was able to reproduce it on a freshly imaged laptop, and it would
happen after every reboot when Auto Updates were set to any of the
options except for disabled.
I was also able to replicate doing manual updates via "microsoft
updates" where the issue was with "microsoft updates" not with
"windows updates" ....further checking, WUAUCLT.exe and WUAENG.DLL are
the same versions(5.8.0.2469) regardless if you choose the option in
IE to user "WIndows Updates" or "Microsoft Update" so the engine or
database it uses it defective. Where using "MS Updates" would cause
it to scan for about 20minutes to 1hour, where as "Windows Updates"
would take 1minute.
So to get users up again, we've disabled Automatic Updates via GPO to
our 3000 machines...even though it's happening to our laptop
population, at least the users are productive again. I'm hoping to
find an easy way to move the laptops to a seperate OU with Updates
disabled and the rest to enabled as the Desktops seem to be
unaffected.
I sent an email to our MS TAM and he hasn't responded yet..
Hoping to upgrade our SMS server to latest ITMU v3 and test with that
instead of WSUS. This will upgrade WUACLT.exe to version
5.8.0.2694 ...maybe this will help?
Yes, eagerly looking for a fix
Jim Byrd
This is my general post on this problem addressed to a wide range of user
abilities, so don't be insulted. :)
How knowledgable about doing things are you? Do you know how to
start and stop services? How to run a .cmd file? If not, you'll need
access to someone who does to avoid problems. The following assumes you're
on Windows XP but will probably work OK for Win2k as well. If you're
confident about what you're doing, then try the
following first - only if it doesn't work, then there's another level of
stuff that can be done following:
1. Stop and Disable Automatic Updates, Background Intelligent Transfer
Service and the Cryptographic Service.
2. Rename the folder %SystemRoot%\SoftwareDistribution to
%SystemRoot%\OldSoftwareDistribution
3. Open Notepad and create a file containing the following:
REGSVR32 WUAPI.DLL
REGSVR32 WUAUENG.DLL
REGSVR32 WUAUENG1.DLL
REGSVR32 ATL.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUPS2.DLL
REGSVR32 WUWEB.DLL
Save this file as 'Wudll.cmd' (without the quotes) to any convenient
location then exit Notepad and double click on the file you just saved. You
should get a 'Sucess' mesage for each of the .dll's listed above.
4. Now Re-enable to Automatic status and then Start each of the services
you stopped before - Automatic Updates, Background Intelligent Transfer
Service and the Cryptographic Service.
5. Now Reboot. Now Reboot Again. (Yes, twice.)
See if that solves it - give it a couple of days. If so, then you can
delete 'OldSoftwareDistribution'. I would request that you post back with
your results. _Only if the problem does re-occur_, then do the following
_exactly_:
1. Go to http://wiki.djlizard.net/Dial-a-fix and download Dial-a-fix
v0.60.0.24 (2006-10-27)
2. Unzip it to a new folder at root with any name, e.g.
c:\Dial-a-fix-v0.60.0.24
3. Double click on Dial-a-fix.exe in that folder.
4. Click on the following:
Options/tooltips (just to get an idea of what it does in each section.
:) )
Both boxes under Prep
The 'all' (top) box for Sections 2, 3 and 4 (which will automatically
be set when you check 3)
In Section 5, 'Programming cores/runtimes' and
'Explorer/IE/OE/shell/WMP' only.
Click 'Go' . (Some of the re-registrations may take what seems like a
long time for some .dll's - Don't be impatient.)
5. Reboot (if Dial-a-fix doesn't do it automatically at the end). Now
Reboot Again. (Yes, twice.)
See if that does the trick, and, again please post back with your
experience.
MS is well aware of the problem and has provided privately two different
responses:
"I regret to say that I was told that this known issue requires too much
change to be implemented in a hotfix. A change will instead be implemented
in the next Automatic Updates client, which we are planning to release in Q2
this year."
"According to the feedback from Product Development team, this fix will be
published as a security update on the Windows Update site and the relevant
KB article will also be released by us. Therefore, we just need to keep the
system on the network up to date. In addition, the Product Development team
also indicates that the WSUS 3.0 client may contain this patch if this fix
can released timely. At that moment, we can also attempt to upgrade to the
WSUS client 3.0 to test the issue."
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In news:1177019899.3...@y80g2000hsf.googlegroups.com,
alle...@gmail.com <alle...@gmail.com> typed:
M.J.
1. Go to http://wiki.djlizard.net/Dial-a-fix ; and download Dial-a-fix
v0.60.0.24 (2006-10-27)
From the website :
Dial-a-fix
From TechWiki
Jump to: navigation, search
There is currently no text in this page, you can search for this page title
in other pages or edit this page.
Jim Byrd
fine just now. However, here's a direct download link:
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip and a
secondary: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip from
that page's download section, here:
http://wiki.djlizard.net/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles
both of which are working fine as of this moment. See if those help.
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In news:EA2D90CC-3306-4A22...@microsoft.com,
M.J. <M...@discussions.microsoft.com> typed:
The Nintendo Freak
computers and noticeably that the only ones that seem to cause trouble are
the pentium 3 550 computers, i have ran fresh load of office and windows xp
SP2 over and over again on multiple pcs and all ends up the same, as the
others have stated that all those listed "fixes" or "workarounds" dont work
at all in my opinion i think one of either the windows updates or the office
updates is causing a conflict with microsoft update, i know this cause
microsoft update works to a point and then all of a sudden stops working
kinda makes you wonder if people are being forced to update to vista just so
they have the latest updates
--
" i clear my nose at you, i fart in your genral direction, your mother was a
hamster and your father smelled of elderberry"-- John Cleese-Monty Python And
The Holy Grail
Kelly
Jim Byrd
to work, at least for all those from whom I've had feedback so far:
responses concerning a fix:
"I regret to say that I was told that this known issue requires too much
change to be implemented in a hotfix. A change will instead be implemented
in the next Automatic Updates client, which we are planning to release in Q2
this year."
"According to the feedback from Product Development team, this fix will be
published as a security update on the Windows Update site and the relevant
KB article will also be released by us. Therefore, we just need to keep the
system on the network up to date. In addition, the Product Development team
also indicates that the WSUS 3.0 client may contain this patch if this fix
can released timely. At that moment, we can also attempt to upgrade to the
WSUS client 3.0 to test the issue."
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In news:B932148A-5F20-4CC2...@microsoft.com,
Kelly <Ke...@discussions.microsoft.com> typed:
yesmen
despite Microsoft's "patches" that do next to nothing. This problem
sucks CPU which affects older machines more.
Questions has to be raised about the quality of Microsoft's team working
on this - they suck as much as their programs suck cpu. This dog pile
certainly doesn't belong on any machine.
Or could this be part of a strategy to force users to upgrade to Vista?
alle...@gmail.com
from Technet and Various newsgroups. I even went as far as building 2
WSUS servers (1 standalone and 1 child to our existing).
Standalone looked like it was working and now it's doing the same
thing and highly suspect it's the Microsoft Update engine as opposed
to the WIndows Update agent that is causing it, and it's also
happening to the laptops (which are slower than the desktops).
I'll search around on the newsgroup some more as I've basically turned
off AutoUpdates via GPO so users can work and I can research while
also working on other things.
Allen
On Apr 20, 12:15 am, "Jim Byrd" <jrb...@spamless.roadrunner.com>
wrote:
> 1. Go tohttp://wiki.djlizard.net/Dial-a-fix and download Dial-a-fix
> allenm...@gmail.com <allenm...@gmail.com> typed:
alle...@gmail.com
http://blogs.technet.com/wsus/archive/2007/04/28/update-on.aspx
Jim Byrd
this would be a good idea:
The newly released 'standalone' version of Windows Update Agent 3.0, v.
7.0.6000.374, for 32 bit machines is available here:
http://download.windowsupdate.com/v7/windowsupdate/redist/standalone/WindowsUpdateAgent30-x86.exe
You will also need to install or re-install KB927891, here:
http://support.microsoft.com/?kbid=927891 for a complete fix.
For those using Windows Server - Courtesy of Bobby Harter, Program Manager,
WSUS, Microsoft, WSUS 3.0 was released on April 30th and is avaialble now on
the Microsoft Download Center. Full information, documentation, samples and
links to the bits can be found here: http://www.microsoft.com/wsus. WSUS
3.0 RC will be supported until May 31st 2007 - WSUS 3.0 supports upgrade of
WSUS 2.0 SP1 and WSUS 3.0 RC.
The MS WSUS team believes that this solves all three 'svchost' problems that
folks have been experiencing. See here:
http://blogs.technet.com/wsus/archive/2007/04/28/update-on.aspx
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In news:1178138700....@l77g2000hsb.googlegroups.com,
alle...@gmail.com <alle...@gmail.com> typed:
alle...@gmail.com
So from reading the newsgroups:
1) install the hotfix 927891
2) install the WUA agent 3.0
3) upgrade the Server to 3.0
For the Hotfix: can that be applied to machines not affected? We
aren't sure who's really affected as our user base is 3,000, and I'd
like to push the hotfix via SMS to XP machines to make things
simpler.
Any harm in doing that?
thanks
Allen
Ottmar Freudenberger
> So from reading the newsgroups:
> 1) install the hotfix 927891
> 2) install the WUA agent 3.0
> 3) upgrade the Server to 3.0
>
> For the Hotfix: can that be applied to machines not affected?
Yes.
> Any harm in doing that?
No.
Bye,
Freudi
Jim Byrd
careful to push the appropriate version of 927891 for the box involved -
there are several depending on whether a box is XP or Windows Server and
whether the box OS is 32 or 64-bit. See here:
http://support.microsoft.com/?kbid=927891 If they are _all_ 32-bit XP, then
the only one you will need to push is here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A81B0CD-A0B9-497E-8A89-404327772E5A
That hotfix and the new Update Agent should probably be upgraded on all
machines to prevent the occurance of the 'svchost' related issues on those
that haven't had the problem as well as to correct it (hopefully
permanently) on those that have.
--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/
In news:1178218454.3...@p77g2000hsh.googlegroups.com,
alle...@gmail.com <alle...@gmail.com> typed: