Step-by-step Troubleshooting Windows Update Failed or Rollback in Windows Server 2016, 2019, 2022, Windows 11

Leave a Comment | Windows Server, Troubleshooting | By
how to troubleshoot failed patches in windows server
 

Windows updates are crucial for keeping your Windows systems secure, stable, and performing well. However, update failures, rollbacks, and similar problems are frequent issues for IT admins and users. This is especially true for various versions like Windows Server 2016, 2019, 2022, and Windows 11. This detailed article addresses the most common Windows Update issues, their causes, and expert steps to troubleshoot, resolve, and prevent them.

Common Symptoms of Windows Update Failure

windows update issue
 

Update issues can show up in several ways across Windows Server 2016, 2019, 2022, and Windows 11.  

  • Updates stuck at specific percentages, like 0%, 20%, or 100%  
  • Error messages such as 0x80070002, 0x800f081f, 0x80073701, and others  
  • The system rolling back to the previous state after restarting  
  • Blue screen errors (BSOD) during or after updates  
  • Updates not found or failing to download  
  • Feature Updates failing to install, for example, Windows 11 23H2  
  • Update loops where the system keeps trying to install the same update repeatedly.  

Why Windows Updates are failing? 

 
Understanding the root causes can help with troubleshooting. Few of the common causes can be
  • Corrupted update files or system components
  • Incompatible drivers or software
  • Insufficient disk space
  • Misconfigured Group Policy or WSUS settings (servers)
  • Interference from third-party antivirus or security software
  • Hardware compatibility issues
  • Network connectivity problems
 

Step-by-Step Troubleshooting Windows Update issues

 
1. Check Windows Update Error Codes
 
When updates get failed, Windows will generate an error code. Note the error code shown in Settings > Update & Security > Windows Update or in the Event Viewer or in CBS logs, most of the time you will get cause of patch failure in CBS.log (path is C:WindowsLogsCBScbs.log) or Search Microsoft’s documentation or this article for the solution.
 
2. Run the Windows Update Troubleshooter
 
Since windows has a built-in troubleshooter, try following tool to troubleshoot first
 
For Windows 11: Go to Settings > System > Troubleshoot > Other troubleshooters. Find Windows Update and click Run.
 
For Windows Server 2016/2019/2022: Go to Control Panel > Troubleshooting > Fix problems with Windows Update.
 
In most of the cases the troubleshooter will fix common issues automatically.
 
3. Rename Software Distribution and Catroot2 Folders – 
 
Corrupt files in these folders often cause update issues. Try clear or rename
 
1. To Rename these two folders – Open Command Prompt as administrator

2.Stop following update services:
 
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
 
3. Rename folders:
 
ren C:WindowsSoftwareDistribution SoftwareDistribution.old
ren C:WindowsSystem32catroot2 catroot2.old
 
4. Restart services:
 
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
 
5. Now try installing failed patches again
 
4. Reset Windows Update Components .
 
Microsoft provides an official Windows Update Reset Script. Run the following commands in Command Prompt as administrator. Alternatively you can create a batch file to run this script
 
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
Del “%ALLUSERSPROFILE%Application DataMicrosoftNetworkDownloaderqmgr*.dat”
regsvr32.exe atl.dll
regsvr32.exe urlmon.dll
regsvr32.exe mshtml.dll
regsvr32.exe shdocvw.dll
regsvr32.exe browseui.dll
regsvr32.exe jscript.dll
regsvr32.exe vbscript.dll
regsvr32.exe scrrun.dll
regsvr32.exe msxml.dll
regsvr32.exe msxml3.dll
regsvr32.exe msxml6.dll
regsvr32.exe actxprxy.dll
regsvr32.exe softpub.dll
regsvr32.exe wintrust.dll
regsvr32.exe dssenh.dll
regsvr32.exe rsaenh.dll
regsvr32.exe gpkcsp.dll
regsvr32.exe sccbase.dll
regsvr32.exe slbcsp.dll
regsvr32.exe cryptdlg.dll
regsvr32.exe oleaut32.dll
regsvr32.exe ole32.dll
regsvr32.exe shell32.dll
regsvr32.exe initpki.dll
regsvr32.exe wuapi.dll
regsvr32.exe wuaueng.dll
regsvr32.exe wuaueng1.dll
regsvr32.exe wucltui.dll
regsvr32.exe wups.dll
regsvr32.exe wups2.dll
regsvr32.exe wuweb.dll
regsvr32.exe qmgr.dll
regsvr32.exe qmgrprxy.dll
regsvr32.exe wucltux.dll
regsvr32.exe muweb.dll
regsvr32.exe wuwebv.dll
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
 
5. RestoreRepair Corrupted System Files .
 
Restore or repair using System File Checker and DISM to fix corrupt system files.
 
Go to Command Prompt as Admin and execute the following commands one by one.
 
Alternatively you can run these commands via PowerShell as well.
  • DISM /Online /Cleanup-Image /RestoreHealth
  • sfc /scannow 
 
Let it complete and reboot the device once completed.
 
If this fails to repair then mount Windows Installation Media and run below command in one line .
 
DISM /Online /Cleanup-Image /RestoreHealth /source:wim:D:SourcesInstall.wim:4 /limitaccess
 
Replace “source:wim:D” with your actual media drive letter.
 
Once this is completed , you can check what are the corrupted drivers and system files got repaired, not repaired or no corruptions found in CBS logs under System Update Readiness.
 
For Example ; CBS logs was collected from two different servers after executing SFC Scan and DISM commands , one is showing some corruptions , however another server doesn’t show any .
 
How to fix windows failed update
How to check CBS logs
 
Once this is completed , try to install failed patches again.
 
6. Check Group Policy and WSUS Settings for Windows Server environments (applicable for Servers) 
  • Check if Group Policy or WSUS is forcing old or conflicting update settings.
  • Run gpresult /h report.html to review applied policies.
  • Ensure your server can reach WSUS or Microsoft Update endpoints.
7. Manually Install Updates
 
  • Identify the failing update’s KB number. 
  • Download it from the Microsoft Update Catalog.
  • Run the installer (.msu) as administrator. 
 
Alternatively you can extract .msu to .cab file and install update name.cab.
 
To extract the CAB file from MSU file use the “expand” command in CMD as Admin,
 
For example:
 
expand windows10.0-kb3200970-x64_3fa1daafc46a83ed5d0ecbd0a811e1421b7fad5a.msu . -F:*
 
Or check this articles (Script to extract & DISM to install cab) and details instructions provided by Microsoft to extract and install the CAB file via DISM .
 
8. Analyze Update Logs and Rollback Events
 
Check Event Viewer (Windows Logs > System and Applications and Services Logs > Microsoft > Windows > WindowsUpdateClient) for rollback issues, look for Event ID 20, Event ID 41, or similar
 
Check CBS Logs for keyword “error” “failed” “rollback action” with specific error code you found in event viewer at particular date and timestamp 
 
For example: CBS.logs
 
how to check cbs logs
 
Check “setupapi.dev” logs in “C:Windows\inf\setupapi.dev logs” to find if any driver files or inf related error.
 
For example: setupapi.dev logs
 
 
how to check server logs

If you found similar error then navigate to: C:WindowsSystem32DriverStoreFileReposerit and validate the particular directory “cpu.inf_amd64_b4fc5c990dcd6a…” is available or not, if not then copy missing files including “.inf” files from another directory in same server or from another working server same path .

Since this is system file and can’t copy directly in live server. To copy that download  “PsExec” Tool from Microsoft official website to copy the missing files in live server, or you can copy manually by rebooting server in recovery mode. 
 
For Example:
 
how to install patches in windows server
Advanced Fixes for Update Issues – If standard fixes fail, try these advanced strategies:
 
  • Perform an In-Place Upgrade/Repair Install:
  • For Windows 11, use the Media Creation Tool.
  • For Windows Server, use the original installation media for a repair install.
  • Temporarily Disable Antivirus/Security Software: in some cases antivirus like; McAfee and Symantec causing the patch failure issues.
  • Some third-party tools can interfere with updates.
  • Check for Hidden Hardware Issues:
  • Run diagnostics on disk, RAM, and other hardware.
  • Update Device Drivers:
  • Outdated or incompatible drivers can cause update failures.
  • Review SetupDiag Logs:
  • SetupDiag can analyze update failures in depth.
 

Frequently Asked Questions:

 
Q1: Is it safe to delete the SoftwareDistribution folder?
Yes, it’s safe. The folder will be recreated automatically by Windows Update. It only removes cached update files.
 
Q2: Can I block specific updates that are causing issues?
Yes, use the Show or Hide Updates Tool provided by Microsoft or WSUS/Group Policy in enterprise environments.
 
Q3: What if server gets stuck in a rollback loop or BSOD?
Boot into Safe Mode or WinRE and use System Restore or uninstall problematic updates via the command prompt. or via Show or Hide Updates Troubleshooter tools
 
Q4: Where can I find more information about specific update errors?
Search Microsoft’s official Windows Update Error Code Reference or the Microsoft Knowledge Base.

Conclusion

Windows Update failures can be frustrating, however with systematic troubleshooting, most issues can be fix. Whether you manage Windows Server 2016, 2019, 2022, or Windows 10 & 11, following these best practices and troubleshooting steps will help keep your systems secure and up-to-date.

 
If you are still stuck, need help ? feel free to leave a comment below.
 
There are many more real time scenario and troubleshooting for windows update failure, that can cover in next article with second part of this blog .   
 
If you find this article is helpful , please follow our blog vlookuphub. Thankyou.
 

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

PHP Code Snippets Powered By : XYZScripts.com
Scroll to Top