Windows Update Agent woe

I’ve come across an issue with my Windows 7 PCs during this month’s alpha testing. Some PCs would pick up updates, and consume gigabytes of memory. Others would just refuse to do anything. Upon further digging, I found that my x86 PCs were reporting no errors Config Manager wise, but the WindowsUpdateAgent.log kept throwing up this error code:

2015-06-11    13:16:23:757    5340    17bc    COMAPI    WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E

There's always something!

There’s always something!

From doing a little bit of digging, this could be tied to the size of the WSUS database. I decided to do some in-depth housekeeping… now it has to be said that since my recent WSUS horror story I blogged here, I have been diligently running the WSUS cleanup wizard once a month. However when I went into the WSUS MMC, and filtered for superseded updates, I was quite surprised to see over five thousand updates that had been superseded. I dealt with them thus:

Click on All Updates:

You're not from around these MMC parts, are ya?

You’re not from around these MMC parts, are ya?


Then set the Approval to “Any Except Declined”, Status to “Any” and add the supersedence column into the view:

Okies, serious face now. Make sure you apply the correct settings here.

Okies, serious face now. Make sure you apply the correct settings here.


Now be *very* careful here. You will typically see three types of icon representing superseded updates. You only want to decline the following:

No pressure.

No pressure.

Really, no pressure.

Really, no pressure.


Once done, run the server cleanup wizard. Any affected clients should simply need a restart of their wuauserv service.

Now begone, ye worthless patch scum

Now begone, ye worthless patch scum

All well and good, well nearly!

There is an update which you need to apply to WSUS; it does a lot of stuff, as per this link:

So, apply this patch *BEFORE* you do anything else. Seriously.

Once you have applied the patch, there is an update which updates the Windows Update Agent to be applied. One thing to note though, this update is in WSUS, and it’s already in my alpha test. I do not know what the consequences would be of applying the WUA client update without the WSUS server-side update, and frankly I don’t want to.

The client update is here:

Now it remains to be seen how this update will be applied to a broken machine that won’t update by simply applying the server-side WSUS patch and then letting the client side Windows Update Agent patch run amok. I’d like to think that by cleaning the WSUS database first, you’ll be in a better position.

Plus Microsoft only recommend that the server-side WSUS update is only applied to a healthy WSUS instance. How better than to verify things are working than by running a server clean up wizard…

I will post a follow-up and report back how the server upgrade went, the client upgrade and the pesky 8007000E error.


1 thought on “Windows Update Agent woe

  1. Pingback: Windows Update Agent woe Part II | Confessions of a Config Manager Engineer

Flame on xD

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s