I’ve come across an issue with my Windows 7 PCs during this month’s alpha testing. Some PCs would pick up updates, and consume gigabytes of memory. Others would just refuse to do anything. Upon further digging, I found that my x86 PCs were reporting no errors Config Manager wise, but the WindowsUpdateAgent.log kept throwing up this error code:
2015-06-11 13:16:23:757 5340 17bc COMAPI WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E
From doing a little bit of digging, this could be tied to the size of the WSUS database. I decided to do some in-depth housekeeping… now it has to be said that since my recent WSUS horror story I blogged here, I have been diligently running the WSUS cleanup wizard once a month. However when I went into the WSUS MMC, and filtered for superseded updates, I was quite surprised to see over five thousand updates that had been superseded. I dealt with them thus:
Click on All Updates:
Then set the Approval to “Any Except Declined”, Status to “Any” and add the supersedence column into the view:
Now be *very* careful here. You will typically see three types of icon representing superseded updates. You only want to decline the following:
Once done, run the server cleanup wizard. Any affected clients should simply need a restart of their wuauserv service.
All well and good, well nearly!
There is an update which you need to apply to WSUS; it does a lot of stuff, as per this link:
So, apply this patch *BEFORE* you do anything else. Seriously.
Once you have applied the patch, there is an update which updates the Windows Update Agent to be applied. One thing to note though, this update is in WSUS, and it’s already in my alpha test. I do not know what the consequences would be of applying the WUA client update without the WSUS server-side update, and frankly I don’t want to.
The client update is here:
Now it remains to be seen how this update will be applied to a broken machine that won’t update by simply applying the server-side WSUS patch and then letting the client side Windows Update Agent patch run amok. I’d like to think that by cleaning the WSUS database first, you’ll be in a better position.
Plus Microsoft only recommend that the server-side WSUS update is only applied to a healthy WSUS instance. How better than to verify things are working than by running a server clean up wizard…
I will post a follow-up and report back how the server upgrade went, the client upgrade and the pesky 8007000E error.