Microsoft's fix for Automatic Updates lockup not working

#1 Sinz on 13 May 2007 - 00:02

Another method to stop this is to purchase Vista Ultimate at your local retail store (which is probably what Microsoft wants anyways).

#2 Croquant on 13 May 2007 - 00:33

There ARE other methods to keep your systems updated, you know. You don't have to depend on AU.

(1 reply) #3 +XP-RTM on 13 May 2007 - 00:40

I thought the problem was only with Microsoft Update not Windows Update... if you disable Microsoft Update everything will be fine.

#3.1 tomasarson on 13 May 2007 - 22:17

i think you're right.

a computer i was redoing would freeze all of the time.

narrowed it down to not installing microsoft update and sticking with windows update/office update.

no freezing anymore.

#4 Tantawi on 13 May 2007 - 01:19

Great, my neighbor had that problem, and I had to disable AU for him to prevent the system crash.

(1 reply) #5 Justin- on 13 May 2007 - 01:19

Wow, they FINALLY figured they would fix this issue? It's been an issue for at least a year now.

Thankfully, I've moved on to Vista and haven't had a problem.

#5.1 Shadrack on 13 May 2007 - 17:38

Yes, and we all know that Vista will be 100% immune to Microsoft's incompetence forever and ever.

(4 replies) #6 JoHideo on 13 May 2007 - 01:25

Does anyone have a direct link for the new WSUS 3.0 client? And is the WSUS only for server? I run XP Home and I encounter this problem when I use Internet Explorer.

#6.1 xMorpheousx416 on 13 May 2007 - 01:29

http://download.windowsupdate.com/v6/windo...Agent20-x86.exe

#6.2 Raa on 13 May 2007 - 01:35

That is incorrect.

The latest update URL is:

http://download.windowsupdate.com/v7/windo...Agent30-x86.exe

This works on all 2000/xp/2003 versions (vista already has this update), and doesnt require WSUS to be used, it updates the WU agent on your machine in general.

#6.3 XPGoD on 13 May 2007 - 01:39

Quote - (xMorpheousx416 said @ #2)

http://download.windowsupdate.com/v6/windo...Agent20-x86.exe

That is for the 2.0, he's looking for build 374 which is here....

http://download.windowsupdate.com/v7/windo...Agent30-x86.exe

I'm actually working with Microsoft on this, and when I say that, I mean the 3 teams who develop for the Update Services.

I can tell you there is a way to temporarly stop the CPU load... two ways. One, put the svchost/wuauclt in it's own process environment... this way, you can change the priority, the other is too long to actually type here, but I've notified Microsoft of my find.... maybe it will help push.

HINT: This was back in Oct 06 and then a newer patch, I've narrowed it down to jscript.dll, atl.dll, and all the relevant windows update dll's. The only bad thing (if you look at it like that), is that you will loose the "history" of the updates site.

XPGoD

#6.4 xMorpheousx416 on 13 May 2007 - 06:11

My bad..... I followed the links to the MS site....that was the first one I found.

(1 reply) #7 Raa on 13 May 2007 - 01:30

This is also a bug on Win2000 and since we use it in our corporate environment, we've had to disable AU making our WSUS server effectively useless.

What a joke

#7.1 travelcard on 13 May 2007 - 07:03

Snap!

Microsoft's lack movement on this has been surprising too.

#8 XPGoD on 13 May 2007 - 01:45

I have actually reread what "Microsoft" said about this... it never worked from the get go Going back through my convo.. (which most of it was through notepad)... they said this.

They wanted to badly work with me because of the fact that despite having the patches, it still occurred. I could replicate it perfectly 4 ways... But I showed them a way to stop it once... then you have to do it all over again, and some machines required reboots to do it... but it is possible.

They gave me webspace to upload on the support site, and I've sent them a 284Mb dump of the process running alone. I've also sent them just a massive amount of info about 5 different PC's. I ended up speaking to 8 people and had team leads from the Developers of the WUS watching my easyassist session.

I so hope they get this fixed. So far, they told me to disable AU... can you believe that?

XPGoD

Last edited by XPGoD on 13 May 2007 - 01:57

(1 reply) #9 JK1150 on 13 May 2007 - 01:47

We were waiting till this upcoming week to upgrade to WSUS 3.0. Should I wait until a new (fixed) version of WSUS is available? Or is upgrading to WSUS 3.0 what I should do to prevent the problem? I still haven't synchronized updates since I heard what was happening, should I not do that either until a fixed WSUS is available?

#9.1 XPGoD on 13 May 2007 - 01:54

Quote - (JK1150 said @ #9)

We were waiting till this upcoming week to upgrade to WSUS 3.0. Should I wait until a new (fixed) version of WSUS is available? Or is upgrading to WSUS 3.0 what I should do to prevent the problem? I still haven't synchronized updates since I heard what was happening, should I not do that either until a fixed WSUS is available?

I would wait to be honest with you. The issue was really never MSI.dll or MSI32.dll which are in the KB fix.

The bad thread with NO Patches applied in SVCHOST.exe is: ntdll.dll!RtlHeapAllocate+0x18c... after you apply all the updates as suggested, the thread hogging all the CPU changes to wuaueng.dll!dllInstall, I don't remember the memory address but that dll is only 0x500bc34b-0x500bc37f... there appears to be an access violation within that entrypoint.

But now, just wait it out, there shouldn't be anymore patches, and it allows for you to better plan, or mitigate anything that might come up. JK1150, this might be a good time to color cordinate wires on the server racks...lol, I know I am.

XPGoD

(3 replies) #10 Buttus on 13 May 2007 - 03:51

sounds like they need an automatic updater for their automatic updater...

#10.1 XPGoD on 13 May 2007 - 04:57

Quote - (Buttus said @ #10)

sounds like they need an automatic updater for their automatic updater...

True... they do need an updater for their updater.

Try this out and let me know what you guys think.... I've just milled over various systems at 4 client sites, they range in OS, and system types, and found something that works. I will not go into how I found this, as it's quite lengthy... but try this out, so far it works like a charm. I've updated my ticket with Microsoft after learning this, but if anyone cares, PM me and I'll do my best to explain in detail my findings.

PS... 17 machines that had the issue, no longer have the issue.

From command line or create a cmd/bat file and do the following in this order...

net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%SoftwareDistribution*.*
del /f /s /q %windir%windowsupdate.log
%windir%system32regsvr32.exe /s %windir%system32atl.dll
%windir%system32regsvr32.exe /s %windir%system32jscript.dll
%windir%system32regsvr32.exe /s %windir%system32msxml3.dll
%windir%system32regsvr32.exe /s %windir%system32softpub.dll
%windir%system32regsvr32.exe /s %windir%system32wuapi.dll
%windir%system32regsvr32.exe /s %windir%system32wuaueng.dll
%windir%system32regsvr32.exe /s %windir%system32wuaueng1.dll
%windir%system32regsvr32.exe /s %windir%system32wucltui.dll
%windir%system32regsvr32.exe /s %windir%system32wups.dll
%windir%system32regsvr32.exe /s %windir%system32wuweb.dll
net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

Then hit up Windows Update and run a custom scan... (watch svchost.exe right after clicking the CUSTOM button). Make sure you use the regular Microsoft Update, and not the Windows Update method.

Enjoy,
XPGoD

Edit: Fixed slashes... sorry, let's hope it works this time
Edit 2: Wrapped into code
Edit 3: Code tag doesn't work, please use the correct please, or you will not accomplish the fix

Last edited by XPGoD on 13 May 2007 - 22:13

#10.2 Emon on 13 May 2007 - 18:40

Quote - (XPGoD said @ #10.1)

Quote - (Buttus said @ #10)

sounds like they need an automatic updater for their automatic updater...

...

You forgot to add some slashes ..

#10.3 greatpumpkin02 on 13 May 2007 - 21:48

Quote - (XPGoD said @ #10.1)

Quote - (Buttus said @ #10)

sounds like they need an automatic updater for their automatic updater...

True... they do need an updater for their updater.

Try this out and let me know what you guys think.... I've just milled over various systems at 4 client sites, they range in OS, and system types, and found something that works. I will not go into how I found this, as it's quite lengthy... but try this out, so far it works like a charm. I've updated my ticket with Microsoft after learning this, but if anyone cares, PM me and I'll do my best to explain in detail my findings.

PS... 17 machines that had the issue, no longer have the issue.

From command line or create a cmd/bat file and do the following in this order...

net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%SoftwareDistribution*.*
del /f /s /q %windir%windowsupdate.log
%windir%system32regsvr32.exe /s %windir%system32/atl.dll
%windir%system32regsvr32.exe /s %windir%system32/jscript.dll
%windir%system32regsvr32.exe /s %windir%system32/msxml3.dll
%windir%system32regsvr32.exe /s %windir%system32/softpub.dll
%windir%system32regsvr32.exe /s %windir%system32/wuapi.dll
%windir%system32regsvr32.exe /s %windir%system32/wuaueng.dll
%windir%system32regsvr32.exe /s %windir%system32/wuaueng1.dll
%windir%system32regsvr32.exe /s %windir%system32/wucltui.dll
%windir%system32regsvr32.exe /s %windir%system32/wups.dll
%windir%system32regsvr32.exe /s %windir%system32/wuweb.dll
net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

Then hit up Windows Update and run a custom scan... (watch svchost.exe right after clicking the CUSTOM button). Make sure you use the regular Microsoft Update, and not the Windows Update method.

Enjoy,
XPGoD

Tried it, seeing as how I've worked with MS on this in the past as well. Seems to only affect XP machines that have 2003 on them (also mentioned elsewhere in this dialog). Can't say whether or not this will take care of the issue until a little time has passed, but I did notice right off that I don't have an AU service listed now... I'm guessing that WU will reinstall that after a visit to the site?

Edit: yup, WU does repair the files.

Edit 2: :-/ spike's the same as ever....

(3 replies) #11 Xenomorph on 13 May 2007 - 05:59

this will be fixed for Windows XP and newer

but probably not for Windows 2000.

there are still a lot of systems out there running Windows 2000 Pro and Server.

the ONLY known work around right now is to switch from Microsoft Updates back to Windows Updates. the downside being it wont detect updates for Office, SQL server, and some other Microsoft apps.

#11.1 Raa on 13 May 2007 - 13:56

And what if you're in a corporate environment with a WSUS server and your clients are having this issue?
So far, no fix noted.

Our clients have NEVER had MU installed, strictly WU only. I even removed the office updates off the server - no dice.

XPGod: Noted. You'll have to wait a couple of days for me to get to give it a full test. I'm not confident though.

Last edited by Raa on 13 May 2007 - 14:21

#11.2 XPGoD on 13 May 2007 - 14:06

Quote - (Raa said @ #11.1)

And what if you're in a corporate environment with a WSUS server and your clients are having this issue?
So far, no fix noted.

Our clients have NEVER had MU installed, strictly WU only. I even removed the office updates off the server - no dice.

Raa... please try my fix as stated above... I would totally love to see if that works for you. Please!

XPGoD

#11.3 XPGoD on 13 May 2007 - 16:28

Quote - (Raa said @ #11.1)

And what if you're in a corporate environment with a WSUS server and your clients are having this issue?
So far, no fix noted.

Our clients have NEVER had MU installed, strictly WU only. I even removed the office updates off the server - no dice.

XPGod: Noted. You'll have to wait a couple of days for me to get to give it a full test. I'm not confident though.

So far 17 machines were fixed using that method...

#12 gkeramidas on 13 May 2007 - 06:07

if anyone tries to install update agent, whether it be version 2 or version 3 and you get the message that it's already installed, you can force the install with the /wuforce switch on the command line.

even if you try to install version 3 over version 2 you may see this. i've also had to stop the automatic update service and the wmi service, delete the windowssoftware distribution folder and restart au to help fix the 90+% svchost process problem.

just thought i'd pass this on.

#13 invalidbuffalo on 13 May 2007 - 06:15

I'm glad I don't update...

(1 reply) #14 random_n on 13 May 2007 - 06:18

Here's an interesting fact; this doesn't affect systems with Windows Vista or Windows XP computers with only Office 2007 components installed.

Upgrade, anyone?

#14.1 Staind on 13 May 2007 - 08:08

True. After the beta expired, and I installed Office 2003, the problem came back.

#15 toadeater on 13 May 2007 - 06:18

What a nightmare.

(1 reply) #16 Quick Reply on 13 May 2007 - 08:34

My workplace was affected like this on Thursday, all of our non-Core 2 Duo PCs (Including my P4 3.0Ghz with HT disabled and with 2GB RAM) were slowing to a halt after the update. Very expensive to have 100s of PCs unusable.

#16.1 JK1150 on 13 May 2007 - 22:39

Maybe because the CPU is only pegged on one core? That is strange...

(1 reply) #17 atlanticus on 13 May 2007 - 08:43

Can someone tell me whether disabling the DNS Client service will stop the cpu from spiking or not?

#17.1 atlanticus on 13 May 2007 - 12:48

my bad.. I realize at the end of the day, it is still a case of waiting for msi.dll and wuaueng.dll to finish their business before I can proceed..

(1 reply) #18 NightmarE D on 13 May 2007 - 12:14

It's a joke that some people are implying that they purposely did this to get people to upgrade to Windows Vista

Grow up people

#18.1 needlegun on 13 May 2007 - 12:45

Quote - (NightmarE D said @ #1

It's a joke that some people are implying that they purposely did this to get people to upgrade to Windows Vista

Grow up people

That's probably true, but what IS worrying is that because Microsoft have been found guilty more than once in the past of what can best be described as some very 'dubious' (almost unethical) practices, many people naturally and understandably don't trust the company and so such suggestions aren't beyond the realms of possibility.

Sad really - there must be more to life than worrying about when the worlds most successful software company might next screw you over.

(1 reply) #19 XPGoD on 13 May 2007 - 13:41

So the question remains.... out of my fix posted above.... what does Office 2007 change of those files?

#19.1 random_n on 13 May 2007 - 23:31

One thing I've thought about with this problem here is how this has been an issue for a long time now, but it's only gotten progressively worse with the amount of patches that need to be detected. That is to say - it's affected by how many are available from Microsoft, with no regard to how many are installed or need installing.

I'm almost wondering if Office 2007 will begin to be affected by this problem in the future once there's dozens of updates available if the update detection code isn't changed...

As for your fix, XPGoD, it doesn't work for me, and hasn't on any of the many systems I've tried it (I've seen a few similar variations in the past). Specifically; I've tried it in a bare-bones VMWare image with only Windows XP SP2, Office 2003, and Microsoft Update - still chews through CPU.

(1 reply) #20 Primetime2006 on 13 May 2007 - 15:20

It doesn't seem to bother me any and besides, AU works at like 3:00 AM daily for me, so why do I care. Why would anyone care, either disable it or set it for a time when you will be asleep and won't care/notice it.

More important things in life than worrying about what MS is doing. And no, they are not doing this to get you to upgrade to Vista. The company could buy and sell everyone worldwide 10 times over, they don't need the extra money. This would be a ploy done by a company that is desparate - they are not.

Grow up.

#20.1 Shadrack on 13 May 2007 - 18:11

If you were "grown up" and in the "real world" then you would know that this is a very important thing as it affects the productivity of workers the world over and the result is loss of money for businesses. These kinds of slip ups happen, but are not excusable.

Sure there are 'more important things in life.' There are a lot of more important things in life. You could make that comment about every single news story posted on Neowin since its existence. So what is your point? Why are you even here? Don't you have more important things to do?

#21 thenay on 13 May 2007 - 16:23

I turned off auto updates over this, my system would use so much cpu %, i'm not happy.
I thought MS has beta testers who test these things before they deploy? hmmmmm...

#22 Jugalator on 13 May 2007 - 17:21

Huh? Are they busting their own update system??

For Microsoft's own good, I hope they won't bust it enough to make it hard to use AU to get an update for the busted update.

(1 reply) #23 +Chicane-UK on 13 May 2007 - 17:34

Ugh. Ran afoul of this problem a number of weeks ago at my place of work.

We thought it was a virus of some sort as this also disconnects any TCP/IP attached Novell Netware volumes, and can randomly crash a number of systems services such as the firewall.

I traced it down to being a WSUS problem and thought it was something to do with the server.. like it'd been hacked or something. Then had a hallelujiah moment when I read about the similar problems other folks had been having.

Come on Microsoft, for heavens sake. Fix your damn software.

#23.1 +mrbester on 14 May 2007 - 11:34

^ Damn right. I've had this annoyance on multiple machines with different versions on Windows (XP Home, Pro, 2003) for bloody ages, hence my using AutoPatcher and WindizUpdate with a backup of MBSA (which doesn't seem to screw up for some reason). The biggest problem is the stupid insistence that wuauwhatever has to run in the same svchost as about 25 other things, and if any of them go down the whole system is unstable so when the 100% CPU happens you're stuffed unless you can stop the wuau sub-process using Process Explorer or similar.

I've tried all listed suggestions: rename SoftwareDistribution, roll back to WU, deregister and reregister dlls (haven't tried the batch file catted above yet), applied the "oh, this fixes it" patch from Microsoft and nothing makes the slightest difference. I have no idea why some machines are fine and some just refuse to work.

Edit: having to validate Windows to download a patch (9278921) for their cock-up is just another example of ****ing off the customer. Your crap needs a patch to work regardless of my installation's "validity".

Last edited by mrbester on 14 May 2007 - 11:41

#24 Shadrack on 13 May 2007 - 18:08

This really shut down 3 of us at work on Friday morning. We couldn't do anything except tinker with our own computers. Boss was definitely not happy, but what can you do? I wonder how much money was burned worldwide due to this "slip-up" by MS that is actually very much comparable to the Blaster virus. Difference is, the Blaster virus has a fix that actually worked within a day or two. This has been an existing problem for awhile now and still no universal fix.

For shame, MS. For shame.

#25 Evolution on 13 May 2007 - 22:30

hmmm interestingly enough, this problem has been affecting me within the last two weeks in Vista Ultimate...

#26 Boramas on 13 May 2007 - 22:48

I actually sorted this problem on a pc last running xp home by using autopatcher xp and installing the windows update version 6 in the updated options section, reboot, problem sorted worked for me worth a go if ur still having problems

#27 +warwagon on 13 May 2007 - 23:36

also helped on a computer by renaming c:windowsSoftwareDistribution to anything

#28 XPGoD on 14 May 2007 - 01:26

I just ran an !analyze -hang -f in the Microsoft Debugger on the dmp file they had me create for them, and this is what it shows...lol

*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

Probably caused by : msi.dll ( msi!AllocSpc+10 )
Followup: MachineOwner
---------

Edit: to bold my lol

#29 D-M on 14 May 2007 - 02:21

WinXP SP3 coming soon to a theater near you?.

(1 reply) #30 WooHoo!!! on 14 May 2007 - 11:16

It's amazing that it's taking them so long to sort this problem. I was installing XP on my friends mac at the weekend and while I was there updated the mac as well. Boy was it easy, no hassle whatsoever. It's annoying how easily it cold be done but MS always make it harder. /not a mac fanboy

#30.1 gadean on 14 May 2007 - 13:30

I surprised, too. You'd think MS would have cleared this sort of thing up right away. This is very disappointing.

#31 Eric O. on 15 May 2007 - 08:46

I experienced the "svchost/msi" problem--complete with 100% CPU usage and evetual locking up of XP. I got my system up and running at normal speed by disabling automatic updades (I chose the "notify when updates are available" option) and opting out of the new, all-inclusive "Automatic Update" service. I'm experiencing one remaining problem, however. Whenever I'm connected to the internet, a constant, unceasing download goes on automatically--it never stops. Three questions:

1. What can I do to stop the downloading and delete any files it may be creating?
2. Could the downloading be Automatic Updates that began when I tried the new Automatic Update service and that my system now wants to complete?
3. And could this finding be related to my problem: When I open the "Windows" system folder and then the subfolder "assembly," I find it contains 143 folders (31.8MB) all called "download." Oddly, opening one "download" folder reveals another which reveals another until all 143 folders have been opened. The last one has an icon something like a pencil and writing tablet.

I'm a PC novice and baffled by the constant downloading from an unknown source. Interested in your thoughts.

Thanks.

#32 matts5280 on 15 May 2007 - 15:29

So far just installing KB927891 seems to fix the issue. After rebooting I run Microsoft Update and it does seem to take a bit longer than usual but completes fine.

Neowin.net