I was approached by a customer who had issues deploying the March 2022 windows 10 cumulative updates.
The error code and the screenshot is provided below.
The software updates are failed with error code 0x87D00664 (-2016410012).
The error code 0x87D00664 translates to ‘Updates handler job was cancelled’.
There could be several reasons why the updates are failed. In this blog post, we will see how to troubleshoot the issue based on the information available in the client logs.
This is not one-stop solution for every issue that has been reported with the error code 0x87D00664 .
Let’s dive into the troubleshooting part.
For software updates troubleshooting, the important log files are listed below.
1. WUAhandler.log—> Records details about the Windows Update Agent on the client when it searches for software updates.
2.UpdatesHandler.log—> Records details about software update compliance scanning and the download and installation of software updates on the client.
3.UpdatesDeployment.log—>Records details about deployments on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
So let’s look at each log and understand what is going on.
WUAhandler.log has the following error:
The installation job encountered some failures. Job Result = 0x80240022.
Update ID for the failed patch from the log file is: 6b5fa06e-2bec-411b-a3b0-bfb10bf50240.
The error code 0x80240022 translates to ‘Operation failed for all the updates’.
UpdatesHandler.log has some information related to the update ID that we are looking for.
Bundle update (6b5fa06e-2bec-411b-a3b0-bfb10bf50240) is requesting download from child updates for action (INSTALL)
IMaintenanceCoordinator::GetTaskState failed because MTC job has not been created yet.
Not a valuable information found from this log as well.
The next log to look at is UpdatesDeployment.log
The error code 0x87d00215 translates to ‘Item not found ‘
The item not found is due to the content unable to download from the distribution point before it executes.
In the same log, I can see some more information that is useful on the content download progress which is stuck at downloading.
Search with the update ID 6b5fa06e-2bec-411b-a3b0-bfb10bf50240
Update (Site_E9267BCB-2995-4BF8-8CC8-A8CB5064F44C/SUM_6b5fa06e-2bec-411b-a3b0-bfb10bf50240) Progress: Status = ciStateDetecting, PercentComplete = 0, DownloadSize = 0, Result = 0x0
Microsoft has very nice article on troubleshooting/track the software update deployment process https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/track-software-update-deployment-process
I have also reviewed the CAS and other logs for content download process from the distribution point, but I could not find any entries related to the deployment patch.
Now, we will need to verify if the content of the patch is distributed to the distribution point or not.
So let’s switch to SCCM server and verify the patch is downloaded and successfully distributed to the distribution point and is also verify the presence of the patch in content library. All of this verified, and they look good.
What could go wrong at this stage? we have verified the client logs, SCCM side DP content and so far, it looks good.
After checking some internal things, identified that, the device has some security components (CyberArk Endpoint Privilege Manager) installed which is blocking the download of the patch and seen from the EPM logs.
After adjusting some settings on the EPM tool, the client is able to download the patches and install it successfully.
I hope you found this blog useful.