Code sample:
$UpdateSession = New-Object -ComObject 'Microsoft.Update.Session'
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$Updates = $UpdateSearcher.Search('IsInstalled=1')
$Updates | Where-Object { $_.Title -like '*KB2506143*' }
I'm trying to uninstall WMF3 programmatically, but I keep getting errors when trying to utilize wusa.exe,
wusa /uninstall /kb:2506143 /quiet /norestart /log:C:\log.evt
CbsClient::CbsClient.00110: Failed to create a CBS session instance
CbsClient::CbsClient.00127: Exit with error code 0X80040154 (Class not registered)
UninstallWorker.00664: Start of search
CbsClient::OpenPackageByKB.00268: CBS session is not initialized.
CbsClient::OpenPackageByKB.00320: Exit with error code 0X8000ffff (Catastrophic failure)
UninstallWorker.00667: Failed: OpenPackageByKB() for KB2506143
UninstallWorker.00799: Exit with error code 0X8000ffff (Catastrophic failure)
RebootIfRequested.01446: Reboot is not scheduled. IsRunWizardStarted: 0, IsRebootRequired: 0, RestartMode: 1
Windows update could not be uninstalled because of error 2147549183 "Catastrophic failure" (Command line: "C:\windows\System32\wusa.exe /uninstall /kb:2506143 /quiet /norestart /log:C:\log.evt")
wWinMain.01962: Failed to uninstall update ; Error: 0X8000ffff, Catastrophic failure. Command line: C:\windows\System32\wusa.exe /uninstall /kb:2506143 /quiet /norestart /log:C:\log.evt
wWinMain.01998: Exit with error code 0X8000ffff (Catastrophic failure)
so I'm pursuing using the WUA API. The above code snippet gives me a $Null return, but I can use Get-Hotfix -ID KB2506143 or Get-WmiObject -Class Win32_QuickFixEngineering -Filter 'HotFixID="KB2506143"' to find the update.
This question is similar, but it's getting access denied when trying to uninstall the patch after it has already been found, while my question is: how do I find the patch in the first place?
I'm not sure how the patch got applied, so if I run into the same issue once I find it, I have that resolution at least.
So the purpose of all this was to upgrade to WMF5.1 programmatically and I found a workaround for what I was trying to accomplish. PowerShell v3 was enabled in the OS using DISM during the build process and cannot be removed by WUA because it wasn't placed there by WUA.
Workaround 1:
dism.exe /Online /Disable-Feature:MicrosoftWindowsPowerShellV3
This downgrades $PSVersionTable to v2, but it does not remove the patch KB2506143. This causes the need to uninstall it through the UI manually still so it didn't really accomplish what I need.
Workaround 2:
WMF3 cannot be upgraded to WMF5, but it can be upgraded to WMF4, then WMF5(.1).
Ultimately, I installed WMF4 over WMF3 with wusa.exe while still disabling v3 in dism for good measure and was successful installing WMF5.1 over WMF4 after a reboot (again, with wusa.exe).
The limitation is rooted with the WUA not being able to manage patches that it did not install (through a .msu or WSUS)
Related
When I thy to upgrade any packege (as superuser) chocolatey stacks at the point of "Performing other installation steps" and starts to load one core of the CPU with no changing at memory usage and with 0 disk usage:
You have Firefox v109.0.1 installed. Version 110.0 is available based on your source(s).
Progress: Downloading Firefox 110.0... 100%
Firefox v110.0 [Approved]
firefox package files upgrade completed. Performing other installation steps.
When I stop the process Chocolatey tells:
Exiting chocolatey abnormally. Please manually clean up anything that was not finished.
and things that packege was updated and assigns the new wersion to it, but it reality is was not apdated at all
How I can fix or at least debud the problem further?
Reinstalling Chocolatey did't fix the problem
System restoration to previous point did't fix the problem
Update 1:
After eneblind debug and verbose modes it tells:
freenet v0.7.5.1496 [Approved]
freenet package files upgrade completed. Performing other installation steps.
Setting installer args for freenet
Setting package parameters for freenet
Contents of 'C:\ProgramData\chocolatey\lib\freenet\tools\chocolateyInstall.ps1':
$ErrorActionPreference = 'Stop';
$packageArgs = #{
packageName = 'freenet'
fileType = 'exe'
url = 'https://github.com/freenet/fred/releases/download/build01496/FreenetInstaller-1496.exe'
silentArgs = '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-'
validExitCodes = #(0)
softwareName = 'Freenet*'
checksum = 'd88d37d2e212bf87d9710bc10b1d07f508944e052e1825220ed50310d717261d'
checksumType = 'sha256'
toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
}
Install-ChocolateyPackage #packageArgs
Calling built-in PowerShell host with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\freenet\tools\chocolateyInstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null']
Redirecting System.Management.Automation.resources, Version=3.0.0.0, Culture=ru-RU, PublicKeyToken=31bf3856ad364e35, requested by ''
Update 2:
Logs (Pastebin)
Looks like it may be related to https://github.com/chocolatey/choco/issues/1312#issuecomment-753559904
So force-reinstalling chocolatey-core.extension (I used latest: 1.4.0 and Chocolatey GUI 1.1.1.0) fixed the problem
If I install the IIS Server and Hosting bundle in quick succession like this (on a new Windows 10 Server):
Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature -IncludeManagementTools
# Ignore the next line for now, its my current workaround
Start-Sleep -Seconds 120
Write-Host "-- Installing Dotnet Hosting Bundle"
$ErrorActionPreference = "Stop";
$tempDir = [System.IO.Path]::GetTempPath()
$downloadPath = "$tempdir\netCoreHostingBundle.exe";
$DefaultProxy = [System.Net.WebRequest]::DefaultWebProxy;
$securityProtocol = #();
$securityProtocol += [Net.ServicePointManager]::SecurityProtocol;
$securityProtocol += [Net.SecurityProtocolType]::Tls12;
[Net.ServicePointManager]::SecurityProtocol = $securityProtocol;
$WebClient = New-Object Net.WebClient;
$Uri = 'https://download.visualstudio.microsoft.com/download/pr/0d000d1b-89a4-4593-9708-eb5177777c64/cfb3d74447ac78defb1b66fd9b3f38e0/dotnet-hosting-6.0.6-win.exe';
if ($DefaultProxy -and (-not $DefaultProxy.IsBypassed($Uri))) { $WebClient.Proxy = New-Object Net.WebProxy($DefaultProxy.GetProxy($Uri).OriginalString, $True); };
$WebClient.DownloadFile($Uri, $downloadPath);
$arguments = New-Object -TypeName System.Collections.Generic.List[System.String]
$arguments.Add("/quiet")
$arguments.Add("/norestart")
Start-Process -FilePath $downloadPath -ArgumentList $arguments -NoNewWindow -Wait -PassThru -WorkingDirectory $tempDir
Write-Host "-- Restarting IIS"
Stop-Service W3SVC
Start-Service W3SVC
Get-Service W3SVC
Everything works out fine from the installation point of view. But if I run a NET Core Application in IIS the following error occurs:
HTTP Error 500.19 - HRESULT code 0x8007000d
Googling around this happens when "Hosting Bundle is installed before IIS". The simple solution is written in the next sentence: "the bundle installation must be repaired" and indeed this works.
The Question being now:
How do I avert the situation altogether?
or How do I wait till IIS is really installed, so it is safe to install the Hosting Bundle?
If the Hosting Bundle is installed before IIS, the bundle installation
must be repaired. Run the Hosting Bundle installer again after
installing IIS.
This is the method I found in another site:
Use a custom action that enables IIS before the installation of ".NET
Core IIS Hosting" prerequisite.
For example, you can add a custom action as a non-sequential custom action (so it can be triggered from a UI control) and then schedule it in the "Dialogs" page --> "Pre-install UI" --> "WelcomePrereqDlg" dialog --> "Next" button. This will enable IIS before installing the prerequisites.
The method comes from this link: https://www.advancedinstaller.com/forums/viewtopic.php?t=44696
I am following the Chocolately Install steps (Windows 7), but have run into a couple of problems.
Firstly, I've opened Command Prompt (opening it with Run as administrator), but when trying to execute Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')), I get this error:
Uncaught SyntaxError: Unexpected identifier
..with the https: part of my command highlighted.
Further, when I try to execute Get-ExecutionPolicy, it results in:
Uncaught ReferenceError: Get is not defined
Any ideas what could be wrong?
* UPDATE *
When I try the same command in PowerShell, I get this error:
PS C:\Users\mylogin> Set-ExecutionPolicy Bypass -Scope Process -Force;
[System.Net.ServicePointManager]::SecurityProtoc ol =
[System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex
((New-Object System.Net.WebClient).DownloadString
('https://chocolatey.org/install.ps1')) Exception setting
"SecurityProtocol": "Cannot convert value "3312" to type
"System.Net.SecurityProtocolType" due to inv alid enumeration values.
Specify one of the following enumeration values and try again. The
possible enumeration values are "Ssl3, Tls"." At line:1 char:85
+ Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]:: <<<< SecurityProtocol = [System.
Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object
System.Net.WebClient).DownloadString('https://ch
ocolatey.org/install.ps1'))
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
Exception calling "DownloadString" with "1" argument(s): "The
underlying connection was closed: An unexpected error occ urred on a
send." At line:1 char:219
+ Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.Se
rvicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object
System.Net.WebClient).DownloadString <<<< ('https://ch
ocolatey.org/install.ps1'))
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Download chocolatey latest version from Chocolatey.org
Rename file extension to .zip
Extract the file
Open PowerShell
Open elevated PowerShell calling:
Start-Process powershell -Verb runAs
Go to the tools folder in the location where you extracted Chocolatey
Call: & .\chocolateyInstall.ps1 to allow Chocolatey to install
Add a path to the choco location to system environment PATH:
C:\ProgramData\chocolatey\bin
Restart your consoles, and VS Code (if you use one)
Chocolatey.org requires TLS 1.2 to be able to connect. This error indicates that you don't have support for that installed:
System.Net.WebClient).DownloadString ('https://chocolatey.org/install.ps1')) Exception setting "SecurityProtocol": "Cannot convert value "3312" to type "System.Net.SecurityProtocolType" due to inv alid enumeration values. Specify one of the following enumeration values and try again. The possible enumeration values are "Ssl3, Tls"
The section from the blog post I linked to earlier should help:
If you find yourself provisioning machines such as Windows 7, Windows Server 2008, or older, you will find that those machines will not be able to communicate with the Chocolatey Community Repository after we implement this change. For those instances, you will need to use alternative installation methods for Chocolatey. We strongly recommend using the offline Chocolatey installation as it provides the most flexibility and reliability.
On the Chocolatey install page the requirements are listed:
Windows 7+ / Windows Server 2003+
PowerShell v2+ (minimum is v3 for install from this website due to TLS 1.2 requirement)
.NET Framework 4+ (the installation will attempt to install .NET 4.0 if you do not have it installed)(minimum is 4.5 for install from this website due to TLS 1.2 requirement)
My suggestion would be to fully patch your Windows 7 system, install .NET 4.5 and then try it. Remember Windows 7 has been out of support since January this year.
I have a installaer package (mySoftware.exe) which is working fine without any issue when i run manually as admin. But i am getting exit code 3010,1641 when i install the package via SCCM. My code skips the next steps if it gets other than "0" exit code. Right now, my installer consider "0" as Success. Non-Zero are error codes.
Do i need to modify installer script to consider "0","3010","3011","1641","1604" as Success exit code ? Do we need to change anything at SCCM end?
Do i need to consider to add any other exit code as Success? Do we have any other workaround for this issue.
mySoftware.exe /s /v" /quiet ADDLOCAL="mySoftwareConfig" /L*v "%mySoftwareLogFile%" /clone_wait
> My installer script has the following actions:
1)First uninstall existing package on the system.
> 2. Install the new package. (Exit code 3010,1641 returns during installing the new package)
> 3. Configure the package.
Reboot: Those are generally just standard reboot message and you should handle them in your batch file as you suggest yourself.
This is just a mock-up sample (I am no expert at this anymore):
msiexec.exe /I Setup.msi ALLUSERS=1 /L*V %MSILOG% /qb-! ADDLOCAL=ALL
if %errorlevel% == 3010 goto REBOOT
<..stuff here..>
:REBOOT
echo MSIEXEC returned exit code 3010 which means that a reboot is required to complete installation >> %LOGFILE%
Some info on errorlevel:
https://ss64.com/nt/errorlevel.html
https://devblogs.microsoft.com/oldnewthing/20080926-00/?p=20743
MSI Error Messages: https://learn.microsoft.com/en-us/windows/win32/msi/error-codes
0 - ERROR_SUCCESS - The action completed successfully.
1604 - ERROR_INSTALL_SUSPEND - Installation suspended, incomplete.
1641 - ERROR_SUCCESS_REBOOT_INITIATED - The installer has initiated a restart. This message is indicative of a success.
3010 - ERROR_SUCCESS_REBOOT_REQUIRED - A restart is required to complete the install. This message is indicative of a success. This does not include installs where the ForceReboot action is run.
And from other sources:
3011 (0xBC3) - ERROR_SUCCESS_RESTART_REQUIRED - The requested operation is successful. Changes will not be effective until the service is restarted.
I'm trying to update a (root) certificate's friendly name through PowerShell.
The certificate I'm trying to update is highlighted in the screenshot below (taken from certmgr.msc):
Here's the PowerShell code (largely taken from here):
Set-Location cert:
cd .\CurrentUser\Root
$cert = gci .\02FAF3E291435468607857694DF5E45B68851868
$cert.FriendlyName = "UserTrust CA"
(I've verified the thumbprint with the certificate properties in certmgr.msc to make sure it's the same certificate).
The last line will result in the following error:
Exception setting "FriendlyName": "Access is denied.
"
At line:1 char:7
+ $cert. <<<< FriendlyName = "UserTrust CA"
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
I've tried the following things so far:
Running PowerShell as administrator
Changing the execution policy using: Set-ExecutionPolicy Unrestricted
Other information:
PowerShell version is 2.0 (running on Windows 7 Enterprise x64)
I'm running the x64 version of PS
DEP and UAC are disabled
My account is part of the Administrators group
I'm a complete PowerShell n00b ;-)
PS version output:
$PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
2 0 -1 -1
You need to update your version of Powershell to 3.0 or 4.0.
See Get-ChildItem for Certificate
I have Powershell 4.0 and I was able to change the FriendlyName without problems. This was visible in certmgr.msc after a restart.
You can download Powershell 4.0 here.
If you are a Powershell beginner it's probably better to use Get-ChildItem instead of gci for improved readability. Also, cd is an alias of Set-Location so it's better to choose one or the other in your script to avoid confusion.