Starting with Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs. Windows doesn’t log the activities, inside the “C:\Windows\Logs\WindowsUpdate\WindowsUpdate.log
” file anymore.
Several *.etl
files gets created under the “C:\Windows\Logs\WindowsUpdate\
” folder named “WindowsUpdate.20200516.014038.717.1.etl
“. These “*.etl
” files aren’t readable therefore we first need to convert these “*.etl
” files into an human readable format. There are several methods available to do this but I prefer to use the “Get-WindowsUpdateLog
” cmdlet.
How should our approach looks like to troubleshoot a windows update problem ?
1. Reproduce the problem. Note : Windows Update can fail with an error code or it can run in an endless loop. If it fails with an error code you can directly go to the next step and run the "Get-WindowsUpdateLog" cmdlet to collect the required logs. Once you run the cmdlet the "\WindowsUpdate.log" file will be created directly on your desktop. If Windows Update runs in an endless loop I would recommend you to wait for at least 3 minutes and run the "Get-WindowsUpdateLog" cmdlet afterwards. Based on experience I can say that if Windows Update runs in an endless loop, either the link where Windows Update searches is broken, you haven't updated your Windows for a very long time or there is a bug inside the Windows Update Agent. 2. Run the "Get-WindowsUpdateLog" cmdlet from an elevated powershell window. The "\WindowsUpdate.log" file will be created and saved right on your desktop.
How to analyze the WindowsUpdate.log ?
As you already know the “*.log
” file can be opened with an text editor like Notepad or Notepad++ but due to the size of the log file you can easily skip important errors and strings therefore I would recommend you to use “CMTRace Log Viewer
” during the analysis. “CMTRace
” is free and included in “System Center 2012 R2 Configuration Manager Toolkit
“. “CMTrace” makes the analysis of logs very easy. CMTrace automatically red highlights predefined keywoards like "error", "denied", "not found", "failed"
etc. and shows you where to focus.
System Center 2012 R2 Configuration Manager Toolkit. (CMTrace Download)
https://www.microsoft.com/en-us/download/details.aspx?id=50012
Now, what to do with the Windows Update Error Codes ?
Once you got the Windows Update error codes you can google or refer to the following articles published by Microsoft.
Windows Update common errors and mitigation
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-errors
Windows Update error codes by component
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-error-reference
If you cannot find the error codes anywhere on the Internet I would recommend to search for these error codes inside the ERR.exe
. Err.exe is Microsoft’s Internal CMD based Error Lookup Tool and it gets updated regularly with the new error codes and definitions.
Microsoft Error Lookup Tool
https://www.microsoft.com/en-us/download/details.aspx?id=100432
What to do if Windows Update runs in an endless loop without an error ?
Based on experience I can say that if Windows Update runs in an endless loop without and error, this can have three reasons.
1. Either you haven’t updated your copy of Windows for a long time. I have seen Windows copies which got the Windows Update after 8 hours. If you don’t want to wait for a so long time you can search for the latest Cumulative Updates for your copy of windows, download and install it manually. A redistributable copy of the Cumulative Updates will be always available at Microsoft.com.
2. Another endless loop reason is if the link where Windows Upate Agent searches is broken. Broken basically means the server is down. You can see this link in the WindowsUpdate.log file. You basically need to copy and paste the link to your browser and check if you can see anything. In reality this isn’t an endless loop. The Agent will definetely throw an error but it can take up to 3 hours till you get an error. Most of the users thinks that its in an endless loop.
Additionally be sure that your device can access these Windows Update endpoints :
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
https://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
Whitelist these endpoints for future use.
3. Another endless loop behaviour can occur if there is a BUG inside the Windows Update Agent. Under these circumstances a good approch to fix this problem would be to install the latest Cumulative Updates manually if available or reset the Windows Update components manually as described below in the article. Resetting Windows Update components manually removes the conditions that causes this BUG to appear.
Reset Windows Update components manually
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources
Useful References :
1. Windows Update log files
2. Get started with Windows Update
3. Windows Update common errors and mitigation
4. Windows Update error codes by component
5. Windows Update – additional resources
6. How does Windows Update work ?
7. Reset Windows Update components manually
Good luck !