What to do if you experience a rollback when installing KB3000061

We've seen reports of some systems rolling back their serivicing operations when attempting to install KB3000061.  This only appears to be happening on systems which were upgrades from Win7->Win8 and Win2008R2->Win2012.  The reason this is happening is because the win32k.sys provider registry entry isnt getting properly updated during the upgrade process.  The resolution to this problem is to:

  1. Export and then delete the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e7ef96be-969f-414f-97d7-3ddb7b558ccc}
  2. Reboot the impacted system
  3. Reattempt KB3000061 installation

You do not need to reimport the exported key once this is completed and it can be safely deleted.  Do not delete any of the other provider keys aside from the one above.  We're still investigating why the provider keys arent being properly updated on upgrade but until that investigation is completed, the above solution is our supported workaround.  If you have issues installing other updates, please open a support case with Microsoft support and they will be able to assist you.  If you're curious what the failure looks like in the CBS.log, a snippet is posted below.  I've highlighted the bad GUID entry in red, this is the one we see as installed.  What we're looking for is the entry marked in green (which will be the proper provider entry once you delete the key and reboot.)

2014-11-06 22:33:32, Error                 CSI    00000002 (F) Logged @2014/11/6:11:33:32.429 : [ml:240{120},l:238{119}]"EventAITrace:Provider Microsoft-Windows-Win32k is already installed with GUID {e7ef96be-969f-414f-97d7-3ddb7b558ccc}.

 2014-11-06 22:33:32, Error                 CSI    00000003 (F) Logged @2014/11/6:11:33:32.429 : [ml:168{84},l:166{83}]"WmiCmiPlugin manproc.cpp(683): InstrumentationManifestAssert failed. HR=0x80073aa2."
 2014-11-06 22:33:32, Error                 CSI    00000004 (F) Logged @2014/11/6:11:33:32.429 : [ml:166{83},l:164{82}]"WmiCmiPlugin eventloghandler.cpp(192): ProcessEventsInstall failed. HR=0x80073aa2."
 2014-11-06 22:33:32, Error                 CSI    00000005 (F) Logged @2014/11/6:11:33:32.429 : [ml:170{85},l:168{84}]"WmiCmiPlugin eventloghandler.cpp(212): EventLogHandlerInstall failed. HR=0x80073aa2."
 2014-11-06 22:33:32, Error                 CSI    00000006@2014/11/6:11:33:32.429 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_WIN32(15010)
 [22]"Configuration error.

 2014-11-06 22:33:32, Error                 CSI    00000007@2014/11/6:11:33:32.429 (F) CMIADAPTER: AI failed. HRESULT = HRESULT_FROM_WIN32(15010)
  [92250]"<events xmlns="http://schemas.microsoft.com/win/2004/08/events">

  <provider guid="{8c416c79-d49b-4f01-a467-e56d3aa8234c}" messageFileName="%SystemRoot%\system32\win32k.sys" name="Microsoft-Windows-Win32k" resourceFileName="%SystemRoot%\system32\win32k.sys" symbol="W32kControlGuid">


Skip to main content