SP2 May Fail to Install If a Large Number of Updates Are Installed

[Today’s tip comes to us courtesy of Mark Stanfill]

Update:  The steps below are no longer needed.  To get past the errors, below, please download Service Pack 2 using the steps outlined in http://support.microsoft.com/default.aspx?scid=kb;EN-US;940276.

 

 

 

We’re currently tracking an issue where Windows Server 2003 SP2 may fail to install for some Automatic Update clients.  There is a limitation in the database that Automatic Updates uses to track hotfix and service pack installations that may result in AU being unable to apply new patches if a very large number of fixes have been installed (>100).  This number is reset when a service pack is applied, so it is relatively hard to reach this threshold unless you are installing individual updates and have not upgraded to SP1.  That said, there are a certain number of SBS customers installed from the original 2003 media (i.e. pre-SP1 media), who may fall in to this category.

 

You can also see this error if you try to manually install SP2 manually.  In this case, you will receive the following pop-up error:

Failed to install catalog files.

 

The main symptom you will see in this case is that Automatic Updates/Windows Update/Microsoft Update will fail and you will see an error similar to the one below logged in svcpack.log:

 

960.484: InstallSingleCatalogFile: MyInstallCatalog failed for Tmp.0.ntprint.cat; error=0xfffffbfe.

 

There may be other issues that cause automatic updates to fail.  Unless you see the 0xfffffbfe error, you are dealing with another issue. These are documented in the following articles:

 

925931  You may be unable to apply more updates at a certain point on a Windows Server 2003-based computer

http://support.microsoft.com/default.aspx?scid=kb;EN-US;925931

822798  You cannot install some updates or programs

http://support.microsoft.com/default.aspx?scid=kb;EN-US;822798

 

Manual Method

To resolve this issue and allow SP2 to install, either use the manual steps below, or, alternatively, use the batch file below:

 

  1. Make a full backup of your system.
  2. Click on Start, click on Administrative Tools, Click on Services.  Right-click on Cryptographic Services and choose “Stop”.
  3. Open Explorer and browse to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  4. Create a temporary folder called “backup” under CatRoot
  5. Move all KB*.cat, Q*.* and TMP*.cat files to C:WINDOWSsystem32CatRootbackup.   DO NOT DELETE THEM!
  6. If you moved KB912354.CAT, copy it back to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder.  (This step is very important to prevent a potential error with SBS licensing. However, if the KB912354.cat file does not exist, go to step 7. The software update in KB 912354 is included in Windows Server 2003 SP2.)
  7. Rename the C:WINDOWSSYSTEM32CATROOT2 folder to CATROOT2.old. Create a blank folder named CATROOT2. 
  • NOTE: Make sure you rename CATROOT2 not CATROOT (without the 2).
  • Again, make sure rename this folder, do not delete it.
  • Start Cryptographic Services from Services
  • Start the install of SP2.
  •  

    Batch File Version

    [Edit – batch file modified 11-09-2007]

    Copy and paste between the “; ——–” portions to a file called fixcatalog.bat and execute the batch file.  Watch for line wraps.):

     

    ; —————————–

    @ECHO OFF
    SETLOCAL EnableDelayedExpansion

    net stop cryptsvc
    cd /d %WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    attrib -s *.*
    md %WINDIR%system32CatRootbackup

    FOR /F “delims=” %%a in (‘REG QUERY “HKLMSoftwaremicrosoftWindows NTCurrentVersionHotfix”‘) DO (REG QUERY “%%a” /v “Service Pack” | findstr /c:”0x2″
    if !ERRORLEVEL!==0 (
    For /f “delims= tokens=7” %%i in (‘REG QUERY “%%a” /v “Service Pack”‘) do (
    move %%i.cat %WINDIR%system32CatRootbackup
    )
    )
    )

    if exist %WINDIR%system32CatRootbackupkb912354.cat copy %WINDIR%system32CatRootbackupkb912354.cat 

    %WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
    ren %WINDIR%system32catroot2 catroot2.old
    md %WINDIR%system32CatRoot2
    net start cryptsvc

    @echo Ready for SP2 install.  You can now restart the SP2 installation.

    ; ——————————

    Like the last line of the batch file says, SP2 installation must be restarted after running the batch file.

    Notes

    In some situations, you may not be able to use the steps above (either manual or batch file) because of one or both of the following conditions:

     

    • You may be unable to rename catroot2
    • Cryptographic Services (cryptsvc) may fail to stop gracefully and remain in a “stopping” state

     

    If you are unable to complete any of the steps above, you will need to boot in to safe mode to complete the process

     

    Uninstalling SP2 After Using These Steps

     

    One of the side-effects of using this procedure is that we are effectively removing your update history.  In the event that you need to remove SP2 afterwards, you will need to use these steps:

     

     

    1. Make a full backup of your system.
    2. Click on Start, click on Administrative Tools, Click on Services.  Right-click on Cryptographic Services and choose “Stop”.
    3. Open Explorer and browse to C:WINDOWSsystem32CatRootbackup
    4. Copy all files in C:WINDOWSsystem32CatRootbackup to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}. 
    5. Rename the C:WINDOWSSYSTEM32CATROOT2 folder to CATROOT2.old. Create a blank folder named CATROOT2. 
    • NOTE: Make sure you rename CATROOT2 not CATROOT (without the 2).
    • Again, make sure rename this folder, do not delete it.
  • Start Cryptographic Services from Services
  • Start the uninstall of SP2.
  •  

    Uninstall Batch File Version

     

    Copy and paste between the “; ——–” portions to a file called fixuninstall.bat and execute the batch file):

     

    ; —————————–

    net stop cryptsvc

    copy %WINDIR%system32CatRootbackup*  %WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

    ren %WINDIR%system32catroot2 catroot2.old

    md %WINDIR%system32CatRoot2

    net start cryptsvc

    @echo Ready for SP2 uninstall.

    ; ——————————