SP2 May Fail to Install If a Large Number of Updates Are Installed
[Today's tip comes to us courtesy of Mark Stanfill]
Update: The steps below are no longer needed. To get past the errors, below, please download Service Pack 2 using the steps outlined in https://support.microsoft.com/default.aspx?scid=kb;EN-US;940276.
We're currently tracking an issue where Windows Server 2003 SP2 may fail to install for some Automatic Update clients. There is a limitation in the database that Automatic Updates uses to track hotfix and service pack installations that may result in AU being unable to apply new patches if a very large number of fixes have been installed (>100). This number is reset when a service pack is applied, so it is relatively hard to reach this threshold unless you are installing individual updates and have not upgraded to SP1. That said, there are a certain number of SBS customers installed from the original 2003 media (i.e. pre-SP1 media), who may fall in to this category.
You can also see this error if you try to manually install SP2 manually. In this case, you will receive the following pop-up error:
Failed to install catalog files.
The main symptom you will see in this case is that Automatic Updates/Windows Update/Microsoft Update will fail and you will see an error similar to the one below logged in svcpack.log:
960.484: InstallSingleCatalogFile: MyInstallCatalog failed for Tmp.0.ntprint.cat; error= 0xfffffbfe .
There may be other issues that cause automatic updates to fail. Unless you see the 0xfffffbfe error, you are dealing with another issue. These are documented in the following articles:
925931 You may be unable to apply more updates at a certain point on a Windows Server 2003-based computer
https://support.microsoft.com/default.aspx?scid=kb;EN-US;925931
822798 You cannot install some updates or programs
https://support.microsoft.com/default.aspx?scid=kb;EN-US;822798
Manual Method
To resolve this issue and allow SP2 to install, either use the manual steps below, or, alternatively, use the batch file below:
- Make a full backup of your system.
- Click on Start, click on Administrative Tools, Click on Services. Right-click on Cryptographic Services and choose "Stop".
- Open Explorer and browse to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- Create a temporary folder called "backup" under CatRoot
- Move all KB*.cat, Q*.* and TMP*.cat files to C:WINDOWSsystem32CatRootbackup. DO NOT DELETE THEM!
- If you moved KB912354.CAT, copy it back to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} folder. (This step is very important to prevent a potential error with SBS licensing. However, if the KB912354.cat file does not exist, go to step 7. The software update in KB 912354 is included in Windows Server 2003 SP2.)
- Rename the C:WINDOWSSYSTEM32CATROOT2 folder to CATROOT2.old. Create a blank folder named CATROOT2.
- NOTE: Make sure you rename CATROOT2 not CATROOT (without the 2).
- Again, make sure rename this folder, do not delete it.
Start Cryptographic Services from Services
Start the install of SP2.
Batch File Version
[Edit - batch file modified 11-09-2007]
Copy and paste between the "; --------" portions to a file called fixcatalog.bat and execute the batch file. Watch for line wraps.):
; -----------------------------
@ECHO OFF
SETLOCAL EnableDelayedExpansionnet stop cryptsvc
cd /d %WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
attrib -s *.*
md %WINDIR%system32CatRootbackupFOR /F "delims=" %%a in ('REG QUERY "HKLMSoftwaremicrosoftWindows NTCurrentVersionHotfix"') DO (REG QUERY "%%a" /v "Service Pack" | findstr /c:"0x2"
if !ERRORLEVEL!==0 (
For /f "delims= tokens=7" %%i in ('REG QUERY "%%a" /v "Service Pack"') do (
move %%i.cat %WINDIR%system32CatRootbackup
)
)
)if exist %WINDIR%system32CatRootbackupkb912354.cat copy %WINDIR%system32CatRootbackupkb912354.cat
%WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
ren %WINDIR%system32catroot2 catroot2.old
md %WINDIR%system32CatRoot2
net start cryptsvc@echo Ready for SP2 install. You can now restart the SP2 installation.
; ------------------------------
Like the last line of the batch file says, SP2 installation must be restarted after running the batch file.
Notes
In some situations, you may not be able to use the steps above (either manual or batch file) because of one or both of the following conditions:
- You may be unable to rename catroot2
- Cryptographic Services (cryptsvc) may fail to stop gracefully and remain in a "stopping" state
If you are unable to complete any of the steps above, you will need to boot in to safe mode to complete the process
Uninstalling SP2 After Using These Steps
One of the side-effects of using this procedure is that we are effectively removing your update history. In the event that you need to remove SP2 afterwards, you will need to use these steps:
- Make a full backup of your system.
- Click on Start, click on Administrative Tools, Click on Services. Right-click on Cryptographic Services and choose "Stop".
- Open Explorer and browse to C:WINDOWSsystem32CatRootbackup
- Copy all files in C:WINDOWSsystem32CatRootbackup to C:WINDOWSsystem32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.
- Rename the C:WINDOWSSYSTEM32CATROOT2 folder to CATROOT2.old. Create a blank folder named CATROOT2.
- NOTE: Make sure you rename CATROOT2 not CATROOT (without the 2).
- Again, make sure rename this folder, do not delete it.
Start Cryptographic Services from Services
Start the uninstall of SP2.
Uninstall Batch File Version
Copy and paste between the "; --------" portions to a file called fixuninstall.bat and execute the batch file):
; -----------------------------
net stop cryptsvc
copy %WINDIR%system32CatRootbackup* %WINDIR%system32CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
ren %WINDIR%system32catroot2 catroot2.old
md %WINDIR%system32CatRoot2
net start cryptsvc
@echo Ready for SP2 uninstall.
; ------------------------------