Article ID: 902093
Article Last Modified on 10/20/2006
APPLIES TO
- Microsoft Windows Update
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SUMMARY
By default, the Windows Update client records all transaction information to the following log file:
%windir%\Windowsupdate.log
If you receive an error message on the Microsoft Windows Update Web site or from the Automatic Updates service, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.
INTRODUCTION
This article describes how to read the Windowsupdate.log file. To view the log file, follow these steps:
- Click Start, and then click Run.
- In the Open box, type %windir%\windowsupdate.log, and then click OK.
MORE INFORMATION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Format
The follow table lists the basic format:
| Date | Time | PID | TID | Component | Text |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Logging initialized |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Process: |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Module: |
Components
The following components can write to the Windowsupdate.log file:
- AGENT- Windows Update agent
- AU- Automatic Updates is performing this task
- AUCLNT- Interaction by AU with the logged on user
- CDM-Device Manager
- CMPRESS-Compression agent
- COMAPI-Windows Update API
- DRIVER-Device driver information
- DTASTOR-Handles database transactions
- DWNLDMGR- Creates and monitors download jobs
- EEHNDLER-Expression handler used to evaluate update applicability
- HANDLER-Manages the update installers
- MISC- General service information
- OFFLSNC-Detect available updates when not connected to the network
- PARSER- Parses expression information
- PT- Synchronizes updates information to the local datastore
- REPORT-Collects reporting information
- SERVICE- Startup/Shutdown of the Automatic Updates service
- SETUP- Installs new versions of the Windows Update client when available
- SHUTDWN- Install at shutdown feature
- WUREDIR-The Windows Update redirector files
- WUWEB- The Windows Update ActiveX control
How to identify the caller
Identify the correct caller for the issue that you are experiencing. For example, if you receive an error when you are accessing the Windows Update Web site, locate the "Windowsupdate" callerID.
Example 1
The log file distinguishes among the following three callers:
2005-06-01 18:30:33 992 58c Agent ************* 2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent *********
Example 2
2005-06-22 13:02:11 1000 594 Agent ************* 2005-06-22 13:02:11 1000 594 Agent ** START ** Agent: Finding updates [CallerId = MicrosoftUpdate] 2005-06-22 13:02:11 1000 594 Agent *********
Example 3
2005-06-02 11:37:18 992 4e8 Agent ************* 2005-06-02 11:37:18 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2005-06-02 11:37:18 992 4e8 Agent *********
General configuration settings
The Windowsupdate.log log file records the general service settings when the Automatic Updates service starts. The first section records the following information:
- The client version
- The directory that is being used
- The access type
- The default proxy
- The current network state
Note The proxy is listed in the Windowsupdate.log log file only if the proxy is configured by using the Proxycfg.exe utility.
2005-06-01 18:30:03 992 810 Service ************* 2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup 2005-06-01 18:30:03 992 810 Service ********* 2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468 2005-06-01 18:30:03 992 810 Agent * SusClientId = '071ffd36-f490-4d63-87a7-f7b11866b9fb' 2005-06-01 18:30:03 992 810 Agent * Base directory: C:\WINDOWS.0\SoftwareDistribution 2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy 2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80 2005-06-01 18:30:03 992 810 Agent * Network state: Connected 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent ***********
The next section displays the Windows Server Update Services (WSUS) server that is available to the client. In this example, the settings are NULL because a WSUS server is not being used. If Software Update Services (SUS) is configured, the settings are displayed in this location:
2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache *********** 2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers) 2005-06-01 18:30:03 992 7a0 Agent * Windows Update access disabled: No 2005-06-01 18:30:04 992 7a0 DnldMgr Download manager restoring 0 downloads 2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) =========== 2005-06-01 18:30:09 3948 918 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe 2005-06-01 18:30:09 3948 918 Misc = Module: C:\WINDOWS.0\system32\wuweb.dll
Locating Failures in the log file
If you received a specific error message on the Windows Update Web site, follow these steps:
- Open the Windowsupdate.log log file in Notepad.
- On the Edit menu, click Find, and then search for the specific error message.
Note The Web site displays the final error message. This final error message may have been caused by a failure that is described earlier in the Windowsupdate.log log file. Additionally, if you do not know which error occurred on the Windows update Web site or you want to find more information about a failure by Automatic Updates, search for the following key words:
- FATAL
- WARNING
Note Not all warnings are critical errors. Start with the fatal errors and then work to the top of the Windowsupdate.log log file to make sure that you have identified the correct error message.
Example of a common failure
First search for the key word "FATAL":
2005-06-02 04:32:01 992 158 Setup FATAL: IsUpdateRequired failed with error 0x80072eef
The error that you locate is 0x80072EEF. Scroll up in the Windowsupdate.log log file to find the following closest word:
WARNING
2005-06-02 04:32:01 992 158 Misc WARNING: Send failed with hr = 80072eef. 2005-06-02 04:32:01 992 158 Misc WARNING: SendRequest failed with hr = 80072eef. Proxy List used: <Test:80 > Bypass List used : <(null)> Auth Schemes used : <NTLM;Negotiate (NTLM or Kerberos);> 2005-06-02 04:32:01 992 158 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v6/windowsupdate/redir/wuredir.cab>. error 0x80072eef
In this example, the proxy server "Test" is not valid. The "Test" server being invalid is the cause of the error.
Basics of a Windowsupdate.log file
Service startup
2005-06-01 18:30:03 992 810 Service ************* 2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup 2005-06-01 18:30:03 992 810 Service *********
The Windows Update agent displays available parameters
2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468 2005-06-01 18:30:03 992 810 Agent * SusClientId = '071ffd36-f490-4d63-87a7-f7b11866b9fb' 2005-06-01 18:30:03 992 810 Agent * Base directory: C:\WINDOWS.0\SoftwareDistribution 2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy 2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80 2005-06-01 18:30:03 992 810 Agent * Network state: Connected 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent *********** 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache *********** 2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers)
A user accesses the Windows Update Web site by using Microsoft Internet Explorer and the ActiveX control is loaded
2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) =========== 2005-06-01 18:30:09 3948 918 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe 2005-06-01 18:30:09 3948 918 Misc = Module: C:\WINDOWS.0\system32\wuweb.dll
The Setup component checks the installed version of the Windows Update client to see if the Windows Update client must be updated
2005-06-01 18:30:09 3948 918 Setup *********** Setup: Checking whether self-update is required *********** 2005-06-01 18:30:09 3948 918 Setup * Inf file: C:\WINDOWS.0\SoftwareDistribution\WebSetup\wusetup.inf 2005-06-01 18:30:09 3948 918 Setup Update required for C:\WINDOWS.0\system32\cdm.dll: target version = 5.8.0.2468, required version = 5.8.0.2468 2005-06-01 18:30:09 3948 918 Setup * IsUpdateRequired = No
The client clicks the "Express" or "Custom" button to start a search
2005-06-01 18:30:32 3948 918 COMAPI -------------
2005-06-01 18:30:32 3948 918 COMAPI -- START -- COMAPI: Search [ClientId = WindowsUpdate]
2005-06-01 18:30:32 3948 918 COMAPI ---------
2005-06-01 18:30:32 3948 918 COMAPI - Online = Yes; Ignore download priority = No
2005-06-01 18:30:32 3948 918 COMAPI - Criteria = "IsInstalled=0 and IsHidden=1"
2005-06-01 18:30:32 3948 918 COMAPI - ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}
Note COMAPI submits the search to the agent. Therefore, the second part is:
2005-06-01 18:30:33 3948 918 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent ************* 2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent *********
Protocol talker synchronizes the list of updates with the local database on the client computer
2005-06-02 12:09:28 992 4e8 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2005-06-02 12:09:28 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2005-06-02 12:09:35 992 4e8 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2005-06-02 12:09:35 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2005-06-02 12:09:36 992 4e8 Agent * Found 0 updates and 10 categories in search
The Windows Update agent searches for available updates
2005-06-02 12:09:36 992 4e8 Agent *************
2005-06-02 12:09:36 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate]
2005-06-02 12:09:36 992 4e8 Agent *********
2005-06-02 12:09:36 992 4e8 Agent * Added update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result
2005-06-02 12:09:37 992 4e8 Agent * Found 6 updates and 10 categories in search
The user is offered one update and then chooses to install the one update
2005-06-02 12:10:41 1660 d0c COMAPI -------------
2005-06-02 12:10:41 1660 d0c COMAPI -- START -- COMAPI: Install [ClientId = WindowsUpdate]
2005-06-02 12:10:41 1660 d0c COMAPI ---------
2005-06-02 12:10:41 1660 d0c COMAPI - Allow source prompts: Yes; Forced: No; Force quiet: No
2005-06-02 12:10:41 1660 d0c COMAPI - Updates in request: 1
2005-06-02 12:10:41 1660 d0c COMAPI - ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2005-06-02 12:10:41 1660 d0c COMAPI - Updates to install = 1
2005-06-02 12:10:41 1660 d0c COMAPI <<-- SUBMITTED -- COMAPI: Install [ClientId = WindowsUpdate]
The Windows Update agent starts the installation process
2005-06-02 12:10:41 992 58c Agent *************
2005-06-02 12:10:41 992 58c Agent ** START ** Agent: Installing updates [CallerId = WindowsUpdate]
2005-06-02 12:10:41 992 58c Agent *********
2005-06-02 12:10:41 992 58c Agent * Updates to install = 1
2005-06-02 12:10:41 992 58c Agent * Title = <NULL>
2005-06-02 12:10:41 992 58c Agent * UpdateId = {19813D2E-0144-43CA-AEBB-71263DFD81FD}.100
2005-06-02 12:10:41 992 58c Agent * Bundles 1 updates:
2005-06-02 12:10:41 992 58c Agent * {08D9F87F-7EA2-4523-9F02-0931E291908E}.100
The Windows Update agent calls the appropriate handler to install the package by impersonating the user who is logged on
2005-06-02 12:10:46 992 58c Handler Attempting to create remote handler process as Machine\User in session 0
2005-06-02 12:10:46 992 58c DnldMgr Preparing update for install, updateId = {08D9F87F-7EA2-4523-9F02-0931E291908E}.100.
2005-06-02 12:10:47 3348 70c Handler :::::::::::::
2005-06-02 12:10:47 3348 70c Handler :: START :: Handler: Command Line Install
2005-06-02 12:10:47 3348 70c Handler :::::::::
2005-06-02 12:10:47 3348 70c Handler : Updates to install = 1
2005-06-02 12:11:01 3348 70c Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
Note The installation is successful and the restart is not required.
How to enable extended logging
Microsoft Product Support Services may ask you to turn on verbose logging. To turn on verbose logging, add the following registry key with two values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007
Value name: Level
Value type: REG_DWORD
Value data: 00000004
This registry key turns on an extended tracing to the %systemroot%\Windowsupdate.log file. Additionally, this registry key turns on an extended tracing to any attached debuggers.
Keywords: kbtshoot kbinfo KB902093
