How to read the Windowsupdate.log file

By default, the Windows Update client records all transaction information to the following log file:

%windir%Windowsupdate.log

If you receive an error message on the Microsoft Windows Update Web site or from the Automatic Updates service, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.

Back to the top | Give Feedback

INTRODUCTION

This article describes how to read the Windowsupdate.log file. To view the log file, follow these steps:

1. Click Start, and then click Run.

2. In the Open box, type windowsupdate.log, and then click OK.

Back to the top | Give Feedback

MORE INFORMATION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756

(http://support.microsoft.com/kb/322756/ )

How to back up and restore the registry in Windows

Format

The follow table lists the basic format.

Collapse this tableExpand this table

Date	Time	PID	TID	Component	Text
2005-06-01	18:30:03	992	810	Misc	= Logging initialized
2005-06-01	18:30:03	992	810	Misc	= Process:
2005-06-01	18:30:03	992	810	Misc	= Module:

Components

The following components can write to the Windowsupdate.log file:

· AGENT– Windows Update agent

· AU– Automatic Updates is performing this task

· AUCLNT– Interaction by AU with the logged on user

· CDM– Device Manager

· CMPRESS– Compression agent

· COMAPI– Windows Update API

· DRIVER– Device driver information

· DTASTOR– Handles database transactions

· DWNLDMGR– Creates and monitors download jobs

· EEHNDLER– Expression handler used to evaluate update applicability

· HANDLER– Manages the update installers

· MISC– General service information

· OFFLSNC– Detect available updates when not connected to the network

· PARSER– Parses expression information

· PT– Synchronizes updates information to the local datastore

· REPORT– Collects reporting information

· SERVICE– Startup/Shutdown of the Automatic Updates service

· SETUP– Installs new versions of the Windows Update client when available

· SHUTDWN– Install at shutdown feature

· WUREDIR– The Windows Update redirector files

· WUWEB– The Windows Update ActiveX control

How to identify the caller

Identify the correct caller for the issue that you are experiencing. For example, if you receive an error when you are accessing the Windows Update Web site, locate the "Windowsupdate" callerID.

Example 1

The log file distinguishes among the following three callers:

2005-06-01 18:30:33 992 58c Agent *************

2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate]

2005-06-01 18:30:33 992 58c Agent *********

Example 2

2005-06-22 13:02:11 1000 594 Agent *************

2005-06-22 13:02:11 1000 594 Agent ** START ** Agent: Finding updates [CallerId = MicrosoftUpdate]

2005-06-22 13:02:11 1000 594 Agent *********

Example 3

2005-06-02 11:37:18 992 4e8 Agent *************

2005-06-02 11:37:18 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]

2005-06-02 11:37:18 992 4e8 Agent *********

General configuration settings

The Windowsupdate.log log file records the general service settings when the Automatic Updates service starts. The first section records the following information:

· The client version

· The directory that is being used

· The access type

· The default proxy

· The current network state

Note The proxy is listed in the Windowsupdate.log log file only if the proxy is configured by using the Proxycfg.exe utility.

2005-06-01 18:30:03 992 810 Service *************

2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup

2005-06-01 18:3
0:03 992 810 Service *********

2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468

2005-06-01 18:30:03 992 810 Agent * SusClientId = ‘071ffd36-f490-4d63-87a7-f7b11866b9fb’

2005-06-01 18:30:03 992 810 Agent * Base directory: C:WINDOWS.0SoftwareDistribution

2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy

2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80

2005-06-01 18:30:03 992 810 Agent * Network state: Connected

2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent ***********

The next section displays the Windows Server Update Services (WSUS) server that is available to the client. In this example, the settings are NULL because a WSUS server is not being used. If Software Update Services (SUS) is configured, the settings are displayed in the following location.

2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache ***********

2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL>

2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL>

2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers)

2005-06-01 18:30:03 992 7a0 Agent * Windows Update access disabled: No

2005-06-01 18:30:04 992 7a0 DnldMgr Download manager restoring 0 downloads

2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) ===========

2005-06-01 18:30:09 3948 918 Misc = Process: C:Program FilesInternet Exploreriexplore.exe

2005-06-01 18:30:09 3948 918 Misc = Module: C:WINDOWS.0system32wuweb.dll

Locating Failures in the log file

If you received a specific error message on the Windows Update Web site, follow these steps:

1. Open the Windowsupdate.log log file in Notepad.

2. On the Edit menu, click Find, and then search for the specific error message.

Note The Web site displays the final error message. This final error message may have been caused by a failure that is described earlier in the Windowsupdate.log log file. Additionally, if you do not know which error occurred on the Windows update Web site or you want to find more information about a failure by Automatic Updates, search for the following key words:

· FATAL

· WARNING

Note Not all warnings are critical errors. Start with the fatal errors and then work to the top of the Windowsupdate.log log file to make sure that you have identified the correct error message.

Example of a common failure

First search for the key word "FATAL":

2005-06-02 04:32:01 992 158 Setup FATAL: IsUpdateRequired failed with error 0x80072eef

The error that you locate is 0x80072EEF. Scroll up in the Windowsupdate.log log file to find the following closest word:

WARNING

2005-06-02 04:32:01 992 158 Misc WARNING: Send failed with hr = 80072eef.

2005-06-02 04:32:01 992 158 Misc WARNING: SendRequest failed with hr = 80072eef. Proxy List used: <Test:80 > Bypass List used : <(null)> Auth Schemes used : <NTLM;Negotiate (NTLM or Kerberos);>

2005-06-02 04:32:01 992 158 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v6/windowsupdate/redir/wuredir.cab>. error 0x80072eef

In this example, the proxy server "Test" is not valid. The "Test" server being invalid is the cause of the error.

Basics of a Windowsupdate.log file

Service startup

2005-06-01 18:30:03 992 810 Service *************

2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup

2005-06-01 18:30:03 992 810 Service *********

The Windows Update agent displays available parameters

2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468

2005-06-01 18:30:03 992 810 Agent * SusClientId = ‘071ffd36-f490-4d63-87a7-f7b11866b9fb’

2005-06-01 18:30:03 992 810 Agent * Base directory: C:WINDOWS.0SoftwareDistribution

2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy

2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80

2005-06-01 18:30:03 992 810 Agent * Network state: Connected

2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent ***********

2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache ***********

2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL>

2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL>

2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers)

A user accesses the Windows Update Web site by using Microsoft Internet Explorer and the ActiveX control is loaded

2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) ===========

2005-06-01 18:30:09 3948 918 Misc = Process: C:Program FilesInternet Exploreriexplore.exe

2005-06-01 18:30:09 3948 918 Misc = Module: C:WINDOWS.0system32wuweb.dll

The Setup component checks the installed version of the Windows Update client to see if the Windows Update client must be updated

2005-06-01 18:30:09 3948 918 Setup *********** Setup: Checking whether self-update is required ***********

2005-06-01 18:30:09 3948 918 Setup * Inf file: C:WINDOWS.0SoftwareDistributionWebSetupwusetup.inf

2005-06-01 18:30:09 3948 918 Setup Update required for C:WINDOWS.0system32cdm.dll: target version = 5.8.0.2468, required version = 5.8.0.2468

2005-06-01 18:30:09 3948 918 Setup * IsUpdateRequired = No

The client clicks the "Express" or "Custom" button to start a search

2005-06-01 18:30:32 3948 918 COMAPI ————-

2005-06-01 18:30:32 3948 918 COMAPI — START — COMAPI: Search [ClientId = WindowsUpdate]

2005-06-01 18:30:32 3948 918 COMAPI ———

2005-06-01 18:30:32 3948 918 COMAPI – Online = Yes; Ignore download priority = No

2005-06-01 18:30:32 3948 918 COMAPI – Criteria = "IsInstalled=0 and IsHidden=1"

2005-06-01 18:30:32 3948 918 COMAPI – ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}

Note COMAPI submits the search to the agent. Therefore, the second part is:

2005-06-01 18:30:33 3948 918 COMAPI <<– SUBMITTED — COMAPI: Search [ClientId = WindowsUpdate]

2005-06-01 18:30:33 992 58c Agent *************

2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate]

2005-06-01 18:30:33 992 58c Agent *********

Protocol talker synchronizes the list of updates with the local database on the client computer

2005-06-02 12:09:28 992 4e8 PT +++++++++++ PT: Synchronizing server updates +++++++++++

2005-06-02 12:09:28 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx

2005-06-02 12:09:35 992 4e8 PT +++++++++++ PT: Synchronizing extended update info +++++++++++

2005-06-02 12:09:35 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx

2005-06-02 12:09:36 992 4e8 Agent * Found 0 updates and 10 categories in search

The Windows Update agent searches for available updates

2005-06-02 12:09:36 992 4e8 Agent *************

2005-06-02 12:09:36 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate]

2005-06-02 12:09:36 992 4e8 Agent *********

2005-06-02 12:09:36 992 4e8 Agent * Added update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result

2005-06-02 12:09:37 992 4e8 Agent * Found 6 updates and 10 categories in search

The user is offered one updat
e and then chooses to install the one update

2005-06-02 12:10:41 1660 d0c COMAPI ————-

2005-06-02 12:10:41 1660 d0c COMAPI — START — COMAPI: Install [ClientId = WindowsUpdate]

2005-06-02 12:10:41 1660 d0c COMAPI ———

2005-06-02 12:10:41 1660 d0c COMAPI – Allow source prompts: Yes; Forced: No; Force quiet: No

2005-06-02 12:10:41 1660 d0c COMAPI – Updates in request: 1

2005-06-02 12:10:41 1660 d0c COMAPI – ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}

2005-06-02 12:10:41 1660 d0c COMAPI – Updates to install = 1

2005-06-02 12:10:41 1660 d0c COMAPI <<– SUBMITTED — COMAPI: Install [ClientId = WindowsUpdate]

The Windows Update agent starts the installation process

2005-06-02 12:10:41 992 58c Agent *************

2005-06-02 12:10:41 992 58c Agent ** START ** Agent: Installing updates [CallerId = WindowsUpdate]

2005-06-02 12:10:41 992 58c Agent *********

2005-06-02 12:10:41 992 58c Agent * Updates to install = 1

2005-06-02 12:10:41 992 58c Agent * Title = <NULL>

2005-06-02 12:10:41 992 58c Agent * UpdateId = {19813D2E-0144-43CA-AEBB-71263DFD81FD}.100

2005-06-02 12:10:41 992 58c Agent * Bundles 1 updates:

2005-06-02 12:10:41 992 58c Agent * {08D9F87F-7EA2-4523-9F02-0931E291908E}.100

The Windows Update agent calls the appropriate handler to install the package by impersonating the user who is logged on

2005-06-02 12:10:46 992 58c Handler Attempting to create remote handler process as MachineUser in session 0

2005-06-02 12:10:46 992 58c DnldMgr Preparing update for install, updateId = {08D9F87F-7EA2-4523-9F02-0931E291908E}.100.

2005-06-02 12:10:47 3348 70c Handler :::::::::::::

2005-06-02 12:10:47 3348 70c Handler :: START :: Handler: Command Line Install

2005-06-02 12:10:47 3348 70c Handler :::::::::

2005-06-02 12:10:47 3348 70c Handler : Updates to install = 1

2005-06-02 12:11:01 3348 70c Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false

Note The installation is successful and the restart is not required.

How to enable extended logging

Microsoft Product Support Services may ask you to turn on verbose logging. To turn on verbose logging, add the following registry key with two values:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateTrace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007
Value name: Level
Value type: REG_DWORD
Value data: 00000004

This registry key turns on an extended tracing to the %systemroot%Windowsupdate.log file. Additionally, this registry key turns on an extended tracing to any attached debuggers.

Back to the top | Give Feedback

Properties

Article ID: 902093 – Last Review: August 30, 2009 – Revision: 5.0

APPLIES TO

· Microsoft Windows Update

Keywords:

kbtshoot kbinfo KB902093

 

Source: How to read the Windowsupdate.log file