I manage a WSUS server for a large number of servers in a shared environment. Recently I noticed that despite the scheduled install time configured via the local gpo of many servers, they were not rebooting for sometimes 1.5-2 hours after their scheduled install time. Checking their event logs and WindowsUpdate.log I saw that on all of them they were in fact starting installation at their scheduled install time, but after installing the update "Windows Malicious Software Removal Tool x64 - March 2015 (KB890830)"
or its equivalent for that month, it would be 1-1.5 hours before it finished installing the next update and eventualliy rebooting.
Checking the WindowsUpdate.log I see tons of entries like the following:
2015-03-16 20:51:01:700 26316 704 Handler CBS called Progress with state=7, ticks=102299, total=691
Other servers seem to have no issues with the same set up updates. It will take them only 15-20 minutes and will reboot within 30 minutes of their scheduled install time.
Has anybody seen anything similar to this? Is there some reason why the monthly malicious software update would install right at the scheduled time, but the rest would take hours? They dont have tons of updates, there are on average 10-15 updates scheduled. These systems are all over in the place in terms of performance specs, so I dont think its related to their hardware specs.
Thanks
UPDATE This issue has continued to occur on this machine. I now am not entirely sure its related to the windows malicious software tool or not. The only symptoms I have found are the following:
- Any number of updates will take 1.5-1.75 hours to install, where other servers installing same updates take 15-30 minutes to install them.
- Windows Update Log is filled from top to bottom with the following over and over again (entirely filling up the log in a matter of minutes)
2015-07-20 21:13:47:793 7432 3e8 Handler CBS called Progress with state=7, ticks=204999, total=502 2015-07-20 21:13:50:320 7432 3e8 Handler CBS called Progress with state=4, ticks=205154, total=502
- C:\Windows\Logs\CBS\CBS.log is much larger than other servers (1.5 GB)
System Event log always shows the following pattern Right at scheduled install time a first update will immediately install example:
Date: 5/18/2015 8:00:28 PM Event ID: 19 Task Category: Windows Update Agent Level: Information Keywords: Success,Installation User: SYSTEM Computer: ... Description: Installation Successful: Windows successfully installed the following update: Update for Windows Server 2008 R2 x64 Edition
Then 1.5 Hours will elapse and the Windows Malicious software update will say it finished installation
Date: 5/18/2015 9:46:05 PM
Event ID: 19
Task Category: Windows Update Agent
Level: Information
Keywords: Success,Installation
User: SYSTEM
Computer: ...
Description:
Installation Successful: Windows successfully installed the following update: Windows Malicious Software Removal Tool x64