Windows update errors vs rogue winevt provider

Discussion in 'Windows Server' started by futurechild, Apr 15, 2015.

  1. futurechild

    futurechild MDL Novice

    Jun 18, 2010
    1
    0
    0
    #1 futurechild, Apr 15, 2015
    I recently solved an interesting problem on my 2008R2 server suddenly not being able to update or add/remove roles/features.
    They all resulted in errors 0x80004005, 0x8007054f, 0x80070490, 0x80070643, 0x8007066A.
    I tried the checksur tool, sfc /scannow, and more or less all google results relevant to my problem to no avail.

    cbs.log was not very helpfull only logging the following cryptic errors:

    2015-03-31 15:06:44, Error CSI 0000005f@2015/3/31:13:06:44.728 (F) d:\win7sp1_gdr\base\wcp\cmiadapter\installers.cpp(352): Error HRESULT_FROM_WIN32(ERROR_INTERNAL_ERROR) originated in function Windows::WCP::CmiAdapter::CMIWrapperBasicInstaller::ResolveAndInvokeInstaller expression: hr
    [gle=0x80004005]
    2015-03-31 15:06:45, Error CSI 00000008@2015/3/31:13:06:45.025 (F) CMIADAPTER: Exiting with HRESULT code = HRESULT_FROM_WIN32(ERROR_INTERNAL_ERROR).
    [gle=0x80004005]
    2015-03-31 15:06:45, Error CSI 00000060@2015/3/31:13:06:45.025 (F) d:\win7sp1_gdr\base\wcp\cmiadapter\installers.cpp(123): Error HRESULT_FROM_WIN32(ERROR_INTERNAL_ERROR) originated in function Windows::WCP::CmiAdapter::CMIWrapperBasicInstaller::Install expression: hr
    [gle=0x80004005]
    2015-03-31 15:06:46, Error CBS Exec: An error occurred while committing the transaction, the transaction has been rolled back. [HRESULT = 0x80070643 - ERROR_INSTALL_FAILURE]

    Only when i tried to install the windows backup feature cbs logged the following relevant messages:

    2015-04-01 16:46:23, Error CSI 00000001 (F) Logged @2015/4/1:14:46:23.093 : [ml:280{140},l:278{139}]"events installer: online=1, install=1, component=amd64_Microsoft-Windows-BLB-Events-Main_31bf3856ad364e35_6.1.7601.17514_neutral_release__."
    [gle=0x80004005]
    2015-04-01 16:46:23, Error CSI 00000002 (F) Logged @2015/4/1:14:46:23.140 : [ml:200{100},l:198{99}]"EventAITrace:provider {770ca594-b467-4811-b355-28f5e5706987} is missing the name in the registry."
    [gle=0x80004005]
    2015-04-01 16:46:23, Error CSI 00000003 (F) Logged @2015/4/1:14:46:23.140 : [ml:170{85},l:168{84}]"WmiCmiPlugin wevtcfg.cpp(1856): InstrumentationManifestAssert failed. HR=0x8007054f."
    [gle=0x80004005]
    2015-04-01 16:46:23, Error CSI 00000004 (F) Logged @2015/4/1:14:46:23.140 : [ml:166{83},l:164{82}]"WmiCmiPlugin eventloghandler.cpp(192): ProcessEventsInstall failed. HR=0x8007054f."
    [gle=0x80004005]
    2015-04-01 16:46:23, Error CSI 00000005 (F) Logged @2015/4/1:14:46:23.140 : [ml:170{85},l:168{84}]"WmiCmiPlugin eventloghandler.cpp(212): EventLogHandlerInstall failed. HR=0x8007054f."
    [gle=0x80004005]
    2015-04-01 16:46:23, Error CSI 00000006@2015/4/1:14:46:23.140 (F) CMIADAPTER: Inner Error Message from AI HRESULT = HRESULT_FROM_WIN32(ERROR_INTERNAL_ERROR) [[29]"An internal error occurred."]
    [gle=0x80004005]

    Deleting the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{770ca594-b467-4811-b355-28f5e5706987}] key solved all update and role/feature change errors.

    my server is now a happy server, i however have few questions.
    1- Where did this {770ca594-b467-4811-b355-28f5e5706987} key come from.
    2- Why does a winevt publisher key, apparently unused, cause such massive problems .