Quick Solution: Check the permissions on the root of C: and ensure that BUILTIN\Users have Read access.
8000FFFF == E_UNEXPECTED, not very helpful…
Had a client where windows update was continually failing with the error code 8000FFFF. When looking in the Windows Update log we’d see errors like this:
WARNING: PTError: 0x80248014 Handler FATAL: CBS called Error with 0x8000ffff, <— Checked the CBS.log file but that didn’t give any clues. Handler FATAL: Error source is 106. DnldMgr Error 0x8000ffff occurred while downloading update; notifying dependent calls. AU # WARNING: Download failed, error = 0x8000FFFF AU # WARNING: Download failed, error = 0x8000FFFF AU WARNING: BeginInteractiveInstall failed, error = 0x8024000C CltUI WARNING: AU directive Interactive Progress is exiting due to error 8024000C
And in the event viewer upon each run we’d see these events:
Log Name: Application Source: ESENT Date: 7/2/2008 3:05:16 PM Event ID: 491 Task Category: General Level: Error Keywords: Classic User: N/A Computer: XXXX Description: Catalog Database (1560) Catalog Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Windows\system32\CatRoot2\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Log Name: Application Source: Microsoft-Windows-CAPI2 Date: 7/2/2008 3:05:16 PM Event ID: 257 Task Category: None Level: Error Keywords: Classic User: N/A Computer: XXXX Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
After seeing this data I did a stare and compare between my root permissions and his and found that he’d modified the c:\ permissions on his system:
His machine: c:\temp\xcacls c: C:\ NT AUTHORITY\SYSTEM:(OI)(CI)F BUILTIN\Administrators:(OI)(CI)F
Mine: C:\>xcacls c:\ c:\ BUILTIN\Administrators:F BUILTIN\Administrators:(OI)(CI)(IO)F NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F BUILTIN\Users:(OI)(CI)R <— This is the key one missing that was causing the headache. NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C NT AUTHORITY\Authenticated Users:(special access:) FILE_APPEND_DATA
The Cryptographic Services runs under “Network Service” which would require Users to have read access. I added BUILTIN\Users with read access to C and all worked again.
Hopefully this post will guide others with similar issues to the solution quickly.