Windows Update fails with 8000FFFF (E_UNEXPECTED)

Windows Update fails with 8000FFFF (E_UNEXPECTED)

  • Comments 45
  • Likes

Quick Solution:  Check the permissions on  the root of C: and ensure that BUILTIN\Users have Read access.

Long Story:

8000FFFF == E_UNEXPECTED, not very helpful…

Had a client where windows update was continually failing with the error code 8000FFFF.  When looking in the Windows Update log we’d see errors like this:

WARNING: PTError: 0x80248014
Handler FATAL: CBS called Error with 0x8000ffff, <— Checked the CBS.log file but that didn’t give any clues.
Handler FATAL: Error source is 106.
DnldMgr Error 0x8000ffff occurred while downloading update; notifying dependent calls.
AU        # WARNING: Download failed, error = 0x8000FFFF
AU        # WARNING: Download failed, error = 0x8000FFFF
AU      WARNING: BeginInteractiveInstall failed, error = 0x8024000C
CltUI   WARNING: AU directive Interactive Progress is exiting due to error 8024000C

 

And in the event viewer upon each run we’d see these events:

Log Name:      Application
Source:        ESENT
Date:          7/2/2008 3:05:16 PM
Event ID:      491
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXXX
Description:
Catalog Database (1560) Catalog Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Windows\system32\CatRoot2\" failed with system error 5 (0x00000005): "Access is denied. ".  The operation will fail with error -1032 (0xfffffbf8).

Log Name:      Application
Source:        Microsoft-Windows-CAPI2
Date:          7/2/2008 3:05:16 PM
Event ID:      257
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXXX
Description:
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

After seeing this data I did a stare and compare between my root permissions and his and found that he’d modified the c:\ permissions on his system:

His machine:
c:\temp\xcacls c:
C:\ NT AUTHORITY\SYSTEM:(OI)(CI)F
    BUILTIN\Administrators:(OI)(CI)F

Mine:
C:\>xcacls c:\
c:\ BUILTIN\Administrators:F
    BUILTIN\Administrators:(OI)(CI)(IO)F
    NT AUTHORITY\SYSTEM:F
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
    BUILTIN\Users:(OI)(CI)R <— This is the key one missing that was causing the headache.
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
    NT AUTHORITY\Authenticated Users:(special access:)
                                     FILE_APPEND_DATA

The Cryptographic Services runs under “Network Service” which would require Users to have read access.  I added BUILTIN\Users with read access to C and all worked again.

Hopefully this post will guide others with similar issues to the solution quickly.

 

Comments
  • Thanks , solved my problem, hardening W2K8 is not that straight forward.

  • Careful though, you can always crew up omre stuff if you adjust permissions on the root and then apply it to all folder/subfolders.  

    Make sure you backup that machine before doing this!

  • I spent a bunch of time hunting around trying to find a solution to this issue.  We remove the Users group from the root of our servers but don't cascade the change down on the system drive.  We've done this with NT4, Win2000 Server, Win2003 Server, and thought we'd be able to do it with Win2008 Server but apparently not.

    Adding it back in worked like a charm, however I don't necessarily like having it there.  If I knew exactly where else it belonged I'd prefer to just add it to the needed directories.

  • Any tech note / kb from Microsoft on this issue?

    I am going to try this now and if it works, remove the BUILTIN\Users (R) from root again.

    Hopefully, it is a one off for updates.

  • I spent a lot of time trying to research this, and finally something works!  Thanks!!!

  • I've been looking everywhere for a resolution to this problem.  Finally a solution that works.

    Thanks for the opening line about root security - rather stupitly I removed local user read rights

  • That's why I put 'em out here!

  • Thank you very much for this.. I couldn't work out why either, and most people have no idea what they are talking about, or post irrelevant information.

    This was spot on, cheers!

  • dude you are the man!!.. wasted 2 hours on this and finally worked.

  • Recently, I was helping a colleague troubleshoot an installation error in the .NET Framework 3.5 SP1

  • Thank you soooo much! I spent almost all day trying to figure this out!

    I never would have figured this out!! You saved my day and about 100 hours! Thanks again!

  • Wow.... after MONTHS of searching, finally an answer that works! We removed the Users group from the root for security purposes, and that's been stopping our updates since February!!

    THANK YOU!!!!!!

  • Dude you freaking ROCK!!! I'm sitting here in the middle of Afghanistan with limited everything and I have been messing with this for a week now. Found your blog and fixed it in 1 minute. Thank You!!!

  • I agree you rock, I've been messing with this error for a couple months off and on.

  • Thank you very much for this.. You Rock ||

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment