本文详细解析了WindowsUpdate日志的结构与内容,包括日志的存放位置、格式及各部分含义,指导如何通过日志排查自动更新过程中的错误。
WindowsUpdate的日志默认存放在c:\windows\windowsupdate.log里,他是我们进行排错的基本依据。
日志格式:
日志基本分为六个部分,例如
| Date | Time | PID | TID | Component | Text |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Logging initialized |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Process: |
| 2005-06-01 | 18:30:03 | 992 | 810 | Misc | = Module: |
组件:
下面是可能写入的组件种类
AGENT- Windows Update agent
AU- Automatic Updates is performing this task
AUCLNT- Interaction by AU with the logged on user
CDM-Device Manager
CMPRESS-Compression agent
COMAPI-Windows Update API
DRIVER-Device driver information
DTASTOR-Handles database transactions
DWNLDMGR- Creates and monitors download jobs
EEHNDLER-Expression handler used to evaluate update applicability
HANDLER-Manages the update installers
MISC- General service information
OFFLSNC-Detect available updates when not connected to the network
PARSER- Parses expression information
PT- Synchronizes updates information to the local datastore
REPORT-Collects reporting information
SERVICE- Startup/Shutdown of the Automatic Updates service
SETUP- Installs new versions of the Windows Update client when available
SHUTDWN- Install at shutdown feature
WUREDIR-The Windows Update redirector files
WUWEB- The Windows Update ActiveX control
AU- Automatic Updates is performing this task
AUCLNT- Interaction by AU with the logged on user
CDM-Device Manager
CMPRESS-Compression agent
COMAPI-Windows Update API
DRIVER-Device driver information
DTASTOR-Handles database transactions
DWNLDMGR- Creates and monitors download jobs
EEHNDLER-Expression handler used to evaluate update applicability
HANDLER-Manages the update installers
MISC- General service information
OFFLSNC-Detect available updates when not connected to the network
PARSER- Parses expression information
PT- Synchronizes updates information to the local datastore
REPORT-Collects reporting information
SERVICE- Startup/Shutdown of the Automatic Updates service
SETUP- Installs new versions of the Windows Update client when available
SHUTDWN- Install at shutdown feature
WUREDIR-The Windows Update redirector files
WUWEB- The Windows Update ActiveX control
如何分辨Caller
打开日志,我们第一个需要找到出现问题的CallerID,也就是谁报告的错误。
例子1:
2005-06-01 18:30:33 992 58c Agent ************* 2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent *********
例子2:
2005-06-22 13:02:11 1000 594 Agent ************* 2005-06-22 13:02:11 1000 594 Agent ** START ** Agent: Finding updates [CallerId = MicrosoftUpdate] 2005-06-22 13:02:11 1000 594 Agent *********
例子3:
2005-06-02 11:37:18 992 4e8 Agent ************* 2005-06-02 11:37:18 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2005-06-02 11:37:18 992 4e8 Agent *********
三个CallerID都不相同,分别是WindowsUpdate、MicrosoftUpdate和AutomaticUpdates
基本设置
WindowsUpdate.log文件在自动更新服务启动时记录了基本的服务设置。第一部分包括下面:
- The client version 客户端版本
- The directory that is being used 正在使用的文件夹
- The access type 接入类型
- The default proxy 默认代理
- The current network state 现在网络状况
注意:只有用proxycfg.exe配置了代理时,代理设置才会记录到WindowsUpdate.log里。
2005-06-01 18:30:03 992 810 Service ************* 2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup 2005-06-01 18:30:03 992 810 Service ********* 2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468 2005-06-01 18:30:03 992 810 Agent * SusClientId = '071ffd36-f490-4d63-87a7-f7b11866b9fb' 2005-06-01 18:30:03 992 810 Agent * Base directory: C:\WINDOWS.0\SoftwareDistribution 2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy 2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80 2005-06-01 18:30:03 992 810 Agent * Network state: Connected 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent ***********
接下来的部分则显示了WSUS服务器的相关信息,在这个例子中,由于还没有配置,所以都显示为NULL,如果配置好了,则会有相关信息。
2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache *********** 2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers) 2005-06-01 18:30:03 992 7a0 Agent * Windows Update access disabled: No 2005-06-01 18:30:04 992 7a0 DnldMgr Download manager restoring 0 downloads 2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) =========== 2005-06-01 18:30:09 3948 918 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe 2005-06-01 18:30:09 3948 918 Misc = Module: C:\WINDOWS.0\system32\wuweb.dll
寻找日志里的错误信息 打开日志文件后,用查找功能搜索关键字FATAL和Warning
注意,所有的Warning都是严重的错误。从FATAL开始检查,确认你找到了所有的错误并纠正他们
常见错误举例
例:先查找FATAL,找到如下错误报告
2005-06-02 04:32:01 992 158 Setup FATAL: IsUpdateRequired failed with error 0x80072eef
继续往下翻,我们看到WARNING部分
2005-06-02 04:32:01 992 158 Misc WARNING: Send failed with hr = 80072eef. 2005-06-02 04:32:01 992 158 Misc WARNING: SendRequest failed with hr = 80072eef. Proxy List used: <Test:80 > Bypass List used : <(null)> Auth Schemes used : <NTLM;Negotiate (NTLM or Kerberos);> 2005-06-02 04:32:01 992 158 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <[url]http://update.microsoft.com/v6/windowsupdate/redir/wuredir.cab>.[/url] error 0x80072eef 在这个例子中,代理服务器test并不可用,导致了错误的发生
WindowsUpdate.log的基本组成部分
1、服务启动
2005-06-01 18:30:03 992 810 Service ************* 2005-06-01 18:30:03 992 810 Service ** START ** Service: Service startup 2005-06-01 18:30:03 992 810 Service ********* 2、WUA显示可用的参数
2005-06-01 18:30:03 992 810 Agent * WU client version 5.8.0.2468 2005-06-01 18:30:03 992 810 Agent * SusClientId = '071ffd36-f490-4d63-87a7-f7b11866b9fb' 2005-06-01 18:30:03 992 810 Agent * Base directory: C:\WINDOWS.0\SoftwareDistribution 2005-06-01 18:30:03 992 810 Agent * Access type: Named proxy 2005-06-01 18:30:03 992 810 Agent * Default proxy: test:80 2005-06-01 18:30:03 992 810 Agent * Network state: Connected 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing Windows Update Agent *********** 2005-06-01 18:30:03 992 7a0 Agent *********** Agent: Initializing global settings cache *********** 2005-06-01 18:30:03 992 7a0 Agent * WSUS server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * WSUS status server: <NULL> 2005-06-01 18:30:03 992 7a0 Agent * Target group: (Unassigned Computers) 3、用户通过IE登录WindowsUpdate并启动ActiveX控件
2005-06-01 18:30:09 3948 918 Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0700) =========== 2005-06-01 18:30:09 3948 918 Misc = Process: C:\Program Files\Internet Explorer\iexplore.exe 2005-06-01 18:30:09 3948 918 Misc = Module: C:\WINDOWS.0\system32\wuweb.dll
4、安装组件检查WUA版本并确认是否需要升级
2005-06-01 18:30:09 3948 918 Setup *********** Setup: Checking whether self-update is required *********** 2005-06-01 18:30:09 3948 918 Setup * Inf file: C:\WINDOWS.0\SoftwareDistribution\WebSetup\wusetup.inf 2005-06-01 18:30:09 3948 918 Setup Update required for C:\WINDOWS.0\system32\cdm.dll: target version = 5.8.0.2468, required version = 5.8.0.2468 2005-06-01 18:30:09 3948 918 Setup * IsUpdateRequired = No
5、客户端点击快速安装或自定义安装,开始搜寻
2005-06-01 18:30:32 3948 918 COMAPI -------------
2005-06-01 18:30:32 3948 918 COMAPI -- START -- COMAPI: Search [ClientId = WindowsUpdate]
2005-06-01 18:30:32 3948 918 COMAPI ---------
2005-06-01 18:30:32 3948 918 COMAPI - Online = Yes; Ignore download priority = No
2005-06-01 18:30:32 3948 918 COMAPI - Criteria = "IsInstalled=0 and IsHidden=1"
2005-06-01 18:30:32 3948 918 COMAPI - ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}
注意:COMAPI提交搜索给客户端,因此第二部分是:
2005-06-01 18:30:33 3948 918 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent ************* 2005-06-01 18:30:33 992 58c Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate] 2005-06-01 18:30:33 992 58c Agent ********* 6、同步本地数据库的补丁列表
2005-06-02 12:09:28 992 4e8 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2005-06-02 12:09:28 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = [url]https://update.microsoft.com/v6/ClientWebService/client.asmx[/url]
2005-06-02 12:09:35 992 4e8 PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2005-06-02 12:09:35 992 4e8 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = [url]https://update.microsoft.com/v6/ClientWebService/client.asmx[/url]
2005-06-02 12:09:36 992 4e8 Agent * Found 0 updates and 10 categories in search
7、WUA搜索可用的补丁
2005-06-02 12:09:36 992 4e8 Agent *************
2005-06-02 12:09:36 992 4e8 Agent ** START ** Agent: Finding updates [CallerId = WindowsUpdate]
2005-06-02 12:09:36 992 4e8 Agent *********
2005-06-02 12:09:36 992 4e8 Agent * Added update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result
2005-06-02 12:09:37 992 4e8 Agent * Found 6 updates and 10 categories in search
8、用户得到了一个补丁并决定是否安装
2005-06-02 12:10:41 1660 d0c COMAPI -------------
2005-06-02 12:10:41 1660 d0c COMAPI -- START -- COMAPI: Install [ClientId = WindowsUpdate]
2005-06-02 12:10:41 1660 d0c COMAPI ---------
2005-06-02 12:10:41 1660 d0c COMAPI - Allow source prompts: Yes; Forced: No; Force quiet: No
2005-06-02 12:10:41 1660 d0c COMAPI - Updates in request: 1
2005-06-02 12:10:41 1660 d0c COMAPI - ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77}
2005-06-02 12:10:41 1660 d0c COMAPI - Updates to install = 1
2005-06-02 12:10:41 1660 d0c COMAPI <<-- SUBMITTED -- COMAPI: Install [ClientId = WindowsUpdate]
9、WUA开始安装补丁
2005-06-02 12:10:41 992 58c Agent *************
2005-06-02 12:10:41 992 58c Agent ** START ** Agent: Installing updates [CallerId = WindowsUpdate]
2005-06-02 12:10:41 992 58c Agent *********
2005-06-02 12:10:41 992 58c Agent * Updates to install = 1
2005-06-02 12:10:41 992 58c Agent * Title = <NULL>
2005-06-02 12:10:41 992 58c Agent * UpdateId = {19813D2E-0144-43CA-AEBB-71263DFD81FD}.100
2005-06-02 12:10:41 992 58c Agent * Bundles 1 updates:
2005-06-02 12:10:41 992 58c Agent * {08D9F87F-7EA2-4523-9F02-0931E291908E}.100
10、WUA calls the appropriate handler to install the package by impersonating the user who is logged on
2005-06-02 12:10:46 992 58c Handler Attempting to create remote handler process as Machine\User in session 0
2005-06-02 12:10:46 992 58c DnldMgr Preparing update for install, updateId = {08D9F87F-7EA2-4523-9F02-0931E291908E}.100.
2005-06-02 12:10:47 3348 70c Handler :::::::::::::
2005-06-02 12:10:47 3348 70c Handler :: START :: Handler: Command Line Install
2005-06-02 12:10:47 3348 70c Handler :::::::::
2005-06-02 12:10:47 3348 70c Handler : Updates to install = 1
2005-06-02 12:11:01 3348 70c Handler : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
如何得到更详细的log?
修改注册表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007
Value name: Level
Value type: REG_DWORD
Value data: 00000004
Value name: Flags
Value type: REG_DWORD
Value data: 00000007
Value name: Level
Value type: REG_DWORD
Value data: 00000004
转载于:https://blog.51cto.com/xmuxsp/116865
扫一扫
3930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
