最近爆发Windows远程桌面服务漏洞(CVE-2019-0708)需要更新系统, 但是使用Windows Update更新补丁一直失败.
为了查找问题所在, 开启了Windows Update详细日志, 不过在WindowsUpdate.log中只看到了失败报告, 具体原因不明, 在网上搜索时突然发现有CBS.log日志有详细 WU 安装相关记录, 果然在里面看到有错误报告
2019-05-18 19:07:10, Info CSI 0000005f Begin executing advanced installer phase 38 (0x00000026) index 41 (0x0000000000000029) (sequence 80)
Old component: [ml:360{180},l:358{179}]"Microsoft-Windows-BootEnvironment-Core-MemoryDiagnostic, Culture=neutral, Version=6.1.7601.23471, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS"
New component: [ml:360{180},l:358{179}]"Microsoft-Windows-BootEnvironment-Core-MemoryDiagnostic, Culture=neutral, Version=6.1.7601.24382, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS"
Install mode: install
Installer ID: {81a34a10-4256-436a-89d6-794b97ca407c}
Installer name: [15]"Generic Command"
2019-05-18 19:07:10, Info CSI 00000060 Performing 1 operations; 1 are not lock/unlock and follow:
LockComponentPath (10): flags: 0 comp: {l:16 b:5102f8d6690dd5012400000098056806} pathid: {l:16 b:5102f8d6690dd5012500000098056806} path: [l:238{119}]"\SystemRoot\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e" pid: 598 starttime: 132026512097178219 (0x01d50d69ca7c726b)
2019-05-18 19:07:10, Info CSI 00000061 Performing 1 operations; 1 are not lock/unlock and follow:
LockComponentPath (10): flags: 0 comp: {l:16 b:5102f8d6690dd5012600000098056806} pathid: {l:16 b:5102f8d6690dd5012700000098056806} path: [l:238{119}]"\SystemRoot\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.24382_none_3696f69234956b20" pid: 598 starttime: 132026512097178219 (0x01d50d69ca7c726b)
2019-05-18 19:07:10, Info CSI 00000062 Calling generic command executable (sequence 5): [20]"C:\Windows\bfsvc.exe"
CmdLine: [47]""C:\Windows\bfsvc.exe" C:\Windows\boot /nofonts"
2019-05-18 19:07:10, Error [0x018009] CSI 00000063 (F) Done with generic command 5; CreateProcess returned 0, CPAW returned S_OK
Process exit code 15299 (0x00003bc3) resulted in success? FALSE
Process output: [l:60 [60]"BFSVC: Failed to get system partition! Last Error = 0x3bc3
"][gle=0x80004005]
2019-05-18 19:07:10, Info CSI 00000064 Calling generic command executable (sequence 6): [24]"C:\Windows\fveupdate.exe"
CmdLine: [35]""C:\Windows\fveupdate.exe" /memtest"
2019-05-18 19:07:10, Info CSI 00000065 Done with generic command 6; CreateProcess returned 0, CPAW returned S_OK
Process exit code 0 resulted in success? TRUE
Process output: [l:248 [248]"BitLockerUpdate: Running.
BitLockerUpdate: Service request is for memtest.exe.
BitLockerUpdate: BitLocker Drive Encryption is not turned ON on the OS volume.
BitLockerUpdate: No servicing was performed on the OS volume.
BitLockerUpdate: Done.
其报告 “BFSVC: Failed to get system partition! Last Error = 0x3bc3” 错误, 具体是无法找到系统分区, 虽然是使用UEFI+GPT启动, 但是一直启动正常很是奇怪,使用PE对UEFI启动修复后重新安装补丁还是失败.
后来想到之前是普通SATA3 M.2 SSD更换成NVMe SSD时, 由于主板只有一个M.2插槽, 使用了一块普通硬盘做中转, 即先是用GHOST把整个SSD克隆到普通SATA硬盘上, 关机后把NVMe SSD替换上M.2槽, 重新开机后把NVMe驱动装上, 再把普通SATA硬盘克隆回NVMe SSD并用PE UEFI修复启动后一直使用至今.
现在虽然启动一切正常, 但是由于GPT的分区GUID未设置正确导致bfsvc.exe无法识别分区, 至此已经明白Windows Update为什么会更新失败了, 使用DiskPart重新设置回EFI启动ID.
DEFINE_GUID (PARTITION_SYSTEM_GUID, 0xC12A7328L, 0xF81F, 0x11D2, 0xBA, 0x4B, 0x00, 0xA0, 0xC9, 0x3E, 0xC9, 0x3B)
EFI: c12a7328-f81f-11d2-ba4b-00a0c93ec93b
1. 先在管理员CMD下启动 diskpart .
2. 使用 list disk 列出磁盘列表.
3. 根据具体硬盘使用 select disk 选中磁盘.
4. 再用 list partition 列出分区列表>
5. 根据具体启动分区使用 select partition 选中分区.
6. 最后使用 set id=c12a7328-f81f-11d2-ba4b-00a0c93ec93b 设置正确的EFI ID.
最后再打上Windows Update更新补丁, 一切Ok.
ps1: Windows Update日志说明[https://docs.microsoft.com/zh-cn/windows/deployment/update/windows-update-logs]
ps2: 如何打开Windows Update详细日志[https://support.microsoft.com/en-us/help/2545723/how-to-enable-microsoft-installer-logging-and-verbose-logging-to-gathe]