Windows 2008 R2 Server Windows update unknown error

I’m putting this out there for anyone else. For the last 3 months I had a windows 2008 R2 server that would not apply windows updates. “An unknown error has occurred” is all I would get.

This was fixed today. The cause seemed to be an Disk Filter applied to the Local System Disk. I had never heard of this before today.

The command FLTMC lists out the Filter names on the disk. This is from a working server. I don’t know if yours will match exactly.

C:Usersadministrator.server>fltmc

Filter Name                     Num Instances    Altitude    Frame
------------------------------  -------------  ------------  -----
VirtFile                                0       429999.280700    0
msnfsflt                                0       364000         0
luafv                                   1       135000         0

Now when my server was in an error condition, this listing had an additional entry with the highest ‘Altitude’ value.

C:Usersadministrator.server>fltmc

Filter Name                     Num Instances    Altitude    Frame
------------------------------  -------------  ------------  -----
CpsFsJnl                                0       429999.999999    0
VirtFile                                0       429999.280700    0
msnfsflt                                0       364000         0
luafv                                   1       135000         0

This filter was the cause of my issue. This was a remnant of a Symantec CPS (continuous protection server) installation that was supposedly uninstalled years ago. It apparently left this filter installed and active on the server. It must have been dormant there for years until a windows update or something caused the error condition.

The filer is an system file called cpsfsjnl.sys and a quick search found it buried in the Program Files Directory. I deleted the file (after making a backup just in case). I also exported then deleted the following registry entries:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesCpsFsJnl]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesCpsFsJnlEnum]

I rebooted the server, checked FLTMC to be sure the CpsFsJnl was no longer listed, and then ran the Windows updates.

So, bottom line, in my case, Symantec CPS left a Virtual Disk Filter on the server that caused the error condition. Removing it fixed Windows updates.

Tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

No bots allowed * Time limit is exhausted. Please reload the CAPTCHA.