14 Replies Latest reply on Jun 13, 2017 12:11 PM by shandy4473

    Failed Patch deployment - patch returned 2147483647

    PaulFreedman Apprentice

      We are seeing an issue on a couple of our 2008 R2 servers, the patches appear to copy and be scheduled then fail with "patch returned 2147483647". When trying to run the update manually on the server we get this;

      Has anybody come across this issue before?

        • 1. Re: Failed Patch deployment - patch returned 2147483647
          cwinning CommunityTeam

          Hello,

           

          Nothing specific from the support side.  Does this happen to all missing patches?  Are the patches specific to a product like SQL or Office?

           

          Thanks,

          Charles

          • 2. Re: Failed Patch deployment - patch returned 2147483647
            PaulFreedman Apprentice

            It happens to all patches with .msi extension. Sound like an OS issue but thought I would just check.

            • 3. Re: Failed Patch deployment - patch returned 2147483647
              cwinning CommunityTeam

              Hello,

               

              I wonder if running the patch via command line with logging enabled would clue you in?

               

              Something like this:  msiexec /i "C:\FolderLocation\Example.msi" /L*V "C:\log\example.log"

               

              Thanks,

              Charles

              • 4. Re: Failed Patch deployment - patch returned 2147483647
                PaulFreedman Apprentice

                sorry typo its occurring on all .msu, is there a command line for that to enable logging?

                • 5. Re: Failed Patch deployment - patch returned 2147483647
                  cwinning CommunityTeam

                  Hello,

                   

                  For .MSU patches, the Windows Update service needs to be started or set to manual (cannot be set to disabled), you should verify this first.

                   

                  .MSU patches are install using the the Windows Update Standalone Installer.  Log information would be in the event log:

                  1. Click StartStart button, type event viewer in the Start Search box, and then click Event Viewer in the Programs list. In Windows 8 and Windows Server 2012, on the Start screen, type event viewer, click Settings, and then click View event logs under Settings.
                    Security shield If you are prompted for an administrator password or for confirmation, type the password, or click Continue.

                  2. In Event Viewer, expand Windows Logs, and then click Setup.
                    Setup events appear in the middle pane.
                  3. In the Actions pane, click Filter Current Log.
                  4. In the Event sources  list, click to select the WUSA check box, and then click OK.

                   

                  Thanks,

                  Charles

                  1 of 1 people found this helpful
                  • 6. Re: Failed Patch deployment - patch returned 2147483647
                    Rookie

                    I'm seeing error 2147483647 on one of my workstations.  Seems to be happening with .MSU files.  I restarted the workstation and verified the Windows Update service is indeed running. (Not sure if this helps, but recently I manually deleted older files from the console's patch folder.  Maybe there was something in there that was needed?  I mostly deleted by date, not really paying attention to what the files were).

                    • 7. Re: Failed Patch deployment - patch returned 2147483647
                      Rookie

                      I am receiving error 2147483647 on one of my Windows 7 workstations. Windows Update is working, and shows no missing patches. Shavlik shows about 50 missing patches, and when I deploy the patches they fail with error 2147483647. When I try to manually install one of the patches I am told that "The update is not applicable to your computer."


                      Here is a sample of some of the failed patches:


                      MS11-053 Q2532531

                      MS12-001 Q2644615

                      MS12-054 Q2705219

                       

                      Does anyone have any suggestions as to why Shavlik thinks the patches are needed, while Windows Update does not?

                      • 8. Re: Failed Patch deployment - patch returned 2147483647
                        PaulFreedman Apprentice

                        For info, I've managed to resolve the issue by performing an SFC scan and repairing any corrupted files. rbenasaraf yyzguy

                        1 of 1 people found this helpful
                        • 9. Re: Failed Patch deployment - patch returned 2147483647
                          Rookie

                          Until now, I had never heard of SFC scan.  This will be a great addition to the tool box. Unfortunately, with my troublesome client, SFC scan doesn't seem to want to run....it instantly jumps to "100% no problem found," while properly running systems clearly go through a lengthy scan process that takes several minutes. Based on this result, I suspect there's something more fundamentally wrong with this particular client and will probably re-image it, rather than try to fix it. Thanks for the tip.

                          • 10. Re: Failed Patch deployment - patch returned 2147483647
                            Rookie

                            I just had a group of 50 win7 machines drop every MSU patch with this error.  I'm at 161 failures and counting.

                             

                            Obviously running SFC is fine.  If you are working on ONE machine.  Otherwise, not very helpful. 

                            • 11. Re: Failed Patch deployment - patch returned 2147483647
                              paladium Rookie

                              I am having this issue as well.  Here's what I found in my case (no solution yet...):

                               

                              1.  Scan says Windows6.1-KB2846960-x86.msu is missing on a number of clients.

                              2.  The file does not install and generates an error 2147483647.

                              3.  SFC /SCANNOW came back clean.

                              3.  Attempt to install it manually on the local machine but receive an error that says:

                              1.jpg

                              4.  Reviewing the patch summary in Shavlik shows:

                              2.jpg

                              5.  The client is actually running IE 11...

                              3.jpg

                              6.  Conclusion:  Shavlik is mis-identifying the patch as missing.

                              2 of 2 people found this helpful
                              • 12. Re: Failed Patch deployment - patch returned 2147483647
                                cwinning CommunityTeam

                                Hello,

                                 

                                You should contact support for any detection issues.  They will require the information from this article:  DPDTrace command line logging tool used for patch detection issues

                                 

                                Charles

                                • 13. Re: Failed Patch deployment - patch returned 2147483647
                                  cwinning CommunityTeam

                                  Hello,

                                   

                                  I was testing another issue and came across this same issue.  I fixed it by running a SFC /scannow and reboot on the target machine.  It won't be a fix-all but I thought it worth mentioning.

                                   

                                  Thanks,

                                  Charles

                                  1 of 1 people found this helpful
                                  • 14. Re: Failed Patch deployment - patch returned 2147483647
                                    shandy4473 Rookie

                                    Good Day Everyone,

                                     

                                       Paul: This is error code of 2147483647 is usually due to a permissions error. The solution is to add BUILTIN\Users group to C drive. Microsoft helped us with this issue as we opened a ticket with them

                                     

                                    The Quick Solution

                                      1) Add the BUILTIN\Users group to the C drive with permissions: (Make sure group policy doesn't remove the BUILTIN\Users account from C drive)

                                      a) Read And Execute

                                      b) List Folder Contents

                                      c) Read

                                     

                                    This will usually cause Ivanti to execute the patches and you will get the returned 3010 or 0 - waiting for reboot by Ivanti.

                                     

                                    The Long Solution

                                    1) Add Builtin\Users group to C drive with the listed permissions

                                    a) Read and Execute

                                    b) List Folder Contents

                                    c) Read or

                                    d) Give all full permissions - check all permissions.

                                    e) Then reboot servers

                                     

                                    2) Create a batch file with these instructions: (Name it and run it.)

                                    net stop bits
                                    net stop wuauserv
                                    net stop cryptsvc
                                    net stop trustedinstaller

                                    MOVE %systemroot%\SoftwareDistribution SoftwareDistribution.bak

                                    MOVE %systemroot%\system32\catroot2 catroot2.bak

                                    MOVE %systemroot%\Logs\CBS\cbs.log cbs.old

                                     

                                    3) Make sure the .bak and cbs.old file are created.

                                     

                                    4) Create a batch file with instructions: (Name it with .bat extension, save it and run it)

                                    net start bits

                                    net start wuauserv

                                    net start cryptsvc

                                    net start trustedinstaller

                                     

                                    After this - Ivanti should patch with normal return exit codes of 3010 and 0.

                                     

                                    Hopes this helps everyone as me and my co-workers were pulling our hair trying to find out the answer.

                                     

                                    Thanks

                                    Steve