mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 22:03:46 +00:00
safety commit
This commit is contained in:
jaimeo
@ -1,13 +1,12 @@
|
||||
---
|
||||
title: Windows Update log files
|
||||
description: Learn about the Windows Update log files and how to merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file.
|
||||
description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
itproauthor: jaimeo
|
||||
ms.audience: itpro
|
||||
author: jaimeo
|
||||
ms.date: 09/18/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
@ -21,21 +20,21 @@ ms.custom: seo-marvel-apr2020
|
||||
The following table describes the log files created by Windows Update.
|
||||
|
||||
|
||||
|Log file|Location|Description|When to Use |
|
||||
|Log file|Location|Description|When to use |
|
||||
|-|-|-|-|
|
||||
|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update (WU), you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
|
||||
|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these etl files.|When you see that the updates are available but download is not getting triggered. <br>When Updates are downloaded but installation is not triggered.<br>When Updates are installed but reboot is not triggered. |
|
||||
|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by this NotificationUxBroker.exe . And the logs to check its working is this etl. |When you want to check whether the Notification was triggered or not for reboot or update availability etc. |
|
||||
|CBS.log|%systemroot%\Logs\CBS|This logs provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to WU installation.|
|
||||
|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
|
||||
|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|When you see that the updates are available but download is not getting triggered. <br>When Updates are downloaded but installation is not triggered.<br>When Updates are installed but reboot is not triggered. |
|
||||
|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. |When you want to check whether the notification was triggered or not. |
|
||||
|CBS.log|%systemroot%\Logs\CBS|This log provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to Windows Update installation.|
|
||||
|
||||
## Generating WindowsUpdate.log
|
||||
To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru).
|
||||
To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru).
|
||||
|
||||
>[!NOTE]
|
||||
>When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again.
|
||||
|
||||
### Windows Update log components
|
||||
The WU engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
|
||||
The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
|
||||
|
||||
- AGENT- Windows Update agent
|
||||
- AU - Automatic Updates is performing this task
|
||||
@ -93,12 +92,12 @@ The time stamp indicates the time at which the logging occurs.
|
||||
The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.
|
||||
- The first four hex digits are the process ID.
|
||||
- The next four hex digits are the thread ID.
|
||||
- Each component, such as the USO, WU engine, COM API callers, and WU installer handlers, has its own process ID.
|
||||
- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.
|
||||
|
||||
|
||||
|
||||
#### Component name
|
||||
Search for and identify the components that are associated with the IDs. Different parts of the WU engine have different component names. Some of them are as follows:
|
||||
Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:
|
||||
|
||||
- ProtocolTalker - Client-server sync
|
||||
- DownloadManager - Creates and monitors payload downloads
|
||||
@ -122,15 +121,15 @@ There are different identifiers for the same update in different contexts. It's
|
||||
|
||||
|
||||
##### Revision ID
|
||||
- A Revision ID (do no confuse this with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
|
||||
- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a completely new revision ID that is not related to the previous ID.
|
||||
- A Revision ID (don't confuse this value with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
|
||||
- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
|
||||
- Revision IDs are unique on a given update source, but not across multiple sources.
|
||||
- The same update revision may have completely different revision IDs on WU and WSUS.
|
||||
- The same revision ID may represent different updates on WU and WSUS.
|
||||
- The same update revision might have different revision IDs on Windows Update and WSUS.
|
||||
- The same revision ID might represent different updates on Windows Update and WSUS.
|
||||
|
||||
##### Local ID
|
||||
- Local ID is a serial number issued when an update is received from a service by a given WU client
|
||||
- Usually seen in debug logs, especially involving the local cache for update info (Datastore)
|
||||
- Local ID is a serial number issued when an update is received from a service by a given Windows Update client
|
||||
- Typically seen in debug logs, especially involving the local cache for update info (Datastore)
|
||||
- Different client PCs will assign different Local IDs to the same update
|
||||
- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
|
||||
|
||||
|
||||
Reference in New Issue
Block a user