Windows 10 Update Error 0x8024401C

For some reason I’ve had a lot of Windows 10 PCs fail on their Windows Update with the error 0x8024401C . The “why” probably has to do with some secret handshake that I failed to do with the WSUS server, but the fix (such as it is) was hard fought. The trick I’ve found is to force install the next patch in the Windows 10 update tree. The chart to the “tree” is here: https://technet.microsoft.com/en-us/windows/release-info.aspx.  So for example, if I have a system on build 14393 that was last updated in October 2017 I would pull down KB 4052231 and apply that patch.  Reboot, and fingers crossed, Windows Update will work.  Some caveats:

  • I always go with the lowest patch that I can find as it might fail and I will need to install the next patch in the tree.
  • Sometimes the patch that I need is not in the update catalog to be downloaded which leaves me having to poach it (painfully) out of the WSUS catalog.

To apply “CAB” patches, start and elevated command prompt and enter the command Dism /Online /Add-package /packagepath:./patchName.cab

Running DISM with no switches will also tell you the Build Number of the Windows 10 system.

(In hindsight, given my access to volume licenses downloads, I could have just downloaded the newer Windows 10 ISOs and updated the systems manually, perhaps, but the above method has the novelty of being able to be run remotely).

[Note (9/25/2020): this process seems to have gotten much better with subsequent Windows 10 updates and it’s usually enough to just go the MS Windows 10 download site and kick off a forced update).

Freemius

I upgraded the Image Widget plugin for WordPress on one of my sites and, as I’d gotten into the habit of, I didn’t back everything up before updating, oops!  For some reason the upgrade bombed and I was greeted with the dreaded 500 error when trying to load the site.  From past experience I knew that the plugins needed to be disabled so that I could administer the site so I followed the directions on this site (under “Updated Method”).  The site would then load and I then reactivated all the plugins except that the Image Widget died with a fatal error of :

Warning: require_once(/var/www/website/wp-content/plugins/image-widget/freemius/includes/sdk/Freemius.php): failed to open stream: No such file or directory in /var/www/website/wp-content/plugins/image-widget/freemius/includes/class-fs-api.php on line 85

I tried in vane to try and track down the offending code but had no luck; and it doesn’t help that no one seems to own up to using this Freemius program.  What was quite aggravating is that there is no “freemius” directory anywhere, but this turned into part of the solution: why don’t I just recreate it and make everything null?  So I made the folder structure and required files:

/var/www/website/wp-content/plugins/image-widget/freemius/includes/class-fs-api.php
/var/www/website/wp-content/plugins/image-widget/freemius/includes/sdk/Freemius.php

And then filled the files thusly:

class-fs-api.php:
<?php
class Freemius_Api {
public $empty=’empty’;
}
?>

Freemius.php:
<?php
class Freemius_Api{
function SetClockDiff(){}
function Api(){}
function Test(){}
}
?>

After entering in the dummy files I was able to fire the plugin back up.  Hopefully the next time the plugin is upgraded it will flush this business out of the system.

DacEasy is Dead

It took longer than it should have to confirm this since Sage has cleverly replaced the now discontinued DacEasy links with Sage 50 links (aka Peachtree).  More here:

http://sagecity.na.sage.com/support_communities/sage_daceasy/f/64/t/78486.aspx?pi4916=2

There seems to be lots of hate for Sage over this, but I guess there wasn’t much of a market for an inferior point-of-sale product that tied into an inferior accounting package (not that I’ve ever heard good things said about Sage 50 which seems to survive based on inertia).

AD RMS Upgrade along with the CA

I had a server running with the 32 version of Server 2008 that I needed to migrate over to the 64 bit version of Windows Server.  The server hosted both our Active Directory Rights Management Server (AD RMS) along with our Microsoft Certificate Server (CA).  I had tried porting it years ago but was unable to get the certificate services to start.  As part of the process I had already ported the RMS DB to SQL.  I decided to give it another try and have some tips in no particular order:

  • First I needed to get certificate services running.  I started by turning off the old server, installing a new Windows Server 2008 64 bit version with the same name.  I then installed certificate services role using the instructions here.  However when I tried to follow the instructions for migrating the database I was getting errors like ‘jet_errmissinglogfile’ or sector size mismatch.  The fix was to copy over a ‘clean’ version of the database from the old server (a copy taken while Certificate Services is stopped), deleting all the files but the database (edb) and starting the service.  (I had also previously imported the original ‘config’ registry entries per the earlier referenced instructions).
  • AD RMS proved a bit more tricky.  First I installed 64 bit version of SQL Express which matched the instance name of the old server.  HOWEVER, the better move would have been to uninstall AD RMS from the old server first.  In this case I had to use ASDI edit to remove the ‘SCP’ section from AD (under Configruation->Services->RightsManagementServices).  I was then able to install and restore my settings (DB and registry).  Be sure to check the functionality of documents secured with RMS and the admin console though.  Of special note is that after upgrading to Server 2012 I needed to run the ‘Update-ADRMS’ utility; it will NOT work right without doing this!

Migrating from SharePoint 2010 Foundation to SharePoint 2013 Foundation/Services/etc.

I followed the well illustrated instructions here, but several key points were missing.  Perhaps a lot of the grief was caused by the fact that I didn’t want the SharePoint application pool to be run by Local System/Network Service/Administrator.

  • First the security in 2013 uses ‘Claims Based’ security (the exact details of which I am not completely clear on, but anyway) while 2010 security is referred to as ‘Classic’.  On this page (step 6) they detail how to setup a site with classic security within 2013, though my impression is that there is no benefit to ‘upgrading’ when doing this (you would just make the new site that you want and attach your content database that was brought over using the steps from the first article and it could be left there I suppose).
  • In order to upgrade your restored content to the new security model I followed the proper steps in the same article that has the tip on how to make a ‘classic security’ site.  After that the plot thickens.  It will be necessary to modify the web.config files for the site, the admin site, and the security tokens “site”.  I used this article as a reference (step #3), but it is missing pieces as well.  Be sure to make backups of the originals as a mistake can render the entire installation inaccessible!  An important note is that although I basically copied the tags from the source website over to the admin and security tokens site, it’s important not to put any switches in the ‘<roleManager>’ in either of those.  Within that article are also steps on adding ‘SPN’s so that the application pool account can run authentications (otherwise watch out for KDC_ERR_S_PRINCIPAL_UNKNOWN/0xc0000035 errors); as well, this article points out the delegation steps required in setting up the SPNs.
  • I believe at this point the site was working enough that I was getting the “Sorry, this site hasn’t been shared with you.” error when accessing the site (though from somewhere it noted that you should be able to pull up the local settings under “domain.com/_layouts/15/settings.aspx”.  Just a few final things needed to be done.  First forms authentication had to be disabled within the central administrator and IIS.  As well I needed to follow the steps here in order to make sure that the application uses the …SPN, or something.  Lastly I was getting an error where my application pool account did not have ‘local activation’ rights over an app (the CLSID is for the IIS WAMREG admin Service).  In order to remedy this I had to follow the instructions here so that I could change the permissions for IIS WAMREG admin Service.
  • Extra credit: I used this page to mock up a forms authentication, but further study is needed.

Corrupt Exchange AutoComplete

So this has happened to me twice and I had forgotten how to fix (‘fix’) it from before so I’m writing it down here for when I inevitably forget again.

The symptom is that the user’s address autofill/AutoComplete within Outlook stops working. Since we run on a later version of Exchange this means that the autofill information that is stored on the server is corrupt (this post applies specifically to Outlook 2010/Exchange 2013). As far as I can tell the settings on the server are gone so the information has to be reconstructed, which for the user, is better than nothing. To do so I follow these easy steps:

  1. Download NK2Edit
  2. If you want a backup of the corrupt information, you can follow the steps here or backup the ‘DAT’ files (outlined in this post, though there seems to be a consensus that this won’t do the trick on Exchange where these files are always ‘pushed’ and never ‘pulled’)*.
  3. Clear out the existing AutoComplete (Step 4 here under “let me do this myself”)
  4. Open NK2Edit and make a new NK2 file with the same name as the Outlook profile (typically ‘Outlook’).
  5. Click the add button within NK2Edit and add every address that you can get your sticky fingers on, especially the addresses under ‘suggested contacts’.
  6. Exit Outlook and put the NK2 file in the proper path and go to Start->Run->outlook.exe /importnk2

Other suggestions:

  1. This article suggests the command ‘/CleanAutoCompleteCache’, but this would only seem to apply if there was a problem with the single Outlook install.
  2. One could always (*ugh*) restore the mailbox from an earlier time, etc., etc. I would reserve that course of action only for drastically desperate situations.

*I came by this tip (http://www.msoutlook.info/question/backup-and-restore-autocomplete) which says that you may be able to restore autocomplete entries with the cache file by using the MFCMAPI tool.  The caveat is added since the procedure basically involves hacking the mailbox so some risk is involved.