SSM - PatchBaseline - Windows update - The find operation did not complete successfully



we currently face some failure during AWS-SSM-Patchbaseline operation, only on some servers such as this one :

OS Name: Microsoft Windows Server 2019 Standard OS Version: 10.0.17763 N/A Build 17763 OS Manufacturer: Microsoft Corporation OS Configuration: Member Server OS Build Type: Multiprocessor Free System Model: Virtual Machine System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel ~2095 Mhz BIOS Version: Microsoft Corporation Hyper-V UEFI Release v4.0, 12/17/2019 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume2 System Locale: fr;French (France) Input Locale: en-us;English (United States) Time Zone: (UTC+01:00) Brussels, Copenhagen, Madrid, Paris Total Physical Memory: 8,095 MB

SSM patchbaseline is failing, Command description and status : Enter image description here

Output :

Invoke-PatchBaselineOperation : The find operation did not complete successfully.Additional failure information from Windows Update: HResult: -2145107924 | Message: At C:\ProgramData\Amazon\SSM\InstanceData\mi-05e7367b9c83f5cad\document\orchestration\0be5a4ac-cd73-439a-a928-5917a61e8 587\awsrunPowerShellScript\0.awsrunPowerShellScript_script.ps1:195 char:13

  • $response = Invoke-PatchBaselineOperation -Operation Install -Snapsho ...
  •         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : OperationStopped: (Amazon.Patch.Ba...UpdateOperation:InstallWindowsUpdateOperation) [Inv oke-PatchBaselineOperation], Exception
    • FullyQualifiedErrorId : Exception Level 1: Error Message: The find operation did not complete successfully.Additional failure information from Windows Updat e: HResult: -2145107924 | Message: Stack Trace: at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.OperationDidN otSucceed(String operation, IUpdateExceptionCollection exceptions) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.WindowsUpdateOperation.FilterWindowsUpdateSearch( List`1 filteringMethods) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.GetBaselineFiltered Updates() at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.GetFilteredUpdates( ) at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.InstallUpdates() at Amazon.Patch.Baseline.Operations.PatchNow.Implementations.InstallWindowsUpdateOperation.DoWindowsUpdateOper ation() ,Amazon.Patch.Baseline.Operations.PowerShellCmdlets.InvokePatchBaselineOperation

failed to run commands: exit status 0xffffffff

Any help is appreciated.

asked 2 months ago57 views
1 Answer

Hello There,

Greetings of the day and I hope you are well!

Thank you for reaching out to AWS Support. My name is Ankit and I will be assisting you today. I see you have a question in re:Post.

I can see that your Windows Update via PatchBaseline failed with the following error :

"Invoke-PatchBaselineOperation : The find operation did not complete successfully.Additional failure information from Windows Update: HResult: -2145107924"

Converting HResult: -2145107924 to hex gives us error 0x8024402C [1]. This indicates that the native Windows Update API was unable to run the reach the servers, which the SSM patching process depends on [2], so the issue seems to be at the Windows level.

Also note that the error message is "ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved". In case you're using a Proxy server for your Windows Server please ensure that SSM Agent is configured correctly to use it [3].

Some general troubleshooting steps you can try include:

  1. Verify Date/Time is correct on the instance.

  2. Run the Background Intelligent Transfer Service and the Windows Update troubleshooter using the steps below: a. Access Control Panel. b. Select View by: Large icons c. Click Troubleshooting. d. On the left pane, click View all. e. Choose Background Intelligent Transfer Service from the list. f. On the troubleshooter window, click Advanced. g. Make sure that the Apply repairs automatically check box is checked, and then click Click Next. h. Wait for the troubleshooter to finish running. i. After running the troubleshooter, take note of the results and close the window. j. Choose Windows Update from the troubleshooter list. k. Repeat steps f-i. l. Check if Patch Manager works now.

  3. If the issue is not resolved, you can try manually cleaning the SoftwareDistribution folder: a. Stop the following services: net stop wuauserv net stop appidsvc net stop cryptsvc b. Copy the contents of the following folder to a backup location: C:\Windows\SoftwareDistribution
    c. Delete the contents of the folder: C:\Windows\SoftwareDistribution
    d. Start the services: net start wuauserv net start appidsvc net start cryptsvc

  4. If the above procedure fails, please ensure that there are no local or group policies that modify Windows Update functionality. If these policies are set locally, they would be visible on gpedit.msc under Computer Configuration>Administrative Tools>Windows Components>Windows Update. If these policies are set via Active Directory, they would be visible under the gpresult /r command.

  5. If you don't have any policies in place, please attempt to perform these commands to check the overall health of the Windows Operating System:

NOTE: Before running below commands I would recommend to take AMI/Backup of your server and schedule downtime because it needs reboot.

Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /CheckHealth
Dism /Online /Cleanup-Image /RestoreHealth
sfc /scannow

Below I have also included some third party articles that might relate to this issue :

[+] [+] [+]

I hope that the given information and action plan is helpful to you. If you feel we can provide any additional assistance with regard to this matter, please do not hesitate to let us know and we would be glad to continue working on this issue with you.

Thank you and Have a great day ahead!

==== REFERENCES ====

[1] Windows error 0x8024402C, -2145107924

[2] About the AWS-RunPatchBaseline SSM document

[3] Configure SSM Agent to use a proxy for Windows Server instances

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions