Protected: htb-worker-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: htb-ropetwo-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: htb-ra2-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: thm-ra-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: thm-relevant-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: htb-ready-nl

This content is password protected. To view it please enter your password below:

Posted on

Protected: htb-apt-nl

This content is password protected. To view it please enter your password below:

Posted on

windows-update-clear-update-cache

I recently had a Windows 2016 server that could not install automatic updates. It always hang at some percentage and would never finish. The next step was to try to install an update (.msu file) manually. But this always hung forever at “Copying packages to the update cache”.

Here is what helped me:

Start a cmd box as Administrator

Run the following commands:

net stop wuauserv 
net stop cryptSvc 
net stop bits 
net stop msiserver 

del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 
del /f /s /q %SystemRoot%\SoftwareDistribution\*.*  
del /f /s /q %SystemRoot%\system32\catroot2\*.* 
del /f /q %SystemRoot%\WindowsUpdate.log

net start wuauserv 
net start cryptSvc 
net start bits 
net start msiserver

This will clear the Windows Update cache and the automatic updates should work again.

How to Force Kill a Stuck Windows Service Using TaskKill?

The easiest way to stop a stuck service is to use the built-in taskkill command-line tool. First of all, you need to find the PID (process identifier) of the service. As an example, let’s take the Windows Update service. Its system name is wuauserv (you can check the name in the service properties in the services.msc console).

It is very common to see the Windows Modules Installer service hang when the server is restarted, especially after installing updates on Windows Server 2012 R2 and 2016.
Important. Be attentive. Forced termination of critical Windows services can result in BSOD or an unexpected system restart.

Run this command in the elevated command prompt (it is important, or access denied error will appear):
sc queryex wuauserv
In our case, the PID of the wuauserv service is 9186.
To force kill a stuck process with the PID 9186, run the command:

taskkill /PID 9168 /F

SUCCESS: The process with PID 9168 has been terminated.

This command will forcibly terminate the service process. Now you can start the service with the sc start servicename command or through the service management console

You can stop a hung service more elegantly without manually checking the PID of the service process. The taskkill tool has the /FI option, which allows you to use a filter to select the necessary services or processes. You can kill a specific service with the command:

taskkill /F /FI "SERVICES eq wuauserv"

Or you can skip the service name at all and killing all services in a hung state with the command:

taskkill /F /FI "status eq not responding"

After that, the service that is stack in the Stopping status should stop.

You can also use the taskkill utility to force stop the hang services on a remote computer:

taskkill /S mun-fs01 /F /FI "SERVICES eq wuauserv"

Force Stop a Stuck Windows Service with PowerShell

You can also use PowerShell to force the service to stop. Using the following command, you can get a list of services in the Stopping state:

Get-WmiObject -Class win32_service | Where-Object {$_.state -eq 'stop pending'}

Or in the Starting state:

Get-WmiObject -Class win32_service | Where-Object {$_.state -eq 'start pending'}

The Stop-Process cmdlet allows terminating the processes of all found services. The following PowerShell script will terminate all stuck service processes on Windows:

$Services = Get-WmiObject -Class win32_service -Filter "state = 'stop pending'"
if ($Services) {
foreach ($service in $Services) {
try {
Stop-Process -Id $service.processid -Force -PassThru -ErrorAction Stop
}
catch {
Write-Warning -Message "Error. Error details: $_.Exception.Message"
}
}
}
else {
Write-Output "No services with 'Stopping'.status"
}

You must use the Get-CimInstance instead of the Get-WmiObject cmdlet in the new PowerShell Core 6.x/7.x. Replace the first command of the script with:

$Services = Get-CimInstance -Class win32_service | where-Object state -eq 'stop pending'