Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add required setting to run win_updates using ssm instead of ssh #521

Open
adsanz-atalanta opened this issue Jun 26, 2023 · 4 comments
Open

Add required setting to run win_updates using ssm instead of ssh #521

adsanz-atalanta opened this issue Jun 26, 2023 · 4 comments

Comments

@adsanz-atalanta
Copy link

SUMMARY

I'm trying to use the win_updates module with ssm connection plugin, it was working but out of the wild it started showing this error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at <ScriptBlock>, <No file>: line 753
fatal: [i-xxxxxxxxxxx]: FAILED! => {"changed": false, "failed_update_count": 0, "filtered_updates": {}, "found_update_count": 0, "installed_update_count": 0, "msg": "Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed due to the following error: 800703fa Illegal operation attempted on a registry key that has been marked for deletion. (Exception from HRESULT: 0x800703FA). - Unknown WUA HRESULT 2147943418 (UNKNOWN 800703FA)", "reboot_required": false, "rebooted": false, "updates": {}}

After quite some time trying to look up the problem, I run across this https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/800703fa-illegal-operation-error which basically shows how to enable the setting that makes this module work on hosts that run via SSM instead of SSH. Linking this documentation under the module page might save some headaches.

ISSUE TYPE
  • Documentation Report
COMPONENT NAME
  • win_updates
ANSIBLE VERSION
ansible [core 2.12.10]
  config file = None
  configured module search path = ['/home/xxxxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/xxxxxx/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/xxxxxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/xxxxx/.local/bin/ansible
  python version = 3.10.6 (main, May 29 2023, 11:10:38) [GCC 11.3.0]
  jinja version = 3.1.2
  libyaml = True
@jborean93
Copy link
Collaborator

What setting in particular here needs to be set? I'm unsure what exactly we need to be documented.

@adsanz-atalanta
Copy link
Author

That if you are using the win_updates module with SSM connection (AWS with Windows hosts) you should follow this https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/800703fa-illegal-operation-error#method-2 if you encounter this Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed due to the following error: 800703fa Illegal operation attempted on a registry key that has been marked for deletion. (Exception from HRESULT: 0x800703FA). - Unknown WUA HRESULT 2147943418 (UNKNOWN 800703FA)

Honestly, I would like to give answers to why this error happens but I cannot give an accurate response, I just can say that this error happened to me only when the setting "Do not forcefully unload the user registry at user logoff" was disabled, tested multiple times on different windows hosts

@offlineadmin
Copy link

We are getting this as well. Trying various things but haven't figured out what's up. Setting that group policy is not recommended as it can mess up roaming profiles. I am going to try to turn on all the PowerShell debugging to see what is happening.

@offlineadmin
Copy link

offlineadmin commented Jul 21, 2023
edited

The error in AWX is as such:
"exception": "New-Object : Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed \r\ndue to the following error: 800703fa Illegal operation attempted on a registry key that has been marked for deletion. \r\n(Exception from HRESULT: 0x800703FA).\r\nAt line:753 char:24\r\n+ ... Required = (New-Object -ComObject Microsoft.Update.SystemInfo).Reboot ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResourceUnavailable: (:) [New-Object], COMException\r\n + FullyQualifiedErrorId : NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand\r\n \r\n\r\n\r\nat <ScriptBlock>, <No file>: line 753"

I ran the offending command in AWS Session Manager:

PS C:\Windows\system32> (New-Object -ComObject Microsoft.Update.SystemInfo).RebootRequired
New-Object : Creating an instance of the COM component with CLSID {C01B9BA0-BEA7-41BA-B604-D0A36F469133} from the IClassFactory failed due to the following error: 80070005 Access is
denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
At line:1 char:2

  • (New-Object -ComObject Microsoft.Update.SystemInfo).RebootRequired
  •  + CategoryInfo          : NotSpecified: (:) [New-Object], UnauthorizedAccessException
 + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.NewObjectCommand

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jborean93 @offlineadmin @adsanz-atalanta