AKB3172605: Solving Windows 7 update scan slowdowns
By @CanadianTech
Published 2 Feb 2017 rev 2.0 on 4 Feb 2017
Windows Update has become quite problematic for Windows 7 users, for the past year and a half. We have a solution that has worked for likely hundreds of thousands of people.
Follow Woody’s MS-Defcon status to decide when to update. (http://www.askwoody.com)
For this to work, you must follow exactly as this describes.
If you have already installed KB3172605, it would be pointless to try to install it again.
Before you begin updating, please go towards the bottom of this Knowledge Base Item and read the section that begins: From October 11, 2016 onwards…
There are two main types of Windows 7 installations: 32 bit or 64 bit. You need to know what is installed in your computer. Click the Start globe, type systemin the box. Click on System information in the list. The techie shorthand for 32 bit is x86 and for 64 bit is x64. While you are looking at the System information to verify whether yours is 32 or 64 bit, check to see if SP1 (Service Pack 1) has been installed. If you do not see SP1 there, yours has not been updated and the following instructions will not work.
1. Start Windows Update and change the Setting to Never check for updates. Close the Windows Update window. Windows Update will no longer be automatic. From this point onwards, you are responsible for starting and installing updates. Follow Woody’s MS-Defcon status to decide when to update.
2. Restart your computer.
3. You are now going to download and install either one or two updates manually. In most cases only the first (KB3172605) of these is needed. If that produces a result that says the “update is not appropriate for your computer”, you need to first install the 2nd of these (KB3020369), then install the first (KB3172605). Choose the one that is for your machine — 32 bit (X86) or 64 bit (X64).
KB3172605:
32 bit
http://download.windowsupdate.com/d/msdownload/update/software/updt/2016/09/windows6.1-kb3172605-x86_ae03ccbd299e434ea2239f1ad86f164e5f4deeda.msu
KB3020369:
32 bit
https://www.microsoft.com/en-us/download/details.aspx?id=46827
64 bit
https://www.microsoft.com/en-us/download/details.aspx?id=46817
4. After restarting your computer, wait about 10 minutes until Windows Update completes its tasks. Do not use the computer for any other purpose during this wait period.
5. Start Windows Update. It will take only a few minutes (unless, of course it has been many months since the last update) to come up with a list and download the updates you select. The process is quite normal as it always was from this point onward.
If updates have not been presented to you in less than 30 minutes, then you have a bigger problem. Likely Windows Update needs to be “reset.”
This is a bit technical, but if you can follow, It will work for you. For this to work, you must follow exactly as this describes.
At this point, Windows update is still running in the background. You need to stop it. Click the Start globe (bottom left), type servicesinto the text box that pops up, Click on Services. Find Windows Update in the alphabetic list of services, right-click (left-click if your mouse is set for left-handers) and choose Stop. Close the window
Now, you are going to reset Windows Update components:
Start, All Programs, Accessories, Right-click on Command prompt, Choose Run as administrator, Y. Type the following in the black box:
Tip: Instead of typing each line, you can select the text in each line in the list by high-lighting it, right-click, choose Copy from the pop-up menu. In the black window, Right-click anywhere, choose Paste from the pop-up menu, Enter.
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
Exit
If steps 5 or 6 do not allow the operation, go back and click on the Start globe and type servicesinto the text box. Click on Services in the list that pops up. In the window that then pops up (its alphabetic), find Windows Update. Right-click on it (left-click if your mouse is set for left-handers) and choose Stop. It may have re-started itself.
If steps 5 and 6 report that the file already exists, then substitute SoftwareDistribution.old3 for SoftwareDistribution.old, and catroot2 catroot2.old3 for catroot2 catroot2.old. It is possible, that you may have to use 4 instead of 3 if this has been done repeatedly before.
This procedure will erase the list you would see in “View Update history” that you access in the Windows Update window. It will NOT erase the “View Installed Updates” you access through the Control Panel.
Now go back to the beginning of this presentation and try the installation of KB3172605 and KB3020369 again.
From October 11, 2016 onwards, there was a very significant change in the way Windows Update works. Some may like it a lot. Some may dislike it intensely.
You need to make a decision about what will become of your Windows 7 system.
Woody Leonhard has described the situation something like this. Note, I am using my own words here and describing it from my own perspective.
This is Woody’s article: http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html
Group A: Just let MS install whatever they wish on your computer and just don’t worry about privacy and the spyware they will install. This is the easiest choice.
Group B: Refuse to accept any except Security updates. You get the Security-only updates from the “catalog”. There is risk here in B. You are trusting that Microsoft will not put anything in that group that does things you do not want done. A sort of level of trust in MS that I am not sure they deserve. Keep in mind that they have done the same thing with this set of updates they did in the main one. It is all one agglomeration of whatever number of security updates they decide to put in it. Being in Group B entails some very disciplined work. You must stay tuned to Woody’s advice and be aware of any twists and turns that may be coming.
Group C (AKA W): Shut down WU permanently and never again accept a Windows Update. This group feels that the risk of Microsoft changing their machine in unacceptable ways or even bricking it, is greater than the risk of a hacker breaking in because some security patch was not installed. I suspect that most people who even think about this topic will opt for this. However since most people think of their computer like a potato peeler, they will not even think about this and things will just happen without them even knowing. They will be Group A and won’t even know it.
Note that this may not apply to NON-Windows updates such as Office. I am not sure how you can be in group B or W and do this, but I am working on it.
In all cases for all groups, change the Windows Update setting to Never check for updates, and refer to Woody’s MS-Defcon ratings to decide when and what to update.
The new rollup style of updates that Microsoft is now providing to what we would call Group A, which includes all kinds of updates (security and non-security), are cumulative. That means if you miss a month or even more, it will not matter because by installing the latest month’s rollup, you would be up to date.
NOTE well, that Security-only updates are NOT cumulative. This means if you miss a month, you may never get the missed updates.
So one strategy that you may wish to consider is following Group C, but still updating .net and Microsoft Office through Windows Update, but installing no Windows updates at all. It would be advisable in this case that you stop using Internet Explorer because you would not be getting those updates, but instead use an alternative browser.
Then, after following this strategy for some time, if things take a turn for the worse, and you decide you made the wrong choice (Group C with .net an Office updates), you can easily shift to A by simply using the latest offered Rollup offered in Windows Update.
So, as things have evolved, it looks like the vast majority really only have two choices: A as described above or C (modified as described above). The good news is that if you follow the modified C strategy, you have a way back to the Microsoft way, that is easy to implement.
