Microsoft Windows update ETL Logs are continuously getting generated on Microsoft Windows Server 2016 and Microsoft Windows 10, V1607

Microsoft Windows update ETL Logs are continuously getting generated on Microsoft Windows Server 2016 and Microsoft Windows 10, V1607.

Symptoms:

The Servers will be writing new ETL logs under C:\Windows\Logs\Windows Update folder until the server runs out of disk space and eventually system goes to hung state. This will continue to happen even after setting windows update Service to manual. Restarting Windows update service will temporarily cleanup all ETL logs.

Cause:

     Windows Update Service makes unnecessary http calls to fe3.delivery.mp.microsoft.com or fe2.update.microsoft.com if proxy returns HTTP 407. The issue occurs after installing Windows Updates released after 2021 1B and prior to 2021 2C and 3B timeframe.

 Solution:

          Microsoft has released a cumulative update KB5000803 which has fix for this issue. Size of the package is around 1.7 GB, OS drive should have minimum 7 GB free space before attempting the installation.

Workaround:

 Block access to Windows Update Servers by policy “Turn off access to all Windows Update features”.

Steps are below;

1. Run gpedit.msc

2. Expand “Computer Configuration”

3. Expand “Administrative Templates”

4. Expand “System”

5. Expand “Internet Communication Management”

6. Click on “Internet Communication settings”

7. On the right hand side locate the setting “Turn off access to all Windows Update               features” and double click to open the settings

8. Change the setting to “Enabled” and click apply.

9. Restart Windows update Service. Perform a clean reboot if possible.

   

Blocking https://fe3.delivery.mp.microsoft.com URL on the proxy server will also prevent the issue, as the proxy will return HTTP 403 instead of HTTP 407 which causes the issue.

  Disabling authentication on the proxy server is another option to mitigate this issue.

Read More