[BUG]: Windows 10 Update Error 0x800f0988

[theRoboxx]

Description

I'm not able to install the following update on my PC 2022-06 Cumulative Update Preview for Windows 10 Version 21H2 for x64-based Systems (KB5014666) and receive the update error code 0x800f0988. This problem exists since I applied the "standard" rules from the privacy.sexy-Setup-0.11.4. After I tried many potential fixes from online sources (e.g. https://www.techpout.com/how-to-fix-error-code-0x800f0988-windows-10/), I installed an old backup from 2020 that contained only driver software. After that I installed the current windows updates and everything worked.

Then I ran the script again but with only a few selected options. This is the terminal output which I got via copy+paste (if the tool stores logs of applied rules somewhere, please let me know, so I can post them here):

--- Microsoft Edge (Legacy) app
administrators: No mapping between account names and security IDs was done.
Failed to take ownership
At line:1 char:507
+ ... > nul'); if($LASTEXITCODE) { throw 'Failed to take ownership' }; $fil ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Failed to take ownership:String) [], RuntimeException
    + FullyQualifiedErrorId : Failed to take ownership

--- Microsoft Edge (Legacy) Dev Tools Client app
administrators: No mapping between account names and security IDs was done.
Failed to take ownership
At line:1 char:521
+ ... > nul'); if($LASTEXITCODE) { throw 'Failed to take ownership' }; $fil ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Failed to take ownership:String) [], RuntimeException
    + FullyQualifiedErrorId : Failed to take ownership

--- Win32 Web View Host app / Desktop App Web Viewer
administrators: No mapping between account names and security IDs was done.
Failed to take ownership
At line:1 char:510
+ ... > nul'); if($LASTEXITCODE) { throw 'Failed to take ownership' }; $fil ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Failed to take ownership:String) [], RuntimeException
    + FullyQualifiedErrorId : Failed to take ownership

--- Content Delivery Manager app (automatically installs apps)
administrators: No mapping between account names and security IDs was done.
Failed to take ownership
At line:1 char:524
+ ... > nul'); if($LASTEXITCODE) { throw 'Failed to take ownership' }; $fil ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Failed to take ownership:String) [], RuntimeException
    + FullyQualifiedErrorId : Failed to take ownership

--- Kill OneDrive process
SUCCESS: The process "OneDrive.exe" with PID 8016 has been terminated.
--- Uninstall OneDrive
--- Remove OneDrive leftovers
C:\Users\PC\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\FileCoAuthLib64.dll - Access is denied.
C:\Users\PC\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\FileSyncShell64.dll - Access is denied.
The system cannot find the file specified.
--- Delete OneDrive shortcuts
Could Not Find C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
Could Not Find C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
Could Not Find C:\Users\PC\Links\OneDrive.lnk
--- Disable usage of OneDrive
The operation completed successfully.
The operation completed successfully.
--- Prevent automatic OneDrive install for current user
ERROR: The system was unable to find the specified registry key or value.
--- Prevent automatic OneDrive install for new users
The operation completed successfully.
The operation completed successfully.
The operation completed successfully.
--- Remove OneDrive from explorer menu
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
The operation completed successfully.
The operation completed successfully.
--- Delete all OneDrive related Services
SUCCESS: The scheduled task "\OneDrive Reporting Task-S-1-5-21-1433943106-4025153713-1109011770-1001" was successfully deleted.
--- Delete OneDrive path from registry
The operation completed successfully.
--- Uninstall Edge (chromium-based)
--- Shazam app
--- Candy Crush Saga app
--- Flipboard app
--- Twitter app
--- iHeartRadio app
--- Duolingo app
--- Photoshop Express app
--- Pandora app
--- Eclipse Manager app
--- Code Writer app
--- Spotify app
--- Microsoft Advertising app

The following week(yesterday), the problem occurred again.

I started the PC and the windows updater showed me a new available update (KB5014666)* from June 28. I tried to install the update and it failed with error code 0x800f0988.

Previously, the update (KB5014699)* from June 14 didn't work for me when I tried the tool for the first time on the 20th of June.

*Reference for Windows 10 updates: https://support.microsoft.com/en-us/topic/june-28-2022-kb5014666-os-builds-19042-1806-19043-1806-and-19044-1806-preview-4bd911df-f290-4753-bdec-a83bc8709eb6

My conclusion is that the executed scripts block future updates from being installed.

How can I know which script caused this problem?

My next step would be to completely purge my system and install windows 10 from scratch, but maybe I'm missing something obvious.

OS

Edition Windows 10 Pro Version 21H2 Installed on ‎25.‎12.‎2020 (This is the clean backup from 2020) OS build 19044.1766 Experience Windows Feature Experience Pack 120.2212.4180.0

Reproduction steps

1. run the standard scripts (fewer selected script also caused this problem but I don't remember exactly which one i chose)
2. restart PC
3. start PC the next day and open "Windows Update"
4. Get the update suggestion for e.g. (KB5014666)
5. Try to install this update
6. Get update error 0x800f0988 at nearly 100% installation

Additional information

• Uninstalling Edge (chromium-based) didn't work for me as well.

• I have three accounts on my PC. The scripts were executed from the administrator account. Could this be a problem?

[iabeefe]

I am having the same time issue. I am using Windows 10 22H2. This there any workaround for this?

[Abyssgrowth]

If you update your windows it will bloat your system.... dont do it. Install windows offline, use it for 2 years, instead of update wipe and install latest version again, simple. You dont need to update when your system works...

[tetoNidan]

Might be related might need to file a new bug report and will do so if requested.

Windows updater no longer updates on windows 11 and my error code is 0x80004002. I followed the steps from a windows post involving shutting down services through the cmd prompt, renaming some folders and starting the services again. Tried the updater troubleshooter. Did what looks like some safe mode stuff to no avail! Not really a windows guy. I followed this tutorial

https://www.thewindowsclub.com/fix-0x80004002-windows-update-error-code

Not sure what else I can do to resolve the issue or provide more information. Will gladly do so if recommended. Thanks!

So I just manually downloaded the cumulative update and installed it. after doing so updates just fine. I'm going to reapply the privacy.sexy script I generated and see if I have update issues. will post pack with results after new updates come in.

Windows is updating again! My issue likely had nothing to do with privacy.sexy. not sure exactly what caused the issue but manually installing the cumulative update solved the issue for me. Hope this solves further issues for others.

[undergroundwires]

Hi, this issue is likely due to DoSvc being recommended in older versions (see #173). The latest version of privacy.sexy (v0.12.4) has addressed this.

To resolve the issue, please do the following:

• Search for and revert the Disable "Delivery Optimization" service script in the latest version of privacy.sexy.
• Or run the provided batch script to fix the issue manually:

Fix code

```batchfile @echo off :: https://privacy.sexy — v0.12.4 — Fri, 29 Sep 2023 16:02:51 GMT :: Ensure admin privileges fltmc >nul 2>&1 || ( echo Administrator privileges are required. PowerShell Start -Verb RunAs '%0' 2> nul || ( echo Right-click on the script and select "Run as administrator". pause & exit 1 ) exit 0 ) :: Disable "Delivery Optimization" service (breaks Microsoft Store downloads) (revert) echo --- Disable "Delivery Optimization" service (breaks Microsoft Store downloads) (revert) PowerShell -ExecutionPolicy Unrestricted -Command "$serviceQuery = 'DoSvc'; $defaultStartupMode = 'Automatic'; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue; if(!$service) {; Write-Warning "^""Service query `"^""$serviceQuery`"^"" did not yield and results, cannot enable it."^""; Exit 1; }; $serviceName = $service.Name; Write-Host "^""Enabling service: `"^""$serviceName`"^"" with `"^""$defaultStartupMode`"^"" start."^""; <# -- 2. Skip if service info is not found in registry #>; $registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""; if(!(Test-Path $registryKey)) {; Write-Warning "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""; Exit 1; }; <# -- 3. Enable if not already enabled #>; $defaultStartupRegValue = if ($defaultStartupMode -eq 'Boot') { '0' } elseif($defaultStartupMode -eq 'System') { '1' } elseif($defaultStartupMode -eq 'Automatic') { '2' } elseif($defaultStartupMode -eq 'Manual') { '3' } else { throw "^""Unknown start mode: $defaultStartupMode"^""}; if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq $defaultStartupRegValue) {; Write-Host "^""`"^""$serviceName`"^"" is already enabled with `"^""$defaultStartupMode`"^"" start."^""; } else {; try {; Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force; Write-Host "^""Enabled `"^""$serviceName`"^"" successfully with `"^""$defaultStartupMode`"^"" start, may require restarting your computer."^""; } catch {; Write-Error "^""Could not enable `"^""$serviceName`"^"": $_"^""; Exit 1; }; }; <# -- 4. Start if not running (must be enabled first) #>; if($defaultStartupMode -eq 'Automatic') {; if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Host "^""`"^""$serviceName`"^"" is not running, trying to start it."^""; try {; Start-Service $serviceName -ErrorAction Stop; Write-Host "^""Started `"^""$serviceName`"^"" successfully."^""; } catch {; Write-Warning "^""Could not start `"^""$serviceName`"^"", requires restart, it will be started after reboot.`r`n$_"^""; }; } else {; Write-Host "^""`"^""$serviceName`"^"" is already running, no need to start."^""; }; }" :: ---------------------------------------------------------- pause exit /b 0 ```

Next Steps:

1. After running the script, reboot your computer.
2. Verify if the problem is resolved.

Background: Before this script was in recommended pool, after figuring out the side-effects, now, it's moved to Strict and a variant without side-effects (Disable peering download method for Windows Updates script) is recommended instead.

If it solves your problem, please let me know, in that case we can document that this script breaks Windows Updates. If problem persists, it's hard to reproduce if the full script you executed is not provided, it would be helpful if one could share the breaking script.

[vbondzio]

Just FYI, I still ran into Windows Update issues (0x80004002) with version 0.13.2. Fixed by rolling back 'Disable "Delivery Optimization" service'

privacy-script.txt

[ltguillaume]

Just FYI, I still ran into Windows Update issues (0x80004002) with version 0.13.2. Fixed by rolling back 'Disable "Delivery Optimization" service'

privacy-script.txt

Came here to say the same: on both W10 LTSC and W11 LTSC, using Disable "Delivery Optimization" service (breaks Microsoft Store downloads) will also break Windows Update with 0x80004002.

I recommend changing the title/description to Disable "Delivery Optimization" service (breaks Windows Update and Microsoft Store downloads)

Used v0.13.6

[undergroundwires]

I do not understand why this happens, I wonder if peer-to-peer updates forced upon Windows users now.

However, I will document the Windows updates breaking behavior and remove it from Strict pool.

Should this script stay under Disable obtaining updates from other PCs on the Internet (delivery optimization) or should I move it into separate category like "Privacy over Security => Disable updates". Because this category already has less intrusive ways to disable delivery optimization except disabling DoSvc.

We already have "Disable automatic updates" but this new category would include scripts to disable doing updates anyway at all (including automatic and manual). I'm not sure best name would be in that case. "Disable updates" does not imply its impact, that it also covers non-automatic updates. Maybe a name like "Disable receiving updates from Microsoft", or similar.

Questions:

• Keep it under where it is (Disable obtaining updates from other PCs on the Internet (delivery optimization)) vs move it to a specific category for disabling any kind of updates.
• If yes, what would be the best name for that kind of category?

[ltguillaume]

Depends on what you consider manual updates: while disabling DoSvc would block manually checking for and downloading updates (because it blocks the download), it wouldn't block, say, manually running a .msu file.

I would consider downloading/fetching updates part of Windows Update, i.e. the automatic updates part. So it could just be put under Disabled automatic updates, I'd say.