netlogo One of the more annoying problems we run into when trying to ‘fix’ a computer and get all Windows Updates installed is .NET Framework v1.1 Service Pack 1 (SP1) from KB867460. Of all patches, this one seems to fail the most. It will fail in Windows Update or installed manually. A lot of people just leave the failed update since they don’t use .NET (or have no clue they use something that does). We recently had a client who used a software package to run their business that was built on .NET, so we wanted to ensure they had the latest updates and patches. But all of their computers refused to install SP1. Thankfully there are a couple of tools which can help fix the problems.

Microsoft recently released their own .NET Repair Tool, which can sometimes fix things without having to completely yank them out. I’ve recently started to run this first before doing a full cleanup/removal with the Cleanup Tool. Unfortunately this does not always work and .NET v1.1 SP1 will still fail to install. This was the case with the systems we had. The tool ran, said it fixed a few things, but SP1 would still not install. But it’s a solid first start for most systems and does try to indicate what it fixed or could not.

The next tool we use is the .NET Cleanup Tool. This tool will completely remove one or all versions of the .NET Framework, often allowing for a clean installation that will also patch properly. I’ve found you can sometimes fix v1.1 by removing it alone, but often you have to remove all versions and start over because there are some weird interactions between v1.1 and v2.0 (which is now included as part of v3.5). Always make sure you restart after cleaning. Then run Windows Update and install the patches in the order it suggests.

Usually. The hardest part about .NET issues is it never seems consistent how you fix them or what you did that specifically fixed it, because there are often multiple things done at once.

For the systems we were working on – I spent days trying to get SP1 to install on this one system. I even went so far as to manually remove EVERY directory related to .NET and every registry cluster I felt safe removing. STILL could not get SP1 to install. Even with a full patch download, it would run and run – the progress bar getting ALMOST to the end, then it would slowly disappear/unwind and the patch would fail. No real errors or indication of what was going on, making debugging that much harder.

In the end I was finally able to get it to install. I was wondering if maybe the patches were not installing in order. The first few times after removing ALL versions of .NET, I tried the following:

  • Installed .NET 1.1
  • KB951841 (3.5 SP1 and 2.0 SP2)
  • .NET v1.1 SP 1 failed
  • Then installed these 3.5 updates:
    • KB982168
    • KB982524
    • KB2604092 (.net 2.0 patch)
    • KB2656352
    • KB2604111
    • KB2729450
    • KB2742596
    • KB2736416
    • KB2756918
    • KB2789643
    • KB2833940
    • KB2832411
    • KB2840629
    • KB2844285
    • KB2863239
    • KB2861189
    • KB2861697

Unfortunately, 1.1 SP1 failed AGAIN. So I ran cleanup a few more times. Then I tried things in a slightly different order:

  • Reinstall 1.1/2.0/3.5 using the downloaded installers. But did not install any patches except…
  • Installed KB982524 which was a v2.0 patch that 1.1 seemed to depend on. I don’t know why, but I got some errors
  • Installed .NET v1.1 SP1 (it installed this time!)
  • Installed KB2833941 (1.1 security patch)
  • Installed KB2866941 (2.0SP2 security patch)
  • Installed the rest of the patches via Windows Update

And I was done. So what was the secret? Was it really the order? No – I don’t think so. I know I had tried that order before and it didn’t work. So what made the difference?

I can’t say with 100% certainty because I had tried so many things. But in looking at the v1.1 Service Pack, I finally found some logs indicating where the failure was. It didn’t tell me why, but it showed that the patch used a weird combination of file copies and moves to ‘upgrade’. The one thing I had done on both systems as one time before finally getting SP1 to install? I disabled the anti-virus software they had (Panda).

Now I know it’s always suggested that you disable anti-virus when installing software. But patches? Well – the SP1 patch is a weird patch compared to most of the others. The installer windows seem different and the method it’s using to install itself seems unusual. In two decades of working in IT I can count on one hand the times I’ve seen an anti-virus screw up an install or upgrade, and it always would indicate this by flagging the upgrade as ‘suspicious’. But in this case – there was NO indication the antivirus was interfering with the patch. But looking back through my notes, I had disabled Panda on both systems and not long after, it installed. So it may have been the order or it may have been the anti virus (or both). But if you encounter a system where this patch will stubbornly not install – think outside the box a bit.