Routine patching of systems and software is a crucial piece of any business’ information security strategy. Even so, many systems go unnoticed and unpatched for months, even years until an external threat forces the organization into action (e.g. the recent WannaCry ransomware outbreak).
When that happens, server administrators need to be prepared for irregularities they’re likely to encounter, such as a hang prior to reboot.
In this scenario, we’re going to assume that you’ve just finished patching and clicked the “Restart Now” button. You begin a continuous ping (ping -t [hostname/IP address]) and wait for the server to restart.
Let’s assume a normal reboot takes 5-10 minutes for this machine, and that 25+ minutes have passed.
You check the console, and are greeted by the “‘Preparing to Configure Windows. Do not turn off your computer” message. Time continues to pass while your maintenance window dwindles like falling grains in an hourglass… pressure is mounting, the business won’t wait. Time for action!
Logged in as an Administrator from your workstation check the Windows Module Installer service on the remote system…
- Run services.msc
- Right-click “Services (Local)” and select “Connect to another computer …”
- Make sure the “Another computer” radio button is selected and enter the hostname of the stuck server and click “OK”
- Search for “Windows Module Installer” service and verify its status. If it’s “stopping,” then you will need to force it to stop. This can’t be done here, so we’ll need to query its PID and use our old friend TaskKill to manually kill the service
Query the Process ID (PID) of the Windows Module Installer (TrustedInstaller) service…
- Open Command Prompt as an Administrator
- Run the following command:
sc \\[hostname of the server] queryex trustedinstaller
This will return (among other information) the PID of the stuck service, write it down as you’ll need it for the next step
Kill the hung service remotely using TaskKill…
- From the Command Prompt already opened, run the following
command:taskkill /s [hostname of the server] /pid [PIDFromAbove] /f
Congratulations, your system should now be unhung! Check your console or continuous ping to verify that the system is restarting and proceed to the next round of updates.