If you experience problems with Windows Updates and need to debug on the actual process, WindowsUpdates.log has always been a good place to start……… but not on Windows 10
According to Microsoft these steps are relevant only for the January Tech Preview of Windows 10.
Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written. To decode the resulting ETL files and create a log that you can read, follow these steps.
- Download the public symbols by following the directions here. Install these symbols to a directory such as C:\symbols.
- Download the Tracefmt.exe tool by following the instructions here.
- Open a command prompt with administrative rights.
- Create a temporary folder, such as %systemdrive%\WULogs.
- Locate the directory that contains Tracefmt.exe, as downloaded and installed in step 2. Then, copy Tracefmt.exe to %systemdrive%\WULogs.
- Run the following commands at a command prompt, in the order presented:
- cd /d %systemdrive%\WULogs
- copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
- tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols
For example, the last line might resemble the following:
tracefmt.exe -o windowsupate.log Windowsupdate.103937.1.etl Windowsupdate.103937.10.etl -r c:\Symbols
Lucky for us, we don’t always need to dig deep – there is a deprecated logfile we can use for now (January Tech Preview) WindowsUpdate_AU_deprecated.log