Recently I covered how to install Microsoft Security Essentials in Windows Server 2012 R2, however after performing a Windows update it failed to install with error 0x8004FF04.
Here I will discuss why this happens and then cover how to resolve this problem and update Microsoft Security Essentials manually.
From my experience definition updates have still been working fine through Windows update, so far I have only had a problem with this update, which is an update specifically for a newer version of the antimalware client itself.
A note to Windows 8, 8.1 or 10 users receiving this error for a Microsoft Security Essentials update: The built-in Windows Defender replaces Microsoft Security Essentials, if you have previously installed Microsoft Security Essentials but updated your operating system version it may no longer be supported and it should be safe to uninstall as Defender has taken over. This post is aimed toward those that have knowingly installed Microsoft Security Essentials on an unsupported operating system such as Windows Server 2012 R2 and want to update it.
Updating Microsoft Security Essentials
In this example I first downloaded and installed the latest version of Microsoft Security Essentials from Microsoft by following these steps. This installed version 4.8 of Microsoft Security Essentials.
After running Windows update it found KB3140527 which came out 23/02/2016 and was an update for Microsoft Security Essentials, version 126.96.36.199 to be exact as shown below. This means that when I did this, the download through the website was not the most up to date version.
Take note that this particular update is 8.5MB in size, this will be important later on.
The problem begins when trying to install this update, as shown the update fails and results in error code 8004FF04, simply meaning that the update does not support this version of the operating system.
This makes sense as technically Microsoft Security Essentials does not support Windows Server 2012 R2, we installed it with some slight customizations which we need to do again during the update.
If you had a look through my Microsoft Security Essentials installation guide, you may have noticed that error 8004FF04 came up there as well. Essentially the update is failing to install because it is not being run in compatibility mode for Windows 7, or with the /disableoslimit flag via Windows update causing it to fail.
In order to install the update, we need to run it manually with these customizations in place.
Windows update stores its downloaded update files in the C:\Windows\SoftwareDistribution\Download folder with different hashes for the file names. As the particular update that is failing to install in this case is 8.5MB in size, we simply look for a file within this folder that is also 8.5MB in size – in this case the file that is selected shown below.
For this example, I copied this file over to my desktop to perform the required changes rather than modifying the original, I then renamed it to ‘update.exe’ however the file name isn’t particularly important here.
Next right click the file and select properties. From the properties window select the Compatibility tab. Under Compatibility mode, tick the “Run this program in compatibility mode for:” box and then select Windows 7 from the drop down menu, then click OK.
Now open command prompt as administrator and execute the file with the /disableoslimit flag on the end as shown below.
Assuming you selected the correct file from the Windows update folder, you should be greeted with the Microsoft Security Essentials upgrade wizard as shown below, simply click the Upgrade button to proceed.
Once the upgrade has completed, click the finish button to complete the process.
From here you can now open up Microsoft Security Essentials, select the Help drop down and then click About and you should see that the Client Version has been successfully updated to the version noted through Windows Update.
This confirms that Microsoft Security Essentials has successfully been updated to the version that Windows update was failing to install. At this point we can go back to Windows update and run a check for updates, which should now no longer list the update as available, as it is now installed.
As Microsoft Security Essentials is not officially supported in Windows Server 2012 R2, we should expect strange and unexpected behaviour such as Windows updates failing to update it.
By applying similar changes that were done when we installed it, including setting the compatibility mode to Windows 7 and running the executable with the /disableoslimit flag, we can successfully update Microsoft Security Essentials when newer updates become available through Windows update that are not yet available for download through the Windows website.