How to read Windows Update logs in Windows 10 Version 1607

Summary
This article is intended for support agents and IT professionals to examine the Windowsupdate.log for troubleshooting Windows Update issues. Windowsupdate.log is a log file which contains the technical information on Windows Update.
More information
In Windows 10 Version 1607, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written. 

To decode the resulting ETL files and create a single, text based log file, you can run the new Windows PowerShell cmdlet Get-WindowsUpdateLog. After you run this command, your ETL files will be decoded into a readable text log that is placed on the current user’s desktop.

For more information about this cmdlet (this includes information about supported parameters and other options), see the following Microsoft TechNet website: 

Notes

  • If you encounter problems decoding the Windows Update log (for example, if you have multiple "GUID" entries that are displayed in the final text log), you may have to delete and then update your symbol cache. You can do this by deleting everything under the %temp%\windowsupdatelog folder. 
  • Decoding the ETL files and converting them into a single textual log file requires access to the Microsoft public symbol server on the Internet.  If you have Internet access, no other action is required, the powershell cmdlet will automatically download the files needed for the conversion.
  • The first time that you run the Get-WindowsUpdateLog cmdlet, you may see the Microsoft Internet Symbol Store dialog box. To use the Get-WindowsUpdateLog cmdlet, you must accept the presented license terms to enable access to the public symbols that are used by the cmdlet.
  • If you previously downloaded a symbol cache, you can use the -SymbolServer switch to use those symbols instead of connecting to the Microsoft symbol server. In order to do this, you must be able to provide a UNC path for that symbol cache. For example:
    \\<localmachinename>\c_drive\path to local symbol cache
  • If you're using Windows 10 Insider Preview, you may not always be able to decode the Windows Update log. Public symbols are published only for certain prerelease builds. Therefore, if public symbols are not available, you may be unable to successfully decode the log.
Properties

Article ID: 3036646 - Last Review: 10/31/2016 07:24:00 - Revision: 8.0

Windows 10 Version 1607

  • kbhowto kbsurveynew kbinfo kbexpertiseadvanced KB3036646
Feedback