How to fix “The update is not applicable to your computer” error.

How to fix “The update is not applicable to your computer” error.

It’s not often one will have this issue with an update, and it’s not easy to find a solution.
Because of that, I’ll share one example of how to do it and hopefully you can extrapolate this method to your case.


You need to install a single patch, out of your regular patch cycle. Maybe it is to enable some functionality (my case). Maybe it is some hotfix specific to your case.
You download the patch, run it and then …
… What do you mean is not applicable. It’s not in any list of existing patches …
And here is when this method might just come in very handy.

Step 1 – Logs

The first step has to be the logs.
Patching logs in Windows are kept in %systemroot%\Logs\CBS\CBS.log.
Open the log file and search for the KB number of your patch.
You can use any text editor you like. I like notepad++
Having found the KB reference, one can follow it to understand what is happening in the background.
As a little side note, more often than not, a patch is composed of multiple components and each one is tested for applicability
In this case, the first component was already marked as Superseded, as you can see highlighted. It might not always be the case, but it is here.
As we scroll through the log file we will see a sequence of log events going from the component to be updated until the evaluation of applicability and the result of Superseded. (Image below)
Note the component name and versions. The first version, ending in 23444 is the version we are trying to install of that component. The second version number is the existing lower version holder. That is to say, the current version of the component lower than the one we are trying to install.
At this point the log file will not help much more, so …

Step 2 – The source of all knowledge. The Windows Registry.

Disclamer: As usual, changes done to the registry can damage the Windows installation. Use some form of backup before starting and be very careful while navigating the registry
That’s right. If it’s not in the registry, Windows does not know about it. Or something of the sort.
At this point we open the registry editor (as Administrator) and we start digging.
The first piece of the puzzle is to search for the component we found in the CBS.log. In this example amd64_netfx-system_b03f5f7f11d50a3a.
The find function in the registry editor will lead you to something like the image below.
You can see the component selected, but we’re not there yet.
Scroll down and find the latest version of that component.
Now that we’ve found the latest version for this component, note the termination from arrow 1. .23744. And not the termination of the one before, pointed with the arrow 2. .23369.
What this means is that we have one version of this component higher than the one we are trying to install, and, at least in this case higher that the one the update we’re trying to install needs.
At some point, a patch was installed with the higher version and now, it’s up to us to find out which one.
So let’s jump onto the right hand pane and select the first binary key. The one that looks like a long GUID.
We need that value name to continue digging. So let’s modify and double click the value name to select it and copy it.

Step 3 – Digging deeper

Having copied the value name, we need to search for it in HKLM\COMPONENTS\CanonicalData\Catalogs (where Windows stores it’s component catalog).
Registry should find the value name inside a key, without any additional information, however, the key will help us get to the solution, because that key is present in yet another catalog.
So let’s select the key on the left pane. Right click and Rename, just so we can copy it.
Note: Don’t use the Copy Key Name functionality. For some reason beyond my understanding it does not work for the next search.
Once again, having copied the key name, we need to find it, this time under HKLM\COMPONENTS\CanonicalData\Deployments.
Once the search is done, we are presented with a list of packages and their KB numbers.
These packages have updated the component and will need to be uninstalled, in order to install the desired package.

Step 4 – Uninstall the superseding packaged

The next step is the easy one. Uninstall the 2 packages identified. Reboot if needed and then install our original patch.
And we’re done, or are we …

Step 5 – Back to the top

At this point, one would think we could just install the original patch and that was the end of it, but …
You see, Windows Registry was created in a time where efficiency was very needed. Windows registry allows application to share DLL’s rather than keeping multiple copies wasting space. It also keeps it’s catalogs so that application can know if they need to install new DLL’s or if they already exist, and as a consequence of that, Windows Registry also keeps records of what patches are installed or were attempted to install and what was the result. that way, it will not need to validate the applicability of a patch twice, because it already knows the result. It’s all about efficiency.
And so we go back to the CBS.log and find out patch number.
Select the highlighted Package_for_KB<insert your KB number here> and back to the registry editor.
Once in the registry edit (as Administrator), search for the above string and delete it.
This is the only registry change in the whole process and it is safe to do as it is only the record for the applicability evaluation.
This will make Windows evaluate your patch installation again and hopefully allow it’s installation.


There you have it folks. The not so easy fix, but very valuable in machines you can’t just rebuild (also a lot faster once you know where to look).
Do note that other components in a patch might also be superseded and you might have to repeat this process a few times.
Hope this can help someone.


  1. This blog post was built from a real life example using Windows 2008 R2 machines.
  2. As much as I would like to take credit for the discovery of the process, I must admit that I’ve learned this from a wise colleague of mine, Robert de Tulio, that collated some scattered information on the web using his expert knowledge and then taught me the process.

Move hidden Window

Dear reader,
Recent events made me get this tip way from my old days. When I was young and Windows 3.1 was the most amazing thing i had ever seen.
Ahh the good old days!
Anyway, have you ever struggled with a window that opens outside the visible screen? Or even the ones that stays just ever so slightly off that your mouse pointer just can’t move them?
Mostly the cause is simple different screen resolutions, removing an additional screen, going from a remote session in Full HD to a lame laptop screen… who cares.
It just happens.
Well at least now you’ll know what to do, with a few simple steps, and a working keyboard:
1.     Alt-tab to the misbehaving window;
2.     Press Alt+Space;
3.     Press M;
4.     Press any Arrow keys to bring the window back to full visibility or just once and then move the mouse. The window position should now follow the mouse cursor.
There you go.
No more plugging screens and rebooting or any other time wasting trickery.
Bonus tip: Since Windows 7, you can do it even faster, by using the snap window function. Just select the window with Alt + tab and use Windows Key + Arrow key to snap to one of the sides.

Shortcut to Mail is broken in Control Panel

Hello everyone,
Some time ago I had a problem with a user’s Outlook profile not opening. So as usual, I went straight to Control Panel to troubleshoot the e-mail profile, but to my surprise the shortcut to Mail 32 Bits was not functioning.
After searching around for a while, I found a workaround that didn’t require to rebuild the user’s profile.
And the workaround is:
Create a  shortcut for “C:Program Files (x86)Microsoft OfficeOffice14MLCFG32.CPL”
Go to Start -> Run and type Control MLCFG32.CPL or Control MLCFG64.CPL – if 32 or 64 bits.
And that is it, the Mail console we all know is available again.
Just a couple of notes on this.
1. If you use the shortcut version of the workaround, the path might vary depending on your Office version and installation path.
2. This is a workaround. It will not solve the issue with the user profile, but might give you some more time to plan.
Happy troubleshooting.

Windows 8 – Change default programs

Hi there.

Have your new Windows installed, but you want to customize the behavior of the OS.

Let’s say you don’t want the Metro style apps to open you pictures.

So just open your metro style start menu or press WIN+W and type default. You should see the “Default Programs” app.

Open it and edit your defaults.


In case you are wondering … Yes you could just get here through the control panel. I just find this way faster.



Windows 8 and Windows Server 2012 – Problems with activation

The new versions of Windows are out, and with them come a whole new set of little challenges.

So let’s start from the beginning.

You just installed your new OS and you get a DNS error when trying to activate it.

Well, here’s how you go about it.


Open a command line with Administrative privileges and type:

slmgr.vbs /ipk followed by your serial key. Press enter and there you have it. A brand new activated Windows.


How do I find out what are my drive letters in Windows Core?

So you just installed you Windows Server Core and you want to identify your disk drives. Or maybe you’ve plugged a USB disk to copy some files and you don’t know the drive letter.

Since there is no explorer in Server Core you will have to use diskpart. Diskpart is a utility to manage disk drives and has been available since Windows Vista and replaced the old fdisk. You’ve surely used diskpart in it’s GUI version of Disk Management, so now you just have to get used to it in a command line.

So to find out your disk drive letter in Windows Server Core just type diskpart and then list volume. This will give a list of disks and their drive letters.



To leave diskpart just type exit. If you want to discover more about diskpart type help.


Software installation asks for reboot even after reboot

Sometimes you’re installing a software and you get an error stating that you need to reboot before installing.

So far, so good, but, occasionally you get that error again after the reboot. In that case, follow this procedure:

  1. Open Regedit
  2. Find the key “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager”
  3. Rename the “PendingFileRenameOperations” value to “PendingFileRenameOperations2”
  4. Try again.



Change last logon user

Sometimes, as a sysadmin, you need to access a workstation to do some maintenance, and you don’t want the user to be asking you why he has to type is username again the next day.
Well, here’s a sollution.
Before shutting down the workstation just open the registry editor and navigate to:
Edit the LastLoggedOnUser key and type the username you want to see on the next reboot.

Windows Server Core – What now?

So you just installed you first Windows Server Core and you don’t really know what to do now.
Well, here’s some help. To configure the basics of your brand new server you can use the command sconfig. It will show you a nice Powershell menu to help you out.

Now you can configure the basic settings for your server without feeling lost.

Security Options for Anonymous Acccess to File Share on Windows Server 2003

Sometimes you need to create a file share that is truly public. No logins or passwords.
Here’s how.
Enable the guest account in Users and Groups console in Computer Management and give it a blank password.
Then allow the guest account in the Local Policies.

Open gpedit.msc and go to:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Accounts: Guest account status: enabled


Then allow network access for anonymous logins.

Again, using gpedit.msc and go to:
Network Access: allow anonymous SID/Name translation: disabled
Network Access: Do not allow anonymous enumeration of SAM accounts: enabled
Network Access: Do not allow anonymous enumeration of SAM accounts and shares: disabled
Network Access: let everyone permissions apply to anonymous users: enabled
Network Access: restrict remote access to named pipes and shares: disabled

Finally, allow anonymous logon to the machine.

Open gpedit.msc and go to:

Computer Configuration -> Windows Settings -> Local Policies -> User Rights Assignment ->
Access this computer from the network: everyone, anonymous logon

You can deploy this policy locally or via Group Policy.

If you want, and I think you will, you can then limited access to the shares using the windows firewall and a custom IP/subnet list.