Windows Server 2008 Critical Services Fail to Start After KB973037/KB969947/KB973565 Patch Installation: AD & Exchange 2007 Impact Analysis


9 views

When your domain controller and Exchange 2007 server suddenly refuse to start core services after patch Tuesday, the situation demands immediate technical triage. Here's what we're seeing with these specific KBs:

// Typical error pattern observed in Event Viewer
Event ID 7024: The [ServiceName] service terminated with service-specific error 2147943394 (0x80070422)
Event ID 7000: The [ServiceName] service failed to start due to error: The service did not respond...

Before diving deep, try these quick diagnostic commands:

# Check service dependencies
sc qc spooler
sc qc netlogon

# Verify system component health
dcdiag /test:services /v
dcdiag /test:netlogons /v

The KDC error suggests certificate store issues. Run these repair commands:

certutil -store -v my
certutil -verifykeys
certutil -repairstore my "DomainControllerAuthentication"

For Exchange 2007 services failing to start:

# Rebuild Exchange permissions
%ExchangeInstallPath%bin\exscfg.exe /mode:recoverconfig

# Check transport service dependencies
Get-Service *transport* | fl name,status,starttype

If all else fails, remove the problematic updates:

wusa /uninstall /kb:973037 /quiet /norestart
wusa /uninstall /kb:969947 /quiet /norestart
wusa /uninstall /kb:973565 /quiet /norestart

For future patch cycles on legacy systems:

# Create pre-patch snapshot
wbadmin start backup -backuptarget:\\backup\server2008 -allcritical -quiet

# Test patch sequence
$updates = Get-Hotfix | Sort InstalledOn -Descending | Select -First 10
$updates | Export-Clixml C:\patch_audit.xml

After deploying standard Windows updates (including KB973037, KB969947, and KB973565) to a Windows Server 2008 machine functioning as both an Active Directory domain controller and Exchange 2007 server, the system encountered a boot hang at "configuring updates stage 3 of 3 0% complete". While safe mode boot followed by normal reboot allowed login, critical services including Exchange, DNS, and Terminal Services failed to start.

First, verify the system state with PowerShell:


# Check installed patches
Get-HotFix | Where-Object {$_.HotFixID -match "KB973037|KB969947|KB973565"}

# Verify service status
Get-Service | Where-Object {$_.Status -ne "Running"} | Select-Object Name,Status,StartType

The KDC error suggests certificate validation problems impacting authentication services. Check certificate store integrity:


certutil -verify -urlfetch -v Root
certutil -viewstore "ldap:///CN=KDC,CN=Computers,DC=domain,DC=com?certificate?base"

Create a registry backup before attempting these modifications:


reg export HKLM\SYSTEM\CurrentControlSet\Services C:\ServiceBackup.reg

For Exchange services, check the ImagePath values:


reg query "HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS" /v ImagePath

Run these commands to repair potentially corrupted system files:


sfc /scannow
dism /online /cleanup-image /restorehealth

If standard fixes fail, consider these approaches:


# Try starting services manually with tracing
sc start dnscache /trace

For Exchange-specific issues:


cd "C:\Program Files\Microsoft\Exchange Server\Bin"
.\eseutil /k