Reading Tips for Windows Update Logs in Windows 11

Let’s learn the procedure to read Windows Update Logs in Windows 11. The Windows Update Log is a powerful tool for observing issues with Windows Update. The issue is a patch failing to install or connect to Microsoft Update; this log provides the details.

The Windows Update log is a record of all notable changes made to a Windows system. The Windows system records every detail of the update implemented by the Windows update service. If anti-malware software is installed, the history of its updates is also recorded. Any third-party software built on the device can also capture logs for storage in the Windows event log.

Windows Update Log is used to automate the operating system (OS) and application updates, manage multiple servers in a centre, and check for evidence of program execution. Event logs include records of a user’s action on a computer. Tracking such information is essential throughout the digital analysis process.

In Windows 10 Windows Update Log artefact is located at C:\Windows\Logs\WindowsUpdate. Windows Update Logs are generated using ETW (Event Tracing for Windows) to analyze the operation of the Windows Update agent and service. To read the ETW file format, it has to be converted into a log file (.log).

Patch My PC
Procedure to Read Windows Update Logs in Windows 11 - Fig. 1
Procedure to Read Windows Update Logs in Windows 11 – Fig. 1

How to Read Windows Update Logs in Windows 11

The Windows Update Agent generates diagnostic logs using Event Tracing for Windows (ETW). Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that are not immediately readable as written.

For Windows 10 versions prior to 1709 (OS Build 16299), this cmdlet requires access to a Microsoft symbol server, and log decoding must be run from a Windows 10 version earlier than 1709. Logs from Windows 10, version 1709 onward, do not require a Microsoft symbol server and need to be decoded from Windows 10, version 1709 or higher.

You can get the WindowsUpdate.log file and read the update log using PowerShell. Two methods, including PowerShell, are listed below for reading Windows updates.

  • Use PowerShell to Read the Windows Update Logs
  • Use Event Viewer to Read the Windows Update Logs

There are different log files, and the following table describes the log files created by Windows Update and their details. You can also learn how to show and hide Windows updates by clicking the link: How to Show Hide Updates in Windows 11.

Adaptiva
Log FileLocationDescriptionWhen to Use
windowsupdate.logC:\Windows\Logs\WindowsUpdateStarting in Windows 8.1 and continuing in Windows 10, the Windows Update client generates diagnostic logs using Event Tracing for Windows (ETW).If you receive an error message when you run Windows Update, you can use the information included in the Windowsupdate.log log file to troubleshoot the issue.
UpdateSessionOrchestration.etlC:\ProgramData\USOShared\LogsStarting Windows 10, the Update Orchestrator Service is responsible for the sequence of downloading and installing various update types from Windows Update. The events are logged to these .etl files.The download is not getting triggered when you see that the updates are available.

When updates are downloaded, installation is not triggered.

When updates are installed, a reboot is not triggered.
NotificationUxBroker.etlC:\ProgramData\USOShared\LogsStarting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe.When you want to check whether the notification was triggered or not.
CBS.log%systemroot%\Logs\CBSThis log provides insight into the update installation part in the servicing stack.To troubleshoot the issues related to Windows Update installation.
Procedure to Read Windows Update Logs in Windows 11 – Table 1

Use PowerShell to Read the Windows Update Logs

The user can use PowerShell to Read the Windows Update Logs. Now type PowerShell in the SearchBox on the TaskBar. When the appropriate option is available, choose it to open; either you can open PowerShell normally, or you can open it with Administrative privileges, as shown below.

Procedure to Read Windows Update Logs in Windows 11 - Fig. 2
Procedure to Read Windows Update Logs in Windows 11 – Fig. 2

When the PowerShell window opens, type Get-WindowsUpdateLog or copy and paste this command and press Enter to run the command. You can see the message getting the list of all ETL files. Please wait for all of the conversions to complete.

See Get-WindowsUpdateLog to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file. You can also check How to Create Different Shortcuts to Check for Windows Updates in Windows 11.

NOTE! When you run the Get-WindowsUpdateLog cmdlet, a copy of the WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run Get-WindowsUpdateLog again.

Procedure to Read Windows Update Logs in Windows 11 - Fig. 3
Procedure to Read Windows Update Logs in Windows 11 – Fig. 3

The details appear when you execute the command mentioned above. Some events do not match the schema. Please rerun the command with -lr to get a less restricted XML dump. The command was completed successfully, and you get the WindowsUpdate.log file on your desktop in a readable format.

Procedure to Read Windows Update Logs in Windows 11 - Fig. 4
Procedure to Read Windows Update Logs in Windows 11 – Fig. 4

The WindowsUpdate.log is saved on your desktop; double-click on it to open it in the NotePad. The Windows Update engine has different component names. The following listed are some of the most common components that appear in the WindowsUpdate.log file.

NOTE! Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don’t filter to exclude irrelevant components so that you can focus on what’s important.

  • AGENT- Windows Update agent
  • AU – Automatic Updates is performing this task
  • AUCLNT- Interaction between AU and the logged-on user
  • CDM- Device Manager
  • CMPRESS- Compression agent
  • COMAPI- Windows Update API
  • DRIVER- Device driver information
  • DTASTOR- Handles database transactions
  • EEHNDLER- Expression handler that’s used to evaluate update applicability
  • HANDLER- Manages the update installers
  • MISC- General service information
  • OFFLSNC- Detects available updates without a network connection
  • PARSER- Parses expression information
  • PT- Synchronizes updates information to the local datastore
  • REPORT- Collects reporting information
  • SERVICE- Startup/shutdown of the Automatic Updates service
  • SETUP- Installs new versions of the Windows Update client when it’s available
  • SHUTDWN- Install at shutdown feature
  • WUREDIR- The Windows Update redirector files
  • WUWEB- The Windows Update ActiveX control
  • ProtocolTalker – Client-server sync
  • DownloadManager – Creates and monitors payload downloads
  • Handler, Setup – Installer handlers (CBS, and so on)
  • EEHandler – Evaluating update applicability rules
  • DataStore – Caching update data locally
  • IdleTimer – Tracking active calls, stopping a service
Procedure to Read Windows Update Logs in Windows 11 - Fig. 5
Procedure to Read Windows Update Logs in Windows 11 – Fig. 5

Use Event Viewer to Read the Windows Update Logs

Another process is to use an event viewer to read the Windows Update Logs. To do so, press the Win Key + R to open the Run dialogue box. Type eventvwwr.msc and press OK or hit Enter. Here, you can find How to Allow Disallow Download Updates Over Metered Connections in Windows 11.

Procedure to Read Windows Update Logs in Windows 11 - Fig. 6
Procedure to Read Windows Update Logs in Windows 11 – Fig. 6

When the Event Viewer window opens, then follow the listed process to move forward to get the Windows Update logs.

  • Step 1 – Expand the Applications and Services Logs, then
  • Step 2 – Expand the Microsoft under Applications and Services Logs, then
  • Step 3 – Expand the Windows under Microsoft
Procedure to Read Windows Update Logs in Windows 11 - Fig. 7
Procedure to Read Windows Update Logs in Windows 11 – Fig. 7

When the Windows option is expanded, then, scroll down to find the option WindowsUpdateClient and expand it. Then you can see there is an option as Operational. Click on it, and you can find all the Windows Updates listed in the middle pane of the event viewer. Double-click on any update available in the middle pane to view the details.

Procedure to Read Windows Update Logs in Windows 11 - Fig. 8
Procedure to Read Windows Update Logs in Windows 11 – Fig. 8

I hope the information on the Procedure to Read Windows Update Logs in Windows 11 is helpful. Please follow us on the HTMD Community and visit our website, HTMD Forum, if you like our content. Suggest improvements, if any, and we’d love to know which topic you want us to explore next.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.

Author

Alok is a Master of Computer Applications (MCA) graduate. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.