Offline Component Based Servicing Fails With 0x80070005

I have recently identified an issue when applying patches through component based servicing in ConfigMgr 2012 that the process fails with the common error code 0x80070005 (access denied).

Update: I have updated this post with some new information.

Detecting the presence of this issue should be simple, look through OfflineServicingMgr.log and look for the following:

Applying update with ID 16803254 on image at index 1.
Failed to install update with error code 5
InstallUpdate returned code 0x80070005

The problem I found was with the anti virus product. In this case McAfee seems to think that the host OS is getting patched and protects the system and blocks the updates from applying to the mounted image. Simple resolution here to get it working was to stop the three services McAfee Framework Service, McAfee McShield and McAfee Task Manager.

I ran the process again and it works perfectly. For a more permanent resolution the image is mounted to a directory ConfigMgr_OfflineImageServicing, simply add a exclusion to the on access protection and it works fine with anti virus running.


Tags: , , , , ,

About Martyn

Martyn is one of the Senior Cloud Architects and DevOps Team Leader at one of the worlds leading Cloud Transformation Specialists Inframon. Martyn is responsible for the architecture of some of the largest Azure deployments in EMEA and is a advisor to a many businesses on their strategies. Martyn is a regular speaker at Microsoft events and community events on Azure and DevOps, giving his insight to a growing number of audiences.

13 responses to “Offline Component Based Servicing Fails With 0x80070005”

  1. Johan Pol says :

    Did someone found a solution for this ? I have the same problem

  2. Peter Denkel says :

    Hi Martyn,

    Further update to this is that issue was specific to McAfee AV 8.8 patch 1. In patch 1 they introduced settings to stop hooks attaching to the running McAfee processes – no exclusion settings I applied through ePO made any difference.

    I have recently applied patch 2, will see how this goes soon as looking to slipstream IE9 & apply some more updates to the base image.

    • Martyn says :

      Ahh great, thanks for the update. I wondered what was happening, is this noted on an official McAfee KB anywhere? Would you be able to share the link if so?

  3. Ercole1977 says :

    getting insane trying to find the exclusion without having to disable Virusscan….anyone who accomplished this ?!?!??!

  4. Peter Denkel says :


    Am just curious as to where you created this rule – as there are 2 areas, “Access protection” & “On-Access scanning” – not “on access protection”. The first doesn’t allow folder exceptions, only processes, so am guessing you are talking about the on access scanning exceptions.

    Problem I had with SCCM 2012 offline updating of a Windows 7 image is that no exceptions in this area appeared to make any difference at all since McAfee introduced patch 1 for AV 8.8. The only way I could get around the issue was to disable access protection for the period of time that the offline updates were being applied.

    Is this the same issue you were experiencing or different? I have quite a period of time working with McAfee, only a little with SCCM, unfortunately – so am trying to get a handle on this.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: