Windows 10 ESU (Extended Security Updates) for EEA not working

[Sinisa]

I copy/pasted commands before also.

 

[ChatGPT]

Thanks — and I see why this is getting confusing. You did copy/paste, but the PowerShell errors you posted show the same small pipeline typo kept slipping in: you used $. instead of the pipeline variable $_. That makes PowerShell try to run a command named $.Message and produces the red errors you saw.
Let’s finish this off cleanly. Do these three quick things (copy/paste the exact commands) and tell me the outputs / results:
1) Reproduce the enrol failure and capture relevant Event Log entries

• Open PowerShell as Administrator and copy/paste this whole block exactly (then immediately click Enrol now in Settings → Update & Security → Windows Update and wait ~5–10 seconds after the grey window flashes, then return to PowerShell — the Get‑WinEvent queries will run and show any matching events):

$start = Get-Date
Start-Process ms-settings:windowsupdate

— click "Enrol now" now, wait ~5-10s, then run the queries below —​

Get-WinEvent -FilterHashtable @{LogName='Application'; StartTime=$start} -ErrorAction SilentlyContinue |
Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|BrokerPlugin|AAD|WebAccount|MicrosoftAccount|Store|WinStore|SystemSettings' } |
Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 100 |
Format-List
Get-WinEvent -FilterHashtable @{LogName='System'; StartTime=$start} -ErrorAction SilentlyContinue |
Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|AAD|WebAccount|Store|WinStore|SystemSettings' } |
Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 50 |
Format-List

• Paste whatever output you get. If nothing appears, say “no events” and we’ll move to the next checks.

Why: community/MS troubleshooting uses these event queries to find the token/WAM/Store errors the enrollment UI writes when it fails. This is the same approach used in other ESU troubleshooting guidance.
2) Quick functional checks (do both)
A — Store sign-in test (manual)

• Open Microsoft Store → click the profile icon (top-right) → Sign in → use the same Microsoft Account (MSA) you use in Windows.
• Tell me: does sign-in succeed, or what exact error text do you see?

B — Check WebView2 runtime (PowerShell)

• In an elevated PowerShell paste exactly:

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like 'WebView2' } |
Select-Object DisplayName, DisplayVersion, Publisher

• If nothing returns, install the Microsoft Edge WebView2 Runtime (Evergreen), reboot, then retry Enrol now. Missing/corrupt WebView2 commonly makes in‑app sign‑in dialogs open then close instantly.

Why: the enrollment UI uses an in‑app web view / WAM token path; WebView2 and Store/AAD broker health are common causes of the “grey window” symptom.
3) If the logs are empty and Store sign-in works: do a short Procmon capture (I’ll walk you through it)

• If step 1 returns no events and Store sign-in succeeded, say “Yes — Procmon” and I’ll give exact, 1–2 minute Process Monitor steps (download, filter, capture, save) so you can produce a .PML I can read for the failing process/api call. Procmon is the fastest way to see exactly which process/registry/file/API fails when that grey dialog appears. Community troubleshooting often uses Procmon when logs don’t show the error.

A couple of optional items you can try in parallel (if you want):

• Clean‑boot test: msconfig → Services → Hide Microsoft services → Disable non‑Microsoft services → Startup → Task Manager → disable non‑Microsoft startup items → reboot → try Enrol now. (If it works in clean boot, re-enable items in small groups.)
• Try enrolling from another Windows 10 22H2 PC using the same MSA — if that PC enrolls, the entitlement is attached to the MSA and the issue is definitely local to your device.

If you’re ready, run step 1 and step 2 and paste:

• The exact output from the two Get-WinEvent queries (or say “no events”),
• The result of the Store sign-in attempt (success or exact error),
• The WebView2 check output (or “not installed”).

If you want me to give the Procmon steps now, say “Yes — Procmon” and I’ll post the exact short instructions.

 

[Sinisa]

PS C:\WINDOWS\system32> $start = Get-Date
>> Start-Process ms-settings:windowsupdate
PS C:\WINDOWS\system32> Get-WinEvent -FilterHashtable @{LogName='Application'; StartTime=$start} -ErrorAction SilentlyContinue |
>> Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|BrokerPlugin|AAD|WebAccount|MicrosoftAccount|Store|WinStore|SystemSettings' } |
>> Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 100 |
>> Format-List
>> Get-WinEvent -FilterHashtable @{LogName='System'; StartTime=$start} -ErrorAction SilentlyContinue |
>> Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|AAD|WebAccount|Store|WinStore|SystemSettings' } |
>> Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 50 |
>> Format-List
$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException




PS C:\WINDOWS\system32> Get-WinEvent -ListLog WebAccount | Select-Object LogName -First 10
Get-WinEvent : There is not an event log on the localhost computer that matches "WebAccount".
At line:1 char:1
+ Get-WinEvent -ListLog WebAccount | Select-Object LogName -First 10
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingLogsFound,Microsoft.PowerShell.Commands.GetWinEventCommand



I cant sign in Microsoft store. Error say "We encountered error. Please try signing in again later"

 

[ChatGPT]

Thanks — that explains a lot. You’ve been running the right checks but PowerShell kept choking on the same small typo (using $. instead of $_) so the event queries returned errors. Also the Microsoft Store sign-in failing (“We encountered an error…”) confirms the token/broker/webview path is still broken — that’s the most likely reason the Enrol dialog opens then closes.
Do these in order (copy/paste the exact commands when shown). I’ll keep each step short and tell you what to expect.
A — Install WebView2 runtime (very common fix)

1. Download and install Microsoft Edge WebView2 Runtime (Evergreen). You can get it from Microsoft (install the Evergreen Bootstrapper). After install, reboot.
   Why: the Settings in‑app sign‑in system often uses WebView2; a missing/corrupt runtime makes sign-in popups fail instantly. This is a low-risk step.

B — Clear credentials, re-add MSA, reset Store

1. Open Control Panel → Credential Manager → Windows Credentials and Web Credentials → remove any entries that mention microsoft, live, your email, or account.microsoft.com.
2. Settings → Accounts → Your info → if it shows a Microsoft account, click Sign out (if you can) and then Sign in with a Microsoft account (use the same MSA). If it’s already the MSA, still use Email & accounts → Add an account → Microsoft account and sign in again (force a fresh token).
3. Reset the Store (run as admin):
   wsreset.exe
4. Re-register Store and broker (exact PowerShell commands — copy/paste each line into an elevated PowerShell):
   Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
   Get-AppxPackage -AllUsers Microsoft.AAD.BrokerPlugin | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }

Reboot after these steps. (You ran re-register before but with the typo; run the correct lines above.)
C — Quick checks after reboot

1. Try to sign in to Microsoft Store: open Store → profile icon → Sign in. If it still says “We encountered an error…”, note that exact message (you already did). That confirms the broker/WAM path is failing.
2. Confirm Enrol now behavior again: open Settings → Update & Security → Windows Update → click Enrol now and observe. If it still flashes, continue.

D — Event log & GUI Event Viewer (easier than PowerShell if the pipeline was tripping you)

1. Open Event Viewer (type Event Viewer).
2. In the left pane go to Applications and Services Logs → Microsoft → Windows → WebAccountManager → Admin (if present). Look for errors at the time you clicked Enrol now and paste the error text here.
3. Also check Windows Logs → Application and Windows Logs → System for errors at the same time.

(These GUI steps avoid the $_ pipeline issues you were seeing in PowerShell.)
E — If logs show nothing and Store sign‑in still fails: clean boot test

1. msconfig → Services → check “Hide all Microsoft services” → Disable all → Startup → Open Task Manager → disable non‑Microsoft startup items → Reboot.
2. Try Enrol now again. If it works, a third‑party app/service was blocking the token flow — re-enable items in small groups to find the culprit.

F — If still fails: Procmon capture (I’ll guide you step‑by‑step)
Procmon will show exactly which process/registry/file/API returns an error when the enrol dialog flashes. If you’re OK with that I’ll post the precise Procmon filters and capture steps (it’s a 1–2 minute capture and safe). Say “Yes — Procmon” and I’ll give those steps.
G — If you want a one‑click script (eligibility + re-register)
I can provide a small batch / PowerShell script that:

• Enables DiagTrack, adds the feature-override, runs ClipESUConsumer.exe -evaluateEligibility, and re-registers Store/AAD broker (the commands we ran). Tell me if you want that and I’ll paste it.

Why these steps

• You already met the update/build prerequisites (your build is 19045.6456), so the remaining failure mode is the in‑app sign‑in path (WAM/AAD broker/Store/WebView2). Reinstalling WebView2, clearing credentials, re-registering the broker/Store, and checking Event Viewer are the standard, low-risk fixes community and MS support threads show for the “grey window opens then disappears” symptom.

What I need from you next

• Install WebView2 and reboot, then run the exact re‑register commands I gave.
• Try to sign into Store and report whether it succeeds or gives the same error.
• If Enrol still flashes, open Event Viewer GUI and paste any errors found under Microsoft → Windows → WebAccountManager → Admin or under Application / System around the time you clicked Enrol now.
• If you prefer Procmon, say “Yes — Procmon” and I’ll post the capture steps.

I’ll stay with you through whichever path you choose.

 

[Sinisa]

PS C:\WINDOWS\system32> $start = Get-Date
>> Start-Process ms-settings:windowsupdate
PS C:\WINDOWS\system32> Get-WinEvent -FilterHashtable @{LogName='Application'; StartTime=$start} -ErrorAction SilentlyContinue |
>> Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|BrokerPlugin|AAD|WebAccount|MicrosoftAccount|Store|WinStore|SystemSettings' } |
>> Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 100 |
>> Format-List
>> Get-WinEvent -FilterHashtable @{LogName='System'; StartTime=$start} -ErrorAction SilentlyContinue |
>> Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker|AAD|WebAccount|Store|WinStore|SystemSettings' } |
>> Select-Object TimeCreated, ProviderName, Id, LevelDisplayName, @{Name='Message';Expression={$.Message}} -First 50 |
>> Format-List
$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

$.Message : The term '$.Message' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:6 char:16
+ Where-Object { $.Message -match 'ClipESU|ESU|Enroll|Enrol|WAM|Broker| ...
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ($.Message:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException




PS C:\WINDOWS\system32> Get-WinEvent -ListLog WebAccount | Select-Object LogName -First 10
Get-WinEvent : There is not an event log on the localhost computer that matches "WebAccount".
At line:1 char:1
+ Get-WinEvent -ListLog WebAccount | Select-Object LogName -First 10
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: ) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingLogsFound,Microsoft.PowerShell.Commands.GetWinEventCommand



I cant sign in Microsoft store. Error say "We encountered error. Please try signing in again later"

 

[ChatGPT]

Thanks — this is very helpful. The Store sign‑in error plus the enrol dialog flashing/closing strongly point to the in‑app sign‑in/token path (WebAccount/WAM/Store/WebView2) being broken on your PC. You’ve already covered the big update, service and AppX checks — next we’ll fix the sign‑in stack and test again.
I’ll keep this short and ordered. Do each step and tell me the result (especially whether Store sign‑in succeeds and whether Enrol now still flashes).
1) Install Microsoft Edge WebView2 (very common fix)

• Why: the Settings in‑app sign‑in often uses WebView2; missing/corrupt runtime causes the little sign‑in window to fail instantly.
• How: download and run the Evergreen WebView2 (Evergreen Bootstrapper) from Microsoft (name: msedgewebview2.exe). After install, reboot.
• After reboot: open Microsoft Store → try to Sign in. Report success or the exact error.

2) Clear cached Windows credentials and re-add your Microsoft account

• Control Panel → Credential Manager → Windows Credentials and Web Credentials → Remove any entries referencing microsoft / live / youremail or account.microsoft.com.
• Settings → Accounts → Email & accounts → Add an account → Microsoft account → sign in with the same MSA (even if it already shows in Your info).
• Reboot and try Store sign‑in and Enrol now again.

3) Reset & re‑register Store and AAD broker (copy/paste into an elevated PowerShell; these were run earlier but please run the corrected lines exactly)

• Open PowerShell as Administrator and run:
  wsreset.exe
  Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
  Get-AppxPackage -AllUsers Microsoft.AAD.BrokerPlugin | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
• Reboot and test Store sign‑in and Enrol now.

(These re‑register steps repair the Store / AAD broker token hand‑off the ESU wizard depends on.)
4) Quick network / proxy / time checks (1–2 commands)

• In an elevated Command Prompt run:
  netsh winhttp show proxy
  w32tm /query /status
• If a proxy is shown and you don’t use one, reset it:
  netsh winhttp reset proxy
• Also check system time/date is correct (Settings → Time & language). An incorrect clock breaks sign‑in tokens.

5) Use the Store Apps troubleshooter

• Settings → System → Troubleshoot → Other troubleshooters → Windows Store Apps → Run. Then test Store sign‑in and Enrol now.

6) If Enrol still flashes and Store sign‑in still fails: GUI Event Viewer check (avoid PowerShell typos)

• Open Event Viewer (type Event Viewer).
• Check: Applications and Services Logs → Microsoft → Windows → WebAccountManager → Admin (if present) for Errors at the time you clicked Enrol now.
• Also check Windows Logs → Application and Windows Logs → System for errors at the same time. Copy any error text (Provider, Event ID, Message) and paste it here.

7) Clean‑boot test (rules out third‑party interference)

• msconfig → Services → check “Hide all Microsoft services” → Disable all → Startup → Open Task Manager → disable non‑Microsoft startup items → Reboot → try Enrol now.
• If it works, re-enable groups of services/startup items to find the conflict.

8) If Event Viewer shows nothing and clean‑boot doesn’t help: Procmon capture (I can walk you step‑by‑step)

• Procmon will show exactly which process or API fails during the enrol attempt. If you’re OK with that, say “Yes — Procmon” and I’ll post the exact 1–2 minute capture instructions and filters.

Optional: force eligibility again (only if you want to repeat the registry/DiagTrack step)

• We already confirmed you have the required cumulative (your build 19045.6456 includes the October LCU), so this is optional, but the forced-evaluation sequence is the standard community/MS trick if the UI remains hidden. I previously posted the exact commands; see that step if you want to run it again.

Why these steps

• Your build and updates are OK (you meet the LCU/SSU prerequisite), so the remaining failure mode is the sign‑in/token/web‑view plumbing. Reinstalling WebView2, clearing cached credentials, re‑registering the Store/AAD broker, checking proxy/time, and examining Event Viewer are the usual low‑risk fixes used in community and MS guidance.

What I need from you next

• After step 1–3: tell me whether Microsoft Store sign‑in now succeeds.
• If Enrol still flashes, open Event Viewer GUI and paste any Errors from WebAccountManager / Application / System at the time you clicked Enrol now.
• Or say “Yes — Procmon” and I’ll give the Procmon steps.

If you want, I can give a single one‑click script that: installs the registry override, starts DiagTrack, runs ClipESUConsumer -evaluateEligibility, and re-registers Store/AAD broker. I don’t recommend that until we try WebView2 + credential reset + re-register first.
Which do you want to try now — WebView2 + re-register (recommended) or go straight to Procmon?

 

[Sinisa]

Please, can you post again your last post where you ask me to install MicrosoftEdgeWebview2. For some reason I lost this post.
BTW, I try to install it and I get message:
"Installation failed. Microsoft Edge Webview2 Runtime is already installed for the system"

 

[ChatGPT]

Sure — here’s the WebView2 install / verify / repair guidance again (clean, step‑by‑step). You already tried installing and the installer said “already installed,” so I include how to confirm the runtime, repair or reinstall it, then re-run the Store/AAD re‑register and test the ESU enrol flow.
Why this matters (short)

• The ESU enrol dialog uses an in‑app web sign‑in. WebView2 is often required for that embedded web view; a missing/corrupt WebView2 or a broken Store/WAM token path will make the tiny sign‑in window open and close instantly. This is a standard troubleshooting step used in community/MS guidance.

1) Confirm WebView2 is present (copy/paste in an elevated PowerShell)
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like 'WebView2' } |
Select-Object DisplayName, DisplayVersion, Publisher

• If that returns a row you have WebView2 installed and it will show the version. Paste the output here if you want me to check the version.

2) If installer said “already installed” — try a repair (GUI) first

• Open Settings → Apps → Installed apps (or Control Panel → Programs and Features).
• Find “Microsoft Edge WebView2 Runtime” (or similar). If there is a Modify / Repair option, choose Repair. Reboot after repair.
• If there’s only Uninstall, continue to step 3 to reinstall.

3) Reinstall / force reinstall (recommended if Repair not available)
Option A — Uninstall then reinstall (GUI)

• Settings → Apps → Installed apps → find Microsoft Edge WebView2 Runtime → Uninstall.
• Download the Evergreen Standalone installer (x64) from Microsoft (the standalone offline installer). Run it to install, then reboot.

Option B — Use the Evergreen Bootstrapper (small downloader)

• Download and run the small bootstrapper (msedgewebview2.exe). If it reports “already installed” you can still use the standalone from Option A to force a reinstall.

Option C — Use winget (if you have winget)

• In an elevated PowerShell or Cmd:
  winget install --id Microsoft.EdgeWebView2Runtime -e
  or to upgrade/force reinstall:
  winget upgrade --id Microsoft.EdgeWebView2Runtime -e

(Use whichever option you prefer — the standalone offline installer is the most reliable if the bootstrapper reports already installed.)
4) After reinstall / repair — reboot, then test Store sign-in

• Open Microsoft Store → click profile icon → Sign in (use same Microsoft account).
• Report whether sign-in succeeds or the same error appears.

5) Re-register Store / AAD broker (run these exact commands in an elevated PowerShell)
wsreset.exe
Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
Get-AppxPackage -AllUsers Microsoft.AAD.BrokerPlugin | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }

• Reboot after these commands.

6) Test ESU “Enrol now” again

• Settings → Update & Security → Windows Update → click Enrol now and watch whether the small grey window now proceeds or still flashes/closes.

7) If Store sign‑in still fails or Enrol still flashes

• Do these quick checks:
  a) Open Settings → Time & language → Date & time: ensure time is correct (wrong clock breaks tokens).
  b) Run (elevated) to check/reset proxy:
  netsh winhttp show proxy
  netsh winhttp reset proxy (only if you don’t use a proxy)
  c) Run the Windows Store Apps troubleshooter: Settings → System → Troubleshoot → Other troubleshooters → Windows Store Apps → Run.

8) If still failing — Event Viewer or Procmon

• Open Event Viewer GUI and check:
  Applications and Services Logs → Microsoft → Windows → WebAccountManager → Admin (errors around the time you click Enrol now) and Windows Logs → Application / System. Copy any Error event text (Provider, Event ID, Message) here.
• If Event Viewer is empty and Store sign-in still fails, say “Yes — Procmon” and I’ll give exact 1–2 minute Process Monitor instructions (filters and when to start/stop) so you can capture the failing process call; I’ll analyze the .PML.

If you want, I can paste direct download links for the WebView2 installers (bootstrapper and offline x64 installer) — tell me which you prefer (bootstrapper or offline standalone) and I’ll post the link.

 

[datawizard0103]

Here it is today 26. 10 . and I still don't have any confirmation that my ESU for EEA is activated. In the "Windows Update" window I have the message "Your version of WIndows has reached the end of support". "Your device is no longer receiving security updates. Enrol now to stay protected and productive for another year. "
I live in Croatia, European Union, my version of Windows is registered in Croatia. View attachment 112294Windows 10 ESU (Extended Security Updates) is a program for European users to get continued security updates for Windows 10 after the official support ended. For personal users in the EEA, Microsoft is offering this program for free for one year, from October 15, 2025, to October 13, 2026, provided you stay signed in to Windows with a Microsoft account. Enrolment is done through Windows Update, and a setup assistant will appear on your PC.

I found an article online that says that if you are in the EU, you should click "Enrol now". But in my case nothing happens. But when I click on "Enrol now" a gray window appears for a moment and disappears within a second.

Does anyone have a solution to this problem or have encountered the same problem?

Try this:
First, make sure you’re signed in with your Microsoft account under Settings > Accounts > Your Info. Then go to Settings > Windows Update > Troubleshoot > Other troubleshooters and run the Windows Update troubleshooter.
After that, open Command Prompt as admin and run sfc /scannow, then DISM /Online /Cleanup-Image /RestoreHealth. Reboot and check Windows Update again.
If it still won’t open the enrollment window, wait a day or two, Microsoft is rolling this out in stages across EEA regions, and Croatia might not be fully activated yet. You can also check for updates manually to see if the enrollment prompt reappears properly.

 

[Sinisa]

If I try to Confirm WebView2 is present, after copy/paste your comand I get:

PS C:\WINDOWS\system32> Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* -ErrorAction SilentlyContinue |
>> Where-Object { $_.DisplayName -like 'WebView2' } |
>> Select-Object DisplayName, DisplayVersion, Publisher
PS C:\WINDOWS\system32>


In point 2, I can' find WebView2 in program list, so, I can't deinstal it.

But I used option C and I get:
PS C:\WINDOWS\system32> winget install --id Microsoft.EdgeWebView2Runtime -e
Found Microsoft Edge WebView2 Runtime [Microsoft.EdgeWebView2Runtime] Version 141.0.3537.99
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://msedge.sf.dl.delivery.mp.mi.../MicrosoftEdgeWebView2RuntimeInstallerX64.exe
██████████████████████████████ 183 MB / 183 MB
Successfully verified installer hash
Starting package install...
Successfully installed

On point 4 I still cant sign in in Store


On point 5 I try to reregistred pasting your comands in PowerShell ad I get:

PS C:\WINDOWS\system32> wsreset.exe PS C:\WINDOWS\system32> Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
Add-AppxPackage : Deployment failed with HRESULT: 0x80073D02, The package could not be installed because resources it m
odifies are currently in use.
error 0x80073D02: Unable to install because the following apps need to be closed Microsoft.WindowsStore_22509.1401.11.0
_x64__8wekyb3d8bbwe.
NOTE: For additional information, look for [ActivityId] 05443406-49c5-0000-90a1-4605c549dc01 in the Event Log or use th
e command line Get-AppPackageLog -ActivityID 05443406-49c5-0000-90a1-4605c549dc01
At line:1 char:69
+ ... ch-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.I ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (C:\Program File...ppXManifest.xml:String) [Add-AppxPackage], Exception
+ FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand

PS C:\WINDOWS\system32> Get-AppxPackage -AllUsers Microsoft.AAD.BrokerPlugin | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
PS C:\WINDOWS\system32>


On point 6. I stil can't enrol. gray windows flash/close. I still can't sign in to Store.


On point 7. I run Windows Store Apps troubleshooter and Troubleshooter couldn't identify problem


On point 8. I cant find WebAccountManager.

Windows Logs → Application - I have 4 WARNINGS:
--30.10.2025. 18:56:17--WARNING-- Repair for operation Current against package Microsoft.MicrosoftPCManager_8wekyb3d8bbwe with error -2147024894 returned Error Code: -2147024891
--30.10.2025. 18:56:17--WARNING-- Triggered repair because operation Current against package Microsoft.MicrosoftPCManager_8wekyb3d8bbwe hit error -2147024894.
--30.10.2025. 18:56:17--WARNING-- Repair of state locations for operation Current against package Microsoft.MicrosoftPCManager_8wekyb3d8bbwe with error -2147024894 returned Error Code: -2147023584
--30.10.2025. 18:56:17--WARNING-- Triggered repair of state locations because operation Current against package Microsoft.MicrosoftPCManager_8wekyb3d8bbwe hit error -2147024894.


Windows Logs → System Have some errors:
-- 30.10.2025. 19:11:41-- ERROR -- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!Global.IrisService.AppXk4vtemtqrygqybv239mnaysgpbnbzdjr.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Global.IrisService.AppXwt29n3t7x7q6fgyrrbbqxwzkqjfjaw4y.mca

-- 30.10.2025. 19:11:41-- ERROR -- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!Global.DesktopSpotlight.AppXw4wx45genstxdj70egymmfm4qh2en5kp.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Global.DesktopSpotlight.AppXz2j21w56bgxkgsjhtn7zkjsepq96erz2.mca

-- 30.10.2025. 19:11:41-- ERROR -- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!Global.Accounts.AppXrjkczk9sedea5x6ev4segkbdds1ceg32.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Global.Accounts.AppXqe94epy97qwa6w3j6w132e8zvcs117nd.mca

-- 30.10.2025. 19:10:35-- ERROR -- Unable to start a DCOM Server: Microsoft.Windows.CloudExperienceHost_10.0.19041.6396_neutral_neutral_cw5n1h2txyewy!App.wwa as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\wwahost.exe" -ServerName:App.wwa

-- 30.10.2025. 19:08:18 -- WARNING -- The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user SINISAPC\linic SID (S-1-5-21-3899309704-635877832-2844596209-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

-- 30.10.2025. 19:06:43 -- ERROR -- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!WindowsBackup.AppXmzeec6fy3e5g0a4f413x6yqacenm8w54.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:WindowsBackup.AppXg20mfg639r98zjt111v82s19ze9v9t09.mca

-- 30.10.2025. 19:06:43 -- ERROR-- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!Global.RulesEngine.AppX8gzpacghv2s9j930904yat3efcaestd6.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Global.RulesEngine.AppXgphnekvm0vv49drvfehh4b6kyf6ckafp.mca

--30.10.2025. 19:06:43 -- ERROR-- Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_1000.19062.1000.0_x64__cw5n1h2txyewy!Global.IrisService.AppXk4vtemtqrygqybv239mnaysgpbnbzdjr.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:Global.IrisService.AppXwt29n3t7x7q6fgyrrbbqxwzkqjfjaw4y.mca

--

 

[ChatGPT]

Thanks — this is useful detail. Two clear signals from your logs:

• The Add-AppxPackage failure (0x80073D02) happened because the Store package was running while you tried to re-register it. The ActivityID in that error will give more detail if we inspect it.
• The System log DCOM errors (decimal 2147942402 = 0x80070002) mean the AppX background task host couldn’t start a number of app components (file not found / component unavailable). One entry also shows a Component Services permission (Local Activation) problem for a COM Server/APPID — that can block app-container components the Store and WebAccountManager rely on.

Below are focused, safe next steps in priority order. Do them one at a time and report results.
1) Close the Store process, then re-run the Store re‑register command

• Close the Microsoft Store window. Then in an elevated PowerShell run these to ensure any Store processes are stopped, then re-register:

Get-Process -Name Store -ErrorAction SilentlyContinue | ForEach-Object { Stop-Process -Id $_.Id -Force -ErrorAction SilentlyContinue }

now re-register​

Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }
If you get the same ActivityID error, capture the package log for that ActivityID (use the exact ID from your error):
Get-AppPackageLog -ActivityID 05443406-49c5-0000-90a1-4605c549dc01
Paste the full output here — it tells us exactly why the package install/repair failed. (You were told this earlier in the Add-AppxPackage error text.)
2) If re‑register still fails, remove and reinstall the Store package (try only if Add-AppxPackage repeatedly fails)

• Remove Store for the current user (this is reversible but be cautious):

Get-AppxPackage Microsoft.WindowsStore -AllUsers | Remove-AppxPackage

• Then reinstall the Store (from Microsoft) or re-register the system copy (if offline installer available). If you prefer not to remove the Store, skip to step 3 and consider repair install (step 6) instead.

3) Fix the DCOM / Local Activation permission error

• Open Component Services:
  Run dcomcnfg
  Component Services → Computers → My Computer → DCOM Config
• Find the entry whose APPID matches the GUID from your Event Log (APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402}). If the friendly name column is blank, find the matching key in the registry:
  reg query "HKCR\AppID{15C20B67-12E7-4BB6-92BB-7AFF07997402}" /s
• In DCOM Config right‑click the matching application → Properties → Security tab → under Launch and Activation Permissions choose Customize → Edit → Add the local user account shown in your error (SINISAPC\linic) and grant Local Activation (tick Allow) → OK → Reboot.

That permission fix addresses the specific Event Log warning you shared and often restores the ability for app containers to activate background tasks used by the Store / WebAccount broker. If you’re not comfortable editing DCOM permissions I can give step‑by‑step screenshots/text for each mouse click.
4) Re-check WebAccountManager / AppX service logs (GUI Event Viewer)

• Open Event Viewer (no PowerShell): Applications and Services Logs → Microsoft → Windows → WebAccountManager → Admin (if present). Also check Windows Logs → Application and System for errors at the time you click Enrol now. Copy any Error/Warning text (Event ID and Message) and paste here.

5) Verify WebView2 and reset Store again (you already installed WebView2 via winget — good)

• Confirm WebView2 installed (PowerShell):
  Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* -ErrorAction SilentlyContinue |
  Where-Object { $_.DisplayName -like 'WebView2' } |
  Select-Object DisplayName, DisplayVersion, Publisher
• Then run the Store reset & broker re-register again (after you stop Store processes):
  wsreset.exe
  Get-AppxPackage -AllUsers Microsoft.AAD.BrokerPlugin | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" }

(You already installed WebView2 — good — but the DCOM / Store package issues need to be resolved for sign-in to work.)
6) If several AppX / background tasks remain broken, consider an in‑place Windows repair (recommended if steps above don’t fix)

• An in‑place repair (Windows 10 repair install using the Media Creation Tool / ISO) refreshes all system files and built‑in apps while keeping your apps and files. Given the repeated AppX/DCOM backgroundTaskHost errors, an in‑place repair is often the fastest reliable fix. I can give the step‑by‑step for that when you’re ready.

7) Short-term workaround to get ESU entitlement onto your account

• If nothing on this PC will enroll, you can enroll another eligible Windows 10 22H2 PC using the same Microsoft account — the consumer ESU entitlement is associated with the MSA. After enrolling there the account will have the entitlement. This is a useful workaround while we fix this device. Community guidance shows this approach as an option.

Why these steps

• The flashing/closing ESU enrol dialog is caused by the same in‑app sign‑in/token path the Store uses (WebAccountManager/WAM/AAD broker + WebView2). Your Store sign‑in failing plus the DCOM/AppX errors indicate the underlying Store/AAD/WAM infrastructure on this PC is broken or missing permissions — not the ESU service itself. Re‑registering the Store while it’s running causes 0x80073D02 errors, and the DCOM 0x80070002 errors indicate background components cannot be started. Fixing the DCOM permission and repairing the Store/AppX packages is the right next step.

Commands summary (copy/paste in elevated PowerShell)

• Stop Store and re-register:
  Get-Process -Name Store -ErrorAction SilentlyContinue | ForEach-Object { Stop-Process -Id $.Id -Force -ErrorAction SilentlyContinue }
  Get-AppxPackage -AllUsers Microsoft.WindowsStore | ForEach-Object { Add-AppxPackage -DisableDevelopmentMode -Register "$($.InstallLocation)\AppXManifest.xml" }
• Get the detailed package install error (if you have ActivityID from a failure):
  Get-AppPackageLog -ActivityID 05443406-49c5-0000-90a1-4605c549dc01
• Check WebView2:
  Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* -ErrorAction SilentlyContinue |
  Where-Object { $_.DisplayName -like 'WebView2' } |
  Select-Object DisplayName, DisplayVersion, Publisher

If you want, I can:

• Walk you step‑by‑step through the dcomcnfg permission change with exact mouse clicks and the exact registry query to map APPID→name; or
• Give the in‑place repair instructions (Media Creation Tool) and a checklist to back up and run it safely; or
• Walk through a Procmon capture to show the precise failing calls (useful if you want a less‑invasive attempt before repair).

Tell me which you want next (DCOM permission steps, run the Stop‑Store + re‑register commands and paste the Get-AppPackageLog output if it fails, Procmon, or in‑place repair). I’ll guide you through the exact commands/clicks.

 

[Sinisa]

I reinstaled Microsoft Store but I still cant log in.

I don't know what that mean: Find the entry whose APPID matches the GUID from your Event Log (APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402}). If the friendly name column is blank, find the matching key in the registry:

What is "matching application" In DCOM Config?

 

[ChatGPT]

Good — I’ll walk you through exactly how to find the “matching application” for the APPID GUID and how to grant the Local Activation permission the Event Log error mentioned. Do this carefully and make a restore point first.
Short explanation

• The APPID in the Event Log (for example {15C20B67-12E7-4BB6-92BB-7AFF07997402}) identifies a COM application registration. The “matching application” in Component Services is the DCOM entry whose Application ID equals that GUID. We’ll find the friendly name for that APPID in the registry, then locate that same friendly name in Component Services → DCOM Config and edit its Launch & Activation permissions to add your user and allow Local Activation. This fixes the “Local Activation permission” error you saw.

Step A — create a restore point (optional but recommended)

1. Type Create a restore point in Start → open it → System Protection tab → Create → give a name → OK.

Step B — map APPID → friendly name (exact command)

1. Open an elevated Command Prompt (Run as administrator).
2. Run this (replace the GUID if yours is different):

reg query "HKCR\AppID{15C20B67-12E7-4BB6-92BB-7AFF07997402}" /ve

• Output example:
  (Default) REG_SZ Microsoft.SomeComponent

That Default value is the friendly name used in Component Services. If the command returns ERROR: The system was unable to find the specified registry key, tell me and I’ll give the alternative lookup.
(If you prefer PowerShell, this does the same
powershell -Command "(Get-ItemProperty 'HKCR:\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}').'(default)'"
Step C — open Component Services and find the entry

1. Press Win+R → type dcomcnfg → Enter (this opens Component Services).
2. In the tree: Component Services → Computers → My Computer → DCOM Config.
3. The right pane lists many entries. Look for the friendly name you got from the registry (the Default value). That is the “matching application.”
   • If the friendly name column is not visible, look through the Name column for a similar name — the registry Default is the same text that appears in DCOM Config.
   • If you don’t see it, sort by “Application ID” column (if visible). If the Application ID column is not shown you can add columns via View → Add/Remove Columns (look for “Application ID” or similar) and display it so you can match the GUID directly.

Step D — grant Local Activation to your user

1. Right‑click the matching application → Properties.
2. Open the Security tab.
3. Under Launch and Activation Permissions click Customize → Edit.
4. Click Add → Type the user name exactly (SINISAPC\linic) → Check Names → OK.
5. Select that user in the list, then under Allow check Local Activation (and Local Launch if you want to be safe).
6. Click OK / Apply / Close.
7. Reboot the PC.

Notes and extras

• If the friendly name/APPID lookup returns a system name like Microsoft.Windows.* and you can’t find it in DCOM Config or the UI blocks you, tell me what the reg query returned and I’ll map it for you.
• If you see “All application packages” or SYSTEM already in the list, that’s normal. Adding your user explicitly (SINISAPC\linic) and granting Local Activation is what the EventLog entry recommended.
• The DCOM permission change is safe if you only add the single local user and grant Local Activation. Still, having a restore point is wise.

If the AppID registry key is missing or the DCOM entry is not present

• Tell me the reg query output (paste it here). If the registry key is missing or the DCOM entry is not present, we’ll try repairing the corresponding AppX/system component (I can give the commands or the in‑place repair steps). Your Event Log showed several AppX/DCOM background task host errors (0x80070002) — those often mean a system repair is needed if multiple app components are missing.

Would you like me to:

• Give the exact reg query command again for paste (I already listed it), and then walk you step‑by‑step with screenshots for the dcomcnfg click path?
• Or, if you prefer, paste your reg query output here and I’ll tell you the exact Component Services entry name and the exact permissions to set.

Tell me which you want and paste the reg query output if you ran it (or I can walk you through clicking dcomcnfg).