locked
Windows Updates error with WSUS server Code 8024401f RRS feed

  • Question

  • Hello,

    I've had to rebuild our WSUS 2012R2 server.  Computers and servers are showing up, but not showing how many patches are needed (it's been days now).  If I go to a computer and manually try and run the Windows update I immediately get the error code:

    8024401f 

    Has anyone seen this, maybe there is an issue with IIS in WSUS.

    On a computer I see (windowsupdate.log):

    2017-04-21 14:34:44:229780 9becWS WARNING: Nws Failure: errorCode=0x803d000f
    2017-04-21 14:34:44:229780 9becWS WARNING: There was an error communicating with the endpoint at 'http://wsus:8530/ClientWebService/client.asmx'.
    2017-04-21 14:34:44:229780 9bec WS WARNING: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
    2017-04-21 14:34:44:229780 9bec WS WARNING: The server was unable to process the request.
    2017-04-21 14:34:44:229780 9bec WS WARNING: MapToSusHResult mapped Nws error 0x803d000f to 0x8024401f
    2017-04-21 14:34:44:229780 9bec WS WARNING: Web service call failed with hr = 8024401f.



    • Edited by TB303 Friday, April 21, 2017 3:42 PM
    Friday, April 21, 2017 1:11 PM

Answers

All replies

  • Am 21.04.2017 schrieb TB303:

    I've had to rebuild our WSUS 2012R2 server.  Computers and servers are showing up, but not showing how many patches are needed (it's been days now).  If I go to a computer and manually try and run the Windows update I immediately get the error code:

    8024401f 

    There is a new entry in GPO:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    UpdateServiceUrlAlternate = http://yourWSUS:8530
    Restart the whole Server/Client and try again.

    Winfried


    WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
    http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
    http://www.wsuswiki.com/Home

    Friday, April 21, 2017 3:45 PM
  • I will check that very soon, but I think it maybe something to do with the Web.config in C:\Program Files\Update Services\WebServices\ClientWebService.

    I had to make a manual change to it according to a KB I can't find (maybe KB3159706), but I took a backup of the original and rolled back and I don't get that error.  I think I need to edit that Web.config properly as it's need for Windows 10 updates.

    Do you know where I can get a copy of such a file so I can past in the info?


    • Edited by TB303 Friday, April 21, 2017 4:24 PM
    Friday, April 21, 2017 4:23 PM
  • Am 21.04.2017 schrieb TB303:

    I will check that very soon, but I think it maybe something to do with the Web.config in C:\Program Files\Update Services\WebServices\ClientWebService.

    I had to make a manual change to it according to a KB I can't find (maybe KB3159706), but I took a backup of the original and rolled back and I don't get that error.  I think I need to edit that Web.config properly as it's need for Windows 10 updates.

    Do you know where I can get a copy of such a file so I can past in the info?

    You can install a new WSUS and take this web.config File. But you need
    only to change the web.config if your WSUS is using SSL. Your WSUS is
    listening on port 8530 or 8531? If 8530, you don't have to change
    something in web.config.

    Winfried


    WSUS Package Publisher: http://wsuspackagepublisher.codeplex.com/
    http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
    http://www.wsuswiki.com/Home

    Friday, April 21, 2017 6:14 PM
  • In the windowsupdate.log file I see it using http://wsus:8530/selfupdate/ I'm already updated the file though, should it matter as I can see computers reporting in now?

    If I put http://wsus:8530/selfupdate/ into a browser I just get a blank page, is that right?

    Are there any other WSUS urls I can use?

    Thanks

    Sunday, April 23, 2017 5:32 PM
  • Hi TB303,

    Do you get any progress with your issue? If still not, what is the situation now?

    Could you provide the screenshot of the WSUS overview?

    Besides, enable the IIS log for WSUS site, if clients still have issues checking updates from the WSUS server, also check the IIS log for further troubleshooting.

    Best Regards,

    On the clients, try resetting windows updates components if you haven't done it:

    https://support.microsoft.com/en-us/kb/971058

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 25, 2017 7:13 AM
  • If I run windows update it says no updates required, but I run it from the Internet is needs many.  In WSUS it says 8.

    The windows log says it's going to Got WSUS SelfUpdate URL: "http://wsus:8530/selfupdate"  Which is defined in out Group Policy, how do I know if this is correct or if it should be using SSL?  8531 I think.

    I see this in the Computer log file

    FATAL: SLS:CSLSRequest::RetrieveAdditionalAttributesIfRequired: CoCreateInstance failed with 0x80040154.

    FATAL: GetClientUpdateUrl failed, err = 0x8024D009

     * Found 0 updates and 82 categories in search; evaluated appl. rules of 580 out of 1369 deployed entities

    Reporting status event with 8 installable, 86 installed,  0 installed pending, 0 failed and 0 downloaded updates

    Thanks

    Tuesday, April 25, 2017 1:28 PM
  • If I run this on a Computer I get a run-time error, have you seen this before if so how to I fix it:

    http://wsus:8530/ReportingWebService/ReportingWebService.asmx

    Tuesday, April 25, 2017 3:58 PM
  • Tuesday, April 25, 2017 4:03 PM
  • Built a Windows 2016 WSUS server and everything works now.
    Thursday, April 27, 2017 11:19 AM
  • Hi TB303,

    Glad to hear you have made it work, then you may mark your reply as answer.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 27, 2017 11:24 AM
  • I have a Windows Server 2016 WSUS server and a Windows Server 2016 Client and I still get following error on the client:

    Windows Update failed to check for updates with error 0x8024401F. 

    Would someone know why ?

    Friday, September 15, 2017 8:02 AM
  • Just because it's a new WSUS Server doesn't mean that it's optimized! Use my script to optimize it and clean out the crud from the base install or an already in-use production WSUS Server.

    Shah.tejas - My script will probably fix your issue too! It fixes a boatload of issues with WSUS.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Monday, September 18, 2017 2:47 AM