locked
WSUS - Failure to Install 1607 Error 0x8024201c RRS feed

  • Question

  • Afternoon,

    We have just setup a Windows Server 2016 with WSUS. This server is fully updated as well.
    We have noticed that doing updates is fine and the machines update and prompt as required, but as you approve an Upgrade they always fail.

    We are trying to upgrade machines from 1511 to 1607 and each time we get the following errors reported within WSUS:

    Update: Feature update to Windows 10 Enterprise, version 1607, en-us

    Event 1: (Unable to Find Resource:) ReportingEvent.Client.181; Parameters: Feature update to Windows 10 Enterprise, version 1607, en-us

    Event 2: Installation Failure: Windows failed to install the following update with 
    error 0x8024201c: Feature update to Windows 10 Enterprise, version 1607, en-us

    Event 3: (Unable to Find Resource:) ReportingEvent.Client.167; Parameters: Feature update to Windows 10 Enterprise, version 1607, en-us

    Event 4: Download succeeded.

    From Event 5 it repeats itself as above.

    I am now stuck and unsure what else I can look at to get this working, as most people out there are talking about Server2012 and the fixes are already implemented on Server2016.

    These are out GPO Settings:

    • Computer Config -> Policies -> Administrative Template
      • Windows Components/Maintenance Scheduler

    Automatically Maintenance Activation Boundary

    Enabled

     

     

    Regular Maintenance activation boundary

    2000-01-01T14:00:00

    Automatic Maintenance random delay

    Enabled

     

     

    Regular Maintenance Random Delay

    PT1H

    • Windows Components/Windows Update

    Allow Automatic Updates immediate installation

    Enabled

     

    Allow non-administrators to received update notifications

    Enabled

     

    Automatic Updates detection frequency

    Enabled

     

     

    Check for updates at the following interval

    1

    Configure Automatic updates

    Enabled

     

     

    Configure automatic updating

    4 - Auto download and schedule the install

     

    Install during automatic maintenance

    Disabled

     

    Scheduled install day

    0 - Every day

     

    Scheduled install time

    14:00

    Delayed Restart for scheduled installations

    Enabled

     

     

    Wait the following period before proceeding with a scheduled restart

    5

    Do not display 'Install updates and shutdown' option in the shutdown windows dialog box

    Disabled

     

    Enable client-side targeting

    Enabled

     

     

    DSDB - TestGroup

     

    No auto-restart with logged on users for scheduled automatic update installations

    Enabled

     

    Re-prompt for restart for scheduled installations

    Enabled

     

     

    Wait the following period before proceeding with a scheduled restart

    5

    Reschedule automatic update scheduled installations

    Enabled

     

     

    Wait after system startup

    5

    Specify intranet Microsoft update service location

    Enabled

     

     

    Set the intranet update service for detecting updates

    http://server.domain:8530

     

    Set the intranet statistics server

    http://server.domain:8530

    Turn on recommended updates via Automatic updates

    Enabled

     

    Turn on software notifications

    Enabled

     

    Any help would be greatly appreciated.


    Wednesday, August 23, 2017 2:17 PM

Answers

  • To update the post...

    I have to move away from this project for a few weeks, but have now come back to looking into it.
    The machines are now installing upgrades... nothing has changed in the last few weeks on the server or the machines.

    "Nothing has changed, please try again"

    I will re-post if anything else breaks.

    Tuesday, October 31, 2017 9:22 AM

All replies

  • Hello,

    You can try to modify the settings for the WSUS Pool from the IIS Manager. 

    More details about the procedures, please see the following article.

    https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 24, 2017 8:53 AM
  • Hello,

    You can try to modify the settings for the WSUS Pool from the IIS Manager. 

    More details about the procedures, please see the following article.

    https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Hi Andy, 

    These changes had been made previously as well, I double checked after your post and the settings are as set in the link above. 

    I also checked to see if the machine updated today and is still failing with the same event logs.
    (Also to confirm the OS is Server 2016, not Server 2012 R2)

    Thanks


    Thursday, August 24, 2017 2:05 PM
  • Hello,

    You can try the following method.

    Please disable the anti-virus program on the Client PC temporarily, and then try to install the update again.

    Additionally, please remove the proxy settings on the Client PC.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, August 30, 2017 10:11 AM
  • Hello,

    You can try the following method.

    Please disable the anti-virus program on the Client PC temporarily, and then try to install the update again.

    Additionally, please remove the proxy settings on the Client PC.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Hi Andy

    Thanks for the reply.
    The client machine has no Anti-Virus installed at current, Windows Defender and Windows Firewall is disabled by GPO.

    There are also no proxy settings on the client machine or the server.

    Thanks

    Wednesday, August 30, 2017 10:50 AM
  • My script usually fixes problems like this. I also don't believe it would be an issue with 2016, but run .\Clean-WSUS.ps1 -DirtyDatabaseCheck as well. It should say your database is clean. If it's not, it will fix it, but I'm 99% sure it's already clean.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Saturday, September 2, 2017 1:59 AM
  • My script usually fixes problems like this. I also don't believe it would be an issue with 2016, but run .\Clean-WSUS.ps1 -DirtyDatabaseCheck as well. It should say your database is clean. If it's not, it will fix it, but I'm 99% sure it's already clean.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Hi Adam,

    I found your script at the start of be doing the WSUS setup so it has been running from almost day 1 of the installation, very nice script and work btw!

    Unfortunately, it does not help with the issue we are facing.

    I have managed to get 2 PCs to update now though with 1607, and I am investigating what could of been blocking, as it might be a global GPO stopping it.

    Thanks

    Friday, September 15, 2017 8:44 AM
  • Are you using version 3.0 (released Sept 1st), and what's the output of .\Clean-WSUS.ps1 -DirtyDatabaseCheck?

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Friday, September 15, 2017 1:43 PM
  • Are you using version 3.0 (released Sept 1st), and what's the output of .\Clean-WSUS.ps1 -DirtyDatabaseCheck?

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Hi Adam

    Starting the connection to the SQL database and WSUS services. Please wait...
    Connected to the WSUS server ukntmdms02.dsdb.int
    Executing DirtyDatabaseCheck

    Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
    --     ----            -------------   -----         -----------     --------             -------
    1      Job1            BackgroundJob   Completed     True            localhost            sqlcmd -S np:\\.\pipe\...
    You have a clean database.
    Monday, September 18, 2017 8:33 AM
  • From the client, run from Admin CMD Prompt:

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "%WinDir%\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow

    Does that help


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Monday, September 18, 2017 12:52 PM
  • To update the post...

    I have to move away from this project for a few weeks, but have now come back to looking into it.
    The machines are now installing upgrades... nothing has changed in the last few weeks on the server or the machines.

    "Nothing has changed, please try again"

    I will re-post if anything else breaks.

    Tuesday, October 31, 2017 9:22 AM