none
MDT Task sequence fails to install windows updates from local WSUS server -2145107943 0x80244019 RRS feed

  • Question

  • ZTIWindowsUpdate fails to connect to my local WSUS server when it runs.

    Here's what happens when I run ZTIWindowsUpdate.wsf manually from the deployment share:

    Z:\Scripts>cscript ZTIWindowsUpdate.wsf
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    Microsoft Deployment Toolkit version: 6.2.5019.0
    Begin Windows Update. Reboot=[]  Retry=[]  Count = 5
    Property MSIT_WU_Count is now = 6
    Configuring Windows Update settings (manual update, use serv
    Windows Update Agent verion 6 found, OK to continue
    Ready to Opt-In to Microsoft Update: WUA Version: 7.6.7600.2
    Registered Update Service: 9482f4b4-e343-43b6-b170-9a65bc822

    Registered Update Service: 7971f918-a847-4430-9279-4a52d1efe
    te
    Registered Update Service: 3da21691-e39d-4da6-8a4b-b43877bcb
     Update Service
    Microsoft Update Service:  Enabled = True
    Command Line Procesed Query=False Registered=False  UpdateCo
     0 and IsHidden = 0]
    Start Search...
    FAILURE (Err): -2145107943  0x80244019: Windows Update, sear
    Restore NoAutoUpdateKey to <empty>.
    ZTI ERROR - Non-zero return code by ZTIWindowsUpdate, rc = 1

    My customsettings.ini file has the WSUSServer=http://wsusserver property configured.

    It does this every single time, I have never been able to get this to work.  The MDT and WSUS server are on the same subnet.

    There is little info out there on what this error code is - seems like it's one of those awful generic errors.

    Tail end of c:\windows\windowsupdate.log on a client deployed with litetouch.

    2014-05-26 12:02:58:213 892 714 COMAPI FATAL: Unable to perform synchronous search. (hr=80244019)
    2014-05-26 12:02:58:229 892 714 COMAPI ISusInternal::DisconnectCall failed, hr=8024000C
    2014-05-26 12:02:58:244 892 714 COMAPI waiting for worker thread to complete
    2014-05-26 12:03:01:026 924 974 Report REPORT EVENT: {DCA7EADF-C42F-4548-9795-A10EBB86F439} 2014-05-26 12:02:58:213+1200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244019 Failure Software Synchronization Windows Update Client failed to detect with error 0x80244019.
    2014-05-26 12:03:01:026 924 974 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2014-05-26 12:03:01:026 924 974 Report WER Report sent: 7.6.7600.256 0x80244019 00000000-0000-0000-0000-000000000000 Scan 101 Managed
    2014-05-26 12:03:01:026 924 974 Report CWERReporter finishing event handling. (00000000)
    2014-05-26 12:03:38:916 924 638 AU ###########  AU: Initializing Automatic Updates  ###########
    2014-05-26 12:03:38:916 924 638 AU  # WSUS server: http://<wsusserver>
    2014-05-26 12:03:38:916 924 638 AU  # Detection frequency: 22
    2014-05-26 12:03:38:916 924 638 AU  # Approval type: Scheduled (User preference)
    2014-05-26 12:03:38:916 924 638 AU  # Scheduled install day/time: Every day at 3:00
    2014-05-26 12:03:38:916 924 638 AU  # Auto-install minor updates: Yes (User preference)
    2014-05-26 12:03:38:916 924 638 AU  # Will interact with non-admins (Non-admins are elevated (User preference))
    2014-05-26 12:03:38:916 924 638 AU Setting AU scheduled install time to 2014-05-26 15:00:00
    2014-05-26 12:03:38:916 924 638 AU Successfully wrote event for AU health state:0
    2014-05-26 12:03:38:916 924 638 AU Initializing featured updates
    2014-05-26 12:03:38:916 924 638 AU Found 0 cached featured updates
    2014-05-26 12:03:38:916 924 638 AU Successfully wrote event for AU health state:0
    2014-05-26 12:03:38:916 924 638 AU Successfully wrote event for AU health state:0
    2014-05-26 12:03:38:916 924 638 AU AU finished delayed initialization
    2014-05-26 12:03:43:916 924 974 Report CWERReporter finishing event handling. (00000000)

    It does seem to get the property from my customsettings.ini (I have edited it in the above log). I think this might be unrelated to MDT and a WSUS issue?

    Anyone encountered this before?

    Monday, May 26, 2014 12:25 AM

Answers

  • The error indicates that IIS is returning a "404 not found" error back to the Windows Update Agent.  That might mean that you need to specify the correct port that WSUS is listening on, e.g.:

    WSUSServer=http://yourserver:8530


    Thanks,
    -Michael Niehaus
    Senior Product Marketing Manager, Windows Deployment
    http://blogs.technet.com/mniehaus
    mniehaus@microsoft.com

    • Marked as answer by JR29 Monday, May 26, 2014 3:24 AM
    Monday, May 26, 2014 1:55 AM

All replies

  • The error indicates that IIS is returning a "404 not found" error back to the Windows Update Agent.  That might mean that you need to specify the correct port that WSUS is listening on, e.g.:

    WSUSServer=http://yourserver:8530


    Thanks,
    -Michael Niehaus
    Senior Product Marketing Manager, Windows Deployment
    http://blogs.technet.com/mniehaus
    mniehaus@microsoft.com

    • Marked as answer by JR29 Monday, May 26, 2014 3:24 AM
    Monday, May 26, 2014 1:55 AM
  • thank you so much you're a life saver.

    We use the default port for WSUS.  I've added it to CustomSetting.ini and now my litetouch deployment is installing windows updates in the pre-application installation phase which I enabled.

    Funny that the documentation doesn't seem to mention a port, just the name of the server.

    Cheers


    • Edited by JR29 Monday, May 26, 2014 3:26 AM
    Monday, May 26, 2014 3:25 AM
  • Hello,

    same error on my Windows 10 Enterprise LTSB 2016 deployment - unfortunately not the same reason. I already set WSUS in CustomSettings.ini to http://UPDATE.company.local:8530 but still get this error.

    Any other possible reason for this failure? Sometimes I get 2 errors and 2 warnings in the final UDT summary - once it ran through successfully without any problem after I enabled Windows feature HTTP activation on WSUS server as describes in some KB article. But after another try it failes again. Whether local client logs nor MDT logs show any hints. Seems to occur randomly...

    Regards

    Martin


    • Edited by finiusWI Sunday, April 23, 2017 3:44 PM
    Sunday, April 23, 2017 3:43 PM
  • I'm having a similar problem.  I'm getting 2 warnings / errors at the end of my Task Sequence.  Both saying they could not install Windows Updates.  I'm wondering if it's because my WSUS is on 2016 and I have to connect to it via https://

    I haven't seen anyone else mentioning https, and whenever I do see people's instructions its always http://

    Think this might be the issue?  I've tried updating my config file and it still doesn't seem to connect.


    Righteousrog

    Friday, September 29, 2017 10:31 PM
  • Sadly nothing seems to happen here, so I used to live with this warnings until I found an error in Server 2016:

    Unfortunately, the Network Service does not have all the permissions it needs to operate flawless in Server 2016. For example VSS has problems when querying VSS providers.

    It took me some time to find, that you can fix this by giving Network Service appropriate access to some system folders. Just apply the following command in an elevated shell on the WSUS (and/or any other Server 2016) server, as this is a general problem even on Windows 10. So, that's why I execute this command during any of my Server 2016 or Windows 10 deployment:

    sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    Another reason why updates during deployment can fail is installing Windows device Drivers during deployment. Many suggest to not downlod Drivers - neither to the WSUS update store nor during deployment to the client. So disable driver update search on the to be deployed client (for example by a gpo or reg key injection before your Windows Update step) during deployment. (If for example LAN drivers are updated, network connection may break your deployment)

    Think of applying an auto-approval rule for downloading updates con your WSUS configuration - at least, approve any urgent and important Windows updates immediately and automatically.

    I also changed the settings of the "WSUSPool" application pool in IIS on the WSUS server.
    In "advanced settings" I set the private memory limit to 0 as my WSUS used to crash from time to time, which also prevents updates from beeing loaded during deployment.

    However, I think was I was able to highly reduce the Problems, as I now mostly do get a white summary page at the end of my deployments.

    Hope this helps anyone.

    Regards

    Martin


    • Edited by finiusWI Monday, October 2, 2017 8:15 AM typos
    Monday, October 2, 2017 8:10 AM