WSUS stuck on “Downloading Updates 0%” for Windows 10 1503, 1511, 1607, 1703 upgrades and 7/8 to 10 upgrade.
Wow, that’s some title gore.
In my work I have taken ownership of our WSUS Server. All updates have been approved/declined fine and are deploying and installing correctly, with the exception of the Windows 10 Feature Updates. These are the major updates to Windows 10, versions 1511, 1607 and 1703, more commonly know as the Anniversary and Creators’ updates. The symptoms of this issue is the machine appears to start to download the update and then gets stuck on “Downloading Updates 0%”.
The tl;dr version is that I am 99% sure it is down to the corporate proxy. We added a entry on our internal squid proxy for the WSUS server name and the FQDN of the WSUS server as resolutions to the web server that WSUS ran on was failing, even though the GPO for specifying the download location was set correctly. If you would like to test it yourself I would suggest changing the hosts file of an affected machine. I am still in the process of testing this, however, and will update when I am fully happy how to solve the issue.
First off, check the WindowsUpdate.log file on the client. This can be found on C:\Windows\WindowsUpdate.log on Windows 7, or by invoking the Powershell command get-windowsupdatelog on a Windows 10 machine.
Check the server status:
2017/06/23 11:51:16.7784571 1068 1500 Agent
WSUS server: http://officewsus01.top.level.domain:85302017/06/23 11:51:16.7784577 1068 1500 Agent
WSUS status server: http://officewsus01.top.level.domain:8530
Check that the reporting and client/server URL is set and accessible on the client
2017/06/23 11:48:43.9962046 288 4180 Misc
Got WSUS Reporting URL: http://officewsus01.top.level.domain:8530/ReportingWebService/ReportingWebService.asmx””
2017/06/23 11:48:44.0327708 288 4180 Misc
Got WSUS Client/Server URL: http://officewsus01.top.level.domain:8530/ClientWebService/client.asmx””
Check for 0x80244022 for filetypes, especially the .esd and .exe, and look at the URL.
2017/06/23 10:18:41.2272275 892 1020 DownloadManager
2017/06/23 10:18:41.2309928 892 1020 DownloadManager
Error 0x80244022 occurred while downloading update; notifying dependent calls.
If I browsed to the http://officewsus01:8530/Content/0F/ACAF6BAF9D5F52B23E3136BB847CFDB49E357B0F.esd URL, I got a “page cannot be displayed” error message. If I manually changed the URL to http://officewsus01.top.level.domain:8530/Content/0F/ACAF6BAF9D5F52B23E3136BB847CFDB49E357B0F.esd it worked fine.
We put in a entry in the hosts file of the machine name and the fqdn of the wsus server name and then tried to access the http://officewsus01:8530/Content/0F/ACAF6BAF9D5F52B23E3136BB847CFDB49E357B0F.esd URL which worked. Checked for update, this then downloaded the content fine.
Further reading: my WSUS Technet forum thread.
When trying to resolve this I:
- Check that the KB3159706 for decryption of ESD content is installed
- Checked that the prerequisites for KB3095113 are all installed
- Checked that the KB3095113 for WSUS support for Windows 10 feature upgrades.
- Set the MIME type on the IIS Server for the .esd file and .msu file types(which the above update should have sorted).
- Removed the Windows Update cache from the machines, stopped the BITS/Windows Update services and restarted.
- Restarted IIS Website
- Rebooted WSUS server
- Checked Windows Firewall status (disabled on Server)
- Asked the Windows 10 machine to get updates from Windows Updates rather than WSUS (this appeared to download and install OK) so this makes me think it’s an issue with our WSUS server.
- Installed the Windows 10 ADMX templates and set the “Download Mode” in GPO to both “Bypass” and “HTTP only”.
- Set WSUS to download express installation files (don’t do this unless you have the storage, it bloats the WSUS content folder).
- Build a different Windows Server 2012 R2 machine, updated Windows Update GPO policy and got machines checking in, but download of this one update does still not happen.