Updates fail to download. WindowsUpdate.log file shows hr = 8024401b

[atesser]

I’m really grateful that you proactively start topics which might affect your user base; thank you. I have a question which pertains to this error:

All of my systems are configured to check in with a WSUS server on our network. I’m trying to figure out why the proxy would even come in to play in this scenario. Is there a reason that a system which is configured to connect to a local WSUS server would still need access to the internet via our proxy?

[doug]

I’m not sure. I think it’s the case that the Windows Update Agent still attempts to make some calls to Microsoft, even though update searching and downloading will come from your local WSUS. To be sure, you can/should confirm this behavior in the WindowsUpdate.log.

My best guess as to what happens is that under normal circumstances with no proxy in the picture, if the Windows Update Agent attempts to reach out to Microsoft’s servers (as part of it’s normal processing even though it will search for and download updates on your local WSUS) but fails to reach those Microsoft servers, it just fails gracefully and moves on to the next step since the update searching and downloading will be from the local WSUS and not from Microsoft’s public servers. However, perhaps in the case where a proxy is involved, when the Windows Update Agent reaches out to Microsoft’s server, instead of failing gracefully/silently and moving on to the next step, instead it hits the proxy authentication issue and throws an exception and stops processing.

[Author]

Posts