Azure

Azure IaaS: Troubleshooting Windows Update error 8024402F on a Windows Server 2012 R2



Some time ago, I was troubleshooting a Windows Update issue at several Azure IaaS virtual machines (VM), all running Windows Server 2012 R2.

Because of a specific workload running on those servers, they were all deployed in workgroup mode (no domain members) and the Network Security Group (NSG) associated with their separated subnet had no rules configured which could block the connection to the Microsoft Update servers.

However, when starting Windows Update the below error was show after a few minutes.


There was a problem checking for updates. Error(s) found: Code 8024402F Windows Update ran into a problem



To get this error fixed I followed the below steps. Be aware that you can retry running Windows Update again after each step because it could be already working again.


Step 1

As a first step, scan the Windows system files for corruption or any other changes with the System File Checker tool. If a file has been modified, this tool will automatically replace that file with the correct version.

It is a very useful troubleshooting tool to use when you suspect issues with Windows Update or protected Windows files, like many DLL files. Keep in mind that running the tool can take some time.

To use the tool open an elevated PowerShell window and type the following command:

##-------------------------------------------------------------------------------------------------------------------------------------------------------

## Step 1: Run System File Checker (sfc)

sfc /scannow

##-------------------------------------------------------------------------------------------------------------------------------------------------------




After the sfc scan completes, try to install Windows Updates and see if the issue has been resolved, if not proceed to step 2.


Step 2

If the server (previously) has been configured to use WSUS to get its updates, wipe out those registry keys by running the below command in a PowerShell window (with admin privileges). Press Y to delete all registry keys when asked:



##-------------------------------------------------------------------------------------------------------------------------------------------------------

## Step 2: Remove WSUS registry keys
 
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
Restart-Service -displayname "Windows Update"

##-------------------------------------------------------------------------------------------------------------------------------------------------------




This also may reset some Windows Update settings, for instance, the one that decides if updates should install automatically or after asking permission.  Therefore, you need to set your preferred settings afterwards.

Check for updates using Windows Update and see if the issue has been resolved, if not proceed to step 3.


Step 3

If you still receive the same error, run the following PowerShell Script to rename the SoftwareDistribution and catroot2 folder. These folders, which are maintained by the WUAgent (Windows Update Agent), are essential components for Windows Update.

The content of these folders could sometimes prevent Windows Update from applying new updates to the server. When having trouble with Windows Update, it is safe to delete this folder. The server will always re-download all the necessary files, or re-create the folder and re-download all the components, if removed.

##-------------------------------------------------------------------------------------------------------------------------------------------------------

## Step 3: Rename the SoftwareDistribution and catroot2 folder
 
# Variables

$softwareDistributionPath = "C:\Windows\SoftwareDistribution"
$catroot2Path = "C:\Windows\System32\catroot2"
$softwareDistributionNewName = "SoftwareDistribution.old"
$catroot2NewName = "catroot2.old"
$windowsUpdateService = "Windows Update"
$bitsService = "Background Intelligent Transfer Service"
$cryptograhicService = "Cryptographic Services"
 
# Stop Windows Update and BITS Service

Stop-Service -displayname $windowsUpdateService
Stop-Service -displayname $bitsService
Stop-Service -displayname $cryptograhicService
Write-Host "All necessary services are stopped" -foregroundcolor "Red"
 
# Rename the SoftwareDistribution and Catroot2 folder

Rename-Item -path $softwareDistributionPath -newName $softwareDistributionNewName
Rename-Item -path $catroot2Path -newName $catroot2NewName
Write-Host "All folders are renamed" -foregroundcolor "Red"
 
# Register dll's

regsvr32 c:\windows\system32\vbscript.dll /s
regsvr32 c:\windows\system32\mshtml.dll /s
regsvr32 c:\windows\system32\msjava.dll /s
regsvr32 c:\windows\system32\jscript.dll /s
regsvr32 c:\windows\system32\msxml.dll /s
regsvr32 c:\windows\system32\actxprxy.dll /s
regsvr32 c:\windows\system32\shdocvw.dll /s
regsvr32 wuapi.dll /s
regsvr32 wuaueng1.dll /s
regsvr32 wuaueng.dll /s
regsvr32 wucltui.dll /s
regsvr32 wups2.dll /s
regsvr32 wups.dll /s
regsvr32 wuweb.dll /s
regsvr32 Softpub.dll /s
regsvr32 Mssip32.dll /s
regsvr32 Initpki.dll /s
regsvr32 softpub.dll /s
regsvr32 wintrust.dll /s
regsvr32 initpki.dll /s
regsvr32 dssenh.dll /s
regsvr32 rsaenh.dll /s
regsvr32 gpkcsp.dll /s
regsvr32 sccbase.dll /s
regsvr32 slbcsp.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 Urlmon.dll /s
regsvr32 Shdocvw.dll /s
regsvr32 Msjava.dll /s
regsvr32 Actxprxy.dll /s
regsvr32 Oleaut32.dll /s
regsvr32 Mshtml.dll /s
regsvr32 msxml.dll /s
regsvr32 msxml2.dll /s
regsvr32 msxml3.dll /s
regsvr32 Browseui.dll /s
regsvr32 shell32.dll /s
regsvr32 wuapi.dll /s
regsvr32 wuaueng.dll /s
regsvr32 wuaueng1.dll /s
regsvr32 wucltui.dll /s
regsvr32 wups.dll /s
regsvr32 wuweb.dll /s
regsvr32 jscript.dll /s
regsvr32 atl.dll /s
regsvr32 Mssip32.dll /s
Write-Host "All necessary dll's are registerd" -foregroundcolor "Red" 
 
# Restart Windows Update and BITS Service

Restart-Service -displayname $windowsUpdateService
Restart-Service -displayname $bitsService
Restart-Service -displayname $cryptograhicService
Write-Host "All necessary services are started" -foregroundcolor "Red"
 
##-------------------------------------------------------------------------------------------------------------------------------------------------------



After running the script, check for updates using Windows Update to see if the issue has been resolved. If not go further to step 4.


Step 4

If step 3 also does not fix the problem, you could try running the below command from an elevated PowerShell window. This command will import proxy information used by Internet Explorer in the Windows HTTP Services (WinHTTP).

Several server roles, like the Microsoft Windows Update client, rely on WinHTTP to manage all HTTP and HTTPS traffic. Windows Update uses it mainly to scan for available updates.

##-------------------------------------------------------------------------------------------------------------------------------------------------------

## Step 4: Import proxy settings in WinHTTP

netsh winhttp import proxy source=ie  (WinHTTP)

##-------------------------------------------------------------------------------------------------------------------------------------------------------



Check for updates using Windows Update and see if the issue has been resolved, if not proceed to step 5.


Step 5

As a last troubleshoot step, you could try running the Windows Update Troubleshooter tool. To download and startup this tool run the below PowerShell commands.

##-------------------------------------------------------------------------------------------------------------------------------------------------------

## Step 5: Download and run Windows Update Troubelshooter
 
# Variables

$tempfolder = "C:\Temp\"
$windowsUpdateTroubleshooterUrl = "http://go.microsoft.com/?linkid=9830262"
$windowsUpdateTroubleshooter = "C:\Temp\WindowsUpdate.diagcab"
 
# Create the C:\Temp folder if not exists

If(!(test-path $tempfolder))
{
New-Item -ItemType Directory -Force -Path $tempfolder
}
 
# Download Windows Update Troubleshooter and save to C:\Temp

$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($windowsUpdateTroubleshooterUrl,$windowsUpdateTroubleshooter) 
Write-Host "Download completed" -foregroundcolor "Red"
 
# Run Windows Update Troubelshooter

& "C:\Temp\WindowsUpdate.diagcab"
for ($i = 1; $i -lt 2; $i++) {write-host}
Write-Host "Windows Update Troubleshooter started" -foregroundcolor "Red"
 
# Close PowerShell window upon completion

stop-process -Id $PID
Write-Host "Close PowerShell window" -foregroundcolor "Red"

##-------------------------------------------------------------------------------------------------------------------------------------------------------



When the tools opens, go through all steps to get Windows Update fixed.





Summary

If all goes well, Windows Update should be working again by the use of one of these steps. Hope it helps and if you have any questions feel free to contact me through my twitter handle.



%d bloggers like this: