Hi
Domain network with WSUS, Server 2019. Worked well until April 2022 . No workstation in the organization has been able to download updates from the WSUS since. Updates are currently installed by using scripts, from file share.
Workstations Reports to WSUS, does not download any updates. Update groups and approvals are in-place. Error received on workstations, "Windows Update failed to check for updates with error 0x80072F8F" or 0x80244010 or 0x80070013, in any order by all of them, loop.
Built new WSUS, no success. Rolled back OS and .Net patch levels for WSUS to February 2022 no success. (Windows Update on WSUS cannot find updates on the same host)
IIS WSUS site Configured as General > Queue lenght to 25000. CPU > Limit Interval 15, Processor Affinity Enabled - True. Process Model > Maximum Worker Processes - 0, Ping Enabled - False. Rapid-Fail Protection > "Service Unavailable" Response - TcpLevel, Failure Interval (minutes) - 30. Recycling > Private Memory Limit (KB) - 0
Windows Update Services state:
Windows Update - Autostart
BITS- Autostart
Cryptography - Autostart
TrustedInstaller - Autostart
Application Identity - Autostart
Application Info - Autostart
Delivery Optimization - Autostart
Software Protection - Autostart
Update Orchestrator - Autostart
Windows Installer - Manual
Registry Keys removed or configured:
ThresholdOptedIn, AdvertisingInfo, WindowsUpdate (Several locations), WindowsSelfHost, PendingXmlIdentifier, NextQueueEntryIndex, AdvancedInstallersNeedResolving, AUState, LastWaitTimeout, DetectionstartTime, NextDetectionTime, RebootRequired, Results, SamplingValue, ReregisterAuthorizationCab, IsConvergedUpdateStackEnabled, UxOption, CopyFileBufferedSynchronousIo, RegistrySizeLimit
Files/Folders deleted:
Temp directory in user and systemroot
pending.xml, WindowsUpdate.log, Downloader\qmgr*.dat, SoftwareDistribution, catroot2, Caches
Repaired permissions sc.exe sdset on Wuauserv and Bits.
Registered (Regsvr32) the relevant 38 Dlls
Reset Winsock and Proxy, incl DNS (We do not use any proxy)
Checked Firewall settings, Checked default update provider (States WSUS)
$(New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService
Name IsDefaultAUService
Performed SFC and DISM fixes
WUAUCLT /resetauthorization /detectnow
PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
We do have Intune, Intune has no setting configured stating another update service is to be used.
WMI traffic allowed
Allow Automatic Updates immediate installation - Enabled
Turn on recommended updates via Automatic Updates - Enabled
Turn on Software Notifications - Enabled
Configure Automatic Updates - Enabled ( Auto download and notify for install)
Allow signed updates from an intranet Microsoft update service location - Enabled
Automatic Updates detection frequency - Enabled (8 Hours)
Do not connect to any Windows Update Internet locations - Disabled (Should only affect compatibility with Microsoft Update and not determine update source)
Specify intranet Microsoft update service location - Enabled (http://WSUS:8530)
Set the intranet statistics server - Enabled (http://WSUS:8530)
Do not enforce TLS certificate pinning for Windows Update client for detecting updates - Enabled
Select the proxy behavior for Windows Update client for detecting updates - Allow user proxy to be used as a fallback if detection using system proxy fails
Internet Zone set to Intranet
Delivery Optimization > Download Mode - (0) HTTP only (Setting to 1 or 2 makes no difference)
Any help in getting this WSUS debacle resolved?